Privacy Statement

ASHConnect^TM Mobile App Privacy Statement

Effective as of December 28, 2022

(If you are a CA resident, this statement includes your California Privacy Rights. If you are a VA resident, this statement includes your Virginia Privacy Rights).

Welcome to the ASHConnect mobile app (the Mobile App) which is an internet-based personal health improvement resource. It provides interactive tools and features designed to help individuals track their fitness activities and view helpful resources, such as health articles and digital workouts. The Mobile App works with the Active&Fit^® Enterprise and Silver&Fit^® programs offered by American Specialty Health Fitness, Inc. (“ASH Fitness”), a subsidiary of American Specialty Health Incorporated, a Delaware corporation with a mailing address of 10221 Wateridge Circle, San Diego, CA 92121, on behalf of itself and its subsidiaries. The Mobile App also works with the Healthyroads^® program offered by American Specialty Health Management, Inc. (“ASH Management”). The provisions of this Privacy Statement apply to these companies to the extent their products utilize the Mobile App. The terms “ASH” or “we” in this Privacy Statement refer collectively to these companies. ASH values its users (“you”) and respects your privacy. We are committed to using your information responsibly. The information you provide to us through the Mobile App is governed by this Privacy Statement. This Privacy Statement informs users about the information practices for the Mobile App, including: what categories of personal information, including any sensitive personal information, we collect through the Mobile App; how the personal information is collected; the business purposes for which we collect the personal information; the types of third parties to whom we disclose personal information; how long we keep the personal information, and the choices you have about the collection and use of personal information. This Privacy Statement, together with the User Agreement govern your participation in the Mobile App. By using the Mobile App you accept and agree to be bound by this Privacy Statement and the User Agreement.

You should read and familiarize yourself with this Privacy Statement and with the ASHConnect Mobile App User Agreement. By using the Mobile App, you acknowledge and consent to our collection, processing and use of your information as described in this Privacy Statement. For any questions about this Privacy Statement, please contact us directly through any means noted at the end of this Privacy Statement. If information practices change, we will post the revised policy on the app and/or will notify users through direct communication.

Information Collected by the Mobile App

The types of information collected through the Mobile App (as further described below) may be considered Protected Health Information (“PHI”) and Personally-Identifiable Information (“PII”) if your access to the Mobile App is part of the benefits available to you through a sponsoring organization health plan. We refer to both PHI and PII collectively as Personal Information (“PI”) in this document. We collect only PI that is necessary for users to access and use the Mobile App’s tools and features in support of the user’s access to Active&Fit Enterprise, Silver&Fit and Healthyroads services. Whether or not to provide PI within the Mobile App is your choice, but without providing certain information you will not be able to access and use all the Mobile Apps tools and features.

Personal Information identifies, relates to, describes, is reasonably capable of being associated with, or could be linked, directly or indirectly, with a particular consumer or household. The type of personal information collected and used by the Mobile App generally does not include sensitive personal information, which is subject to special protections under some state laws. Such laws consider sensitive personal information to include information like government-issued numbers (e.g., Social Security, driver’s license, state identification card, or passport); information allowing access to financial accounts like credit or debit cards; geolocation within a radius less than 1,850 feet; racial or ethnic origin; religious or philosophical beliefs; union membership; contents of consumer’s mail, email, text messages; genetic data; biometric information for purposes of uniquely identifying a consumer; health and mental health data; or data about a person’s sex life or sexual orientation.

If your program offers the use of the CheckIn! Feature as part of the Mobile App, that application will use your geolocation within a radius of 1,850 feet to credit you with visiting a qualifying fitness center. The CheckIn! feature require you to take action and opt-in, in order to use those services before receiving them. Unless you turn on location services to locate fitness centers near you and click to check in, ASH will not retain any of your fitness center information.

