California Privacy Notice

This California Privacy Notice ("California Notice”) supplements the Privacy Notice and applies to you only if you are a resident of the State of California and in accordance with the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”).

I. NOTICE OF COLLECTION AND USE OF PERSONAL DATA

We collect certain information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you ("Personal Data”), as further described below. In addition, we may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, and is not Personal Data. To the extent this data is stored or associated with Personal Data, it will be treated as Personal Data; otherwise, the data is not subject to this notice.

Categories of Personal Data

In the last twelve (12) months, we have collected the following categories of Personal Data:

1.     Identifiers such as a real name, alias, postal address, title, and email address. If you become an employee of the Company, we may also collect your social security number, driver’s license number, passport number, or other similar identifiers.

2.     Characteristics of protected classifications under California or federal law.

3.     Commercial information, including records of personal property, Services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

4.     Biometric information. For example, when you enter our building, you are required to present an ID badge. In addition, we may collect physiological, biological, and behavioral information and analytics from our athlete clients for performance management and tracking.

5.     Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.

6.     Employment related information if you apply for a job with us, such as, your resume, and background check related information.

7.     Geolocation data related to your IP address.

8.     Financial information from our vendors and subcontractors.

9.     Inferences drawn from any of the information above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

10.   Sensitive Personal Data, such as health information and medical information from athlete clients who volunteer it.

 

We will not collect additional categories of Personal Data other than those categories listed above. If we intend to collect additional categories of Personal Data, we will provide you with a new notice at or before the time of collection.

 

Retention of Personal Data

We retain your Personal Data pursuant to our records retention policy, as well as to the extent we deem necessary to carry out the processing activities described above, including, but not limited to, compliance with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, and to the extent we reasonably deem necessary to protect our and our partners’ rights, property, or safety, and the rights, property, and safety of our users and other third parties.

 

How We Safeguard Your Personal Data

We use reasonable and appropriate physical, technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of Personal Data. Those safeguards include: (i) physical controls in our physical locations and offices; (ii) the encryption of Personal Data where we deem appropriate; (iii) taking steps to ensure Personal Data is backed up and remains available in the event of a security incident; (iv) multi-factor authentication for access to data (v) adopting least privilege and role-based access controls; (iv) employing data loss prevention tools; and (vi) periodic testing, assessment, and evaluation of the effectiveness of our safeguards.

 

However, no method of safeguarding information is completely secure. While we use measures designed to protect Personal Data, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Services is or will be secure.

 

Use of Personal Data

We collect and process your Personal Data for the following business and commercial purposes:

  1. Providing, predicting, or performing, including maintaining or servicing accounts, providing customer service, processing, or fulfilling orders and transactions, verifying customer information, and processing payments.

  2. Marketing our Services to you, including sending you messages about the products and services we offer, which may include special offers for Services.

  3. Communicating with you by email, telephone, and other methods of communication, about Services and information tailored to your requests or inquiries.

  4. Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.

  5. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.

  6. Debugging to identify and repair errors that impair existing intended functionality.

  7. Short-term, transient use, including, but not limited to, the contextual customization of ads shown as part of the same interaction.

  8. Undertaking internal research for technological development and demonstration.

  9. Undertaking activities to verify or maintain the quality or safety of the services or devices owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the services or devices owned, manufactured, manufactured for, or controlled by us.

  10. Complying with applicable laws, regulations, rules, and requests of relevant law enforcement and/or other governmental agencies, or for other purposes, as permitted or required by law.

  11. As necessary or appropriate to protect the rights, property, and safety of our users, us, and other third parties.

 

We will not use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing you with notice.

Sources of Personal Data

We may collect Personal Data:

· Directly from you. When you provide it to us directly whether online, by email, phone, or in-person.

  • Automatically or indirectly from you. For example, through analytics tools, cookies, pixel tags, or through your interactions with us on social media websites (such as Facebook, Instagram, X, and LinkedIn).

  • From Operating Systems and Platforms. For example, we automatically collect information relating to the device used to access our Services, such as IP address, device identifiers, and browser information.

· From Third Parties such as Advertising Networks. For example, ad networks to serve advertisements across the Internet. These advertisers use cookies, pixel tags, and other tracking technologies to collect information about your online activity and provide online behavioral advertising.

  • From Third Parties such as Social Networks. For example, from social media networks (such as Facebook, Instagram, Twitter, and LinkedIn), including if you contact us for customer service support through our social media pages.  

  • From Third Parties such as Data Analytics Providers. For example, through technology and analytics providers (such as Google Analytics and LinkedIn Analytics). These providers use cookies, pixel tags, and other tracking technologies to collect information about your online activity to allow us to personalize your online experience, including sending you messages about the Services we offer.

  • From our Service Providers. For example, payment providers and other service providers we engage. In addition, we may receive information from our vendors, regarding athlete performance metrics.

 

II. Disclosing OF PERSONAL DATA

 

Within the last twelve (12) months, we have shared the following categories of Personal Data for a business purpose with the following categories of third parties:

· Category 1 (Identifiers): Service Providers and Third Parties.

· Category 2 (Commercial Information): Service Providers and Third Parties.

· Category 3 (Biometric Information): Service Providers.

· Category 4 (Internet or Network Activity): Service Providers and Third Parties.

· Category 5 (Employment Information): Service Providers.

