Effective Date: January 1, 2019
The Body Shoppe NJ, LLC and its subsidiaries operating under The Body Shoppe brands, (collectively, “Shoppe,” “we,” “us,” “our”) respect your privacy and are committed to protecting the personal data we hold about you. If you have questions, comments, or concerns about this Privacy Notice or our processing of personal data, please see the bottom of this Privacy Notice for information about how to contact us. The Body Shoppe is the data controller of the personal data collected, and is responsible for the processing of your personal data.
This Privacy Notice explains our practices with respect to personal data we collect and process in connection with your relationship with us. This includes information we collect through, or in association with, our website with a home page located at www.thebodyshoppenj.com, any related apps that we may provide, together with all products and services we may offer from time to time via our website and/or related apps, at our gym locations, our related social media sites, or otherwise through your interactions with us (the website, apps, products, services, locations, and social media pages, collectively, the “Services”). If you are providing information through the Services on behalf of someone else (e.g., a colleague, employee, family member, friend, significant other, etc.) you hereby represent that you have the right to do so and that you have provided such party with a copy of this Privacy Notice, and all references to “you” or “your” data or personal data herein refers to the data or information of both you and such individual, as applicable.
Please review the following to understand how we process and safeguard personal data about you. By using any of our Services, whether by visiting our website, a The Body Shoppe location, or otherwise, and/or by voluntarily providing personal data to us, you acknowledge that you have read and understand the practices contained in this Privacy Notice. This Privacy Notice may be revised from time to time, so please ensure that you check this Privacy Notice periodically to remain fully informed.
Table of Contents
Overview / What Information Do We Collect?
Information You Share with Us / Information Collected Automatically / Information Obtained from Third Parties
How Do We Process Personal Data? / Operational Uses / Marketing Uses / Sharing of Personal Data
Protecting Personal Data / Retention of Personal Data / Your Rights Regarding Personal Data
Accessing, Modifying, Rectifying, and Correcting Collected Personal Data
Your New Jersey Privacy Rights / Your Choices / Communications Opt-Out / Location Information
Cookies, Web Tracking, and Advertising / Other Important Information About Personal Data and the Services
Collection of Personal Data from Children / Third-Party Apps, Websites and Services / Business Transfer
Do Not Track / International Use / Modifications and Updates to this Privacy Notice
Applicability of this Privacy Notice / Additional Information and Assistance
What Information Do We Collect?
We collect a variety of personal data from and about you through the Services, including:
When you provide it to us directly, whether by signing up for an account on our online Services and/or becoming a The Body Shoppe member; through our apps, websites, and social media pages; or in-person at one of our locations; Automatically through digital logging and analytics tools, cookies, and pixel tags; and as a result of your use of and access to Services, both in person and online; and From third-party sources, including corporate health initiatives, membership, and wellness programs; ad networks that provide online behavioral advertising and retargeting/remarketing services; service providers such as commercial email and marketing providers, sweepstakes providers, and survey providers; third-party platforms where we post job openings; analytics providers such as Google Analytics and Adobe Omniture; and through your interactions with us or our accounts and pages on social media websites. In addition, we offer features that enable users to connect their third-party fitness devices or third-party applications (collectively “Third Party Apps”) to the Services in order to utilize certain features and functionalities, and we collect information from certain Third-Party Apps when these features are used.
You have choices about certain information we collect. When you are asked to provide information, you may decline to do so; but if you choose not to provide information that is necessary to provide any aspect of our Services, you may not be able to use those Services. In addition, as noted below in the section captioned “Your Choices” it is possible to change your browser settings to block the automatic collection of certain information.
Finally, we may collect data from or about you that is not identifiable to you or otherwise associated with you, such as aggregated data, and is not personal data. To the extent this data is stored or associated with personal data, it will be treated as personal data; otherwise, the data is not subject to this notice.
Information You Share with Us. We collect personal data from you when you provide it to us, including when you sign up for a Shoppe membership, trial membership, sweepstakes, or user account; fill out Shoppe forms, surveys, and questionnaires; place orders for products or services, interact with us on social media; or contact us with questions or comments. For example, if you sign up for a Shoppe membership, we collect your first, middle, and last name, email address, mailing address, billing address, payment information, birth date, employer, gender, telephone number, photograph, order history, and any other information you may optionally provide. You may also be asked additional optional questions about your lifestyle, fitness goals, and your interest in additional Shoppe services such as personal training and/or group classes. Similarly, if you sign up for an online user account through our Services, we collect your last name, email address, password, and Shoppe member barcode.
