PRESTOSPORTS PRIVACY POLICY

1. PARTIES. This Privacy Policy describes how PrestoSports, LLC, doing business as PrestoSports, PrestoStats, PrestoCamps, SIDHelp, Stretch Internet, and our affiliated companies (collectively, “PrestoSports,” “we,” “our” or “us”), collects, uses, stores, shares and protects your information in connection with the services offered by PrestoSports as a data processor, including but not limited to, our hosted sports management solution platform, and all associated components, systems, functionalities and/or modules (collectively, “PrestoSports System”); services provided at or using any of the following domains: prestosports.com, stretchinternet.com, prestocamps.com, sidhelp.com, prestostats.com and other athletic websites (the “Sites”); and tools or applications, including but not limited to, mobile and other software applications related to the PrestoSports System and/or the Sites (the “Applications”) (collectively, the “Services”). This Privacy Policy applies when you (“you,” “Client” or “End User”) access, visit or use any portion of the Services. To better understand this Privacy Policy, the Client is our customer – this is the individual or business entity that contracts with us to receive Services. Clients are the controller of Client Data kept in relation to PrestoStats and PrestoCamps, and PrestoSports is the controller of Client Data kept and stored in the PrestoSports System, which includes End User Data, a subset of Client Data. In general, Clients are data controllers. “End Users” are the members, customers and clients of our Clients. End Users create user accounts within the PrestoSports System and regularly interact with our products and services. This Privacy Policy is part of, and is governed by, the terms and conditions set forth in the PrestoSports Terms of Service.
2. AGREEMENT TO TERMS OF PRIVACY POLICY. You are not required to provide any personal information to PrestoSports unless you choose to access features of the Services that require such information. If you do not agree with the terms of this Privacy Policy or PrestoSports’ Terms of Service, then please do not provide us with personal information, exit the PrestoSports System immediately, and refrain from using our Services. By accessing, visiting or using our Services, you expressly consent to our collection, use, disclosure and retention of your information as described in the Agreement.
3. CHANGES TO THE PRIVACY POLICY. We may amend this Privacy Policy from time to time. You may be required to accept the amended Privacy Policy upon logging into the PrestoSports System in order to continue using Services. We may post any material changes to this Privacy Policy on the Sites with a notice advising of the changes in advance of the effective date of the changes. We may also notify you of material changes to this Privacy Policy, before or after the effective date of the changes, by sending an email or in another conspicuous manner reasonably designated to notify you. If you do not agree with the new Privacy Policy, you may terminate using the Services within the applicable thirty (30) day period and you will not be bound by the new terms. Otherwise, the new terms will take effect after thirty (30) days.
4. USE OF PERSONAL INFORMATION. Both Clients and End Users use our Services. The information we receive from Clients and End Users, and how we handle it differs, as set forth below:
4.1 Clients. As a Client, we collect information relating to you and your use of our Services from a variety of sources:
(a) Information we collect directly from Clients.
(i) Site Set-Up: information provided to us so that we can set up your athletic site(s) and establish your PrestoSports account settings. Site set-up information includes, but is not limited to, a Client’s trade name, business entity, principal address, owner information, phone number, email address, state of formation, tax ID numbers, website information, and banking information.
(ii) Client Data: all information associated with your athletic site(s) in the PrestoSports System. Client Data includes, but is not limited to, End User Data, which includes Cardholder Data as a subset of information.
(iii) Billing information: information about how we charge you for Services. Billing information may include your bank name, account and routing number, or information linked to one or more credit cards.
(iv) Other data you want to share: we may collect other information or data that you choose to send us, for example, a positive review or testimonials.
(b) Information we collect about Clients indirectly or passively when interacting with our Services.
(i) Usage data: we collect usage data whenever Clients interact with our Services.
(ii) Device and application data: we collect data about the devices and applications used when connecting to or accessing our Services, including but not limited to, IP address and browser type. We can usually infer geographic data based on a Client’s IP address.
