We protect your privacy
Date last modified: May 21, 2015
MINDBODY Inc. (MINDBODY) is a certified licensee of the TRUSTe Privacy Seal and abides by the EU and Swiss Safe Harbor Frameworks.
The use of information collected through our service shall be limited to the purpose of providing the service(s) for which you have engaged MINDBODY. We will share your personal information with third parties only in the ways that are described in this privacy statement.
MINDBODY complies with the U.S.—E.U. Safe Harbor framework and the U.S.—Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. MINDBODY has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view MINDBODY certification, please visit http://www.export.gov/safeharbor.
Information Related to Data Collected from You
Information we collect and how it is used
On certain pages, we give users the option of providing us with contact information or account registration information, including name, phone, physical address, date of birth, and e-mail address, as a requirement If you choose to purchase a service from us or access some of our training materials we will collect information from you such as credit card number and billing name and address. Providing this information is voluntary which we use internally and with MINDBODY partners. All information collected while within the MINDBODY Digital Properties shall hereby be referred to as ("Collected Information"). When using our mobile applications we may collect information from your device such as unique device ID, device's operating system, MAC address, and device type ("Device Information"). We will not provide your Device Information to any third party. MINDBODY follows the seven principles created by the US Department of Commerce's Safe Harbor Program.
When using the MINDBODY Connect Workplace service, we will collect additional information relating to your role as a patient, practitioner or organization such as: age and personal health information when you register for an account or book an appointment. Your professional license number, type of state of issuance and expiration date if you register as a practitioner. If you register as an organization we will collect the first and last name and email address of your representative.
MINDBODY Connect Workplace will also provide all users the opportunity to upload and store personal health records, health insurance information, medical history and records, and treatment notes about yourself or on behalf of others that are registered members of MINDBODY Connect Workplace.
When using our mobile applications we may collect your Geo Location data in order to help find services located near you. MINDBODY does not share this information with anyone else. If you have previously consented to the collection of your Geo Location data and no longer wish to have it used, you can turn it off at the device level. Our mobile applications may also send push notifications to your mobile device. If you have previously consented to receiving push notifications and no longer wish to receive them, you can also turn push notifications off at the device level. The applications may also request access to your device's calendar application. If you have previously allowed access to your device's calendar and no longer wish to allow access, you may edit the application settings at the device level.
Some of the pages in our mobile apps utilize framing techniques to serve content from our partners while preserving the look and feel of our mobile application. Please be aware that you are providing your personal information to these third parties and not to MINDBODY.
If you have opted into membership of our information newsletter, you may cancel participation in the email newsletters by following the instructions on each newsletter or by contacting us at firstname.lastname@example.org. Information you provide may be used by MINDBODY for marketing purposes, including but not limited to, one-off promotional e-mailing, direct mail, and sales contacts. We will honor all requests for list removal sent to email@example.com. If you provide your information to MINDBODY, at any time you can opt-out, which will allow you to save your personal information with MINDBODY, but MINDBODY will not use your information for marketing purposes.
We use other third parties such as credit card processing companies to bill you for services, a support provider to help us collect feedback and manage our support and an email service provider to send out emails on our behalf. We use live chat software to assist you if you have questions while using our site or regarding our service. When you sign up for our services, we will share your Collected Information only as necessary for the third party to provide that service.
Access to Personal Information
If your Collected Information changes, or if you no longer desire our service, you may correct, update, and delete/deactivate it by logging into your account and making the appropriate changes or by emailing our customer support at firstname.lastname@example.org. We will respond to your request within a reasonable time.
MINDBODY employs, or our third party advertising partners employ, various tracking technologies, such as cookies, web beacons and analytics software, that help us better manage content on our Digital Properties by informing us what content is effective.
When you visit our Digital Properties we send one or more “cookies” to your computer or other devices. Cookies are alphanumeric identifiers stored on your computer through your web browser and are used by most websites to help personalize your web experience. Some cookies may facilitate additional site features for enhanced performance and functionality such as remembering preferences, allowing social interactions, analyzing usage for site optimization, providing custom content, allowing third parties to provide social sharing tools, and serving images or videos from third party websites. Some features on this site will not function if you do not allow cookies. We may link the information we store in cookies to any Collected Information you submit while on our site.
We use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. Persistent cookies enable us to track and target the interest of our users to enhance the experience on our site. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file.
Functional cookies, persistent and session type, store information to enable core site functionality, such as Live Chat and Client ID remembrance.
Analytics cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our site and our marketing campaigns.
Advertising cookies may be set through our website by our advertising partners. Data may be collected by these companies that enable them to serve up advertisements on other sites that are relevant to your interests.
If you reject cookies, you may still use our site, but some features on the site will not function properly.
MINDBODY uses Web Beacons alone or in conjunction with cookies to compile information about our Digital Properties. Web Beacons are tiny graphic object that are embedded in a web page or email and is usually invisible to the user but allows checking that a user has viewed the page or email. Web Beacons may be used within the Digital Properties to track email open rates, web page visits or form submissions. In some cases, we tie the information gathered by Web Beacons to our customers’ Collected Information. For example, we use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns.