If you purchase products or services (such as memberships for people other than you, merchandise, and/or personal training appointments) from us, you must provide us with information to process that request, (including but not limited to member number and credentials, email address, first and last name, billing address, shipping address (if applicable), payment information, and any other information you may optionally provide, such as telephone number). You can choose to sign up for email notifications about us and/or our affiliates through the Services by providing us with your email address. We also collect information you enter into forms on the Services, even if you do not finish filling out the forms or click “Submit” at the end. If you contact us with questions, requests, or complaints, or to exercise your legal rights, we collect personal data sufficient to answer your questions, address your requests, and/or handle your complaints, as applicable. In certain situations, we may also require you to provide personal data to authenticate your identity in order to carry out your requests.
Finally, we collect personal data you provide to us when you apply for a job through the Services.
Information Collected Automatically. When you use our Services (including both online Services and our physical locations), we collect information about your use of the Services.
Information Collected at The Body Shoppe. We collect information about gym check-ins and check-outs; Services, equipment, and offerings used; your location in the gym; participation in training sessions; and in-gym purchases. We use security cameras to monitor our premises and identify visitors.
Cookies, Web Tracking, and Analytics. When you browse or use our online Services, we utilize commonly-used logging and analytics tools, including Google Analytics, Adobe Omniture, and Hotjar, to collect information about your device, the network used to access the Services, and information about your use of the Services (such as how you navigate and move around the Services). Information collected automatically through use of our in-gym WiFi and our online Services includes the software and hardware attributes of the device you use to access the Services, unique device ID information, regional and language settings, performance data about the Services, network provider, and IP address (a number assigned to your device when you use the Internet). In addition, information is collected passively in the form of log files and third-party analytics that record website activity. For example, log file entries and analytics data are generated every time you visit a particular page on our website, download our app, use our app, and track the dates and times that you use the Services, the pages you visit, the amount of time spent on specific pages, your interactions with the Services, other similar usage information, and general data (including the name of the web page from which you entered our website). We also use certain technologies on our online Services, including cookies and pixel tags, that allow us, our service providers, and other third parties to store information locally on your device, identify your device, track your activity within our Services, track your interactions with other sites or with our email campaigns, and track activity over time and across websites and devices. These technologies allow us to personalize and enhance your experience in regard to our Services, to save and collect information entered into forms on the Services, to collect data about your visit to our Services (including learning about how our users navigate and use the Services), to help diagnose problems with our servers, to administer the Services, to evaluate the effectiveness of our marketing and advertising campaigns, to permit analytics providers to gather information about your visit to the Services, to permit advertisers to collect information about your online activity and target advertising to you that is relevant to your interests as determined from your online activity (also known as “online behavioral advertising”), and to gather broad demographic information about our users. Please see the Your Choices section of this Privacy Notice for more information about cookies and other web tracking technologies on the Services; for information about how you can reject, delete, or prevent cookies from being placed on your system; and how you can opt out of, limit, or prevent certain web tracking technologies and/or advertising providers from collecting information about you.
Location Information: If you permit the Services to access information about your device’s location (including global positioning system (“GPS”) or general location information derived from the network you use to access the Services), we collect the precise or general location information provided by your device to market to you, identify the most convenient gym location for members and potential members, serve member content (including advertising, promotions, and notifications) based on location, and make the check-in and payment process more convenient for our members. See the Your Choices section below for more information about how to disable or limit the collection of GPS data.
Information Obtained from Third Parties. We receive personal data from partners. For the purposes of this Privacy Notice, “partners” means service providers, licensors, vendors, manufacturers, distributors, affiliates, or other third parties with which we have a business relationship.
These partners include service providers and vendors that provide live chat functionality on the Services; commercial email providers; marketing and advertising services; survey, special offer, and sweepstakes providers; and analytics providers such as Google Analytics, Adobe Omniture, and Hotjar. We also receive personal data from the operators of third-party job sites and platforms where we post job openings. We also receive personal data from corporate health initiatives, corporate membership, and wellness programs about participants in those programs. If you choose to interact with us or our partners on social media such as by posting to our pages, tagging us (or using certain hashtags or other identifiers) in posts, interacting with or commenting on our posts or pages, or participating in activities, we may collect certain information from the social media account you use to interact with us, including the name associated with the account, the account handle, recent activity, the content of any posts in which we are tagged, and other information that may be contained on your social media profile to allow us to respond to the posts and understand and engage with our audience. As noted above, if you connect Third-Party Apps to the Services in order to utilize certain features and functionalities, we collect information from such Third-Party Apps when these features are used.
How Do We Process Personal Data?
