Privacy Policy

Effective: 13 August, 2024

This Privacy Policy (“Policy”) describes how Oner Active Austria GmbH and any Oner Active “Group” companies, meaning any one of Oner Active UK Ltd or its subsidiaries, holding companies or any subsidiary of a holding company (in each case as defined by the Companies Act 2006)) (referred to hereafter as “Oner Active,” “we,” “our” or “us”) collects, uses, discloses, and protects your personal information in connection with our websites (“Site”) and social media pages that we own and control (collectively, the “Services”). However, Oner Active Group GmbH is the controller and responsible for the Services. This Privacy Policy also tells you about the rights and choices you have with respect to your personal information, and how you can reach us to get answers to your questions. Please note, our privacy practices are subject to the applicable laws of the places in which we operate.

1. Categories and Sources of Personal Information We Collect

The personal information we collect depends on how you interact with us, the Services you use, and the choices you make. We collect personal information about you in different ways and from different sources, including through the Services we provide.

Personal Information You Provide to Us

You provide personal information to us in various ways, including when you create or modify an account with us, use our Services, make a purchase from us, ask us for information about our Services, sign up for an event, enter a contest or sweepstakes, contact the customer relationship center, or otherwise communicate with us. For example, we collect:

• Identifying information such as your name, email address, billing address, delivery address, phone number, profile data, such as your username and password that you set to establish an online account with us and other information you may choose to submit or include in your account profile, such as your birthday, size, interests, height, fitness habits and goals.

• Commercial information such as information related to your orders that you place; payment transactions; payment data required to process your payment (such as your credit or debit card numbers and other payment or billing information) and your order history as well as such as records of products or services purchased, obtained, considered, sold, or used.

• Communications data such as information within messages we exchange when you communicate with us, when you request support, contact us with questions or feedback, communicate with us, complete our surveys, or engage with us on social media.

• Audio data, or similar informationsuch as audio recordings from customer service calls.

• Other information not specifically listed here, which we will use in accordance with this Policy or as otherwise disclosed at the time of collection.

Information Automatically Collected

We, our service providers, and third-party partners may automatically collect information about you and your device that you connect to the Services, including:

• Device and network data such as the type of device, hardware model, MAC address, operating system, version, settings, configuration, network-related information (for example, IP address, mobile network provider, etc.), the website you visited before browsing to our website, and general location information such as city, state/province, or geographic area.

• Internet or other electronic network activity information such as the following information when you browse our Site or use our other online Services: information about your online activity and interaction with our Services such as access times, webpages or content viewed, features used, how the webpage or online feature performed, and other websites visited.

• Geolocation data from your device, depending on your settings. You may use device controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information necessary for certain Services, those Services may not function correctly or be available for use.

Information We Generate About You

We generate personal information from the personal information we collect. For example:

Internet or other electronic network activity information, such as when you search for products on our Site, we generate results that fit your criteria and allow you to save results, so they are available to you in future visits. When you browse our Site, we may infer your zip code/postal code, city, province, state, and/or country location based on your IP address in order to provide you with relevant information.

We may also process inferred preferences data, such as when we use information about your past purchases for marketing, advertising, or other purposes.

Information From Other Sources

We obtain personal information from others when you direct them to disclose information to us and from these sources:

• Data providers: We may receive personal information about you from information services and data licensors, where we are permitted to do so under applicable privacy laws.

• Publicly available sources: We may obtain personal information (such as demographics) from publicly available sources such as government databases or other data in the public domain as well as information that is publicly available online on social media, networking, and other sites, where we are permitted to do so under privacy laws. If you communicate with us or mention us via social media (such as Meta Twitter, Google) or other third-party online platforms, we may collect information about you, such as the communications, your name, your user ID, and/or username associated with that platform and any information or content you have permitted the platform to share with us. The platform provider’s privacy notice, if any, will apply to your interactions with the platform and its collection, use, sharing, and other processing of your personal information (including when you interact with pages we maintain on social media platforms). You should check your privacy settings in your social media or other third-party accounts to understand and change the information available to us through those services.