ASH does not use sensitive personal information other than the limited business purposes noted above. ASH does not use personal information on the Mobile App for profiling (the automatic processing of personal information to evaluate personal aspects and to analyze or predict aspects concerning, economic situation, health, personal preferences, interests, reliability, behavior, location or movements) or altering your experience outside your current interaction with the business.

We do not sell your personal information to third parties.

We do not use your personal information for Targeted Advertising (Cross-Context Behavioral Advertising).

Deidentified Information Will Not Be Re-identified: Deidentified information is data where identifiers are removed or altered so that the identify an individual, a household or device used by an individual reasonably cannot be determined from the data. Such data may also be known as pseudonymized or anonymized data. Where the information has been deidentified properly in accordance with federal or state law, the deidentified data set is not subject to privacy protections under the applicable law. To the extent ASH creates or uses such deidentified data sets, we will not attempt to alter that information so that is it is “reidentified,” meaning it could be used to reasonably identify an individual, a household or device used by an individual.

How we obtain information about you:

when you provide it to us (e.g., by contacting us through our Contact Us, through our chat, when you call us, when registering or enrolling for the services)
from your use of our mobile app, using cookies, and
occasionally, from our service providers.

This chart is a reference guide on how the Mobile App collects, uses, and discloses your information. This is only a summary. You should review the full privacy statement below for more detail. If you are a California or Virginia resident, the full privacy statement below contains important information related to your privacy rights.
Mobile App features available to registered members
	Categories of Personal Information	Source of Collection	Business Purpose	Disclosure to Others
App Registration/ Benefit Administration	Identifiers: First and last name, Email address, Address *Special Identifiers: Phone number (optional), Username and password, Security question and answer Protected Class Information:** Date of Birth *A Special Identifier is one that may be subject to cybersecurity and breach notification laws in various states. An example would be California Civil Code 17898.80, subdivision (e).	Provided by you during registration and by your Sponsoring Organization for eligibility purposes.	Performing Services for the Business: To maintain and service your account, provide customer service, process transactions, verify customer information, internal research and tech development, quality assurance, and product improvement To provide a directory of Fitness Centers.	With contracted Fitness Centers and/or Active Options locations (hereinafter “Fitness Centers”) for eligibility, reimbursement, and utilization reporting. Additional information shared may include Fitness ID, program name, and effective date/termination date. Fitness Centers may share utilization data with Us for benefit administration purposes.
Fitness Center Search	Identifiers: Address, Preferred fitness location ZIP code* *The ZIP Code for your first search is saved as your default Preferred ZIP Code until you change it.	Provided by you.	Performing Services for the Business: (e.g., to conduct a search of Fitness Centers near the address or ZIP Code entered, and to update you of fitness center changes in your Preferred ZIP Code).	We do not share the address information you enter on our site with any third parties.
CheckIn!	Identifiers: IP Address Geolocation, Check-in/Check out times	Provided by you to ASH when you opt in to provide your location.	To perform services related to recording your activity, tracking your fitness center visits to meet fitness center visit reward thresholds.	ASH will share general utilization data with your Sponsoring Organization and our Service Providers for administrative purposes and billing purposes. If applicable, your Sponsoring Organization, may receive personal information related to your use of the CheckIn! feature for management of your incentive program.
