Privacy Policy
Updated: December 2022
Effective Date: January 1, 2023
Digital Asana, LLC d/b/a Ompractice (“Ompractice” “us” “we” or “our”) takes your privacy seriously. This Privacy Policy (“Privacy Policy”) tells you what information we collect and store about you, how we collect and use your information, who we share it with and your rights to control your information. As used herein, “you” and “your” mean a user of the Services (as defined below) and in addition, when the user of the Services is a minor registered by a parent and/or guardian, the terms “you” and “your” also include such parent and/or guardian.
This Privacy Policy applies to information collected online and offline by us through your use of our website, www.ompractice.com, any subdomains thereof, and any of our other internet properties or any mobile applications we may offer (collectively, “our Website”), and all services, classes (including our yoga, fitness and meditation classes), trainings, activities, programs, features, information, and store purchases that we offer within our Website (collectively, with the Website, the “Services”).
This Privacy Policy is incorporated into, and part of, and governed by the Ompractice Terms of Use. As used in this Privacy Policy (a) “GDPR” means the General Data Protection Regulation (EU) 2016/679; (b) “UK Data Protection Laws” means data protection laws enacted under the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (“UK GDPR”) and the UK Data Protection Act 2018 (“UK DPA 2018”); and (c) “European Data Protection Laws” means the GDPR and/or UK Data Protection Laws, in each case to the extent applicable.
To the extent that the Services are available to individuals located in the European Economic Area or the United Kingdom, this Privacy Policy sets out our practices and obligations under the European Data Protection Laws, to the extent applicable. If an organization with which you are associated (an “Organization”) signs up to use our Services, we may receive personal information (as defined below) about you in connection with our provision of the Services to your Organization. To the extent we process (as defined below) that personal information solely in order to provide the Services to your Organization, under the European Data Protection Laws, to the extent applicable, we will act as a processor (as defined in the European Data Protection Laws) on behalf of your Organization in respect of that personal information; this Privacy Policy will not apply to the processing of that personal information and your Organization will act as a controller (as defined in the European Data Protection Laws) in respect of that personal information and is responsible for obtaining all necessary consents and providing you with all requisite information as required by applicable law. To the extent we process your personal information for any other lawful business purpose of ours, under the European Data Protection Laws, to the extent applicable, we will act as a controller of such personal information and this Privacy Policy will apply to the processing of such personal information.
As used in this Privacy Policy, the terms “using” and “processing” information include using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within Ompractice or among our affiliates within the United States or internationally.
Types of Information We Collect About You
Your privacy is important to us. We collect information about you when you use our Services, visit our Website, or submit information to us. We collect, retain, and utilize information about you to operate our business and to make our Services and other opportunities available to you. There are three types of information we may collect about you, “personal information”, “special categories of personal data” and “non-identifying information”.
“Personal information” is information that identifies, or can be used to identify, you, such as: your name, image, voice, likeness, birthdate, email address, postal address, username, password, emergency contact information (full name, relationship to you, and telephone number or email address). Additionally, our Outside Contractor (as defined below) that is responsible for billing and payment processing services (the “Payment Services Provider”) may collect your billing and credit card information from you directly.
Personal information amounts to ‘personal data’ for the purposes of and as defined in the European Data Protection Laws (to the extent applicable). All references to personal information shall be deemed to include ‘personal data’ as defined and used in the European Data Protection Laws (to the extent applicable).
We may also collect some “special categories of personal data”. By agreeing to this Privacy Policy, you explicitly consent to the processing of any such special categories of personal data, including without limitation any health information you provide to us. “Special categories of personal data” consist of personal data for the purposes of and as defined in the European Data Protection Laws which is to be treated with particular sensitivity, and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic or biometric data, data concerning health or data concerning a person’s sex life or sexual orientation.
Finally, we collect “non-identifying information” which includes information about you, but which, by itself, cannot be linked to you, such as browser, operating system, non-identifiable demographic information, unique device identifiers, device types, requested URL, referring URL, browser language, the pages you view, the date and time of your visit, domain names, and statistical data involving the use of the Services. Certain non-identifying information may be considered a part of your personal information if it were combined with other identifiers. However, the same pieces of information are considered non-identifying information when they are taken alone or combined only with other non-identifying information (for example, your viewing preferences) in a way that would not enable you to be identified. We’ll refer to all of these types of information about you together as “information”.
