THE COACH – PRIVACY POLICY

Last updated: 2/15/2024

This Privacy Policy (“Policy”) explains how VAM Apps Co., a Delaware corporation (registered office: 10103 Centre Rd Ste 403B Wilmington, Delaware, 19805-1270, USA; filing number: 7512951; hereinafter: “Vam Apps”, “Company”, “we”, or “us”) applies privacy practices to those who visit the website (the “Website”) and mobile-based application (the “App”) and any content or service provided through the website and/or the App (collectively, the “Service”), including signing up to our newsletter service (“Newsletter”). For purposes of this Policy, personal data shall mean any information relating to an identified or identifiable natural person. This might be by reference to an identifier such as a name, ID number, location data or online identifier, or by factors specific to them, such as their physical, genetic, economic or social identity.

By using our Service, you express your unconditional agreement with this Policy and the conditions of processing the personal data contained herein. If you do not accept this Policy, do not use our Service or provide any Personal Information to us.

By using our Service, you express your unconditional agreement with this Policy and the conditions of processing the personal data contained herein. If you do not accept this Policy, do not use our Service or provide any Personal Information to us.

Information We Collect

The Company gathers two types of information: (1) personally identifiable information that is supplied voluntarily upon registration for Service, submitting data through the Service, or when you enter certain other areas of the Website or the App and (2) aggregate tracking and site usage information that is gathered automatically when you use the Service.

A. Information You Provided to Us

Personal Information

When you register for an account to access or utilize Service (an “Account”) or signing up for the newsletter we may publish (the “Newsletter”), we ask for and may collect Personal Information that can be used to identify you (“Personal Information”), such as your name, e-mail address, billing address and phone number. Personal Information may also be related to your health, such as information about your injuries, chronic diseases and other personal health information. By providing us with Personal Information, you represent that you are the owner of such personal data or otherwise have the requisite consent to provide it to us.

The Company only collects “sensitive” Personal Information when you voluntarily provide us with this information or where such information is required or permitted to be collected by law or professional standards. Sensitive information includes Personal Information regarding a person’s race, ethnicity, political, philosophical religious or similar beliefs, trade union membership, physical or mental health, sexual life, sexual orientation, or criminal record. Please use your discretion when providing sensitive information to the Company, and under any circumstances, do not provide sensitive information to the Company, unless you thereby consent to the Company’s use of that information for its legitimate business purposes and consent to the transfer and storage of such information to and in the Company’s databases. If you have any questions about whether the provision of sensitive information to the Company is, or may be, necessary or appropriate for particular purposes, please contact us at support@the.coach.

Transactional Data

We use third party payment processors (currently Apple Payments, Inc.) to assist in securely processing your personally identifiable payment information, including recurring charges (if any). The credit card information that you provide is encrypted and transmitted directly to Apple Payments, Inc. (“Apple”). We do not store your credit card information and do not control and are not responsible for Apple or its collection or use of your information. You may find out more about how Apple stores and uses your credit card information by accessing the Privacy Policy for Apple at https://www.apple.com/legal/applepayments/privacy-notice/.

B. Automatic Collection of Personal Information

We and our third-party service providers, including analytics and third-party content providers, may automatically collect certain information from you whenever you access or interact with the Service. This information may include, among other information, the browser and operating system you are using, the URL or advertisement that referred you to the Service, the search terms you entered into a search engine that led you to the Service, areas within the Service that you visited, which links you clicked on, which pages or content you viewed and for how long, other similar information and statistics about your interactions, such as content response times, download errors and length of visits to certain pages and other information commonly shared when browsers communicate with websites. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you, and to improve marketing, analytics, and site functionality.

The information we collect include your IP address, which is a number assigned to your computer or internet-enabled device whenever you access the internet. It allows computers and servers to recognize and communicate with one another. IP addresses from which visitors appear to originate may be recorded for IT security and system diagnostic purposes. This information may also be used in aggregate form to maintain and improve Service and to generate and analyze statistics about Service and your use of Service.

We may use the following technology to automatically collect information from you:

Cookie Information
Cookies are text files put on your computer to collect standard internet log information and visitor behavior information. This information is then used to track visitor use of the website and to create statistical reports on website activity. A cookie may also convey anonymous information about how you browse the Web or the Application to us. A cookie does not collect Personal Information about you.

