DashLX Privacy Policy

1. Your Consent

Your access to and use of our Platform and Services are subject to our Terms of Use and this Privacy Policy and all applicable laws. By accessing or using our Platform and Services in any way, you consent to our Terms of Use and our Privacy Policy. We encourage you to read all sections of both documents carefully.

2. Information Collection & Usage

2.1 Why Data Is Collected

We collect your Data to provide and enhance our Services (more detail in Section 2.4: Uses of Collected Data). These Services are designed to enable data sharing between individual Users like you and our Customers, who generally fall into the following categories: (a) Consumer brands (e.g., running shoe companies, apparel companies, sporting goods & accessories manufacturers, retailers), (b) Research organizations (e.g., university labs, scientific research institutions), (c) Event & experience companies (e.g., race registration platforms, event producers), (d) Content and media companies (e.g., digital publications), (e) Healthcare companies.

Our primary goal in collecting and sharing Data via the Platform and Services is to enable individual Users like you to derive more value from the Data generated by your Devices and Apps (defined below) such as wearables and mobile devices. The Platform and Services are designed to help you and other Users to:

1. Seamlessly participate in programs and initiatives that our Customers are offering in exchange for accessing your Data.
2. Enjoy and benefit from refined and more personalized products, services, and experiences (e.g., recommendations, communications, gamification campaigns) offered by our Customers who have access to your Data and the Data of other Users within a Cohort.
3. Gain access to the various perks and rewards these Customers offer in exchange for access to your Data, including but not limited to providing: (a) Special access to sales, products, discounts, events, and promotions, (b) Loyalty or rewards benefits, such as points or status, (c) Opportunities to preview, test, or win merchandise, (d) Opportunities to participate in and contribute to research and product development, (e) Acknowledgment and/or rewards for your actions and achievements, such as being rewarded for exercising.

With your consent, we share your Data with our Customers to help them better understand the lifestyles, habits, preferences, and needs of their customers. We do this with the expectation that this sharing will help achieve one or more of these ways for you to realize value in exchange for your Data. If you feel that our data-sharing practices do not align with this goal, we encourage you to contact us with your concerns or to stop using our Platform and Services.

2.2 Types of Devices and Apps

We collect information from the devices and apps (“Devices and Apps”) that you choose to connect via our Input Sources. The types of Devices and Apps include: (a) Fitness & activity trackers (e.g., GPS sport watches, bike computers, heart rate monitors, footpods), (b) Mobile phones, (c) Wearable technologies (e.g., smart watches, rings, sunglasses), (d) Aggregator apps and services (e.g., Apple Health, Google Fit, Strava), (e) IoT devices (e.g., digital scales, connected mattresses).

2.3 Types of Data Collected

While you are using our Platform and Services, we obtain your Data from several sources as follows. In most places, your Data is considered personal data and/or personal information and includes your name, email address, phone number, and data collected via your Devices and Apps. Some of that data is considered sensitive or special category data as it includes data designed to measure your heart rate, sleep patterns, and the distance you’ve traveled via activities such as walking, biking, or running. We only collect this sensitive Data with your consent.

2.3.1 Platform Data

We collect information from the Devices and Apps you connect to our Platform in the course of your using the Services. For example, you may connect your smartwatch or mobile phone account to our Platform, and information from these Devices and Apps will be passed along to our Platform via an API.

We also gather the information that you directly input or share on the Services, such as when you register to create a DashLX account. For example, many Users choose to provide us with their name, height, birth date, gender, and weight as part of their account profile. Some Users also ask us questions about their account or how to use the Platform and Services more effectively. To the extent you email us or participate in a survey or other communication we initiate, we gather that information as well. For purposes of clarity, this is your Data as well.

2.3.2 Usage Data

We may collect information related to how you access and use our Platform and Services. This Data may include information such as your computer's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Website and/or Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data. For purposes of clarity, this is your Data as well.

2.3.3 Device and App Data

We collect information about the Devices and Apps that you choose to connect with. Some of this data is considered sensitive or special category data as it includes data designed to measure your heart rate, sleep patterns, and the distance you’ve traveled via activities such as walking, biking, or running. We only collect this sensitive Data with your consent.

2.4 Uses of Collected Data

2.4.1 Our Use of Your Data

As described in Section 2.1, our primary goal in collecting and sharing information via the Platform and Service is to enable individual Users like you to derive more value from the Data generated by your Devices and Apps.