Non-Identifying Information About You Is Automatically Collected
We automatically collect non-identifying information when you use our Services. The non-identifying information includes:
- Log Information: We collect log information about your use of the Services, including the type of browser that you use; the time, duration and frequency of your access; Website pages viewed; your IP address; and the page you visited before visiting our Website. This information may be used to analyze trends, to administer the Services, to monitor the use of the Services, and to gather general demographic information. We may link this information to personal information for these and other purposes such as personalizing your experience on the Services and evaluating the Services in general.
- Device Information: We collect information about the computer or mobile device that you use to access our Services, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
- Location Information: We may collect information about the location of your device each time you use our Services.
- Information Collected by Cookies and Other Tracking Technologies: We and our Outside Contractors collect information using various technologies, including cookies and pixel tags (which are also called clear GIFs, web beacons, or pixels). “Cookies” are small text files that can be placed on your computer or mobile device in order to identify your web browser and the activities of your computer on the Services and other websites. Cookies can be used to personalize your experience on the Services (such as dynamically generating content on webpages specifically designed for you), to assist you in using the Services (such as saving time by not having to reenter your name each time you use the Services), to allow us to statistically monitor how you are using the Services to help us improve our offerings, and to target certain advertisements to your browser which may be of interest to you or to determine the popularity of certain content. Information collected from some cookies placed on the Service is used to deliver advertisements to Ompractice Services visitors when such visitors are visiting other websites, including social media services, such as Facebook, Instagram, Twitter, YouTube, LinkedIn, and TikTok (“Social Media Services”).
In addition to cookies that we may place on your computer or mobile device, cookies might also be placed on your computer or mobile device by third parties that we use to display or serve advertisements or to collect non-personal information in order to provide advertising-related services. In the course of serving advertisements, such third-party advertisers, which may include Social Media Services, could place or recognize unique cookies on your browser. They may also use information about your visits to this and other websites to target advertisements. These targeted advertisements may appear on other sites that you visit.
We may also contract with other companies who use cookies or other online tools such as pixel tags to measure the performance of a marketing effort on our behalf.
If you wish to stop or control the use of cookies on your browser, please refer to your browser’s settings for cookies. More information on how to do that can be found on the website All About Cookies (https://www.aboutcookies.org/how-to-control-cookies/). Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our Services. For the avoidance of doubt, the Services use third-party service platforms (including to help analyze how users use the Services). These third-party service platforms may place cookies on your computer or mobile device. If you would like to disable “third party” cookies, you may be able to turn them off by going to the third party’s website.
Here are links to some of the third-party platforms we use:
- https://www.google.com/policies/privacy/
- https://www.intercom.com/legal/privacy#personal-data-collected-by-intercom
- https://www.shopify.com/legal/privacy
- https://www.intuit.com/privacy/statement/
- https://explore.zoom.us/en/privacy/
- https://about.facebook.com/actions/protecting-privacy-and-security/
- https://www.linkedin.com/legal/cookie-policy
Information You Provide To Us
We collect information that you provide directly to us. For example, we collect information that you provide when you create an account, register for a class, fill out a form, or communicate with us. In addition, we may obtain your personal information from you if you identify yourself to us including by sending us an e-mail with questions or comments or by communicating with us through a customer support “chat” feature. The types of information that we may collect include your name, username, password, email address, postal address, phone number, birth date, emergency contact information (full name, relationship to you, and telephone number or email address), credit card and billing information (directly to the Payment Services Provider), your health information, your image, voice and likeness, and any other information that you choose to provide.
Information We Collect From Other Sources
We may collect information about you from other sources, such as through certain features of the Services you elect to use. Examples include:
- Social Media Services. You may be able to register or log into your account through a Social Media Service. If you do so, we will have access to some of your third-party account information from that service, such as your name and other public profile information in that account, and such information may be freely used and stored in accordance with this Privacy Policy, including for purposes such as improving your experience with the Services.
- Information From Other Third-Party Sources. In order to provide you with more tailored recommendations and marketing, we may obtain information about you from publicly and commercially available sources and other third parties as permitted by law. For more information about the data that we obtain from these providers, please contact us at privacy@ompractice.com
Public Areas
The Services may feature various community areas and other public forums, including without limitation the live on-line classes (the “Public Areas“) where users can share information and post questions for others to answer including through a “chat” feature or otherwise.These Public Areas are open to the public and should not be considered private. For the avoidance of doubt, you and anyone who is within range of your device’s camera and/or microphone during a live on-line class will be part of a Public Area and recorded and visible to, and any recording of such class will be accessible by, us and by the class teacher and other participants. We cannot prevent information included within a Public Area from being used in a manner inconsistent with this Privacy Policy, the law, or your personal privacy. We are not responsible for the results of such postings or for the accuracy of any information contained in those postings.