(iii) Referral data: if you visit our Sites from an external source (like another website or via email link), we might record information about the source that referred you to us.
(iv) Information from third parties: we might collect your personal information or data from third parties if a Client gives permission to those third parties to share such information with us.
(v) Information from cookies and web beacons: we use third party tracking services that use cookies and web beacons to collect aggregated and anonymized data about visitors to our Sites. This data may include usage and Client statistics.

4.2 End Users. As an End User of the PrestoSports System, when you interact with our Services, we collect, on behalf and at the direction of our Clients, information relating to you and/or your use of our Services from a variety of sources:
(a) Information we collect directly from End Users. We collect and store personal information about you as lawfully directed by our Clients. (The facility where you receive athletic solutions or services will be associated with a specific Client, as well as a athletic site set-up within the PrestoSports System where you would be listed as an End User under your own account). Clients are responsible for collecting and managing all End User Data, and will usually have their own privacy policies. We do not direct, nor are we responsible for, the End User Data that our Clients collect. If you have any questions about the personal information collected about you by a Client, please contact the Client directly. In most cases, End User information will be limited to data necessary to provide you with the Client’s goods or services, including personal information (for example, name, address, contact information) and payment information (for example, payor information, billing address, credit card number, expiration date, security code, bank account and routing number).
(b) Information we collect about End Users from other sources.
(i) Usage data: we collect usage data about you whenever End Users interact with our Services.
(ii) Device and application data: we collect data about the devices and applications used when connecting to or accessing our Services, including but not limited to, IP address and browser type. We can usually infer geographic data based on an End User’s IP address.
(iii) Referral data: if you visit our Sites from an external source (like another website or via email link), we might record information about the source that referred you to us.

(iv) Information from cookies and web beacons: we use third party tracking services that use cookies and web beacons to collect aggregated and anonymized data about visitors to our Sites. This data may include usage and Client statistics.
(c) Our obligations as a data processor when processing End User data on behalf of Clients. When PrestoSports is processing End User Data, including, but not limited to, Cardholder Data on behalf of Clients, the Client who pays for, manages and otherwise controls the athletic site(s) at the physical location(s) where End User is a member, customer or client is the data controller with respect to such data, and PrestoSports is the data processor. For the remainder of this Privacy Policy, Client shall be referred to as the “Data Controller” and PrestoSports as the “Data Processor.”  For the processing of End User Data on behalf of the Data Controller, the Data Processor undertakes to fulfill the following obligations:
(i) To treat the personal data only to carry out the provisions of the contracted Services, in accordance with the instructions given in writing, at any time, by the Data Controller (unless there is a legal rule that requires complementary processing, in such a case, the Data Processor will inform the Data Controller of that legal requirement prior to the processing, unless the law prohibits it on public interest grounds).
(ii) To maintain the duty of secrecy with respect to the personal data to which the Data Processor has access, even after the termination of the contractual relationship, and to ensure that its employees have committed in writing to maintain the confidentiality of the personal data processed.
(iii) To ensure, taking into account the available technology, the cost of implementation, and the nature, scope, context and purposes of the processing, as well as the risks of varying probability and severity for the rights and freedoms of natural persons, that Data Processor will apply adequate technical and organizational measures to ensure a level of security appropriate to the risk, including, where appropriate, among other things: the encryption of personal data; the ability of ensuring the continued confidentiality, integrity, availability and resilience of the systems and services; the ability of restoring the availability and access to personal data quickly in the event of a physical or technical incident; a process of regular verification, evaluation and assessment of the effectiveness of the technical and organizational measures in order to ensure the safety of the processing; and maintaining applicable payment card industry (PCI) security standards relative to the processing of certain Cardholder Data. When evaluating the adequacy of the security level, special account shall be taken of the risks presented by the data processing, in particular as a consequence of the destruction, loss or accidental or unlawful alteration of the personal data transmitted, stored or otherwise processed, or the communication or unauthorized access to such data.