Apple Watch Synching	Identifiers: Your fitness device activity information for Apple Watch (e.g. steps, exercise duration, etc.)	When you opt-in you authorize your device to send information directly to us through the app which is then shared with our activity aggregator Service Provider so that it may be added to your account.	To perform services for the business: (e.g., to track your activity and progress over time, and to process rewards, if applicable.)	We may disclose information with the benefit administrator of your Sponsoring Organization’s plan to help you meet your health plan incentive, if applicable.
Digital Workouts	Identifiers: IP Address, Device ID Other Information: Digital workout completion status	Collected through completion analytics.	Perform Services for the Business: (e.g., to maintain and service your account, provide customer service, process transactions, track utilization, and verify customer information; facilitate access to, and viewing of, streamed materials made available through the program.)	Streaming Service Provider: The Provider and ASH share general utilization data for administrative purposes such as processing reimbursement by ASH to the Provider. Your Sponsoring Organization and Our Service Providers: ASH will share general utilization data with your Sponsoring Organization and our Service Providers for administrative purposes and billing purposes. If applicable, your Sponsoring Organization may receive personal information related to your use of Digital Workouts.
Resource Library Educational Videos/Articles	Identifiers: First Name Last Name Fitness ID Other Information: Resource completion status	Collected through completion analytics and provided by you.	Perform Services for the Business: (e.g., to track website activity and use of resource library and process rewards, if applicable).	Your Sponsoring Organization: ASH will share general utilization data with your Sponsoring Organization.
Cookies/App Analytics	Identifier: IP Address Internet or Electronic Activity Information: Cookies, error logs	Data Analytic Providers	Performing Services for the Business: e.g., auditing advertising performance, internal research and tech development, quality assurance, and product improvement. Security Debugging	Data Analytic Providers evaluate information for us. We do not disclose personal information related to the information that Data Analytic Providers provide to us with third parties.
Additional Sharing	For legal purposes, including as reasonably necessary to comply with law or legal process (including a court or government order or subpoena); to detect, prevent, or otherwise address fraud, security or technical issues; to enforce this Privacy Statement or the Terms & Conditions for the Mobile App and the use of this Application; and as reasonably necessary to protect the rights, property or safety of ASH, ASH users, and/or the public. During a corporate reorganization: If ASH is involved in a merger, acquisition, financing, or sale of business or assets, information collected from and about users may be transferred to one or more third parties involved in such transaction and, upon such transfer, the relevant third-party privacy policy or policies may govern further use of the information. In the event of such a change, ASH will endeavor to notify our users of the change as well as any choices our users may have regarding the change. Aggregate information: In addition, ASH may provide service providers, reputable third-party vendors and Sponsoring Organizations with aggregate statistics regarding user participation, Mobile App traffic patterns and related Usage Information. The information so provided will not include individually identifiable information, meaning we will not share your Personal Information when sharing aggregate information.
Your access to the Mobile App may include access to other ASH products and programs, such as but not limited to, the Silver&Fit Program, Active&Fit Enterprise Program and Healthyroads Program. These products and programs have separate Terms and Conditions and Privacy Statements and may be provided by affiliates of ASH Fitness. You should review and accept their respective Terms and Conditions and Privacy Statements before you use them. If you consent to your information being used to access one of our affiliate products the use of your information is governed by the Privacy Statement of the affiliate product.
If you choose not to provide your Personal Information, certain features of the Mobile App will not be available to you.