We also use your Data to:

1. Provide and maintain the Platform and Services as described above.
2. Notify you about changes to our Services.
3. Deliver instructions, updates, tips, and other relevant information you choose to receive.
4. Allow you to participate in interactive and/or personalized features of our Platform and Services.
5. Allow you to participate in activities and events that we support, to the extent that you explicitly opt-in to them.
6. Allow you to participate in Cohorts and similar relationships with Customers, to the extent you explicitly opt-in to these relationships.
7. Facilitate, conduct, or publish research.
8. Provide technical support (e.g., for Users with Devices and Apps which are not connecting properly).
9. Improve our Platform and Services performance, layout, and features through better understanding of Users and their usage patterns with respect to the Services.
10. Monitor the usage, performance, and security of the Services.
11. Prevent, detect, and address technical issues.
12. As described in Section 2.4.2.

2.4.2 Our Sharing of Your Data with Third Parties and Their Approved Use of Your Data

2.4.2 .1 Customer Cohorts

The Services include participation in Cohorts that one of our Customers has asked us to establish. For example, we may share identifiable personal data such as your name, email address, date of birth, and phone number. We may also share your age, gender, and data collected via Devices and Apps. Finally, we may aggregate your Data with that of other Users to create aggregate insights (such as the number of runners that participated in a particular marathon on a particular day).

If you choose to join a Cohort to receive Services that are available to members of that Cohort, we ask you for your consent to our sharing of different types of your Data with the relevant Customer. In each instance, the information that we ask you to share will be specified at the time that you consent, and you may modify or terminate your consent at any time by visiting your personal Exchange page, which you can find via the link at: https://www.dashlx.com/user-manage-connections.

You can review the Cohorts in which you have chosen to participate from within your DashLX account at any time, as well as the Data that you are sharing with us and with each Customer as a result. In that same DashLX account, you can change the Cohorts in which you participate and the Data you share.

To the extent you have asked us to share your Data with a Customer, you should familiarize yourself with that entity’s privacy policy and terms of use. Customers and Input Sources with whom we share your Data have entered into written agreements with us that require them to properly safeguard your Data. These written agreements include requirements for them to comply with reasonable requests and/or instructions from you that we relay to them regarding the use of your Data.

2.4.2.2 Our Service Providers

We may employ third-party companies and individuals to facilitate our Services, to provide the Services on our behalf, to perform Services-related tasks, or to assist us in analyzing how our Platform and Services are used (collectively, our "Service Providers"). For the Website, Service Providers help with site analytics and site hosting. For the Platform and Services, Service Providers provide cloud hosting, infrastructure support, email and SMS messaging, survey creation and associated data collection, security and fraud prevention, ticketing systems, and similar services. We also use Service Providers as part of our regular business activities to help with billing, customer management, and sales initiatives. Service Providers have access to your Data only to perform these tasks on our behalf and are obligated not to sell, disclose, or otherwise use it for any other purpose.

2.4.2.3 Service Providers for Our Customers and Input Sources

Our Customers and Input Sources may also employ third-party companies and individuals to process Data to perform certain tasks on their behalf. For example, a Customer may instruct us to send your Data to their third-party agents to deploy emails or SMS marketing and other messages to you and other Users. While we require each Customer to describe those types of relationships in their privacy policies, and to otherwise ensure that such Data is processed in accordance with applicable law, we are not responsible for the privacy practices of any Customer or Input Source. We encourage you to carefully read the privacy policy and other important terms for any organization that you patronize. As outlined in Section 2.4.2.1, you can review and modify the Data you are sharing with us or our Customers at any time. For more information about the data subject rights that may be available to you, please review Section 2.6.

2.4.2.4 Our Cookies Policy

Our policies regarding our use of cookies are specified in our DashLX Cookies Policy, which you can find at: https://www.dashlx.com/cookie.

2.5 Protection of Data

2.5.1 Security Measures

The security of your Data is important to us, and we work hard to protect your information. We strive to take reasonable and commercially appropriate measures to protect your Data and any other data going through our systems from loss and misuse of any kind. Note that no method of transmission over the Internet or method of electronic storage is 100% secure, and that we cannot guarantee absolute security.

2.5.2 Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside of the United States and choose to provide information to us, please note that we transfer your Data, including any “Personal Data” as that term is defined under EU or UK data protection laws, to the United States and process it there.

We will take all steps reasonably necessary to ensure that your Data is treated securely and in accordance with this Privacy Policy, and to ensure that no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place, including the security of your Personal Data.

