Privacy Policy
1. Introduction
At Country Roads CrossFit, accessible at countryroadscrossfit.com, we are firmly committed to protecting the privacy and personal data of our users. This Privacy Policy outlines how we collect, use, disclose, and secure your personal information in alignment with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Your trust is important to us, and we uphold the highest standards for transparency and data integrity.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users, visitors, and customers who access or interact with countryroadscrossfit.com and related services. Country Roads CrossFit operates as the data controller for all personal information processed through our website and services. Where third-party services are utilized, we act as the joint or independent data controller as appropriate.
3. Categories of Personal Data We Process
We collect and process the following categories of data:
a. Usage Data
Information about how you use our website and services, including IP address, browser type, browser version, time zone setting, pages viewed, referring URLs, and session duration.
b. Account Data
Personal identifiers collected during account registration or service sign-up, such as name, email address, billing and shipping addresses, and telephone number.
c. Profile Data
Details about your fitness preferences, purchase history, behavioral patterns on our website, class bookings, attendance records, and engagement with services.
d. Communication Data
Correspondence sent to and from [email protected], including support inquiries, contact form submissions, and other messages related to our services.
e. Technical Data
Details about the device you use to access our site, including device type, operating system, hardware identifiers, screen resolution, and browser configurations.
f. Transaction Data
Records of purchases, subscriptions, payment card information (processed securely through third-party processors), transaction dates, and shipment or delivery details.
g. Preference Data
Marketing and communication preferences, product and service interests, consent flags for promotional material, and customer feedback.
4. Legal Bases for Processing Personal Data
We process your personal data on the following lawful bases:
– Consent: For sending marketing emails, installing non-essential cookies, and processing your information when you have explicitly agreed.
– Contractual Necessity: To provide services you request, manage memberships, and facilitate purchases.
– Legitimate Interests: For business purposes such as improving our services, securing our website, preventing fraud, maintaining customer relationships, and analyzing customer trends—provided these interests are not overridden by your rights.
– Legal Obligation: When we are required to collect or disclose your information under applicable laws or regulations.
5. Your Data Protection Rights
Under GDPR and CCPA, you have the following rights regarding your personal data:
– Right of Access: Obtain a copy of the personal data we hold about you.
– Right to Rectification: Request corrections to inaccurate or incomplete data.
– Right to Erasure: Request deletion of your data, subject to legal retention requirements.
– Right to Restriction: Request temporary halt to processing under certain circumstances.
– Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format for transfer to another provider.
– Right to Object: Withdraw consent or object to processing based on legitimate interests.
– Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights under CCPA.
To exercise these rights, please contact us at [email protected].
6. Security Measures
We implement robust administrative, technical, and physical safeguards to protect your personal data, including:
– SSL encryption of data transmissions;
– Firewall and intrusion detection systems;
– Access controls and authenticated user access to systems;
– Routine backups and data redundancy practices;
– Staff training on privacy and cybersecurity protocols.
Despite these efforts, no system is entirely immune from vulnerabilities, and we urge you to remain cautious when sharing personal data online.
7. International Data Transfers
Where your personal data is transferred outside of your country of residence, including outside the European Economic Area or California, we take adequate steps to ensure its protection. These measures include:
– Execution of Standard Contractual Clauses approved by the European Commission;
– Implementing appropriate contractual and organizational safeguards to ensure that your data receives an adequate level of protection as required by GDPR and other applicable laws.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting obligations. The retention periods are as follows:
– Usage Data: 12 months from date of collection.
– Account Data: For the lifetime of the account plus 6 years after account closure.
– Profile and Preference Data: 24 months from last user interaction.
– Communication Data: 3 years from the date of last correspondence.
– Transaction Data: 7 years for legal and financial compliance.
– Technical Data: 6 months from collection unless aggregated/anonymized.
Upon expiry, we securely delete or anonymize data to prevent identification.
9. Cookie Policy
We use cookies and similar technologies on countryroadscrossfit.com to enhance your browsing experience and analyze site usage. Cookies fall into the following categories:
– Essential Cookies: Required for core website functionality such as session persistence, authentication, and secure login.
– Functional Cookies: Enable enhanced user convenience and customized interface settings.
– Analytics Cookies: Collect usage data to optimize site performance and content delivery, often in conjunction with third-party tools like Google Analytics.
– Performance Cookies: Track site responsiveness, page load times, and user interactions to improve user experience.
10. Cookie Management & Compliance
Upon your first visit, we display a cookie consent banner. You may accept or reject non-essential cookies in accordance with GDPR and CCPA regulations. You may also:
– Adjust browser settings to manage or clear cookies;
– Opt out of analytics tracking by disabling relevant services via our Cookie Settings;
– Withdraw cookie consent at any time through the cookie preference dashboard available at the footer of countryroadscrossfit.com.
11. Special Protections for Children
Our services are not designed for or knowingly directed at children under the age of 13. We do not knowingly collect or store personal data from children under 13. If we become aware of such collection, we will take immediate steps to delete the data. If you believe we may have received information from a child, contact us at [email protected].
12. Policy Updates
We reserve the right to update this Privacy Policy as our services and legal obligations evolve. Material changes may be communicated via prominent notices on our website or direct email notifications where appropriate. We encourage you to regularly review the Privacy Policy to remain informed about how your information is protected.
13. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to:
Country Roads CrossFit
Email: [email protected]
Website: countryroadscrossfit.com
We are committed to full compliance with applicable privacy laws and are here to support any inquiries or concerns you may have about your data and rights.