You can set your web browser or device to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Service may not function properly if the ability to accept cookies is disabled.

BY ACCESSING OR USING SERVICE, YOU AGREE THAT WE, OR A THIRD PARTY ACTING ON OUR BEHALF, CAN PLACE THESE COOKIES ON YOUR COMPUTER OR INTERNET ENABLED DEVICE UNLESS YOU SET YOUR WEB BROWSER OR DEVICE TO REFUSE COOKIES.

Third Party Service
We may provide an option to access or register for Service through the use of your user name and passwords for certain services provided by third parties (each, an “Third-Party Service”), such as through the use of your Facebook, LinkedIn, or Google account. By authorizing us to connect with a Third-Party Service, you authorize the Company to access and store the information that the Third-Party Service makes available to us, and to use and disclose it in accordance with this Policy. It is your responsibility to check your privacy settings for such Third-Party Services (please review the terms of use and privacy policy of such Third-Party Services) to control what information is available to us.

IP addresses
An IP address is a number assigned to your computer or internet-enabled device whenever you access the internet. It allows computers and servers to recognize and communicate with one another. IP addresses from which visitors appear to originate may be recorded for IT security and system diagnostic purposes. This information may also be used in aggregate form to maintain and improve Service and to generate and analyze statistics about Service and your use of Service.

Web beacons
A web beacon is a small image file on a web page that can be used to collect certain information from your computer, such as an IP address, the time the content was viewed, a browser type, and the existence of cookies previously set by the same server. We only use web beacons in accordance with applicable laws.

How We Use Information That We Collect

We may use your information, including your personal information – based on diverse purposes as well as the legal basis of the processing – as follows:

Performance of our Services

We process the following personal data for the purpose and on the legal basis of the performance of the contract, product, and Service fulfillment:
· Full name
· Date of birth
· Email address
· Geographical location (optional)
· Weight, height
· Sexual orientation
· Personal health information (e.g. diabetes type, supplement details, information related to sex life, mental health)
· Pulse
· Details of the daily activities (e.g. information related to sleep, physical activities, food intake, blood pressure)
· Any details you share with VamApps
· IP address
· Unique device identifier
· Language preferences
· Other system settings
· Operating system type and version
· The type of web browser used
· The domain name you access the internet from
· The link you have been redirected to the Website from
· The geographic location of the server you access the Website or the Application from
· Other software and hardware information
· Actions taken in the Application
· Dates and times of Application and Website visits
· Time spent in the Application and the regularity of its visit
· Sections of our Application visited
· Search terms used

The above obligatory or optional personal data you provide is used for purposes such as fulfilling the obligations defined in the Terms of Use and providing the Service, responding to your questions, requests relating to the Service, customizing the visualized content, communicating with you about sales offers relating to special Services and new features, and responding to problems relating to our Services.

With Your Consent

We process the following personal information based on your consent (as the legal basis of this processing) for marketing purposes, to deliver coupons, newsletters, emails:

· Full name
· Email address

You shall always have the right to withdraw your consent given for marketing purposes at any time, without affecting the lawfulness of processing based on your consent, or on any other legal basis, before your withdrawal.

Compliance with Law
We process personal data for the purpose and on the legal basis of compliance with legal obligations to prevent fraudulent transactions, monitor against theft and otherwise protect our customers and our business. We also process personal data for the purpose and on the legal basis of legal compliance and to assist law enforcement and respond to subpoenas.

This means that in some cases the data processing is stipulated by the applicable laws and we have an obligation to process and keep this data for the required time. This includes employment data, billing data, data which is necessary to assist law enforcement etc.

Legitimate Interests of the Company
We process the following personal data for the purpose and on the legal basis of the legitimate interests of the Company, to improve the effectiveness of the Website, our Services, and marketing efforts, to conduct research and analysis, including focus groups and surveys and to perform other business activities as needed, or as described elsewhere in this Policy:

· IP address
· browser information
· contact information
· content consumed on the Website
· unique device identifier
· browser characteristics
· domain and other system settings
· search queries
· device characteristics
· operating system type
· language preferences
· referring URLs
· actions taken on our Website
· page requested
· content consumed (e.g., viewed, uploaded, and shared)
· dates and times of Website visits
· other information associated with other files stored on your device

Where it is feasible, we anonymize personal data or use non-identifiable statistical data. We do not collect personal data in advance and store it for potential future purposes unless required or permitted by the applicable laws.