·  Category 6 (Geolocation Data): Service Providers and Third Parties.

· Category 7 (Inferences): Service Providers and Third Parties.

· Category 8 (Sensitive Personal Data): Service Providers.

We also share Personal Data with third parties (i) when we obtain your prior approval or consent; (ii) when required by laws or regulations; (iii) when it is necessary to protect the rights or property of the Company, you or other third parties, and it is difficult to obtain your consent; (iv) when it is necessary to cooperate with statutory work required by laws and regulations performed by any national or local government office, or their subcontractors, and it is difficult to obtain your consent; or (vi) due to a merger, restructuring or other similar strategic transactions.

Finally, we may also share Personal Data with government agencies or regulators when permitted or required to do so by law; in response to a request from a law enforcement agency or authority or any regulatory authority; and/or to protect the integrity of the Services or our interests, rights, property, health, or safety, and/or that of our users, visitors, and others.

 

Do Not Track

We may use analytics systems and providers and participate in advertising networks that process Personal Data about your online activities over time and across third-party websites or online services, and these systems and providers may provide some of this information to us. To prevent Google Analytics from using your information for analytics generally, you may install the Google Analytics Opt-out Browser Add-on by clicking here. However, we do not currently recognize or respond to any web browser’s "do not track” signal or similar mechanisms.

III. YOUR CALIFORNIA PRIVACY RIGHTS

 

California’s “Shine the Light” law permits our users who are California residents to request and obtain from us a list of what Personal Data (if any) we disclosed to third parties for their own direct marketing purposes in the previous calendar year and the names and addresses of those third parties. Requests may be made only once per year per person, must be sent to the email address below, and are free of charge. However, we do not disclose Personal Data protected under the “Shine the Light” law to third parties for their own direct marketing purposes.

The CCPA provides California residents with the below rights. For more information about how to exercise your CCPA rights, see the section “Submitting a Verified Consumer Request” below.

 

  1. Right to Know/Access: You have the right to request, twice in a 12-month period, that we disclose to you the Personal Data we have collected, used, disclosed, shared, and sold about you during the past 12 months.

 

  1. Right to Data Portability: You have the right to request a copy of Personal Data we have collected and maintained about you in the past 12 months.

 

  1. Right to Correct: You have the right to request that we correct the Personal Data we maintain about you if that information is inaccurate.

 

  1. Right to Delete: You have the right to request that we delete certain Personal Data we have collected from you.

 

  1. Right to Non-Discrimination: You have the right not to receive discriminatory treatment by us for the exercise of your CCPA privacy rights.

 

Some of our Services, however, may require your Personal Data. If you choose not to provide your Personal Data that is necessary to provide any aspect of our Services, you may not be able to use those Services.

 

Some of our Services, however, may require your Personal Data. If you choose not to provide your Personal Data that is necessary to provide any aspect of our Services, you may not be able to use those Services. In addition, as described in the section captioned “Your Choices” in the Privacy Notice, it is possible to change your browser settings to block the automatic collection of certain information.

 

IV. SALE OR SHARING OF PERSONAL DATA

 

Under the CCPA, a “sale” and “share” are defined broadly. We do not sell or share your Personal Data within the meaning of the CCPA.

 

V. SUBMITTING A VERIFIED CONSUMER REQUEST

 

To exercise your rights, you must provide us with sufficient information to allow us to verify your identity and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. Once we receive the information you provide to us, we will review it and determine if more information is necessary to verify your identity as required by law, and we may request additional information in order to do so.

If you would like further information regarding your legal rights under California law or would like to exercise any of them, please contact us by:

 

Consumer Request by an Authorized Agent

If any authorized agent submits a consumer request on your behalf, in order to confirm that person or entity’s authority to act on your behalf and verify the authorized agent’s identity, we require an email be sent to privacy@excelsm.com, along with all of the below items:

  • To verify your authorization to request on behalf of a California resident, provide one or more of the following: (1) California Secretary of State authorization, (2) written permission from the California resident, or (3) power of attorney.

  • Sufficient information to verify the authorized agent’s identity, depending on the nature of the request.

  • To verify the identity of the California resident for whom the request is being made, provide the information set forth above for verification of the consumer request.

 We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. We will only use Personal Data provided in a verifiable consumer request to verify the request’s identity or authority to make the request.

We will acknowledge receipt of the request within ten (10) business days of its receipt. We will respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For Data Portability requests, we will provide the responsive information in a portable and, to the extent technically feasible, in a readily useable format that allows you to transmit the information to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

 

VI. MODIFICATIONS AND UPDATES TO THIS CALIFORNIA NOTICE

 

This California Notice replaces all previous disclosures we may have provided to you about our information practices with respect to the Services. We reserve the right, at any time, to modify, alter, and/or update this California Notice, and any such modifications, alterations, or updates will be effective upon our posting of the revised California Notice. We will use reasonable efforts to notify you in the event material changes are made to our processing activities and/or this California Notice, such as by posting a notice on the Services or sending you an email. Your continued use of the Services following our posting of any revised California Notice will constitute your acknowledgement of the amended California Notice.

If you have any questions or concerns about this California Notice and/or how we process Personal Data, please contact us at privacy@excelsm.com.

For more information about how users with disabilities can access this Privacy Notice in an alternative format, please contact us through the above contact methods.

 

Last Updated: September 8, 2024