Privacy Policy

Effective Date: This privacy statement was last revised on May 12, 2023.

This privacy statement discloses the privacy practices of Peloton Technologies, Inc. (“Peloton Technologies,” “Peloton,” “we,” “our,” or “us”) and all websites owned or operated by Peloton Technologies, Inc. and its subsidiaries and corporate affiliates.

For the purposes of this Privacy Policy, ‘Personal Information’ or ‘Personally Identifiable Information’ (PII) means information about an identified or identifiable individual, including, for example: an individual’s name, home address, telephone number, social insurance number, sex, income and family status. PII does not include information that would enable an individual to be contacted at a place of business, for example, an employee’s name, position or title, business telephone number, or business address. We will only collect, use or disclose personal information in accordance with this Statement, or in accordance with laws applicable to the collection, use and disclosure of your personal information by us (“Applicable Privacy Laws”).            

Your Privacy Is Important to Us

At Peloton Technologies, Inc., we value your trust and protecting your information will always be of the highest priority. By choosing us as your payment processing service provider, you can rest assured knowing that we are working diligently behind the scenes to maintain your privacy. As part of our ongoing commitment to our customers, we have created this privacy statement that details the information we collect, how we use it, who has access to it, and how it can be updated.

What Information We Collect

The types of information that we collect fall under two general categories: personally identifiable information (“PII”) and non-personally identifiable information (“non-PII”). PII consists of any information which can be used to specifically identify you as an individual, whereas non-PII consists of aggregate information or any information that does not reveal your identity. The following sections describe how your PII and non-PII may be collected by us, and how we use such information.

How We Collect and Use Information

  • Log Files. Any time you visit peloton-technologies, and any of its subdomains, including but not limited to the Merchant Portal (portal.peloton-technologies.com), jointly called the websites (the ‘Websites’), our servers automatically gather information from your browser (such as your IP addresses, browser type, Internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks) to analyze trends, administer the site, prevent fraud, track visitor movement in the aggregate, and gather broad demographic information. For example, we may log your IP address for system administration purposes. IP addresses are logged to track a user’s session. This gives us an idea of which parts of our site users are visiting. We do not share the log files externally.
  • Cookies. We use “cookies” to keep track of some types of information while you are visiting our website or using our services. Cookies are very small files placed on your computer, and they allow us to count the number of visitors to our website and distinguish repeat visitors from new visitors. They also allow us to save user preferences and track user trends. We rely on cookies for the proper operation of our website; therefore, if your browser is set to reject all cookies, the website will not function properly. Users who refuse cookies assume all responsibility for any resulting loss of functionality. We do not link the cookies to any PII.
  • Web Beacons. “Web beacons” (also known as “clear gifs” and “pixel tags”) are small transparent graphic images that are often used in conjunction with cookies in order to further personalize our website for our users and to collect a limited set of information about our visitors. We may also use web beacons in email communications in order to understand our customers. We do not link the web beacons to any PII.
  • hCaptcha. We may use the hCaptcha anti-bot service (hereinafter “hCaptcha”) on our website. This service is provided by Intuition Machines, Inc., a Delaware US Corporation ( “IMI”). hCaptcha is used to check whether the data entered on our website (such as on a login page, event page, payment page, or contact form) has been entered by a human or by an automated program. To do this, hCaptcha analyzes the behavior of the website or mobile app visitor, based on various characteristics. This analysis starts automatically as soon as the website or mobile app visitor enters a part of the website or app with hCaptcha enabled. For the analysis, hCaptcha evaluates various information (e.g.: IP address, how long the visitor has been on the website or app, or mouse movements made by the user). The data collected during the analysis is forwarded to IMI. hCaptcha analysis in the “invisible mode” may take place completely in the background. Website or app visitors are not advised that such an analysis is taking place if the user is not shown a challenge. Data processing is based on Art. 6(1)(f) of the GDPR (DSGVO): when the website or mobile app operator has a legitimate interest in protecting its site from abusive automated crawling and spam. IMI acts as a “data processor” acting on behalf of its customers as defined under the GDPR, and a  “service provider” for the purposes of the California Consumer Privacy Act (CCPA). For more information about hCaptcha and IMI’s privacy policy and terms of use, please visit the following links: https://www.hcaptcha.com/privacy and https://www.hcaptcha.com/terms.
  • Information About You. Stated in this privacy statement, we do not disclose your PII unless it is essential to the delivery of our services, required by law or regulatory requirements, part of a transfer of our business, or other situations where we have your consent. Refer to the following section “Disclosure of Your Information to Third Parties” for more information.
  • Purchase Information. To process purchases, we may require your name, address, phone number, email address and credit card information. Such information is used primarily to process your order or as otherwise described herein. Credit card transactions are processed through industry standard Transport Layer Security (TLS) and/or strong encryption (including AES, and where required, 3DES) by a third party, which only uses your information for that purpose.
  • E-mails. We require an e-mail address from you when you register for our services. We use your e-mail to deliver information about your transaction activities to you (e.g., login, order confirmation, refund and renewal processing, notification of changes to information).
  • Demographic Data. Demographic data may be collected at our sites. We may use this data to tailor our user’s experience at our site, showing users content that we think they might be interested in, and displaying the content according to their preferences. Some of this information may be shared with advertisers on a non-personally identifiable basis.
  • Online Survey Data. We may periodically conduct voluntary user surveys. We encourage our users to participate in such surveys because they provide us with important information regarding the improvement of our services. You may also volunteer for certain surveys that we may offer to our users, and any additional rules regarding the conduct of such surveys will be disclosed to you prior to your participation. We do not link the survey responses to any PII, and all responses are anonymous.
  • Public Forums. Any information that is disclosed in these areas becomes public information and you should exercise caution when deciding to disclose any PII information.
  • Use for Research. In addition to the uses outlined above, by using our site, you agree to allow us to anonymously use the information from you and your experiences to continue our research into successful building of services. All of your responses will be kept anonymous, and no PII will be published.