For collecting anonymously, the above-mentioned data and making statistics and analysis we may use the following software and programs:

1. Google Analytics: http://www.google.com/analytics/learn/privacy.html (you can opt out by accessing Google’s add-on available here: Google Analytics Opt-out Browser Add-on).
2. Facebook: https://www.facebook.com/privacy/explanation.
3. Amplitude: https://help.amplitude.com/hc/en-us/articles/206533238-Data-Security-Privacy.
4. AppMetrica: https://appmetrica.yandex.com/about/privacy-policy.
5. Firebase: https://firebase.google.com/support/privacy.

Data integrity and purpose limitation
Vam Apps will only collect and retain personal data which is relevant to the purposes for which the data is collected, and we will not use it in a way that is incompatible with such purposes unless such use has been subsequently authorized by you. We will take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete and current. We may occasionally contact you to determine that your data is still accurate and current. To secure your personal information processed we save your personal information to backup archives in every 24 hours. The data stored in our backup archives will be deleted in every half a year.

Although we strive to keep the information about you up to date, the Company may keep the outdated information in its records for the retention period of that data to resolve disputes, or for the exercise or defense of legal claims. For these purposes, Vam Apps may process (store) the personal information after the User deletes the User’s account. Vam Apps will only keep the data that might be relevant in a dispute, and it will delete or anonymize such data as soon as the enforceability of such claims lapse.

How We Share the Information That We Collect

Third-Party Service Providers
We share information, including Personal Information, with our third-party service providers that we use to provide hosting for and maintenance of Service. These third-party service providers may have access to or process your Personal Information for the purpose of providing these services for us. We do not permit our third-party service providers to use the Personal Information that we share with them for their marketing purposes or for any other purpose than in connection with the services they provide to us.

We may also instruct service providers, to process personal data for the permitted purposes set forth above on our behalf and in accordance with our instructions only. We will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers.

Advertising Partners
We share information with our advertising partners and other third parties, for business and commercial purposes, including analytics and advertising technology companies that measure and improve our Service, advertising effectiveness and enable other enhancements. Vendors or such other parties may act as our service providers, or in certain contexts, independently decide how to process your information.

Compliance with Law
We may share your personal data with courts, law enforcement authorities, regulators or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defense of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms and conditions, or as otherwise required by law.

Organizational Changes
We may share your personal data with any third party to whom we assign or novate any of our rights or obligations, or that acquires all or substantially all of our business, stock or assets, or with whom we merge.

With your Consent
We will otherwise only disclose your personal information when you direct us or give us permission to do so.

Where we rely on your consent to process the Personal Information, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.

If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information). Similarly, if we collect and use your Personal Information in reliance on our (or a third party’s) legitimate interests which are not already described in this Policy, we will make clear to you at the relevant time what those legitimate interests are.

If you have any questions about or need further information concerning the legal basis, on which we collect and use your Personal Information, please contact us at support@the.coach.

How Long We Retain Your Personal Information

We will retain your Personal Information for as long as is needed to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it, or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible. For Personal Information that we process on behalf of our Subscribers, we will retain such Personal Information in accordance with the terms of our agreement with them, subject to applicable law.

Your Privacy Rights

Upon request we will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Information. To request this information please contact us at support@the.coach. Subscribers may update or change their Account Information by editing their profile within Service. To make a request to have Personal Information maintained by us returned to you or removed, please email support@the.coach. Requests to access, change, or remove your information will be handled within thirty (30) days; provided that, notwithstanding such request, this information may be retained for as long as you maintain an account for Service, or as needed to provide you with Service, comply with our legal obligations, resolve disputes and enforce our agreements.

Objections to Processing of Personal Data

It is your right to lodge an objection to the processing of your personal data if you feel the “ground relating to your particular situation” apply. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defense of a legal claims. To invoke this right, please contact us at support@the.coach. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.

Policy Regarding Children

Service is not directed to children under the age of thirteen and we do not knowingly collect personally identifiable information from children under the age of thirteen (13) as part of Service. If we become aware that we have inadvertently received personally identifiable information from a User under the age of thirteen as part of Service, we will delete such information from our records. If we change our practices in the future, we will obtain prior, verifiable parental consent before collecting any personally identifiable information from children under the age of thirteen as part of Service.