2.5.3 Disclosure of Data

We may disclose your Personal Data in the good faith belief that it is necessary to:

• Comply with a legal obligation.
• Protect and defend the rights or property of DashLX.
• Prevent or investigate possible wrongdoing in connection with the Services.
• Protect the personal safety of Users of the Services or the public.
• Protect against legal liability.

Finally, DashLX may transfer your Data to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change. If DashLX is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Website of any change in ownership or uses of your Data, as well as any choices you may have regarding your Data.

2.5.4 Third-Party Links

Our Platform and Services may contain links to other websites or services that are not operated by us. Additionally, other Users may provide you with links to third-party websites or applications. If you click on a third-party link, you will be directed to an external site or service. We have no control over and assume no responsibility for the content, policies, or practices of any third-party sites or services. We strongly advise you to review the policies of every site or service you visit.

2.6 Your Access to & Control Of Collected Data (Data Subject Rights)

We offer a number of data subject rights as mandated by applicable law. As a User of our Platform and Services, you may review, alter, or remove your Data in a number of ways.

• Identifiable Personal information (e.g., your name, birthdate, phone number) and some Data can be directly accessed, added, removed, updated, or corrected by logging into the Platform and Services and navigating to the Account page.
• You can manage our ability to continue collecting Data by managing the Devices and Apps you have linked to our Platform and Services. These connections and authorizations can be disabled at any time from within your DashLX account to prevent further transfer of your Data obtained from your Devices and Apps to DashLX (e.g., data we obtain from Garmin Connect via their API).
• You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. This may impact your ability to use the Platform and Services and may not impact your Data previously collected via the Platform and Services.
• You can review the Cohorts in which you have chosen to participate from within your DashLX account at any time, as well as the Data that you are sharing with us and with each Customer as a result. In that same DashLX account, you can change the Cohorts in which you participate and the Data you share.
• You can review and disconnect (a) the connection between any Input Sources and DashLX and/or (b) the connection between DashLX and any DashLX Customer.
• Depending on where you are located, you may also have the right to request that we provide all data we have about you so that you may port it over to another provider.

The following rights may be available even if you have not created a DashLX account:

• You may opt out of receiving promotional emails from DashLX by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as emails about your DashLX account or our ongoing business relationship. An individual wishing to limit the use or sharing of their Data should do so by accessing their DashLX account or by contacting DashLX at privacy@dashlx.com.
• Upon your written request sent to privacy@dashlx.com – and after verifying your personal identity in association with such request – we will remove or alter personal information from our database.
• If you are a job applicant, Customer, or Input Source of DashLX and have provided this kind of information, you can also contact us via email with a request to view the information we have in our systems. We will respond within the legally mandated time.

Users located in the European Economic Area (EEA), Switzerland, and the UK may have additional rights available to them and should review Section 3.2.

3. Specific Notices

3.1 Children’s Data

Our Services are not directed at nor intended for anyone under the age of 16, and use of our Platform and Services is strictly limited to Users that are 16 years of age and older. We do not knowingly collect or store any information or Personal Data for anyone under the age of 16. By accessing or using our Service, you represent that you are at least 16 years of age. If you are a parent or guardian of a child under age 16 who has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from any child under age 16, we take steps to remove that information from our servers.

3.2 EU, UK, and Swiss Individuals

If you are based in the European Economic Area (EEA), the United Kingdom, or Switzerland: DashLX is responsible for processing your Data, including your personal data. The General Data Protection Regulation (GDPR) governs our processing in the EEA. Switzerland and the United Kingdom have similar data protection laws. Under the definitions of “Controller” and “Processor” under these laws, DashLX is processing your Data as a Controller of personal data.

3.2.1 Legal Basis for Processing Your Data

When we process your Data, including any personal data for the Platform and Services as described above, we use consent as our legal basis for such processing. When we aggregate data in order to provide certain aspects of the Services for our Customers, we reserve the right to engage in such processing under our legitimate interest after having conducted an assessment ensuring that such interest is not outweighed by the rights or freedoms of individual data subjects. EU, UK, and Swiss individuals may opt out of such processing via email at privacy@dashlx.com.