(iv) To keep under Data Processor’s control and custody the personal data to which it has access in relation with the provision of the Services, and to not disclose them, neither transfer or otherwise communicate them, not even for their preservation, to persons unrelated to the provision of the Services covered by this Agreement. However, the Data Controller may authorize, expressly and in writing, the Data Processor to use another data processor (a “Subcontractor”) whose full company name and address, and subcontracted services, shall be communicated to the Data Controller prior to the provision of the services. The Data Processor will also make reasonable efforts to notify the Data Controller of any upcoming changes in Subcontractor services. Notwithstanding the foregoing, Data Processor, by operation of this Privacy Policy, hereby provides adequate notice of its use of Vantiv, LLC d/b/a Worldpay, having its principal office at 8500 Governors Hill Drive, Symmes Township, OH 45249-1384, as its designated payment processor. The Data Processor will obtain from any Subcontractor guarantees that it has put into place appropriate technical and organizational safeguards so that the processing complies with any applicable regulations. In addition, access to the data is granted to companies and professionals that the Data Processor has hired in its internal organizational framework in order to provide general or maintenance services (IT services, consulting, audits, legal compliance, etc.) as long as such tasks have not been arranged by the Data Processor with the purpose of subcontracting with a third party all of part of the Services provided to the Data Controller.
(v) To delete or return to the Data Controller, at Data Processor’s choosing, all personal data to which it has access in order to provide the Services, unless such actions are limited or prohibited by a separate agreement with the End User or by applicable law. Likewise, the Data Processor undertakes to delete any existing copies, unless there is a legal rule that requires the preservation of the personal data. However, employees and other personnel working for the Data Processor are entitled to access Client Data, including End User Data, as required to carry out their obligations under the terms of any contract entered into with PrestoSports or an affiliated entity.
(vi) To notify the Data Controller, without undue delay, of any personal data security breaches of which Data Processor becomes aware, giving support to the Data Controller in the Notification to any affected End Users or any applicable Data Protection Agency, as well as to provide support, when necessary, in the carrying out of privacy impact assessments.
(vii) To make available, upon written request, a record of all categories of processing activities performed on behalf of the Data Controller.
(viii) To cooperate with any applicable Data Protection Agency (or with some other control authority) in the fulfillment of its power. If Subcontractors are based in countries which do not have a legislation on data protection which is equivalent to the EU legislation (“Third Countries”), Data Processor shall establish all safeguards required by the EU legislation in order to comply with obligations arising from transfers of data to Third Countries, and shall promptly inform Data Controller about such safeguards if so requested.
5. PURPOSE OF PROCESSING. The information we collect about you is used by us for the following reasons:
(a) To provide our Services.
(b) To review, investigate and analyze how to improve our Services.
(c) To communicate with you and respond to your requests for customer service.
(d) To analyze and measure user behavior and trends, and to understand how people are using our Services.
(e) To monitor, troubleshoot and improve our Services, including the evaluation of new features.
(f) For internal purposes designed to keep our Services secure and operational, such as testing to prevent abusive activity (for example, the things covered by our Prohibited Use policy).
(g) If you are an End User and you connect your PrestoSports account with an outside social media account(s), or some other third-party platform, we may use the information you make available through those services in accordance with the privacy policies and/or other settings that are applicable to your social media account(s) or third-party platform account(s).
(h) If you are an End User, we may send you Client-generated notices, announcements or messages, including by email and/or SMS text, to the email address and/or mobile phone number listed in your PrestoSports account. If you do not wish to receive these types of communications, you can set your preferences as described in Paragraph 12 below, or by contacting the Client directly.
(i) To enable our service providers to help us provide Services to you, in which case those third parties are required to comply with our privacy policy and any other adequate technical and organizational measures.