Online Advertising

We use platforms such as Facebook to promote our Service through interest-based ads. We do not, however, share your Personal Information with Facebook or other third-party platform for the promotion of our Service through interest-based ads.

If you do not want to receive interest-based ads on Facebook or other third-party platforms, you can adjust your ad preference in accordance with the instructions provided by Facebook or such platforms.

Changes to our Privacy Policy

If we change the Policy, we will post the revised Policy here with an updated revision date. Please check frequently the Site to see if the Policy is changed. If we make significant changes to our statement, we also may, but are not obliged to, notify all members whose Personal Data we have retained by means such as sending an email or posting a notice on our Site. Your continued use of Service constitutes your acceptance of all such changes and amendments. Your sole remedy is to cease using Service.

GDPR Notice

This GDPR Notice (this “GDPR Notice”) supplements the information contained in the Policy and except as provided herein, applies solely to residents of the European Union. The processing and collecting of personal data by Vam Apps shall be in harmony with the directly applicable laws of the European Union. In case of personal data processing, the Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”) and the recommendations of the Article 29 Data Protection Working Party (“WP29”) and of the European Data Protection Board (“EDPB”) shall apply.

The Company is the data controller of any data which constitutes personal data, and which is uploaded when using our Services and subscribing for the Newsletter.

The Company bound in honor to protect personal data; therefore, the Company will keep confidential the personal data received and take all necessary steps to secure data processing.

A.Definitions

For the purposes of this GDPR Notice, the following definitions are determined according to the GDPR:

‘personal data‘: shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘consent‘: shall mean any freely given, specific, informed and unambiguous indication of the will of the Data Subject by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

‘data controller‘: shall mean the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

‘data processing‘: shall mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘third party‘: shall mean a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

‘personal data breach‘: shall mean a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;

‘recipient‘: shall mean a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with European Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

‘supervisory authority‘: shall mean one or more independent public authorities provided by each Member State which is responsible for monitoring the application of the GDPR in order to protect the fundamental rights and freedoms of natural persons in relation to processing and to facilitate the free flow of personal data within the European Union;

‘supervisory authority concerned‘: shall mean a supervisory authority which is concerned by the processing of personal data because: (a) the controller or processor is established on the territory of the Member State of that supervisory authority; (b) data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or (c) a complaint has been lodged with that supervisory authority.

B.Will Vam Apps share any of the information it receives?

Information about our users is an integral part of our business, and we may share such information with our affiliated entities. Except as expressly described below, we neither rent nor sell your information to other people or nonaffiliated companies unless we have your permission.

Vam Apps shall not ensure access for a third party to personal data provided by you without your preliminary consent, except the cases, when data transfer is necessary for the performance of the contract or for enforcing of Vam Apps’ legitimate interest or prescribed by law.

Vam Apps may share certain personal information with third party vendors in the EU or in third countries, who supply software applications, web hosting and other technologies or services for the Website and our Services (“Data Processor”). The Company will only provide these third parties with access to information that is reasonably necessary to perform their work or comply with the law. Those third parties will never use such information for any other purpose except to provide services in connection with the Website and our Services. During the service of data process, the Data Processor shall abide under the present Policy, relevant legislations in force, furthermore the provisions of the existing contracts between him and Vam Apps.

We use the data process service of the following Data Processors:

The Rocket Science Group, LLC, MongoDB, Inc., Yandex, LLC. and Apple Payments, Inc. use approved standard contractual clauses and Salesforce.com, Inc. uses approved binding corporate rules for the international transfer of personal information collected in EU, therefore these companies provide safety for the data of European citizens.

We only transfer personal data collected from individuals located within the EU only with the consent of the individuals to a third-party having a registered seat outside the EU / in the USA acting as a data processor without the appropriate safeguards set out in the GDPR, or when it is necessary for the performance of the contract. Vam Apps will make every effort to ensure that the personal data transferred is safe and secure and that the personal data is processed in a manner consistent with the GDPR.