Local Storage - HTML5/Flash Cookies
We use Local Storage Objects (LSOs) such as HTML5 to store content, information, and preferences. Third parties with whom we partner to provide certain features on our site or to display advertising based upon your Web browsing activity use LSOs such as HTML 5 to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs. To manage Flash LSOs please click here.
Third Party Tracking Technologies
We and our third party tracking-utility partners use log files on our Digital Properties to gather certain information automatically and store it for analytical purposes. This information includes internet protocol (“IP”) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.
We use this information to track and aggregate no-personal information to analyze trends, administer the site, track users’ movements around our Digital Properties and to gather demographic information about our user base as a in the aggregate. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you, to improve marketing, analytics, or site functionality.
Social Media Features and Widgets
You can log in to our some of our services using sign-in services such as Facebook Connect or an Open ID provider. These services will authenticate your identity and provide you the option to share certain personal information with us such as your name and email address to pre-populate our sign up form. Services like Facebook Connect give you the option to post information about your activities on this Web site to your profile page to share with others within your network.
In addition, when using some of our mobile applications we may allow you a chance to tell friends about our services by accessing the contacts in your Facebook or other social media account.
We may provide you for the opportunity to use our referral service to tell a friend about one of our mobile applications via SMS or email, or to invite colleagues to collaborate. We will ask you for your colleagues’/friend’s email address or telephone number. We will automatically send your friend a one-time email or SMS message inviting them to visit the mobile application. MINDBODY stores this information for the sole purpose of sending this one-time email or SMS and tracking the success of our referral program. Your friend may contact us at email@example.com to request that we remove this information from our database.
When using this feature we will access the contact list of your device for the sole purpose of assisting you in finding individuals to whom you wish to send these communications. Please also note that when using the SMS feature charges from your carrier may apply.
Testimonials, Ratings and Reviews
We post customer testimonials on our Digital Properties which may contain Collected Information. We obtain the customer's consent via email prior to posting the testimonial and attaching the users name along with their testimonial. If you want your testimonial removed, please contact us at firstname.lastname@example.org.
We also partner with a third party service provider to collect and display ratings and review content on our web site. If the content collected by the third party for display includes personally identifiable information, it will be rejected and will not be posted unless explicit consent is provided by the customer.
Links to Other Web Sites
Our Web site offers publicly accessible message boards, blogs, and community forums. Please keep in mind that if you directly disclose Collected Information through MINDBODY public message boards, blogs, or forums, this information may be collected and used by others. To request removal of your personal information from our blog or community forum, contact us at email@example.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Information Related to Data Collected for our Subscribers
The following terms shall have the definitions contained below.
Subscriber shall mean the business or entity that purchased a subscription the MINDBODY Software as a Service via entering into the MINDBODY Software Service Agreement (“SSA”).
Customer shall mean the businesses or individuals scheduling and purchasing products and services from SUBSCRIBER.
Service Provider Collection and Use
MINDBODY collects information under the direction of its Subscribers, and has no direct relationship with the individuals whose personal data it processes.
MINDBODY collects information for our Subscribers. If you are a Customer of one of our Subscribers and would no longer like to be contacted by one of our Subscribers that use our service, please contact the Subscriber that you interact with directly.
Service Provider, Sub-Processors/Ownward Transfer
MINDBODY may transfer Collected Information to third parties that help us provide our service. Transfers to these third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Subscribers.
Access to Data Controlled by our Subscribers
MINDBODY has no direct relationship with the Customers whose personal data it processes. A Customer who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the Subscriber. If the Subscriber requests MINDBODY to remove the data, we will respond to their request within a reasonable time.
We reserve the right to disclose the Collected Information upon the following circumstances:
- As required by law, such as to comply with a subpoena, bankruptcy proceeding or similar legal process.
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
- To any other third party with your prior consent to do so.
- If MINDBODY is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your Collected Information, as well as any choices you may have regarding your personal information.
We will retain your Collected Information and the Collected Information we process on behalf of our Subscribers for as long as your account is active or as needed to provide you and our Subscribers services. We will retain and use this information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Security of your Information
The security of personal information is a high priority at MINDBODY. We maintain our Digital Properties and all associated data with technical, administrative and physical safeguards to protect against loss, unauthorized access, destruction, misuse, modification and improper disclosure. When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL). No computer system or information can ever be fully protected against every possible hazard. MINDBODY is committed to providing reasonable and appropriate security controls to protect our web sites and their information against foreseeable hazards. If you have any questions about security on our web site, you can contact us at firstname.lastname@example.org.
As referenced in our Debit Card program’s Terms and Conditions, if you are a MINDBODY Connect Workplace user, you hereby request that we refrain from sending you annual privacy notices other than as outlined above.
You understand that the current privacy notice is available to you at any time by accessing it on the web site, www.mindbodyonline.com/connect-workplace or by calling your Plan Administrator at the number on the back of your Card.
If you have any questions regarding this Privacy Statement you can contact us via email at email@example.com or via postal mail at:
Vice President Information Security
4051 Broad Street Suite 220
San Luis Obispo, Ca 93401