(j) To protect our legal rights and interest under the Agreement. We will only disclose your personal information to third parties when we have your permission; when it is required by a competent authority in the exercise of its duties (for example, in order to investigate, prevent or take action regarding illegal activities); in the event of a PrestoSports sale, assignment or other business transaction, like a merger, acquisition or reorganization; as permitted by the Agreement; or as otherwise required by law. At the present time, we do not sell your data to third parties for purposes of marketing or advertising.
6. LEGITIMATE BASIS FOR PROCESSING
6.1 Client Data. If you are a Client to our Services, we are entitled to use your data in order to fulfill our contractual obligations with you, and, if you are acting on behalf of a legal entity, we have a legitimate interest to use your data in order to maintain the relationship with that company as a PrestoSports customer.
6.2 End User Data. If you are an End User of the PrestoSports System, we are processing your data in accordance with the terms and conditions of the business relationship that you have with our Client (usually a membership agreement with the Client). We encourage you to read carefully any separate privacy policies that the Client might have related to membership rights, or its products and services.
7. RIGHT TO ACCESS OR CORRECT PERSONAL INFORMATION AND OTHER DATA
7.1 By Clients. Clients can access all Client Data at their athletic site(s) with the secure login credentials provided at the time of sign-up. Anyone with “master admin rights” (“Master Administrators”), as designated and authorized by Client, can change, modify, correct or delete all Client Data in the PrestoSports System. Any questions about disabling or changing site settings, or modifying Client information can be directed to support@prestosports.com.
7.2 By End Users. You can access all of your End User Data, including any personal information, at your PrestoSports account using your secure log-in credentials created at the time of account creation. You can change, modify, correct or delete any of your End User Data, with the exception of some Cardholder Data, in your PrestoSports account. Please direct any other questions about accessing, correcting or deleting data directly to the Client. If you would like to receive an electronic copy of your personal information for purposes of transmitting it to another company (to the extent this right to data portability is permitted by applicable law or contract rights), please make your request through support@prestosports.com and indicate “Request for Electronic Record” in the subject line. Your request may be subject to a reasonable administrative fee. For your protection, please note we take steps to verify your identity before transmitting any information outside the PrestoSports System. We reserve the right to forward or refer your request to the Client, who may be in a better position than we are to comply with your request.
8. RIGHT TO BE FORGOTTEN. If you would like for your personal information to be permanently purged or deleted from the PrestoSports System, please send the request to the Client directly. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a deletion of personal information. There may also be residual information that will remain within our databases and other records, which will not be removed.
9. USERS OUTSIDE THE UNITED STATES. We seek to comply with the European Union’s General Data Protection Regulation (“GDPR”) privacy framework regarding the collection, use, and retention of personal data from European Union member countries. If you are located outside the European Union and choose to use the Services or provide your information to us, please note that your information may be transferred, processed and stored by us or our service providers in non-European Union countries, including the United States. Your agreement to the terms of this Privacy Policy followed by your submission of information in connection with our Services represents your agreement and consent to this practice. If you do not want your information transferred to or processed or stored in the United States, you should not use our Services. If you are located in the European Union, we will only transfer your data to companies that are registered with the EU-U.S. Privacy Shield framework.
10. COOKIES; WEB BEACONS. A cookie is a small string of information that the website you visit transfers to your computer for identification purposes. Cookies can be used to follow your activity throughout the PrestoSports System, or as it might relate to any of our Services, and that information helps us to understand your preferences and improve your experience. We may use cookies to: (a) remember that you have visited the Sites or used our Services before (this allows us to identify the number of unique visitors we receive, so that we can provide enough capacity to accommodate all users); (b) collect data about the way you interact with our Services (for example, when you use certain features); (c) enable third parties to collect data about the way you interact across sites outside of our Services; and (d) collect anonymous statistical information about how you use the Services (including the length of your web or application session) and the location from which you access the Services, so that we can improve the Services and learn which elements and functions of the Services are most popular with our users. Some of the cookies used in the Services are set by us, and others are set by third parties who deliver services on our behalf. Most web and mobile device browsers are set to automatically accept cookies by default. However, you can change your browser settings to prevent automatic acceptance of cookies, or to notify you each time a cookie is set. You also can learn more about cookies by visiting http://www.allaboutcookies.org, which includes additional useful information on cookies and how to block cookies on different types of browsers and mobile devices. Please note, however, that by blocking or deleting cookies you may not be able to take full advantage of the Services. We also may collect information using web beacons. Web beacons are electronic images that may be used in our Services or emails. We use web beacons to deliver cookies, track the number of visits to our Sites and Applications, understand usage and campaign effectiveness, and determine whether an email has been opened and acted upon.
11. CHILDREN. Our Services are not directed to any individual under the age of thirteen (13), and we request that children do not provide personal information through the Services.
12. CHOICE AND COMMUNICATION PREFERENCES
12.1 Account; Athletic Site. In order to keep your personal information accurate and complete, you can log in to review and update your account information, including contact and billing information, via your Client site or End User account, as applicable. If you are a Client and would like to change the way we communicate with you, including a change in your primary point of contact (whether for billing purposes or otherwise), please send us the request at accounting@prestosports.com.
12.2 Email. If you do not wish to receive emails sent through the PrestoSports System, you may opt out at any time by following the opt-out or unsubscribe link contained at the bottom of the email itself. Please note that it may take up to ten (10) days to process your request. Please note that if you opt-out from receiving promotional or marketing emails, you may continue to receive emails with information related to your account or our Services. If you do not wish to receive any service-related emails from us, you have the option of deactivating your account.
12.3 Text (SMS). In order to send text messages through the PrestoSports System, Clients must enable this functionality in their site settings. Once enabled, an individual End User can control his or her “text messaging address” by entering a phone directly from the End User’s account profile and saving the information. End User’s must verify opt-in consent by entering and confirming a confirmation code sent to the mobile device listed. To revoke consent to receiving text messages, please notify the Client or remove the mobile number from the “text messaging address” field in the End User account profile.

12.4 Cookies. You may also refrain from providing, or withdraw, your consent for cookies. Your browser’s help function should contain instructions on how to set your computer to accept all cookies, to notify you when a cookie is issued; or to not receive cookies at any time. See Section 10 for more details.
12.5 Third Party Analytics Services. We use Google Analytics in conjunction with our Services. Google Analytics is provided by Google, Inc. You can opt-out from Google Analytics service from using your information by installing the Google Analytics Opt-out Browser tool: tools.google.com/dlpage/gaoptout. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: www.google.com/policies/privacy.
13. DATA SECURITY. We use appropriate measures to protect the security of your data both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note though that no service is completely secure. So, while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur. If you have any questions about the security of your information, please contact us at privacy@prestosports.com.  
14. RETENTION OF YOUR INFORMATION. We retain Client Data, including End User Data, as long as it is necessary and relevant for our operations. We may retain information from closed accounts to comply with the law, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms of Service, and/or take any other action permitted by law. The information we retain about you will be handled in accordance with this Privacy Policy during the maximum terms permitted by law, after which it will be fully deleted or, alternatively, anonymized.
15. CALIFORNIA PRIVACY
15.1 California Information-Sharing Disclosure. California residents may request a list of all third parties with respect to which we have disclosed any information about you for direct marketing purposes and the categories of information disclosed. If you are a California resident and want such a list, please send us a written request by email to support@prestosports.com with “California Privacy Rights” in the subject line, or contacting us by U.S. mail at the address below.
15.2 Do Not Track. We do not currently recognize or respond to browser-initiated Do Not Track signals as there is no consistent industry standard for compliance.
16. HOW TO CONTACT US. If you have any questions regarding this Privacy Policy, you can contact us via email at privacy@prestosports.com, or via U.S. mail at ATTN: Privacy, PrestoSports ℅ Clubessential Holdings, LLC, 4600 McAuley Place, Ste. 350, Cincinnati, Ohio 45242.