Privacy Policy
Privacy Policy
Active Design Advisors, Inc. (“Adai”) is the owner of the Fitwel platform. Adai operates Fitwel with its non-profit affiliate Center for Active Design (“CfAD”), which provides third-party certification.
Adai and CfAD (collectively, “we”, “us”, “our”) are committed to treating your personal information with care and respect. This document (the “Privacy Policy”) explains how we collect, process and store any personal data belonging to you, meaning information about you which is personally identifiable such as your name or email address. Such personal data is referred to throughout this policy as “Personal Information” or “data.”
Any data collected through the Services enables us and our partners to fulfill its mission of transforming design and development practice, ensuring equitable access to vibrant public and private spaces that support healthy communities.
For questions and information about Privacy Policy and data subject’s rights, please contact us at Customer Success Team, info@fitwel.org.
All Adai and CfAD Services are governed by this Privacy Policy and by using or accessing a Service you give consent to the processing, use and disclosure of your data. Please do not install or use the Services if you do not agree to this Privacy Policy.
We reserve the right to modify this Privacy Policy. We will provide notification of the material changes to this Privacy Policy through our Website prior to the change taking effect.
1. Personal Information
Personal Information means information that alone or in combination with other information will be used to readily identify, contact, or locate you or other members of your organization, such as: name, address, email address, or phone number. Personal Information, as used in this Privacy Policy, does not include information that has been aggregated or anonymized so that it does not allow a third party to identify a specific individual or applicant (“Anonymized Data”).
2. How We Collect Your Data
Adai, and occasionally CfAD, collects, stores, and uses your Personal Information as a data controller in connection with and in order to provide and develop our products, mobile applications, services and websites (together “Services”) according to this Privacy Policy.
Likely situations when you make personal data available to us include, but are not limited to: (i) by visiting our websites such, (ii) registering for Services, contests and special events; (iii) accessing Services using a third party ID, such as social networking sites or gaming services; (iv) subscribing to newsletters; (v) requesting technical support; and (vi) otherwise through use of Services where personal data is required for use and/or participation.
The data we process on you may include, but is not limited to: your name, work title, email address, device ID, IP-address, and user names. We will supplement your data with data received from third parties in connection with demographic, advertisement, market and other analytics surveys or services.
We will not rent, share, or sell your data to any third party for marketing purposes and only shares your data with third parties as described in this Privacy Policy.
3. Marketing
We may combine your information with information we collect from other companies and use it to improve our services, content, and advertising. If you do not wish to receive marketing communications from us or participate in our ad-customization programs, you can opt-out from receiving these communications by following the directions that will be provided within the communication or advertisement.
4. Analytics and Anonymized Data
We may use Anonymized Data to perform its own analytics and to enable analytics provided by third parties. We may use Anonymized Data for supporting business analysis and operations, business intelligence, product development, improving products and services, personalizing content, providing advertising, and making recommendations. We reserve the right to provide Anonymized Data to third parties for the purpose of evaluating the Services, evaluating the performance of the Services, or for other purposes.
5. Data Retention and Correctness
We retain the collected data for the period necessary to fulfill the purposes outlined in this Privacy Policy and as long as we have a legitimate business need for it. Thereafter we delete all aforementioned data in its possession within a reasonable timeframe. We do not verify the correctness of personal data.
Please note that some data will be further retained if necessary to resolve disputes, enforce our user agreements, and comply with technical and legal requirements and constraints related to the security, integrity, and operation of Services.
6. Cookies, Beacons and Tracking
The Services will use “cookies” and other technologies such as pixel tags, local shared objects, hardware-based device identifiers, Operating System-based identifiers, clear GIFs and web beacons. We treat information collected by cookies and similar technologies as non-personal data.
Cookies: A “cookie” is a small file stored by your browser when told to do so by a website. Typically websites place a number of different cookies on an end-user’s machine. Some of the cookies are “1st Party,” from the website itself, and others are “3rd party,” belonging to advertising and analytics entities or social networks. Our cookies will not include personal data and are typically used to quickly identify your device and to “remember” your browser during subsequent visits for purposes of functionality, preferences, and website performance. You can disable cookies or set your browser to alert you when cookies are being sent to your device; however, disabling cookies will affect your ability to use the Services.
Flash cookies & HTML5: We may also use Flash cookies (local shared objects) and HTML5 local storage. Flash cookies are small files similar to browser cookies, but which are not stored in the browser and can also be used to remember your settings, to personalize the look and feel of the Services, or for advertising and analytics. You may prevent Flash cookies from being stored by following the instructions provided by Adobe at http://helpx.adobe.com/flashplayer/kb/disable-local-shared-objects-flash.html.
Web Beacons and pixel tags: A “web beacon” or a “pixel tag” is an electronic image (often not visible to the end-user) that allows us to count users who have visited certain pages or viewed certain advertisements. Additionally, e-mails and other electronic communications we send to you may contain pixel tags that enable us to track your usage of the communication, including whether the communication was opened and/or what links were followed, if any.
7. Third Party Terms and Conditions
Please note that your access to and use of the Services may be subject to certain third party terms and conditions and we are not liable for any such third parties’ use of your personal data.
Certain Services that we may offer, such as connection to social networking services, may use third party services to provide authentication for the Services. In connection with such use, certain personally identifiable user and/or membership data may be transferred automatically to and from us.
We may disclose your Personal Data to third parties in connection with a merger, consolidation, fundraise, restructuring, the sale of substantially all of our stock and/or assets or other corporate change, including, without limitation, during the course of any due diligence process provided, however, that this Privacy Policy shall continue to govern such personal data.