Disclosure of Your Information to Third Parties

We do not sell or license your personal information to any other party. However, in the normal course of business we will share some of your personal information with third parties. We require our third-party partners to comply with the same Applicable Privacy Laws which govern the collection, use and disclosure of your personal information as we are required to comply with.

  • Disclosure to Banking Partners or affiliated financial institutions. As an essential part of our platform, we partner with select banking institutions to provide a subset of our financial management services. To fully deliver on our services as outlined in your account agreement, we are required by our banking partners to disclose information about you, including PII. This information is used to verify your identity, prevent fraud and money laundering, and allows our partners to comply with federal regulations. We provide your information to our banking partners only as needed and any disclosures will also be subject to the privacy policies of our partnering institutions.
  • Disclosure to Service Providers outside Canada. Our business requires that we sometimes contract with financial institutions outside of Canada to carry out certain functions on our behalf, such as correspondent banking. In such situations, we enter into contracts with our service providers, and they cannot disclose your PII except when authorised to do so by law or by Peloton Technologies. Some of these actions may result in personal information collected by us being stored or processed in the United States or other jurisdictions, and as a result, your personal information may be accessible to law enforcement and regulatory authorities in accordance with the USA Patriot Act and other applicable laws in the United States or other applicable jurisdiction. Unless the collection, use, disclosure or storage of information outside of Canada is otherwise prohibited by law, in which case your personal information will remain inside Canada.
  • Disclosure By Law. You acknowledge and agree that we may disclose information you provide if required to do so by law, at the request of a third party, or if we, in our sole discretion, believe that disclosure is reasonable to (1) comply with the law, requests or orders from law enforcement, or any legal process (whether or not such disclosure is required by applicable law); (2) protect or defend Peloton Technologies, Inc. or a third party’s, rights or property; or (3) protect someone’s health or safety, such as when harm or violence against any person (including you) is threatened.
  • Disclosure to Fulfill Regulatory Compliance Obligations. We process PII to verify your identity in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as Anti-Money Laundering (“AML”) and Know-Your-Customer (“KYC”) obligations, and financial reporting obligations. For example, we may be required to record and verify your identity for the purpose of compliance with legislation intended to prevent money laundering and financial crimes. These obligations are imposed on us by the operation of law, industry standards, and by our financial partners, and may require us to report our compliance to third parties, and to submit to third party verification audits.
  • Disclosure to Protect Abuse Victims. Notwithstanding any other provision of this privacy statement or our Terms and Conditions of Service, we reserve the right, but have no obligation, to disclose any information that you submit to the services, if in our sole opinion, we suspect or have reason to suspect, that the information involves a party who may be the victim of abuse in any form. Abuse may include, without limitation, elder abuse, child abuse, spousal abuse, neglect, or domestic violence. Information may be disclosed to authorities that we, in our sole discretion, deem appropriate to handle such disclosure. Appropriate authorities may include, without limitation, law enforcement agencies, child protection agencies, or court officials. You hereby acknowledge and agree that we are permitted to make such disclosure.
  • Disclosure to Trusted Third Parties By Us. We may share your non-PII with third parties, but not in a manner that would reveal your identity. We may share your PII, sometimes in conjunction with your non-PII, with service providers that may be associated with us to perform functions on our behalf. For example, outsourced customer care agents or technology assistants may need access to your information to perform services for you. Your information will be treated as private and confidential by such service providers and not used for any other purpose than we authorize.
  • Information Transferred As a Result of Sale of Business. As we develop our business, we may buy or sell assets and, depending on the transaction, your PII may be one of the transferred assets. In the event that we are acquired by another company, your PII may be part of the assets transferred to the acquiring party. If this occurs, you will be notified if there are any material changes to the way your PII is collected or used.

