Last Updated: 2nd January 2024
BridgeAthletic, Inc. (“BridgeAthletic”, “we”, “our” or “us”) has created this Data Privacy Framework Program Notice (“Notice”) to describe its standards and procedures for handling Personal Information in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF ,and the Swiss-U.S. Data Privacy Framework (collectively the “DPF”).
BridgeAthletic, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. BridgeAthletic has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. BridgeAthletic has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/.
This Notice supplements our Privacy Policy https://www.bridgeathletic.com/privacy-policy. In case of conflict between the Privacy Policy and this Notice, this Notice prevails. In case of conflict between this Notice and the Principles, the Principles will govern. In this Notice, “Personal Information” means any information relating to an identified or identifiable natural person. “Controller” and “Processor” have the meaning given to them in the General Data Protection Regulation (EU) 2016/679.
We obtain and process Personal Information from the European Economic Area (“EEA”), the United Kingdom and Switzerland in different capacities:
As a Controller, we collect and process EEA, UK and Swiss Personal Information directly from individuals, either via our publicly available apps or websites (including https://www.bridgeathletic.com), or in connection with our customer, reseller, partner, and vendor relationships.
BridgeAthletic commits to subject to the Principles all Personal Information received from the EEA, the UK or Switzerland in reliance on the DPF as a Controller.
Our Privacy Policy https://www.bridgeathletic.com/privacy-policy in combination with this Notice describes our privacy practices, including the types of Personal Information collected and the purposes of the processing.
BridgeAthletic may transfer Personal Information to trainers, performance centers, EXPS and EXPS-affiliate sites as described in the Privacy Policy https://www.bridgeathletic.com/privacy-policy.
We remain responsible for the processing of Personal Information received under the DPF and subsequently transferred to a third party acting as a Processor if the Processor processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
BridgeAthletic takes reasonable and appropriate precautions, taking into account the risks involved in the processing and the nature of the Personal Information, to help protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Any Personal Information we receive may be processed by BridgeAthletic for the purposes indicated in our Privacy Policy (https://www.bridgeathletic.com/privacy-policy) or as otherwise notified to you. We will not process Personal Information in a way that is incompatible with these purposes unless subsequently authorized by you.
We take reasonable steps to limit the collection and usage of Personal Information to that which is relevant for the purposes for which it was collected, and to ensure that such Personal Information is reliable, accurate, complete and current. Individuals are encouraged to keep their Personal Information with BridgeAthletic up to date and may contact BridgeAthletic as indicated below or in the Privacy Policy (https://www.bridgeathletic.com/privacy-policy) to request that their Personal Information be updated or corrected.
If we intend to use your Personal Information for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized, or if we intend to disclose it to a third party acting as a Controller not previously identified, we will offer you the opportunity to opt out of such uses and/or disclosures where it involves non-sensitive information or opt in where sensitive information is involved.
You have the right to access to the Personal Information we maintain about you and to correct, amend or delete that information when it is inaccurate or has been processed in violation of the Principles by sending a written request as indicated in “Contact Us” below. We will review your request in accordance with the Principles, and may limit or deny access to Personal Information as permitted by the Principles.
We conduct an annual self-assessment of our practices regarding Personal Information intended to verify that the assertions we make about our practices are true and that such practices have been implemented as represented.
In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), BridgeAthletic commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact BridgeAthletic by utilizing the information at the bottom of this policy.
BridgeAthletic has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.
BridgeAthletic is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, BridgeAthletic may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
This Notice may be amended consistent with the requirements of the DPF. When we update this Notice, we will also revise the “Last Updated” date at the top of this document. Any changes to this Notice will become effective when we post the revised version on our website.
If you have any questions, concerns or complaints regarding our privacy practices, or if you’d like to exercise your choices or rights, you can contact us:
via email at info@bridgeathletic.com; or
by mailing to BridgeAthletic, Inc., P.O. Box 610123, Redwood City, CA 94061