Security and Privacy at Company 4 Fit

Disclosure of Personal Information

Your Personal Information may be stored and processed in any country where we have facilities or in which we engage third party service providers. By using the Services, you consent to the transfer of information to countries outside your country of residence, which may have different data protection rules than in your country. While such information is outside of Canada, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country. However, our practices regarding your Personal Information will at all times continue to be governed by this Privacy Policy and, if applicable, we will comply with the General Data Protection Regulation (“GDPR”) requirements providing adequate protection for the transfer of Personal Information from the EU/EEA to third country.

Our Infrastructure

We run Company 4 Fit on the leading cloud platform Amazon Web Services, the same platform that powers Netflix, Disney, Airbnb and NASA to name a few. For more information about their certification and compliance, please visit the AWS Security website and AWS Compliance website.

Encryption and Data Privacy

All data transmitted between the web/mobile app and cloud are secured via HTTPs. Each business’s data via API is strictly partitioned so another business cannot access your information. 

Access to our production data and systems is highly constrained to key personnel. It is our policy that data does not leave AWS onto anyone’s local computer to completely eliminate any data leaks.

Availability

We understand that you rely on the Trainer services to work and derive income for your coaching services. We’re committed to making Company 4 Fit a highly-available service that you can count on. You can review our current availability on our status page. Our infrastructure runs on AWS systems that are fault tolerant and for failures of individual servers. Our managed hosting team staffs an around-the-clock on-call team to quickly resolve unexpected incidents.

Network Protection

In addition to sophisticated system monitoring and logging. Firewalls are configured according to industry best practices and unnecessary ports are blocked by configuration with AWS Security Groups.

External Security Audits

We contract with respected external security firms who perform regular audits of the Company 4 Fit services to verify that our security practices are sound and to monitor the Company 4 Fit services for new vulnerabilities discovered by the security research community. In addition to periodic and targeted audits of the Company 4 Fit services and features, we also employ the use of continuous hybrid automated scanning of our web platform.

Rights to Your Information

On written request and subject to proof of identity, you may access the Personal Information that we hold, used or communicated and ask that any necessary corrections be made, where applicable, as authorized or required by law. However, to make sure that the Personal Information we maintain about you is accurate and up to date, please inform us immediately of any change in your Personal Information by mail or email.

Under the GDPR, you may be entitled to additional rights, including: (i) the right to withdraw consent to processing where consent is the basis of processing; (ii) the right to access your Personal Information and certain other supplementary information, under certain conditions; (iii) the right to object to unlawful data processing, under certain conditions; (iv) the right to erasure of Personal Information about you, under certain conditions; (v) the right to demand that we restrict processing of your Personal Information, under certain conditions, if you believe we have exceeded the legitimate basis for processing, processing is no longer necessary, are processing, or believe your Personal Information is inaccurate; (vi) the right to data portability of Personal Information concerning you that you provided us in a structured, commonly used, and machine-readable format, under certain conditions; (vii) the right object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you, under certain conditions; (viii) the right to lodge a complaint with data protection authorities. If you want to learn more about your rights under the GDPR, you can visit the European Commission’s page on Data Protection at: http://ec.europa.eu/justice/data-protection/index_en.htm .

Software Installation, Cookies and Log Files

You expressly acknowledge, agree and consent to the Vendor installing software and cookies relating to the Services on one or more of your electronic devices and using tracking tools, pixel tags, cookies and log files for purposes the Vendor deems fit, including without limitation, to track which page variants you have seen, to track if you have clicked on a page variant, to monitor traffic patterns, to gauge popularity of service options and to gather information used to deliver relevant content and services to you.

Security

The Vendor will strive to prevent unauthorized access to your Personal Information and will periodically enhance its security aimed at ensuring that your Personal Information is kept safe from unauthorized access, use and disclosure.

While the Vendor has technology and procedures to guard your Personal Information against unauthorized access, use or disclosure, you expressly acknowledge and agree there is no guarantee that such technology or procedures can or will eliminate the risks of unauthorized access, use, disclosure, theft, loss or misuse.

The Vendor strongly recommends that you do not disclose your Access ID to anyone. If you forget your password, the Vendor will ask you for the username associated with your Access ID and will send an email containing your password to the email address associated with your Access ID.

Notwithstanding anything contained in this Privacy Policy, you expressly acknowledge and agree that ultimately, you control what Personal Information you provide while using the Services, and that you are responsible for maintaining the secrecy of your Personal Information and Access ID.

You expressly acknowledge and agree that the Vendor is not responsible for, and does not control, the use by others of any information which you provide to them and that you should use caution in selecting the Personal Information you provide to others through the Services.

If we learn of a security systems breach, we will inform you and the authorities of the occurrence of the breach in accordance with applicable laws.

Governance

This Privacy Policy will be governed by the laws of the Province of British Columbia and the laws of Canada applicable therein, excluding any conflict of rules that would apply to another body of law. You hereby agree to submit to the exclusive jurisdiction of the courts in Vancouver, British Columbia with respect to any claim, proceeding or action relating to or otherwise arising out of this Privacy Policy or your access to or use of the Services, howsoever arising, provided always that the Vendor may seek and obtain injunctive relief (or an equivalent type of urgent legal relief) in any jurisdiction.

This Privacy Policy together with any other agreement entered into between yourself and the Vendor which specifically references this Privacy Policy constitutes and contains the entire agreement between you and the Vendor with respect to its subject matter and supersedes any prior oral or written agreements.