Here’s what changed and why:
We believe you should have control over our use of your Personal Data. Over the next few months, we will be rolling out a series of changes to how you interact with the privacy settings and tools within our Fitness and Wellness websites and apps. These changes will enable you to more easily exercise choice; including how you provide your consent for certain collection, and sharing of your Personal Data.
2) What is the GDPR and how does it affect my experience with Under Armour and its related applications?
The General Data Protection Regulation, or GDPR, is a new regulation focused on European Union residents’ privacy rights. One of its goals is to give consumers control over their Personal Data. The regulation goes into effect on May 25th, 2018.
We believe the principles laid out in the GDPR will become the global standard. Under Armour therefore has adopted high-level principles from the regulation, as well as other similar regional regulations, and is working to apply them globally throughout our consumer journey.
What does this mean for you? You may notice a couple of changes:
These changes will be most readily visible in our Connected Fitness applications (MapMyFitness and related applications, MyFitnessPal, Endomondo, and UA Record). If you are a resident of the European Union or a country/region with similar laws, you will start to see these applications prompt you for consent related to activities that require the collection and processing of your Sensitive Personal Data—as well as the transfer of your Personal Data. The exact consent requests you are presented will depend on your location and the application.
Read more on what data is considered Personal Data and/or Sensitive Personal Data here in question 3 below.
Read more on the GDPR and its key changes: https://www.eugdpr.org/key-changes.html
3) What is Personal Data and what Personal Data does Under Armour collect about me?
“Personal Data” is any information that can be used to identify you, directly or indirectly, alone or together with other information. This includes information such as your full name, email address, phone number, precise location, device IDs, certain cookie and network identifiers, and certain “Fitness and Wellness Data.”
- When you register for an account with us or interact with our Services (such as browsing our products online), we may collect registration and demographic details such as your name, address, phone number, username and password, email address, date of birth, payment information and Location Data. “Location Data” means either approximate location or, with your consent, your precise location.
- When you input Fitness and Wellness Data within our Services or use our Services that collect or infer such data from mobile device sensors. “Fitness and Wellness Data” includes data you provide related to your lifestyle (e.g., sleeping habits), life events, dietary restrictions, fitness goals, height, weight, measurements, fitness level, heart rate, sleep data, BMI, biometric data, and similar types of data relating to your physiological condition, and activity.
- When you participate in special activities, offers, or programs, such as contests, challenges, sweepstakes, other promotions, surveys, or research activities or initiatives. In such cases, we may collect Personal Data, such as name, address, email address, telephone number and age and other information that is required for participation. If you win a prize in connection with a contest, challenge, etc., we also may need to collect certain tax information, waivers and releases, depending on the prize.
- When you interact with our online communities, such as submitting content, leaving reviews, or otherwise entering information into comment fields, blogs, message boards, events, we may collect certain Personal Data.
- When you interact or engage with advertising on the Services and/or 3rd Party platforms, we may collect Personal Data over the course of such interactions.
4) What does Under Armour do with the Personal Data it collects about me?
- To create your account, enable your activity within our Services, and to provide the Services.
- To tailor features, products, advertising, and services to your interests and goals, including providing meal suggestions, workout plans, training- and coaching-related services, and product recommendations
- To communicate with you and respond to your requests.
- To administer challenges, promotions, contests and sweepstakes.
5) How and why do I need to agree to the collection and use of my Personal Data?
It’s difficult to provide our Services to you without collecting some of your Personal Data. For example, how would we deliver any UA gear you purchase if we didn’t ask for your address?
But, we cannot collect your Personal Data without your knowledge and understanding. In some cases, we require Sensitive Personal Data (e.g., information related to health data) in order to provide you with the Services – read more on Sensitive Personal Data in question 6 below.
- When you check out or make a purchase on UA.com or its affiliated regional websites
- When you sign up or create an account at UA.com or its affiliated regional websites
- When you sign up, register or create an account for one of our Connected Fitness Applications (MapMyFitness and related applications, MyFitnessPal, Endomondo, and UA Record)
6) How and why do I need to consent to the processing of my Sensitive Personal Data?
The term “Sensitive Personal Data” covers many different types of information—everything from religion and union membership to health data.
When viewed individually, these data points cannot be used to identify you. For example, presenting the Sensitive Data element of Body Mass Index (BMI) alone does not identify a person.
But, when such a data element is coupled with Personal Data (hyperlink link to Personal Data FAQ) such as email or name, this information becomes sensitive. For example, if the data point BMI of 20 is connected to the email address email@example.com, one can now reasonably infer that Jane Doe has a BMI of 20.
Generally, Under Armour does not ask for, collect, or process Sensitive Personal Data.
However certain Under Armour websites or mobile apps – mainly our Connected Fitness Applications (MapMyFitness and related applications, MyFitnessPal, Endomondo, and UA Record) – may process Sensitive Personal Data such as certain Fitness and Wellness Data.
We want to make sure you’re aware of the instances of where your Sensitive Personal Data is processed. For those users in the European Union or a region with EU-like laws, you may be asked to consent to the processing of this information. Not providing this consent may affect your ability to use and/or create accounts for our Connected Fitness Applications, websites or other Services.
7) Why and how do I need to give consent for the transfer of my Personal Data?
Under Armour, Inc. is a U.S.-based company. Although we have international offices and users and consumers all over the globe, we may need to transfer your Personal Data to servers or storage in the U.S. (and/or other regions depending on your location) so that we can provide the Services outlined in our Terms.
8) Why do I need to verify my location on Endomondo?
We want to make sure we’re providing you with the appropriate app experience given your region or country. Confirming your location ensures that we provide you with the right context, information, and legal consents related to your data privacy rights.