How the Mobile App Uses Personal Information

Program features available to registered members

Registering with the ASHConnect App requires first and last name, date of birth, e-mail address. Providing your phone number is optional. We also require a username and password to enter the password-protected area of the Mobile App and a security question and answer to help recover your username and/or password if needed. We will use your registration information to set up, administer, service, and communicate with you regarding your account. If you enroll in the Active&Fit, Healthyroads, or Silver&Fit program, we will use the eligibility information that your Sponsoring Organization sends ASH, including your Sponsoring Organization member ID, address, and date of birth to verify your eligibility and complete your registration and/or enrollment. We may share your email, first name, and last name with service providers who support email communication.
Searching for and selecting a Fitness Center: We use the address and/or zip code you provide to help locate fitness centers near you. If you enroll with a fitness center, we will use your information to process your enrollment along with a Fitness ID we assign to your account with Fitness Centers. We do so to confirm your eligibility for services, to reimburse Fitness Centers and for reporting utilization of the Fitness Center services. Additional information shared with Fitness Centers for these purposes may include your Sponsoring Organization’s program name, your effective date/termination date with your program, and the fitness center location and date of your visit or use of the location. We may receive your fitness center location and date of visit information directly from the fitness center if the fitness center is in the participating network. By selecting such a fitness center for the purpose of participating in the program, you acknowledge and agree that the fitness center may provide your visit information to us on your behalf. We also share your visit information, including Fitness Center location and date of visit, with your Sponsoring Organization, if applicable, to manage your program.
CheckIn!: If you use the CheckIn! feature of the Mobile app, you allow ASH to receive your IP Address, Geolocation, and check in/check out times. We will use the information to perform services related to recording your activity and tracking your fitness center visits to meet fitness center visit rewards thresholds, if applicable. You must turn on geolocation and click to start your check in session in order to track your fitness center visit. We will share general utilization data with your Sponsoring Organization and our Service Providers for administrative and billing purposes. If applicable, your Sponsoring Organization may receive personal information related to your use of the CheckIn! feature for management of your incentive program.
Apple Watch Syncing: If you choose to sync your Apple Watch with the Mobile app, you allow ASH to receive your fitness device activity information for Apple Watch (e.g. steps, exercise duration, etc.). Your device sends information directly to us through the app, which is shared with our activity aggregator Service Provider so that it may be added to your account. We will use this information to perform services related to recording your activity, tracking your progress over time, and processing rewards (if applicable). We may share information with the benefit administrator of your Sponsoring Organization’s plan to help you meet your health plan incentive, if applicable.
Digital Workouts: If you use the Digital Workouts feature of the Mobile app, you allow ASH to receive your IP address and Device ID. We use the information to perform services for the business such as maintain and serve your account, provide customer service, process transactions, track utilization, and verify customer information. We may share general utilization data with your Sponsoring Organization and our Service Providers for administrative purposes and billing purposes. If applicable, your Sponsoring Organization, may receive personal information related to your use of Digital Workouts for management of your incentive program.
Resource Library: If you review resources and educational videos, you allow ASH to collect first name, last name, and fitness ID. We use the information to perform services related to recording your activity and processing rewards, if applicable. We may share this information with your Sponsoring Organization to process rewards or share utilization data.
Cookies: When you use the Mobile App, necessary cookies are collected in order for the app to function. These cookies do not collect personal information about you and are used to complete tasks that are generated by your use. We collect performance cookies at an aggregate level to understand which areas of our app are most visited and utilized. We collect certain cookies to personalize your experience. For example, your previous searches are listed in the resource library so that you may refer back to them with easier access. We do not collect any cookies related to online behavioral advertising and do not share or sell your information to any online advertisers.

Disclosure to Others

ASH may disclose your Personal Information with third parties for the purposes noted above. In summary, we disclose personal information to others in the following circumstances:

With Service Providers: to provide services under the Program and to support the operation and maintenance of the Mobile App.
For legal purposes, including as reasonably necessary to comply with law or legal process (including a court or government order or subpoena); to detect, prevent, or otherwise address fraud, security or technical issues; to enforce this Privacy Statement or the User Agreement for the Mobile App and the use of the program’s websites; and as reasonably necessary to protect the rights, property or safety of ASH, ASH users, and/or the public.
During a corporate reorganization: If ASH is involved in a merger, acquisition, financing, or sale of business or assets, information collected from and about users may be transferred to one or more third parties involved in such transaction and, upon such transfer, the relevant third-party privacy policy or policies may govern further use of the information. In the event of such a change, ASH will endeavor to notify our users of the change as well as any choices our users may have regarding the change. ASH may also provide limited participation and aggregate usage information to your Sponsoring Organization and/or other entities that have contracted with your Sponsoring Organization to provide you with health-related services on behalf of your Sponsoring Organization. In certain limited situations, ASH may be required to provide some personal information to your Sponsoring Organization in order to perform billing, eligibility, and other administrative functions. In these situations, ASH ensures that there are security protections in place so that personal information is only disclosed to those who perform the benefit administration process described above as permitted by state and federal law, and not used for employment related or benefit underwriting purposes.