Any information you share in a Public Area (including personal information) is by design open to the public and is not private. You should think carefully before posting any information in any Public Area. What you post can be seen, disclosed to or collected by others and may be used by others in ways we cannot regulate or predict. As with any public forum on any website, the information you post may also show up in third-party search engines like Google, Yahoo, and Bing. If you mistakenly post personal information in a Public Area you can send us an email to request that we remove it by contacting us at privacy@ompractice.com. You should understand that in some cases, we may not be able to remove your information.
How We Use Your Information
We will only use your personal information to the extent that the law allows us to do so. Pursuant to the European Data Protection Laws, legal bases for our processing your personal information may include (without limitation):
(a) where you have given consent to the processing, which consent may be withdrawn at any time without affecting the lawfulness of processing based on consent prior to withdrawal;
(b) where it is necessary to perform the contract we have entered into or are about to enter into with you (whether in relation to the provision of the Services or otherwise);
(c) where it is necessary for us to comply with a legal obligation to which we are subject; and/or
(d) where it is necessary for the purposes of our legitimate interests (or those of a third party) in providing or marketing the Services and your interests or fundamental rights and freedoms do not override those legitimate interests.
- Automatically Collected Non-Identifying Information. We use the non-identifying information that we and our Outside Contractors collect to:
- Improve our Services
- Improve your experience with our Services
- Track usage of our Services
- Track effectiveness of emails and other communications
- Measure marketing effort performance
We may link some of this information to personal information for internal purposes or to improve your experience with the Services.
- Information About Your Health. When you sign up for a class you have the opportunity to tell us about any health conditions you have. This helps your instructor tailor the class to suit your individual needs or to make recommendations regarding the appropriateness of a particular class.
- Your Image, Voice and Likeness. We may make audio and video recordings of you participating in a class (“Recordings”). You consent to being the subject of any audio or video recordings made by us and grant permission for these to be stored and maintained by us. Recordings may be stored and used for insurance purposes and may also be used to train algorithms to improve our Services such as by showing users their physical progress from practice. We use a video conferencing platform (including the platform offered by Zoom Video Communications, Inc.) to enable video conferencing between and among the instructor and students.
- Account and Contact Information. When you create an account and register for the Services we ask the following information: full name, birthdate, email address, postal address, username, password, and emergency contact information (full name, relationship to you, and telephone number or email). We use this information to confirm your registration in a class, notify you about a class change, changes to our policies, if we are having difficulty processing your payment information, or if you experience a major health related incident during a class.
- Your Email Address. When you create and account you will be invited to join our email list. You have the ability to Opt-In at this point, and subscription preferences may be changed by you at any time in the future by logging into the Ompractice Portal (https://www.ompractice.com/my-account/). We may use your email for direct marketing campaigns informing you of new, future or alternative services we are providing. If you no longer desire to receive these communications, we will provide you with the option to change your preferences in each communication we send to you. You may also inform us by email to: privacy@ompractice.com. If you identify yourself to us by sending us an email with questions or comments or communicate with us through a customer support “chat” feature, we may use your information (including personal information) to respond to your questions or comments, and we may file your questions or comments (with your information) for future reference. We may also use the information collected to send announcements and updates regarding the Services or, if applicable, about your billing account status. You will not be able to unsubscribe from these announcements and updates as they contain important information relevant to your use of the Services and are necessary for the performance of our contract with you.
- Your Billing Information. We will ask you to provide your billing information (such as your credit card number, bank account number, and billing address) directly to the Payment Services Provider when you register for our Services. We use this information to get paid for providing the Services to you.
- You may, of course, decline to submit any information to us, in which case we may not be able to provide certain Services to you.
Retention of Your Personal Information
We will only retain your personal information for as long as necessary to fulfill the purposes for which we collected it or as otherwise permitted by applicable law.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of that information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your Rights to Control Your Information
You may update, correct, or change your account information and email preferences at any time by logging in to the Ompractice Portal (https://app.ompractice.com/login) and changing your account and profile settings. If you have any questions regarding how to do this you can contact us by sending an email to privacy@ompractice.com
You may also have additional rights depending on the country in which you live, which may include the right to:
- Request access to your personal information (commonly known as ‘subject access request’). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
- Request erasure of your personal information. This enables you to ask us to delete or remove your personal information where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove all of your personal information in certain circumstances;
- Object to processing of your personal information where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground;
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information, for example, if you want us to establish its accuracy or the reason for processing it;
- Request the transfer of your personal information to another party; and
- Lodge a complaint with the relevant supervisory authority (as defined in the GDPR). If you have any complaints about the way we process your personal information, please do contact us. Alternatively, you may lodge a complaint with the supervisory authority which is established in your country.