We process personal data for two general purposes:
For our business operations (including communicating with you, fulfilling orders, providing information about our products and services, improving the Services, and complying with applicable legal requirements); and To market and promote our, and our partners’, products and offerings. We disclose personal data to our service providers and partners to allow them to provide services to us and assist in carrying out your requests, and to our partners in aggregate, demographic form in connection with our marketing and business development efforts.
In addition, we may disclose information we maintain, including personal data: when permitted or required to do so by law; in response to a request from a law enforcement agency or authority or any regulatory authority; and/or to protect the integrity or security of the Services or our interests, rights, property, or safety, and/or that of our personnel, members, users, visitors, and others.
See the Your Choices section below for information about how you can make decisions about how we process personal data, including how to opt out of certain marketing communications.
Operational Uses. We process your personal data as part of our operations, which include:
Processing orders and enrollments, providing you with information tailored to your requests, responding to inquiries, and delivering services and products; Providing a more personalized, relevant, and curated experience to our members, users, and personnel. Evaluating queries and applications for employment. Operating, maintaining, and improving the quality of the Services and the services, content, and products we make available through the Services; Communicating with you by email, mail, text message (SMS, MMS), telephone, push notification, and other methods of communication, in each case with your consent, if such consent is required in accordance with applicable laws, about products, services, order status, and other topics; Compliance with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies; Endeavoring to protect our and our partners’ rights, property, or safety, and the rights, property, and safety of our personnel, members, users, visitors, and other third parties; and For other purposes, as permitted or required by law.
Marketing Uses. We process your personal data to send messages to you about us, our partners, and the products and services we and our partners offer, which may from time to time include contests, rewards, sweepstakes, events, new offerings, and special offers for products and services. Personal data you enter into incomplete or unsubmitted forms on the Services may be processed to send you reminders about completing the forms, as well as to save that information to make completing the forms easier. These communications will only occur with your prior consent, if such consent is required in accordance with applicable laws. We also process personal data collected through social media platforms and web tracking technologies to market to and understand our audience.
We do not disclose personal data to third parties for their own direct marketing purposes.
Sharing of Personal Data. Some of the above processing involves sharing collected personal data with third parties, including service providers, affiliates, and other partners. We share personal data with third parties when you ask us to do so; We share personal data among our affiliated entities;
We share personal data with service providers that provide services to The Shoppe and/or to you directly, including: payment processors and point-of-sale platforms, order processing and fulfillment services, and providers of in-gym services; partners that assist The Shoppe with marketing, advertising, and business development such as analysts, consultants, and commercial mail and email providers; partners that assist The Shoppe with its operations and infrastructure, including analysts and engineers, operations consultants, software and Web developers, security consultants, hosting providers, job application platforms; and other vendors we engage so that they may provide services to us or on our behalf; We share personal data we collect in aggregated, demographic form, with certain partners and prospective partners in order to provide us and/or our affiliates and partners with information about the use of the Services and levels of engagement with the Services, to allow us to enter into new business relationships, and to allow us to market products or services on their behalf; and
We share personal data with third parties when we believe it is required by, or necessary to comply with, applicable law.
Protecting Personal Data
We employ reasonable physical, technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of personal data. However, no method of safeguarding information is completely secure. While we use measures designed to protect personal data, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Services is or will be secure.
Retention of Personal Data.
We retain personal data to the extent we deem necessary to carry out the processing activities described above, including but not limited to compliance with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, and to the extent we reasonably deem necessary to protect our and our partners’ rights, property, or safety, and the rights, property, and safety of our personnel, members, users, visitors, and other third parties.
Your Rights Regarding Personal Data
You have a variety of legal rights regarding the collection and processing of personal data. You may exercise these rights, to the extent they apply to you, by contacting us as provided at the end of this Privacy Notice, or by following instructions provided in this Privacy Notice or in communications sent to you. Please be prepared to provide reasonable information to identify yourself and authenticate your requests. Note, however, that we may request certain reasonable additional information (that may include personal data) to help us authenticate the request and/or to clarify or understand the scope of such requests. These rights vary depending on the particular laws of the jurisdiction applicable to you.
Accessing, Modifying, Rectifying, and Correcting Collected Personal Data. We strive to maintain the accuracy of any personal data collected from you, and will use commercially reasonable efforts to respond promptly to update our database when you tell us the information in our database is not accurate. However, we must rely upon you to ensure that the information you provide to us is complete, accurate, and up-to-date, and to inform us of any changes. Please review all of your information carefully before submitting it to us, and notify us as soon as possible of any updates or corrections.