Disabling and Deleting User Accounts and Information

California residents see below. Virginia residents see below. Except as expressly otherwise stated in this Privacy Statement, and except where applicable law provides otherwise, personal information collected on the Mobile App cannot be deleted or removed from ASH’s database and will be retained for a minimum of 10 years in accordance with ASH’s record retention policy. User accounts, however, may be disabled upon written request, using the contact information at the end of this Privacy Statement.

Retention

ASH retains your data for as long as your support ASH product account remains continually active. ASH may also retain your data for up to 10 years or longer if required by any legal obligations.

Opt-out of Communications received from ASH Programs

If you have provided your email address, postal address, and/or telephone number to ASH, you may opt out of receiving marketing/promotional communications about affiliate programs that may be available to you from ASH by contacting ASH as described at the end of this Privacy Statement. To stop receiving marketing/promotional communications via email, you can also use the “unsubscribe” link contained in a marketing/promotional email you have previously received from ASH. Please note that email unsubscribe requests may not take effect immediately.

NOTE: Your opt-out regarding our marketing/promotional communications will not stop communications from ASH of a transactional nature or as required by law. For example, we will still send you communications regarding your account, request or inquiry you have made with ASH, notices regarding material changes to the Mobile App or its information practices, and other administrative notices.

Privacy of Minors

ASH is concerned about the safety of children when they use the Internet. The Mobile App may be used by eligible participants at least 13 years old with parental consent and/or under parental supervision. If ASH becomes aware that a user is under the age of 13 and has provided Personal Information to ASH without prior parental consent or under parental supervision, ASH will remove all information provided by such underage user from its database.

Security of Personal Information

In order to maintain the confidentiality of and safeguard the security of users’ personal information, ASH enforces strict company-wide policies regarding privacy, security, and confidentiality.

ASH has an organizational commitment to protecting privacy and security. All employees who work on the Mobile App are made aware of security policies and practices through employee orientation and annual refresher training. Personal information is secured in an isolated database with tightly restricted access. Employees authorized to view this information are authenticated prior to gaining such access. ASH reviews web security on an ongoing basis. In addition to daily security administration and response activities, the Mobile App undergoes an overall security review on an annual basis.

Third-Party Links and Services

For your convenience, the Mobile App may provide links to third-party websites, platforms and online services not owned or controlled by or affiliated with ASH (each, a “Linked Third-Party Website/Service”). Linking or hosting a platform does not mean, and should not be deemed or construed to mean, that ASH endorses or approves or is affiliated with a Linked Third-Party Website/Service. ASH is not responsible for the information privacy and security policies or practices of a Linked Third-Party Website/Service. When you leave the Mobile App to visit a Linked Third-Party Website/Platform/Service, this Privacy Statement no longer applies, and any information collected from or about you by a Linked Third-Party Website/Platform/Service will be governed by that site/service’s privacy policies and practices, which may be substantially different from those of ASH. A Linked Third-Party Website/Platform/Service may set or use its own cookies, web beacons, etc. to your computer or mobile device, and may collect information from and about you and use the information in ways that ASH would not. You access a Linked Third-Party Website/Platform/Service entirely at your own risk. You should always read the privacy policy associated with a Linked Third-Party Website/Platform/Service before disclosing any personal information.

For more on Links, please see the User Agreement of this Mobile App.

Note to international users.

The ASH Programs and Mobile App are intended for U.S. residents. If you are outside of the United States and access the Mobile App or submit your Personal Information to us, please be advised that U.S. law may not offer the same privacy protections as the law of your jurisdiction. By using the Mobile App or submitting your Personal Information to us, you consent to the transfer to and processing of your Personal Information in the United States.

CALIFORNIA RESIDENTS: YOUR CALIFORNIA PRIVACY RIGHTS

Under California Civil Code Section 1798.83 (known as the "shine the light" law), California residents have a right to request an information-sharing disclosure from a business to which they have provided personal information, and which has disclosed the information to any third party for third-party direct marketing uses in the prior calendar year.

ASH does not knowingly share your personal information with third parties for their direct marketing use without your permission. California residents may send requests for information-sharing disclosure under this law by contacting us by mail at the address located in the contact section below. Please note that, under this law, we are not required to respond to your request more than once in a calendar year, nor are we required to respond to any requests that are not sent to the above-designated email address.

The California Consumer Privacy Act (CCPA) (California Civil Code 1798.100-199) provides California residents with specific rights related to the collection, use and disclosure of their personal information by us. While our privacy practices have adopted many of the CCPA requirements across our program, this section discusses specific rights and elements applicable to persons who are California residents at the time we collected, used or disclosed your personal information.

The CCPA and the details noted here do not apply to situations where your personal information is collected, used or disclosed by us:

Where in our capacity as a business associate of a covered entity, we collect or maintain your personal information in the same manner as protected health information in compliance with privacy, security, and breach notification rules issued by the United States Department of Health and Human Services, Parts 160 and 164 of Title 45 of the Code of Federal Regulations, established pursuant to the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191) and the Health Information Technology for Economic and Clinical Health Act (Public Law 111-5). This may apply when your access to our program is made available to you as part of a health benefit plan operated by a plan sponsor who is a covered entity under the laws noted immediately above.
Where your access to our program is made available to you through a sponsoring organization as part of the organizations’ policies or products subject to the federal Gramm-Leach-Bliley Act (Public Law 106-102), and implementing regulations, or the California Financial Information Privacy Act (Division 1.4 (commencing with Section 4050) of the Financial Code).

Additionally, should we receive CCPA-related requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we reserve the ability to either charge a reasonable fee for taking the action requested or refuse to act on the request. If we refuse your request on this basis, we will notify you of the reason why.

If neither of the above situations apply to you and you are a California resident eligible for the Active&Fit Enterprise program, you may exercise your rights under the CCPA as described below:

Right to Know: You have the right to request that ASH disclose what personal information we have collected, used, disclosed, and sold, including specific pieces of personal information, for the date range indicated by you for records dated on or after January 1, 2020.

To request this information, you may fill out this form. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Know by calling Active&Fit Enterprise Customer Service at 877-771-2746.

ASH will verify your request by matching information provided by you in the Right to Know Form to information housed in our internal systems.

ASH will grant, deny, or respond to a request within 45 days of receipt of the Right to Know Form. If an extension of time (up to a maximum of 90 days) is required, we will notify you and provide additional information about the process.

Right to Access and Portability: You have the right to receive a copy of your personal information and the specific pieces of your personal information we maintain in an easily readable electronic format. To request this information, you may fill out this form and select the option to receive a copy of the associated data.

You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Access and Portability by calling Active&Fit Enterprise Customer Service at 877-771-2746.

ASH will verify your request by matching information provided by you in the Right to Know and Access Form to information housed in our internal systems.

ASH will grant, deny, or respond to a request within 45 days of receipt of the Right to Know and Access Form. If an extension of time (up to a maximum of 90 days) is required, we will notify you and provide additional information about the process.

Right to Correct: You have the right to have inaccurate personal information we maintain about your corrected. To request this information, you may fill out this form to specify which information requires correction.

You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Correct by phone calling Active&Fit Enterprise Customer Service at 877-771-2746.

ASH will verify your request by matching information provided by you in the Right to Correct Form to information housed in our internal systems.

If we are unable to verify the request, we will deny the request. We may also deny the request, in whole or in part, if we determine the contested PI is more likely than not accurate based on the totality of circumstances. We may also deny a request if it involves the same alleged inaccuracy previously denied within the past 6 months should the request not provide new or additional documentation attempting to prove the inaccuracy. We may also deny a request if we have a good-faith, reasonable and documented belief the request is fraudulent or abusive.

