O2X Privacy Policy

O2X provides human performance training and education, which may include access to workout regimens, nutrition planning, human performance assessments, movement screenings, and other content on our or our third-party partners’ websites, and other applications, software and technology to help you maximize your human performance (the “Program”).

By interacting with O2X in any way, you consent to our practices and procedures relative to Personally Identifying Information and Analytics Data (each as defined in Section B below). If you disagree with this Policy in any respect, , you should cease all use of the whole Program. If you do not wish for your Personally Identifying Information to be obtained or utilized by the Company, do not submit it to the Company. Whether or not you chose to provide such information to the Company, is within your discretion. However, if you choose to not provide such information to the Company, you may be unable to use certain services and offers of the Company.

What this Policy Covers

This Policy applies to all Personally Identifying and Analytics Data collected which has been disclosed by you to, and utilized by, O2X, whether on-line (e.g., through e-mail or an on-line program), in-person (e.g., through physical screening evaluations, evaluations, gait analyses, or assessments, actual workout and usage data, or your feedback) or otherwise obtained from you (e.g., letters, over the phone, by interacting with our mobile applications, assessments, or other online properties, any other part of the Program, or surveys/questionnaires). This Policy also applies to information about you that O2X obtains from its clients, such as, for example, your employer

Information Collection

O2X collects Personally Identifying Information and Analytics Data, which are defined below

“Personally Identifying Information” is defined by this Policy as any information that can be used to identify, locate, or contact you.. As of the date of this Policy, O2X collects the following types/categories of Personally Identifying Information:

Contact Information that allows us to identify and to communicate with you, such as, but limited to, your name, email address, and phone number.Demographics information that allows us to monitor your progress through a human performance program, such as your age, sex, height and weight, workout history, and other information you may provide us related to nutrition, movement, resilience, stress levels, mindset, and recovery in order to allow us to provide the services you request.Transactional information about how you interact with us, our online assets, and business partners, including purchases, inquiries, and customer accounts.Financial information as needed to facilitate purchases, such as your credit card, debit card, or banking information.Applicant information that is typically provided by you when you apply for a position with O2Conditioning information about your physical activity and physical performance.Analytics Data is defined by this Policy as data generated, collected, obtained, stored, or transmitted from O2X. Analytics Data includes information gathered from information transmitted by your computer or smart device when interacting with our online platforms, such as our assessments, screening tools, and server logging information. Analytics Data also includes information transmitted from your computer or smart device when interacting with cookies, web beacons, and other tracking objects

Minors (Children Aged 13 and Under)

O2X does not market to and does not knowingly or intentionally collect any Personally Identifying Information or Analytics Data from or about any child who is under the age of 13 without the express written consent of the child’s parent(s) or legal guardian(s). In the event the Company becomes aware of the inadvertent collection of such information of or from a child under the age of 13, we will promptly implement all reasonable measures to delete and destroy permanently such information or data from all of our systems and backups

Information Use

O2X, our third-party partners and subcontractors may use Personally Identifying Information and Analytics Data to: (i) communicate a human performance program for each user’s goals and needs; (ii) track progress; (iii) customize users’ experiences; (iv) improve any or all of the products and services O2X provides; (v) develop new products or services; (vi) provide products or services which you have requested from O2X; (vi) track the use of a physical, website, mobile application, or other networked or on-line system(s) provided by or operated by O2X or our third-party partners or subcontractors; (vii) track the effectiveness of a physical operation, website or other on-line system operated by O2X or our third-party partners or subcontractors; (viii) analyze use of any of the products or services provided by O2X,our third-party partners, or subcontractors; (ix) develop, customize, enhance, or provide advertising for any of the products or services provided by O2X or our third-party partners or subcontractors; (x) document your personal history to appropriately customize your human performance program and protect O2X; (xi) analyze and report on usage and usage patterns, and (xii) send you targeted communications

Information Disclosure

Except as set forth hereafter, O2X will not rent, sell, or share your Personally Identifying Information and Analytics Data with other people or entities, except to provide or offer services you have requested.

O2X may share your Personally Identifying Information and Analytics Data if any of the following circumstances or situations exists: (i) O2X responds to subpoenas, court orders or other legal process, or to establish or exercise its legal rights or defend against legal claims; (ii) O2X believes it is necessary to share information, including Personally Identifying Information, in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of O2X’s policies or these terms and conditions, or as otherwise required by law; (iii) O2X outsources certain services or functions to third parties (e.g., related to a physical operation, website or other on-line system operated by O2X) and the disclosure of your Personally Identifying Information to these third parties is necessary for O2X to provide products or services to you (e.g., related to a physical operation, website or other on-line system operated by O2X); (iv) O2X transfers your Personally Identifying Information to its successor in interest related to a change in control, merger, acquisition or the sale of its business or assets; or (v) O2X may share your registration and participation information with your employer, sports team, or club who pays for, or otherwise arranges for you to make use of, the Program. These information sharing practices may include disclosures to your employer (when O2X obtains your Personally Identifying Information and Analytics Data in connection with products or services that O2X provides to you directly or indirectly in cooperation with or through your employer (e.g., your employer’s tactical health or human performance program)), potential or actual advertisers, providers of advertising services (including website tracking services), commercial partners, sponsors, licensees, researchers and other similar parties.

Confidentiality and Security

We use reasonable technological and physical safeguards to protect your Personally Identifying Information and Analytics Data from loss, misuse, unauthorized access, disclosure, alteration and destruction. In addition, the Company follows generally accepted industry standards to protect all information provided to and obtained by us, both during transmission and after we receive it. Unfortunately, no data transmitted over or accessible through the Internet can be guaranteed to be 100% secure. As a result, while O2X attempts to protect all Personally Identifying Information and Analytics Data, we cannot ensure or warrant that all Personally Identifying Information and Analytics Data will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a telecommunications network. O2X will notify you immediately in the event we become aware of a security breach involving your Personally Identifying Information. By disclosing your email address to O2X for any reason, you expressly consent to receive electronic notice from us in the event of such a security breach.