If you wish to access, review, or make changes to certain personal data you have provided to us through the Services, you may do so at any time through your account on the Services, at gym locations, and/or by contacting us as provided below. In accordance with applicable law, you may have the right to access or obtain from us certain personal data in our records by contacting us as provided at the end of this Privacy Notice. Please note, however, that we reserve the right to deny access as permitted or required by applicable law.
In addition to your choices with respect to the collection of personal data (see What Information Do We Collect? above), you have the ability to make certain choices about how we communicate with you, and how we process certain personal data.
Communications Opt-Out. You may opt out of receiving marketing or other communications from us at any time through a given communications channel (such as email or telephone) by following the opt-out link or other unsubscribe instructions provided in any email message received, by contacting us as provided at the end of this Privacy Notice. Note that if you do business with us, you may not, subject to applicable law, opt out of certain automated notifications, such as order or subscription confirmations, based on business transactions (e.g., e-commerce).
Location Information. If you want to limit or prevent our ability to receive location information from you, you can deny or remove the permission for certain Services to access location information or deactivate location services on your device. Please refer to your device manufacturer or operating system instructions for instructions on how to do this.
Other Important Information About Personal Data and the Services.
Our Privacy Notice also includes information about other practices with respect to personal data, including:
Collection of personal data from children;
Links and references to third-party websites and services on our Services:
What happens to personal data in the event we sell or transfer some or all of our business;
How we respond to “Do Not Track” requests; and
Information about where we process and transfer personal data.
Collection of Personal Data from Children. We offer Shoppe membership to individuals who are at least 18 years of age. We also permit teenagers that are at least 16 years of age to join with written parental consent. Similarly, the Services are intended for use by adults and authorized individuals aged 16 to 18, and by using the Services, you represent that you are 18 years of age or older, or are 16 years of age or older and have valid parental consent to do so. Children under 16 years of age are not permitted to use the Services, and we do not knowingly collect information from children under the age of 13.
Third-Party Apps, Websites and Services. As a convenience, we may reference or provide links to third-party websites and services, including those of unaffiliated third parties, our affiliates, service providers, and third parties with which we do business (including, but not limited to, Third-Party Apps, social media platforms, Google Maps, third-party partnerships, job application sites, and Amazon Web Services. When you access these third-party services, you leave our Services, and we are not responsible for, and do not control, the content, security, or privacy practices employed by any third-party websites and services or Third-Party Apps. You access these third-party services and Third-Party Apps at your own risk. This Privacy Notice does not apply to any Third-Party Apps or services; please refer to the privacy notices or policies for such third-party services for information about how they collect, use, and process personal data.
Business Transfer. We may, in the future, sell or otherwise transfer some or all of our business, operations or assets to a third party, whether by merger, acquisition or otherwise. Personal data we obtain from or about you via the Services may be disclosed to any potential or actual third-party acquirers and may be among those assets transferred.
Do Not Track. We use analytics systems and providers and participate in ad networks that process personal data about your online activities over time and across third-party websites or online services, and these systems and providers provide some of this information to us. We do not currently process or comply with any web browser’s “do not track” signal or similar mechanisms.
Note, however, that you may find information about how to opt out of, block, or reject certain online tracking technologies (including certain analytics and online behavioral advertising and remarketing tracking technologies) in the Your Choices section above.
International Use. Your personal data will be stored and processed in the United States and other jurisdictions. If you are using the Services from outside the United States, by your use of the Services you acknowledge that we will transfer your data to, and store your personal data in, the United States, which may have different data protection rules than in your country, and personal data may become accessible as permitted by law in the United States, including to law enforcement and/or national security authorities in the United States.
Modifications and Updates to this Privacy Notice
This Privacy Notice replaces all previous disclosures we may have provided to you about our information practices with respect to the Services. We reserve the right, at any time, to modify, alter, and/or update this Privacy Notice, and any such modifications, alterations, or updates will be effective upon our posting of the revised Privacy Notice. We will use reasonable efforts to notify you in the event material changes are made to our processing activities and/or this Privacy Notice, such as by posting a notice on the Services or sending you an email. Your continued use of the Services following our posting of any revised Privacy Notice will constitute your acknowledgement of the amended Privacy Notice.
Applicability of this Privacy Notice
This Privacy Notice does not apply to information from or about you collected by any third-party services, Third-Party Apps, or advertisements associated with, or websites linked from, the Services. The collection or receipt of your information by such third parties is subject to their own privacy policies, statements, and practices, and under no circumstances are we responsible or liable for any third party’s compliance therewith.
Additional Information and Assistance
If you have any questions or concerns about this Privacy Notice and/or how we process personal data, please contact us at:
The Body Shoppe
135a Hawkins Place
Boonton, NJ 07005