Your Right to Access and Correct Your Personal Information

You have the right to access personal information that we store about you. Through our self-service merchant portal and through our e-mail communications with you, much of the information you may be seeking is readily accessible (e.g., transaction activity records, account statements, order confirmations). If you require further information, wish to challenge the accuracy and completeness of your Personal Information and have it amended as appropriate, or withdraw your consent to the collection, use or disclosure of your PII, you may submit a written request to our team using the details provided in the section “Contacting the Website.” Please note we may need to retain certain information for recordkeeping purposes, to comply with our obligations under applicable laws and regulations, including but not limited to our anti-money laundering obligations, and/or to complete any transactions that you began or instructed us to do so prior to requesting a change.

Keeping Your Information Updated

We work hard to ensure that your information is kept up to date. If you wish to make any changes or are looking to confirm the accuracy of the information we have stored about you, you can do so through our self-service merchant portal. For changes that are not possible through our user platform, please contact us using the details provided in “Contacting the Website.” We may also from time to time contact you to verify if your personal information is up to date, in accordance with applicable laws including but not limited to: the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), The Personal Information Protection and Electronic Documents Act (PIPEDA), and any other laws, as we deem applicable.

Age Restrictions

Any age restrictions for services are set forth in each applicable Terms and Conditions of Service. We do not target our sites or services to children under the age of 18, and in compliance with the Children’s Online Privacy Protection Act, any information we may receive from users we believe to be under the age of 13 will be purged from our database.

Security

We have extensive security measures in place to protect the loss, misuse and alteration of the information stored in our database. These measures include the use of Transport Layer Security (TLS) and/or strong encryption (including AES, and where required, 3DES) technology during credit card transactions and administrative access to site data, as well as other proprietary security measures which are applied to all repositories and transfers of user information. We will exercise reasonable care in providing secure transmission of information between your computer and our servers, but given that no information transmitted over the Internet can be guaranteed 100% secure, we cannot ensure or warrant the security of any information transmitted to us over the Internet and hence accept no liability for any unintentional disclosure.

Links to or Access from Other Sites

You may be able to access your account or content of your account from third party sites, such as social networking sites, by way of various applications. The privacy policies and practices of such sites in connection with information you disclose on such sites may differ from the practices of Peloton Technologies, Inc.  as set forth in this privacy statement, and you should review their policies and practices to ensure that the privacy of the information you submit on their site does not conflict with and is consistent with how you wish your information to be treated. Such sites may also place their own cookies or other files on your computer, collect data or solicit personal information from you. We are not responsible for the privacy policies or practices or the content of any other websites that may provide access to, or be linked to or from, this site, including that of any social networking sites and third party advertisers whose offerings require you to navigate away from our site.

Contacting the Website

If you have any questions about this privacy statement, the practices of this site, or your dealings with any Peloton Technologies, Inc. websites, you can contact:

Site Administrator
Peloton Technologies, Inc.
info@peloton-technologies.com

Privacy Team
Peloton Technologies, Inc.
privacy@peloton-technologies.com

Acceptance of Privacy Statement

Your use of our website(s), including any dispute concerning privacy, is subject to this privacy statement and the applicable Terms and Conditions of Service. BY USING OUR WEBSITE, YOU ARE ACCEPTING THE PRACTICES SET OUT IN THIS PRIVACY STATEMENT AND THE APPLICABLE TERMS AND CONDITIONS OF SERVICE.

If we decide to change our privacy policy, we will post those changes to this privacy statement page and any other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, or by other means, such as e-mail, at our discretion.

Your continued use of any portion of our website following posting of the updated privacy statement will constitute your acceptance of the changes.