ASH will grant, deny, or respond to a request within 45 days of receipt of the Right to Correct Form. If an extension of time (up to a maximum of 90 days) is required, we will notify you and provide additional information about the process.

Right to Delete: You have the right to request the deletion of your personal information collected or maintained by the ASH.

To request this information, you may fill out this form. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Delete by calling Active&Fit Enterprise Customer Service at 877-771-2746.

ASH will verify your request in a two-step verification process. First, ASH will match information provided by you in the Right to Delete Form to information housed in our internal systems. Second, ASH will contact you to verify your identity and confirm your request, such contact may be made by phone or email.

ASH will grant, deny, or respond to a request within 45 days of receipt of the Right to Delete Form. If an extension of time (up to a maximum of 90 days) is required, we will notify you and provide additional information about the process.

In response to your request, ASH may deny or grant your request. If ASH grants your request, we will notify you as to which of the following methods We have used to fulfill your request. We may do one of the following: (1) permanently delete your information from our systems; (2) deidentify your information; or (3) aggregate your information in accordance with CCPA requirements.

A denial of a deletion request may occur if ASH requires the use of your personal information to complete a transaction or provide services on your behalf, to detect security incidents and prosecute those responsible, to debug and repair errors that impair existing functionality, to exercise free speech or allow you to exercise free speech or any other right, to comply with the California Electronic Communications Privacy Act, to engage in public or peer-reviewed research with informed consent if deletion would seriously impair the achievement of such research, to enable solely internal uses that are reasonably aligned with the business relationship between you and ASH, or to comply with a legal obligation.

No Fee for Requests for Rights to Know/Access/Portability, Correct or Delete: ASH does not charge a fee to exercise these rights. However, should we receive CCPA-related requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we reserve the ability to refuse to act on the request. If we refuse your request on this basis, we will notify you of the reason why.

Right to Non-Discrimination: You have the right to exercise your privacy rights to know and to delete without facing discrimination of service or product offerings. Your use of Active&Fit Enterprise will remain the same whether you exercise your Right to Know or Right to Delete under the CCPA.

Right to Authorize an Agent: You have the right to authorize an agent to communicate on your behalf. To authorize an agent, you may fill out this form. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Authorize Agent by calling Active&Fit Enterprise Customer Service at 877-771-2746.

ASH will verify your request by matching information provided by you in the Right to Authorize an Agent Form to information housed in our internal systems.

Additionally, if you have provided your agent with Power of Attorney, you do not have to fill out our form but will need to provide a valid copy of the Power of Attorney documentation.

If we are unable to verify the request, we will deny the request and provide notice of such denial.

VIRGINIA RESIDENTS: YOUR VIRGINIA PRIVACY RIGHTS

The Virginia Consumer Data Protection Act (“VCDPA”) provides Virginia residents with specific rights related to the collection, use and disclosure of their personal information by us.

While our privacy practices have adopted many of the VCDPA requirements across our program, this section discusses specific rights and elements applicable to persons who are Virginia residents at the time we collected, used or disclosed your personal information.

Your rights in relation to your information:

Right to Know: You have the right to request that ASH disclose what personal information we have collected, used, disclosed, and sold.

To request this information, you may fill out this form. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Virginia Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Know by calling Active&Fit Enterprise Customer Service at 877-771-2746.

ASH will verify your request by matching information provided by you in the Right to Know Form to information housed in our internal systems.

Right to Access and Portability: You have the right to receive a copy of your personal information we maintain in an easily readable electronic format. To request this information, you may fill out this form and select the option to receive a copy of the associated data.

ASH will verify your request by matching information provided by you in the Right to Know and Access Form to information housed in our internal systems.

If we are unable to verify the request, we will deny the request and provide only general information about the type of personal information we process as outlined in this document. ASH may also deny requests if you submit the Right to Know and Access Form more than twice in a calendar year or if your request is not submitted online or using the email, phone number, or address designated above. If we deny your request you have a right to appeal that decision. To appeal, you may fill out this form. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Virginia Privacy Rights” or by mailing said form to our address below. You may also call (877) 771-2746. We will reply to your appeal in writing within 60 days of receipt. If we deny your appeal we will provide instructions for how you can submit a compliant with the Virginia Attorney General.

Right to Correct: You have the right to have inaccurate personal information we maintain about you corrected. To request this information, you may fill out this form to specify which information requires correction.

You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Virginia Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Correct by calling Active&Fit Enterprise Customer Service at 877-771-2746. ASH will verify your request by matching information provided by you in the Right to Correct Form to information housed in our internal systems.

If we deny your request you have a right to appeal that decision. To appeal, you may fill out this form to specify which information requires correction. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Virginia Privacy Rights” or by mailing said form to our address below. You may also call 877-771-2746. We will reply to your appeal in writing within 60 days of receipt. If we deny your appeal we will provide instructions for how you can submit a compliant with the Virginia Attorney General.

Right to Delete: You have the right to request the deletion of your personal information collected or maintained by the ASH.

To request this information, you may fill out this form. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Virginia Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Delete by calling Active&Fit Enterprise Customer Service at 877-771-2746.

If we are unable to verify the request, we will deny the request and provide notice of such denial. ASH may also deny requests if you submit the Right to Delete Form more than twice in a calendar year or if your request is not sent to the designated email, phone number, or address. If we deny your request you have a right to appeal that decision. Our response to you will include instructions on how you can appeal the denial.

A denial of a deletion request may occur if ASH requires the use of your personal information to complete a transaction or provide services on your behalf, to detect security incidents and prosecute those responsible, to debug and repair errors that impair existing functionality, to exercise free speech or allow you to exercise free speech or any other right, to engage in public or peer-reviewed research with informed consent if deletion would seriously impair the achievement of such research, to enable solely internal uses that are reasonably aligned with the business relationship between you and ASH, or to comply with a legal obligation.

To appeal a denial, you may fill out this form to specify which information requires correction. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Virginia Privacy Rights” or by mailing said form to our address below. You may also call 877-771-2746. We will reply to your appeal in writing within 60 days of receipt. If we deny your appeal we will provide instructions for how you can submit a compliant with the Virginia Attorney General.

No Fee for Requests for Rights to Know/Access/Portability, Correct or Delete: ASH does not charge a fee to exercise these rights. However, should we receive VCDPA-related requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we reserve the ability to refuse to act on the request. If we refuse your request on this basis, we will notify you of the reason why.

Program Contact Information

Questions and requests may be submitted using the following contact information:

U.S. Mail

Active&Fit

Active&Fit Customer Service
P.O. Box 509117
San Diego, CA 92150-9117

1-877-771-2746, 5 am to 6 pm Pacific Time, Monday through Friday (except for federal holidays).

fitnessservice@ashn.com

Healthyroads

Healthyroads Customer Service
P.O. Box 509040
San Diego, CA 92150-9040

1-877-330-2746, 5 am to 6 pm Pacific Time, Monday through Friday (except for federal holidays).

Service@healthyroads.com

Silver&Fit

Silver&Fit Customer Service
P.O. Box 509117
San Diego, CA 92150-9117

1-877-427-4788 (TTY/TDD 711), 5 am to 6 pm Pacific Time, Monday through Friday (except for federal holidays).

fitnessservice@ashn.com

If you need assistance with or require this Privacy Statement in an alternative format, please contact us.

Privacy and Security Contact Information

ASH has a designated Privacy Officer and an Information Security Officer to oversee our privacy and security programs. You may direct questions about these programs to these individuals by either calling any of the above customer service phone numbers or emailing HIPAA@ashn.com.

Use of this Mobile App is governed by the User Agreement.