9) I didn’t agree to one or more of the Privacy consents. Why can’t I access my account on Endomondo?
If you’ve reviewed the Data Privacy Consents presented in Endomondo and decided that you would not like to provide one or more of the consents, then you will not be able to access your account for Endomondo. This is because the app relies upon the collection, use, processing and transfer of your Personal Data to enable the app to provide its features and functionality. Without your consent to the collection, use, processing and transfer of your Personal Data, the app cannot operate and provide you its features.
Even if you do not provide all of the required Data Privacy Consents, you will still be able to access some of the incredible features and content available on our websites (Endomondo, MapMyFitness, MyFitnessPal). Specifically, you can continue to gather insights and inspiration from our blogs and forums. You will also be able to view certain routes or workouts (set as public) and events, search the MyFitnessPal Food Database, and use our calorie calculators.
10) How can I request to review what Personal Data Under Armour has collected regarding me?
As a resident of an EU country or EU-like region, you have the right to request access to your Personal Data that we have collected and stored. As a reminder, Personal Data does not mean all data. Read more about personal data in question 3.
To request access to or to download your Personal Data, please submit a support ticket here and one of our agents will be in touch soon!
11) How can I delete my account?
You can delete your account at any time. The Account and Privacy Center includes specific information on how to do this for each Under Armour platform. Alternatively, you can instruct the Support Team to delete your account. Once you delete your account, you will not be able to recover your Personal Data.
12) I’m Premium Member and I don’t want to accept the new Terms and Conditions of Use or provide my consent for the transfer of my Personal Data to the U.S., can I obtain a refund for any amounts prepaid for my Premium Membership?
Please note that if you've signed up for Endomondo Premium through in-app purchase on iOS (iPhone), you'll have to cancel your subscription through the Apple iTunes/App Store subscription system and try to request a refund for your purchase directly from Apple via this link: http://reportaproblem.apple.com (Unfortunately, we (Endomondo) doesn't have access to change, cancel or refund subscriptions created through iTunes)
13) Can I choose which data will be shared with Under Armour?
Beyond what is required for registration, you can change your user settings and/or selectively use our Services in an effort to limit what information and data you share with Under Armour and other end users.
14) What Personal Data does Under Armour share with advertisers?
It’s important to us that our users and consumers are aware of changes we make to our policies.
These most recent updates to both policies address new global requirements, provide users with a clearer understanding as to how we collect, use and share Personal Data and your rights regarding our collection, use and sharing of your Personal Data. We also streamlined the language, where possible, for improved readability – and emphasized the importance of user responsibility and best judgment in connection with your use of any dietary or fitness-oriented content we provide.
16) Why can’t I continue using the application if I didn’t consent to data transfer? Are you treating my data differently if it’s in the U.S.?
Thank you for your inquiry. We appreciate your interest in the location of your personal data, and in Under Armour’s implementation of the General Data Protection Regulation (GDPR) requirements.
Nothing has changed or is new with the process by which Under Armour transfers your personal data. Depending on your country/region, we are making this transfer transparent by providing an additional layer of notice as to where data is being stored and asking for your acknowledgement and agreement (consent) to transfer your data.
As part of this notice, we may also inform you that laws in the U.S. may be viewed as less protective than those of your country or region. However, this does not mean Under Armour is treating your data with any less protections when transferred. We believe the principles laid out in the General Data Protection Regulation (GDPR) will become the global standard. Under Armour therefore has adopted high-level principles from the regulation, as well as other similar regional regulations, and is working to apply them globally throughout our consumer journey. Under Armour’s global information and cyber security team is dedicated to ensuring your personal and sensitive data is protected. With a foundation in the National Institute of Standards and Technology (NIST) Cyber Security framework, we maintain a layered approach to build security in to everything that we do.
Without your consent to the collection, use, processing, and transfer of your personal data the app cannot properly operate. The GDPR does not require companies to continue providing services to a user after they have withdrawn their consent to something that is core to the enabling the service to function. However, if you do not provide consent, or later decide to remove consent, you will still be able to access some of the incredible features and content that do not require an account. Specifically, you can continue to gather insights and inspiration from our blogs, forums, and social media communities. You will also be able to view certain routes or workouts (set as public) and events on our MapMyFitness sites, search the MyFitnessPal Food Database, and use our calorie calculators.
17 ) – Questions regarding UA and freely given consent
As you may know, changes in international law have shifted the way organizations present information to users when processing personal data. One key change centers around when and how direct consent is obtained. For us, this means Under Armour is responsible for ensuring that the consent is “… freely given, specific, informed and unambiguous indication of [users] agreement to the processing of personal data.” As a result, Under Armour, has clearly presented plain language, distinct consents for data processing (specific to health-related data) and data transfer for users in the European Union (EU) and EU-like regions. Without users’ consents for these two items, we are not able to provide our full suite of services.
Why? At Under Armour, our mission is to make consumers and end-users better by enabling their ability to achieve their goals. The purpose of the app is to provide the ability to measure and track success over time. Collection of health-related data is necessary to do that.
Therefore, we cannot allow you to continue to use the application without consenting, because the application would not work or function without the two primary consents. If you choose not to consent, you can still browse our suite of free content on our blogs and social media sites, as well as explore any publicly posted routes on MapMyFitness or explore our nutrition database on MyFitnessPal. You are free to withdraw your consent at any time and request that Under Armour delete your account. However, we hope that you will continue to be a part of our community and that we can continue to support you as you work to achieve your fitness and nutrition goals.
For information about the data security issue announced on March 29, 2018, please visit our FAQ: https://content.myfitnesspal.com/security-information/FAQ.html