If you wish to exercise any of these data protection rights in accordance with applicable data protection laws, you can contact us by sending an email to privacy@ompractice.com. If you have any complaints about the way we process your personal information, please do contact us. Alternatively, you may lodge a complaint with the supervisory authority which is established in your country.
Such updates, corrections, changes and deletions will have no effect on other information that we maintain, or information that we have provided to third parties in accordance with this Privacy Policy prior to such update, correction, change or deletion. To protect your privacy and security, we may take reasonable steps (such as requesting a unique password) to verify your identity before granting you profile access or making corrections. You are responsible for maintaining the secrecy of your unique password and account information at all times.
You should be aware that it may not be technologically possible to remove each and every record of the information you have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your personal information may exist in a non-erasable form that will be difficult or impossible for us to locate. After receiving your request, we will use commercially reasonable efforts to update, correct, change, or delete, as appropriate, all personal information stored in databases we actively use and other readily searchable media as appropriate, as soon as and to the extent reasonably practicable.
Circumstances In Which We May Disclose Your Information
We generally disclose information we gather from you through the Services to the following types of third parties and as otherwise set forth in this Privacy Policy or our Terms of Use or as specifically authorized by you.
- Laws and Legal Rights. We may disclose your information (including personal information) if we believe in good faith that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a search warrant, a court or regulatory order, lawful requests by public authorities, including to meet national security or law enforcement requirements, or other valid legal process. We may disclose personal information in special circumstances when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating the Ompractice Terms of Use or another contract with us, to detect fraud, for assistance with a delinquent account, or to protect the safety and/or security of our users, the Services or the general public.
- Third Parties Generally. We may provide to third parties non-identifying information, including where such information is combined with similar information of other users of our Services. For example, we might inform third parties regarding the number of unique users who use the Services, the demographic breakdown of users of the Services, or the products and/or services purchased using the Services and the vendors of such products and services. The third parties to which we may provide or who may independently directly collect personal information and non-identifying information may include potential or actual advertisers, providers of advertising products or services (including vendors, analytics services providers, and website tracking services), affiliates and other actual or potential commercial partners, corporate customers, and other similar parties. Please note in particular that the Services use Google Analytics, including its data reporting features. Information collected by Google Analytics includes but is not limited to web metrics. For information on how Google Analytics collects and processes data, please see the site “How Google uses data when you use our partners’ sites or apps”, currently located at www.google.com/policies/privacy/partners/. For information on opting out of Google Analytics, we encourage you to visit Google’s website, including its list of currently available opt-out options presently located at https://tools.google.com/dlpage/gaoptout.
- Business Customers. We may share aggregated information with our corporate customers. In addition, if you opt in, we may share information about your class attendance with the business customer with which you associated (such as a health care provider that is our customer), if you have registered for the Service in association with that business customer.
- Teachers and Other Users. When you participate in one of our live on-line classes, the teacher and the other participants in the class will have access to your image, voice and likeness, as well as any personal information you choose to share, including verbally during the class, or in writing through the “chat” function within the platform. In addition, video and audio recordings of live on-line classes, which include your image, voice and likeness if you attended the class (and that of anyone who comes within range of your device’s camera and/or microphone), may be made available to the teacher and class participants following the live class. Class teachers also may have access to your class registration information, your class attendance record and any health-related personal information that you share when you create your profile in your account or when you register for a class.
- Professional Advisors. We may provide your information to professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
- Outside Contractors. We may employ independent contractors, vendors and suppliers (collectively, “Outside Contractors“) to provide specific services and products related to our Services, such as hosting and maintaining the Website, providing video hosting services for the live classes, providing credit card processing and fraud screening, including the Payment Services Provider and developing applications for the Services. In the course of providing products or services to us, these Outside Contractors may have access to information collected through the Services, including your personal information. We use reasonable efforts to ensure that these Outside Contractors are capable of protecting the security of your personal information.
- Sale of Business. We reserve the right to transfer information to a third party in connection with a sale, merger or other transfer of all or substantially all of the assets of Ompractice or any of its Corporate Affiliates (as defined below), or that portion of Ompractice or any of its Corporate Affiliates to which the Services relate, or in connection with a strategic investment by a third party in Ompractice, or in the event that we discontinue our business or file a petition or have filed against us a petition in bankruptcy, reorganization or similar proceeding.