3.2.2 Data Subject Rights

DashLX acknowledges that EU, UK, and Swiss individuals have certain legal rights, including the right to complain to a local supervisory authority (e.g., the ICO in the UK) and the right to access the personal data that we maintain about them. If you are an individual residing in the EU, UK, or Switzerland and wish to access your personal data, correct or amend any inaccuracies, request the deletion of your data, object to our processing of your data, or withdraw your consent, you may submit your request by emailing us at privacy@dashlx.com. You may access some of your Data at any time via your DashLX account, where you can also manage your data-sharing preferences, control which data flows into and out of the Platform, and adjust the permissions for those data flows. To request full erasure of your data or to exercise other data subject rights, please contact us directly by emailing privacy@dashlx.com.

EU, UK, and Swiss individuals also have the following rights:

• The right to request that the personal data we hold about you be transferred to you or to a third party. We will provide your data in a structured, commonly used, and machine-readable format. This right applies only to automated information that you initially consented for us to use or that we used to perform a contract with you.
• The right to request access to any personal data we have collected if you are a job applicant, Customer, or Input Source of DashLX. You may contact us via email to view the data we hold in our systems. We will respond to your request within the legally mandated time frame. In the EEA, DashLX responds within 30 days.
• The right to access your personal data or exercise any other rights without incurring a fee. However, if your request is clearly unfounded, repetitive, or excessive, we may charge a reasonable fee or refuse to comply with your request in such circumstances.

Note that we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

3.2.3 Cross-Border Data Transfers

When we transfer your Data, including your personal data outside of the EEA, the UK, or Switzerland, we ensure it benefits from an adequate level of data protection by relying on Standard Contractual Clauses. The European Commission has approved contractual clauses under Article 46 of the GDPR that allow companies that collect personal data from data subjects located in the EEA to transfer data outside the EEA. These (and their approved equivalent for the UK and Switzerland) are called standard contractual clauses. We rely on standard contractual clauses to transfer information as described above to Customers and Input Sources in countries without an adequacy decision (e.g., the United States).

3.3 HIPAA

We are not a healthcare provider and are not a “covered entity” as that term is defined in the Health Insurance Portability and Accountability Act of 1996 (HIPAA). As a result, we are not subject to the security and privacy provisions of HIPAA regarding medical information.

3.4 ‘Do Not Track’

Some internet browsers incorporate a ‘Do Not Track’ (“DNT”) feature that signals to websites you visit that you do not want to have your online activity tracked. Our Services do not currently register, respond to, or modify their practices when they receive DNT signals.

3.5 California Residents’ Rights: CCPA

Californian Users of DashLX have additional rights afforded to them under the California Consumer Privacy Act (CCPA). These rights, and how we address them, may be found elsewhere in this Privacy Policy as follows:

• For more details about the personal information DashLX has collected in the past year, please see Section 2.3 “Types of Data Collected.”
• For more details on how DashLX uses that information, please see Section 2.4.1 “Uses of Collected Data – Our use of your Data.”
• For more details on who DashLX shares data with, please see Sections 2.4.2 “Uses of Collected Data – Our sharing of your Data with third parties and their approved use of your Data.”

DashLX does not “sell” (as defined in the CCPA) the personal information of DashLX Users.

The CCPA gives California consumers various rights with respect to the personal information we collect, including the right to (subject to certain limitations):

• Request to access the personal information DashLX has about you.
• Request that DashLX delete all of your personal information.

California Users may make a request by contacting us at privacy@dashlx.com. We will authenticate your request using the email address associated with your DashLX account and, if necessary, proof of residency.

4. Privacy Policy Changes

We may update our Privacy Policy from time to time. The Privacy Policy on the Website will always be the current, effective, and governing version of the Privacy Policy. The date of the latest update will be reflected at the start of this policy. We reserve the right to update our Privacy Policy at any time, without prior notice, and will consider the changes made to be effective immediately. We encourage you to review the current Privacy Policy regularly, as it governs your use of our Services. Your continued use of the Platform and Services after an update to this policy constitutes your acceptance of the revised Privacy Policy.

5. Contact Us

If you have any questions about the content of this Privacy Policy or need to contact us with any other questions or requests, please reach out to DashLX by email at privacy@dashlx.com or by mail at:

‍DashLX, Attn: Privacy Officer
2201 N Gemini Dr
Suite 102
Flagstaff, AZ 86004

Our Data Protection Officer may be contacted at dpo@dashlx.com.

‍EU Representative: VeraSafe
VeraSafe has been appointed as DashLX's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to DashLX, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

‍VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

‍UK Representative: VeraSafe
VeraSafe has been appointed as DashLX's representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation. If you are located within the United Kingdom, VeraSafe can be contacted in addition to or instead of DashLX, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003.

Alternatively, VeraSafe can be contacted at:

‍VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom