COACHLOGIX DATA PRIVACY FRAMEWORK NOTICE

Coaching.com, operated by CoachLogix, Inc. (“CoachLogix”, “Coaching.com, “We”, “US”, “Our”) has certified with the EU-U.S. Data Privacy Framework (DPF), the Swiss-U.S. Data Privacy Framework, as well as the UK Extension to the EU-U.S. Data Privacy Framework with respect to the personal data we receive and process on behalf of our customers through our coaching management platform (the “Services”). CoachLogix certifies that it adheres to the DPF principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for personal data submitted by our customers in participating European countries, the United Kingdom, and Switzerland through the Services, and our DPF certification will be available here. We may also process personal data our customers submit relating to individuals in the EU, U.K. or Switzerland via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses. Coaching.com, a subsidiary of CoachLogix, Inc. is also covered under this notice. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy framework website.

DATA PROCESSED

We provide the Services so that our customers can manage their coaching practices in an integrated platform. In providing these Services, we process data our customers submit to the Services or instruct us to process on their behalf in connection with the Services (“Customer Data”). While our customers decide what data to submit, Customer Data typically includes profile information, coaching engagement tracking, and goal planning.

PURPOSES OF DATA PROCESSING

We process Customer Data submitted by customers for the purpose of providing the Services to customers. To fulfill these purposes, we may access data to provide the Services, to prevent or address service or technical problems, to respond to customer support matters, to follow the instructions of our customer who submitted the data, or in response to contractual requirements with our customers.

Our organization commits to cooperate with EU data protection authorities (DPAs) and the U.S. Department of Commerce, and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.

CHOICE

When providing our Cloud Services, our customers choose the types of Personal Information we process and the purposes of the processing. Accordingly, our customers are responsible for providing notice to individuals. In the event Personal Information is (i) to be used for a purpose that is materially different from the purposes for which the Personal Information was originally collected or subsequently authorized, or (ii) transferred to a third party acting as a data controller, individuals will be given, where practical and appropriate, an opportunity to opt out of having their Personal Information so used or transferred where it involves non-sensitive information. Where such use or transfer involves sensitive information, individuals must opt-in before such use or transfer.

THIRD PARTIES WITH WHOM WE MAY SHARE CUSTOMER DATA

We use a limited number of third party providers to assist us in providing the Services to our customers. As of the date hereof, these third party providers perform technical operations such as database monitoring, data storage and hosting services and customer support software tools. These third parties may access, process or store personal data in the course of providing these services, but based on our instructions only. If we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the DPF if both (i) the agent processes the personal data in a manner inconsistent with the DPF and (ii) we are responsible for the event giving rise to the damage.

QUESTIONS OR COMPLAINTS:

If you are a resident of a European country participating in the EU-US Data Privacy Framework, are a resident of the United Kingdom, or are a resident of Switzerland and you believe we maintain your personal data within the scope of this DPF certification, you may direct any questions or complaints concerning our Data Privacy Framework compliance to support@coachlogix.com or at our mailing address:

CoachLogix
9800 Wilshire Blvd,
Beverly Hills, CA 90212

DISPUTE RESOLUTION

If you have submitted a question or complaint and are covered under the EU-U.S. Data Privacy Framework (DPF), the Swiss-U.S. Data Privacy Framework, or the UK Extension to the EU-U.S. Data Privacy Framework and you have not received timely response to your concern, or we have not addressed your concern to your satisfaction, you may seek further assistance, at no cost to you, from JAMS, which is an independent dispute resolution body in the United States.

ARBITRATION

You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country participating in the EU-US Data Privacy Framework, a resident of the United Kingdom, or a resident of Switzerland must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from JAMS; and (3) contact the U.S. Department of Commerce (either directly or through a Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Data Framework, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident.

U.S. FEDERAL TRADE COMMISSION ENFORCEMENT

Our compliance for the EU-US Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, as well as the UK Extension to the EU-U.S. Data Privacy Framework is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

RIGHT OF ACCESS

Some international users (including those whose personal data is within the scope of this Data Privacy Framework certification) have certain legal rights to access certain personal data we hold about them and to obtain its correction, amendment or deletion. Please be advised that because our personnel have a limited ability to identify and access an individual user’s personal data that our a customer has submitted to the Services, if you wish to request access, to limit use, or to limit disclosure, we may first refer your request to the customer who submitted your personal data, and we will support them as needed in responding to your request.

REQUIREMENT TO DISCLOSE

We may disclose personal data when we have a good faith belief that such action is necessary to: conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to enforce our contractual obligations.

PURPOSES OF DATA PROCESSING

We process Customer Data submitted by customers for the purpose of providing the Services to customers. To fulfill these purposes, we may access data to provide the Services, to prevent or address service or technical problems, to respond to customer support matters, to follow the instructions of our customer who submitted the data, or in response to contractual requirements with our customers.

Our organization commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.

CHOICE

When providing our Cloud Services, our customers choose the types of Personal Information we process and the purposes of the processing. Accordingly, our customers are responsible for providing notice to individuals. In the event Personal Information is (i) to be used for a purpose that is materially different from the purposes for which the Personal Information was originally collected or subsequently authorized, or (ii) transferred to a third party acting as a data controller, individuals will be given, where practical and appropriate, an opportunity to opt out of having their Personal Information so used or transferred where it involves non-sensitive information. Where such use or transfer involves sensitive information, individuals must opt-in before such use or transfer.

THIRD PARTIES WITH WHOM WE MAY SHARE CUSTOMER DATA

We use a limited number of third party providers to assist us in providing the Services to our customers. As of the date hereof, these third party providers perform technical operations such as database monitoring, data storage and hosting services and customer support software tools. These third parties may access, process or store personal data in the course of providing these services, but based on our instructions only. If we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the personal data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.

QUESTIONS OR COMPLAINTS:

If you are a resident of a European country participating in the Privacy Shield and you believe we maintain your personal data within the scope of this Privacy Shield certification, you may direct any questions or complaints concerning our Privacy Shield compliance to support@coachlogix.com or at our mailing address:

CoachLogix
9800 Wilshire Blvd,
Beverly Hills, CA 90212

DISPUTE RESOLUTION

If you are a resident of a European country participating in the Privacy Shield and you have not received timely response to your concern, or we have not addressed your concern to your satisfaction, you may seek further assistance, at no cost to you, from JAMS, which is an independent dispute resolution body in the United States.

ARBITRATION

You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country participating in the Privacy Shield must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from JAMS; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident.

U.S. FEDERAL TRADE COMMISSION ENFORCEMENT

Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

RIGHT OF ACCESS

Some international users (including those whose personal data is within the scope of this Privacy Shield certification) have certain legal rights to access certain personal data we hold about them and to obtain its correction, amendment or deletion. Please be advised that because our personnel have a limited ability to identify and access an individual user’s personal data that our a customer has submitted to the Services, if you wish to request access, to limit use, or to limit disclosure, we may first refer your request to the customer who submitted your personal data, and we will support them as needed in responding to your request.

REQUIREMENT TO DISCLOSE

We may disclose personal data when we have a good faith belief that such action is necessary to: conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to enforce our contractual obligations.