Public Forums

Any information that you disclose in public areas of a physical operation, website or other on-line system operated by O2X (or, of course, the Internet in general) may become public information. You should exercise caution when deciding to disclose personal information in such areas.

Changes to This Privacy Policy

Please note that this Policy may change from time to time without notice. Changes to this Policy will be posted at/to the physical operation, website or other on-line system or part of the Program operated by O2X.

Third-Party Content

Our online properties or equipment may contain links to websites not affiliated with O2X. Your use of an external website or any informational content found on external websites is subject to and governed by the terms and guidelines of those website(s). O2X does not endorse or make any representations or warranties concerning, and will not in any way be liable for, any informational content, products, services, software, or other materials available on an external website, even if one or more pages of the external website are framed within a page of an online property O2X controls. O2X is not responsible for the privacy practices of any external website. You access third party sites at your own risk and should always review the third-party site’s privacy policy before disclosing or transmitting any Personally Identifying Information to such site.
‍

HIPAA Privacy Rule -- Permitted and Required Uses and Disclosures

O2X Human Performance may use or disclose your Personally Identifying Information, including any information that constitutes Protected Health Information (PHI) as defined under the HIPAA Privacy Rule (45 CFR Part 164, Subpart E), in the following circumstances:

Permitted Uses and Disclosures. O2X may use or disclose your information: (i) to you, upon your request; (ii) for treatment, payment, or health care operations purposes, as described in 45 CFR 164.506; (iii) incident to a use or disclosure otherwise permitted or required, provided that O2X has complied with the applicable requirements of 45 CFR 164.502(b) (Minimum Necessary); (iv) pursuant to and in compliance with a valid authorization under 45 CFR 164.508; (v) pursuant to an agreement under 45 CFR 164.510 where you have been given the opportunity to agree or object; or (vi) as otherwise permitted under 45 CFR 164.512, including for public health activities, health oversight, judicial and administrative proceedings, law enforcement, and research purposes subject to applicable conditions and safeguards.

Required Disclosures. O2X is required to disclose your information: (i) to you or your personal representative when you request access to your information under 45 CFR 164.524, or an accounting of disclosures under 45 CFR 164.528; and (ii) to the U.S. Department of Health and Human Services when required for a compliance investigation or review under 45 CFR Part 160.

‍

Minimum Necessary Standard. When using or disclosing your information, or when requesting your information from another entity, O2X makes reasonable efforts to limit the information used, disclosed, or requested to the minimum necessary to accomplish the intended purpose, in accordance with 45 CFR 164.502(b) and 164.514(d).

Authorization Requirements. Certain uses and disclosures of your information require your prior written authorization. These include uses and disclosures of psychotherapy notes (where applicable), uses and disclosures for marketing purposes, and disclosures that constitute a sale of your information, as described in 45 CFR 164.508. You may revoke any authorization you have provided at any time by submitting a written request to info@o2x.com. Revocation will not affect any action already taken in reliance on the authorization.

Your Rights Regarding Your Information

Under the HIPAA Privacy Rule and applicable state law, you have the following rights with respect to your information held by O2X:

Right of Access. You have the right to inspect and obtain a copy of your Protected Health Information maintained by O2X, as provided under 45 CFR 164.524. To exercise this right, submit a written request to info@o2x.com. O2X will respond to your request within 30 calendar days. O2X may charge a reasonable, cost-based fee for copies.

Right to Amendment. You have the right to request that O2X amend your Protected Health Information if you believe it is incorrect or incomplete, as provided under 45 CFR 164.526. To request an amendment, submit a written request to info@o2x.com specifying the information you believe is inaccurate and the basis for your request. O2X will respond within 60 calendar days.

Right to an Accounting of Disclosures. You have the right to receive an accounting of certain disclosures of your Protected Health Information made by O2X during the six years prior to your request, as provided under 45 CFR 164.528. To request an accounting, submit a written request to info@o2x.com.

Right to Request Restrictions. You have the right to request that O2X restrict certain uses and disclosures of your Protected Health Information, as provided under 45 CFR 164.522. O2X is not required to agree to a requested restriction, except as required by law. To request a restriction, submit a written request to info@o2x.com.

Right to Request Confidential Communications. You have the right to request that O2X communicate with you about your information by alternative means or at alternative locations, as provided under 45 CFR 164.522(b). To make such a request, contact info@o2x.com.

Right to a Copy of This Notice. You have the right to obtain a paper or electronic copy of this notice at any time by contacting info@o2x.com.

De-Identification of Information

O2X may de-identify your information so that it does not identify you and cannot reasonably be used to identify you. De-identification is performed in accordance with 45 CFR 164.514(a)-(c), using either the Expert Determination method or the Safe Harbor method. De-identified information is not subject to the restrictions of the HIPAA Privacy Rule and may be used by O2X for research, analytics, product improvement, and other lawful purposes.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with O2X by contacting info@o2x.com or writing to O2X, 1 Mill Wharf, Unit S12, Scituate, Massachusetts 02066. You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights. O2X will not retaliate against you for filing a complaint.

Correction or Removal of Personally Identifying Information

If you have provided any Personally Identifying Information to the Company and would like such information to be edited, corrected or removed from our records, please submit your request in writing to us at info@o2x.com

Contact

Please direct all inquiries and other communications relating to the Site and/or the Services to:

O2X
1 Mill Wharf, Unit S12
Scituate, Massachusetts 02066
info@o2x.com

‍