C.Additional Rights for EU Territory:

If you are from the territory of the EU, you may have the right to exercise additional rights available to you under applicable laws, including:

(i) Right of Erasure: In certain circumstances, you may have a broader right to erasure of personal information that we hold about you – for example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.

(ii) Right to Object to Processing: You may have the right to request Vam Apps to stop processing your personal information and/or to stop sending you marketing communications.

(iii) Right to Restrict Processing: You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information, we hold about you is inaccurate or unlawfully held).

(iv) Right to Data Portability: In certain circumstances, you may have the right to be provided with your personal information in a structured, machine readable and commonly used format and to request that we transfer the personal information to another data controller without hindrance.

If you would like to exercise such rights, please contact us at support@the.coach. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.

For any complaints that we cannot resolve directly, please contact Vam Apps Co. at: support@the.coach) or our European Representative Weiszbart Law Firm in association with White Summers LLP (address: 1052 Budapest, Kristóf tér 3. III. flr., Hungary; e-mail: weiszbartandpartners@gmail.com).

If you do not agree with our decision, you have the right to an effective judicial remedy or to lodge a complaint to any of the European Data Protection Authorities.

You also have the right to complain to the EU Data Protection Authority about our collection and use of your personal data. For more information, please contact your local EU Data Protection Authority.

Privacy Notice for California Residents

This Privacy Notice for California Residents (this “CCPA Notice”) supplements the information contained in the Policy and except as provided herein, applies solely to California residents. We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this CCPA Notice.

This CCPA Notice does not apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals. Where noted in this CCPA Notice, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication (“B2B personal information”) from some its requirements.

A.Information We Collect

We have not collected any information from users in the past twelve (12) months but expect to collect the following categories of information:

CategoryExamplesCollected A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. YES B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. YES C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). YES D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. NO E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. YES F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. YES G. Geolocation data. Physical location or movements. NO H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO I. Professional or employment-related information. Current or past job history or performance evaluations. NO J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. YES

We collect the information for the purposes of described in the How We Use the Information that We Collect section. We share this information as described in the How We Share the Information that We Collect section.

B.Your Rights

The CCPA provides California residents with specific rights to request information about our collection, use and disclosure of your personal information over the prior twelve (12) months, and ask that we provide you with the following information:

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information. Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of personal information we collected about you.

• The categories of sources from which we collect personal information.

• Purpose for collecting, using or selling personal information.

• The categories of third parties with whom we share that personal information.

• The specific pieces of personal information we collected about you (known as “data portability request”).

• If applicable, categories of personal information sold about you and the categories of third parties to which the personal information was sold.

We do not provide these access and data portability rights for B2B personal information.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

• Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.

• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

• Debug products to identify and repair errors that impair existing intended functionality.

• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).

• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.

• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

• Comply with a legal obligation.

We do not provide these deletion rights for B2B personal information.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us at: support@the.coach. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include: your full name and your email address associated with your Account.

• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Additional Rights for Brazilian individuals

If you are a Brazilian individual, you have the following rights in addition to the rights described in section 9.2 of this Policy:

(a) Right of erasure: If you would exercise this right, we will respond to you immediately, or if that is not possible, we will send a reply to you to indicate the reasons of fact or law that prevents the immediate adoption of the measure. If we are not the data processors of the data you requested the erasure of – whenever possible – we will indicate who the processing agent is.

(b) Right to be informed: You have the right to obtain information about what types of processing do we carry out on your personal information.

(c) Right of access: If you request the providing of your personal data processed by us, we will grant you access to such data in 15 days of your request, if the data requested is more than the simplified request version.

(d) Nondiscrimination: We do not process your data for unlawful or abusive discriminatory purposes. In certain circumstances, you have the right to request a review of our data processing and the supervisory authority (the Brazilian National Authority for Protection of Data (“ANPD”)) may carry out an audit to verify discriminatory aspects.

(e) Data portability: Your data might be transferred to another service or product supplier in accordance with the regulations of the ANPD and as subjects to commercial and industrial secrets.

If you would like to exercise such rights, please contact our DPO at support@the.coach. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.

You also have the right to complain to the ANPD about our collection and use of your personal data. For more information, please contact the ANPD.

Contacting Us

If you have any questions regarding this Policy or information we hold about you, you may contact us at support@the.coach. In order for us to take the appropriate action, please describe in reasonable detail the nature of your request or inquiry.