8. Legal Grounds of Data Processing
The processing of your personal data is based on the following legal bases, if you are a citizen of the European Economic Area (EEA):
Performance of a contract. When we need to process your personal data to enter into a contract with you or your employer or to perform a contract that you or your employer may have with us, the processing is based on Article 6, section 1 (b) GDPR. For example, when you use our services, we will use your personal data to respond to your requests and provide you with such services.
Consent. When we process personal data based on your consent, the legal grounds for processing is Article 6 section 1 (a) GDPR.
Legal obligation. When the processing of personal data is necessary for compliance with a legal obligation to which we are subject, the processing is based on Article 6 section 1 (c) GDPR.
Legitimate interests. We will process your personal data for our legitimate interests, e.g. to improve our products and services and to provide you with relevant information including information for marketing purposes. When we process your personal data based on our legitimate interests, the legal grounds for such processing is Article 6, section 1 (f) GDPR.
If you are not a citizen of the United States or the EEA, please contact us for details on the legal bases of data processing. You find our contact details above.
9. Safeguards
We attempt to follow generally accepted industry standards and maintains reasonable safeguards to attempt to ensure the security, integrity and privacy of the information in our possession. We seek to use robust security measures to protect your personal data. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we have implemented appropriate technical and organizational measures to ensure an appropriate level of security.
10. Transfer of Personal Data
We may store and/or transfer your personal data to its affiliates and partners in and outside of the United States in accordance with mandatory legislation and this Privacy Policy. Where the laws of your country allow us to do so, you authorize us to transfer, disclose, store and use your Personal Data in the United States and any other country where we operate or engage service providers to assist us with the Service consistent with this Notice.
For citizens of the EEA: Please be aware that the laws of the USA and other countries outside of the EEA may not protect your Personal Data to the same level as the laws of the EEA or give you the same rights that you would have in the EEA (including right relating to access to personal data by law enforcement or national security/intelligence agencies). But when we transfer your Personal Data outside of the EEA, if the receiving country’s data protection laws do not offer the same level of protection as the laws of the EEA, we place contractual obligations (e.g. the EU Model Clauses) on the recipients of your personal data to ensure that your personal data is adequately protected.
11. Your Rights in the EEA
As a data subject based in the EEA, U.K., or Switzerland, you have the following rights:
The right to information (Art. 13 GDPR). This is your right to be informed whether and to what extent we process your personal data.
The right of access (Art. 15 GDPR). This is your right to get a confirmation as to whether or not we process your personal data, and only if we (still) do, request access to your data.
The right to rectification (Art. 16 GDPR). This is your right to request correction of your personal data, or completion, in case that the data we process is incorrect or incomplete.
The right to deletion (Art. 17 GDPR). This is your right to request deletion of your personal data. Yet, an immediate deletion will not be possible, if the retention of your personal data is still required to meet legal or regulatory obligations.
The right to restrict the processing (Art. 18 GDPR). This is your right to request a restriction of the processing of your personal data under certain conditions: a) If you have reasons to doubt the accuracy of your personal data, you can request that its processing is restricted while we verify its accuracy, b) If the processing of your personal data is considered unlawful, but you do not request the deletion of your personal data, c) If we no longer need the data for the purposes of its processing, but you need it for the establishment, exercise or defense of legal claims, d) If you object to the processing of your personal data based on our legitimate interests under Art. 6(1) (f) GDPR, or where the processing is based on Art. 6(1) (e) GDPR.
The right to data portability (Art. 20 GDPR). Where the processing takes place on the basis of your consent or contract, and is carried out by automated means, you have the right to request that we provide your personal data to you in a machine-readable format.
The right to object to the processing (Art. 21 GDPR). You have the right to object to the processing of your personal data in certain situations.
Rights in relation to automated decision making and profiling (Art. 22 GDPR). You have the right to object to decisions based exclusively on the automated processing of your personal data.
The right to withdraw your consent. If your personal data is processed on the basis of your consent (Art. 6 (1) (a) or Art. 9 (2) (a) GDPR), you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.
You also have the right to file a complaint with a competent supervisory authority. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Union are available at ec.europa.eu.
12. Special Note about Children’s Privacy
Use of our Services by individuals under the age of 18 is prohibited and we do not knowingly collect any Personal Information from children
If we change this privacy statement in a way that expands the collection, use or disclosure of children’s Personal Information to which a parent has previously consented, the parent will be notified and we will be required to obtain the parent’s additional consent.
13. California Privacy Rights; “Shine the Light” Law
California residents are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of personal information to third parties for their own direct marketing purposes in the preceding calendar year. Please contact us to obtain this information.
We do not share your personal information with third parties for those third parties’ direct marketing purposes.
14. Nevada
Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to third parties. Currently, we do not engage in such sales. If you are a Nevada resident and would like more information about our data sharing practices, please contact us.
If you are a Nevada resident and would like more information about our data sharing practices, please contact us.
15. Further information
This Privacy Policy is governed by the law of the State of New York excluding its choice of law provisions.
For citizens of the European Economic Area (EEA) the rules of the General Data Protection Regulation (GDPR) apply to this Privacy Policy.
We make good faith efforts to enable you to review, update or correct your personal data in our possession. We will need sufficient information from you to establish your identity and to verify your request, and also to assist us in handling your request.
16. Submitting Requests and Response Procedures
Submitting requests: You can request to exercise your rights by making a request using the contact information above. If you are a California resident, you can authorize another individual or a business registered with the California Secretary of State, called an authorized agent, to make requests on your behalf. We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.
Verification: We must verify your identity before responding to your request. We verify your identity by asking you to provide personal identifiers that we can match against information we may have collected from you previously. We may need to follow up with you to request more information to verify identity. We will not use personal information we collect in connection with verifying or responding to your request for any purpose other than responding to your request.