- Affiliates. We may disclose information (including personal information) about you to our Corporate Affiliates. For purposes of this Privacy Policy: “Corporate Affiliate” means any person or entity which directly or indirectly controls, is controlled by or is under common control with Ompractice, whether by ownership or otherwise; and “control” means possessing, directly or indirectly, the power to direct or cause the direction of the management, policies or operations of an entity, whether through ownership of fifty percent (50%) or more of the voting securities, by contract or otherwise.
Security of Your Information
We take commercially reasonable steps designed to ensure that your information is treated securely and in accordance with this Privacy Policy. But please remember, that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot and do not guarantee the security or privacy of any information you transmit to us, and you do so at your own risk.
Changes to Our Privacy Policy
We may update this Privacy Policy from time to time. We will not make changes that result in significant additional uses or disclosures of your personal information without allowing you to “opt in” to such changes. We may also make non-significant changes to this Privacy Policy that generally will not significantly affect our use of your personal information, for which your opt-in is not required. We encourage you to check this page periodically for any changes. If any non-significant changes to this Privacy Policy are unacceptable to you, you must immediately contact us and, until the issue is resolved, stop using the Services.
We Reserve the Right to Contact You
We reserve the right, but not the obligation, to contact you for any reason regarding, related to, or arising from, the Services, this Privacy Policy, and our Terms of Use.
Privacy of Children
Parents and legal guardians of children may register their children for our childrens classes, but we do not knowingly allow anyone under the age of 13 to create an account for the Services. Parents and legal guardians should be aware that if a child is present with them during a class and is within range of their device’s camera and/or microphone, such child’s image, voice and likeness will be recorded and and visible to, and any recording of such class will be accessible by, us and by the class teacher and other participants.
Links to Other Websites
We are not responsible for the practices employed by websites linked to or from our Services, nor the quality or accuracy of the information or content contained in them. A link to a third party website does not constitute or imply endorsement by us. Please remember that when you use a link to go from www.ompractice.com to another website, our Privacy Policy is no longer in effect. Your browsing and interaction on any other website, including those that have a link on our Services, is subject to that website’s own rules and policies. Please read over those rules and policies before proceeding.
Transfer of Your Information
Your information may be transferred to, and processed on, computers located outside your state, province, country or other governmental jurisdiction where you live. If you live outside of the United States, please note that your information will be transferred to the United States. Your information may also be transferred to and processed in other countries including where the Outside Contractors we utilize to host and support our Services are located or where the instructor teaching your class is located.
If you choose to use our Services, you consent to the use and disclosure of information in accordance with the Privacy Policy, including the transfer of your information to the United States and such other countries including where our Outside Contractors and instructors are located.
Without limitation of the foregoing, you hereby expressly grant consent to the Ompractice to: (a) process and disclose such information (including special categories of personal data) in accordance with this Privacy Policy; (b) transfer such information (including special categories of personal data) throughout the world, including to the United States or other countries that do not ensure adequate protection for personal information (as determined by the European Commission or the UK Information Commissioner’s Office, as applicable, each, an “Inadequate Jurisdiction“) and/or countries that may not have laws of general applicability regulating the use and transfer of such information; and (c) disclose such information (including special categories of personal data) to comply with lawful requests by public authorities, including to meet national security or law enforcement requirements. To the extent required by applicable law: whenever we transfer your personal data (as defined in the European Data Protection Laws) to third parties (as described in this Privacy Policy) located in an Inadequate Jurisdiction, we ensure a similar degree of protection is afforded to it; we may use specific contracts approved by the European Commission or the UK Information Commissioner’s Office, as applicable, which give personal data the same protection it has in the European Economic Area or the United Kingdom, as applicable, under the European Data Protection Laws; and if we rely on another basis to transfer your personal data to an Inadequate Jurisdiction, we will keep you updated or contact you if required. Please contact us if you want further information on the specific mechanisms used by us when transferring your personal data to an Inadequate Jurisdiction.
Do Not Track
The term “Do Not Track” refers to a HTTP header offered by certain web browsers to request that websites refrain from tracking the user. We take no action in response to automated Do Not Track requests. However, if you wish to stop such tracking, please contact us with your request, using our contact details provided below.
Governing Law
We are located in the United States and are subject to applicable U.S. local and federal laws. When you choose to use our Services, you do so on your own initiative and understanding that your use of the Services and our use of your information is subject to and governed by the laws of the Commonwealth of Massachusetts without respect to principles of conflicts of law and regardless of your location.
Questions or Complaints
If at any time you have a question about our Services, or how we collect and use your information you can contact us in any of the following ways:
By email: privacy@ompractice.com
By postal mail or courier:
Attn. Data Protection Officer
276 Bridge St.
Springfield, MA 01103