• Business partners: With your consent where required under applicable law, we receive personal information from other companies we work with to offer services to our customers or to reach potential customers with our marketing messages.

• Law enforcement agencies, courts, regulatory agencies, and others: We may receive personal information from government agencies or courts for legal compliance purposes, to protect your personal safety or the safety of others, to protect our or others’ rights or property, or to investigate fraud.

• Parties to corporate transactions: We may receive personal information as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or at transfer, divestiture, or sale of all or part of a business or assets.

We may combine personal information about you that we receive from any of the above sources and use that combined information for the purposes set out in this Policy.

Cookies and Other Similar Data Collection Technologies

Our Site uses cookies, pixels, tags, trackers, and similar digital technologies to operate and to help collect data. Cookies serve to make our offer more user-friendly, effective and secure, and to enable the provision of certain functions. Cookies are small text files placed on your computer and stored by your browser. A cookie contains a characteristic character string that enables your browser to be uniquely identified when you visit the website again.

Most of the cookies we use are so-called “session cookies.” They are automatically deleted at the end of your visit or your browser session (so-called transient cookies). Other cookies remain stored on your end device for a specified period of time or until you delete them (so-called persistent cookies). These cookies enable us to recognize your browser on your next visit. On written request, we are happy to provide further information on the functional cookies used. Please use the above contact information.

You can set your browser so that you are informed about the settings of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. You can regularly obtain the procedure for deactivating cookies via the 'Help' function of your Internet browser. If cookies are deactivated, the functionality and/or the full availability of this website may be restricted. For further cookie-specific setting and deactivation options, please see the individual explanations below for the specific cookies and associated functions/technologies used when you visit our website.

Some of the cookies that we use on our website are from third parties that help us analyze the effectiveness of our website content and the interests of our visitors, measure the performance and performance of our website. For example, our Site uses third-party tools (such as Google Analytics and other Google service as well as Hotjar), to support the operation and performance of our online Services and to analyze your interactions and experiences with our Services.

Our Site also allows third-party advertising partners to use cookies and other digital technologies to collect or receive information regarding your activities on those Sites (e.g., your IP address, page(s) visited, time of day, and other identifiers). We may also disclose such information we have collected to advertising and analytics companies. These companies may use this information (and combine it with information collected over time and across other websites, apps, or other digital services) to deliver targeted advertisements to you, to provide measurement services when you use our Services, and when you interact with other websites. This practice is commonly called “interest-based advertising” or “online behavioral advertising.”

Our use of the cookies and other third-party marketing technologies could be considered a “sale/sharing” or “targeted advertising” in certain jurisdictions where you may have the right to opt-out. Please refer to section titled, How to Exercise Your Privacy Rights for information on opting out of the use of your data for advertising purposes.

2. How we process your personal information

We process personal information for, or based on, one or more of the following: (i) your consent; (ii) our legitimate business purposes; (iii) as necessary to perform a contract with you or to take steps at your request prior to entering into a contract; (iv) for compliance with a legal obligation.

Set out below is a more detailed explanation of how we process your personal data, including our use and disclosure of your personal data.

Our Use of Personal Information

We use the personal information we collect for purposes described in this Privacy Notice or otherwise disclosed to you. For example, we have in the past used and may use personal information for these purposes:

• Delivery of our Service. We may use your personal information to provide and deliver our Services, including to: provide, operate, and improve the Services and our business; develop and/or improve products or services; create and administer your account; provide customer service (including to respond to your requests, resolve disputes, and/or troubleshoot problems); fulfill your orders and process your payments; administer your participation in our Loyalty Club and other offers and promotional programs we may provide, such as contest and sweepstakes; and communicate with you about the Services, including sending you announcements, updates, security alerts, and administrative notifications (such as security or support and maintenance advisories).

• We may work with third-party advertisers and social media companies that display ads on our Services and other sites. These companies may use cookies and other technologies to tailor the ads you see to your interests. These ads are known as interest-based advertisements.

• Marketing and Promotional Communications. We may send you offers. You can opt out of our marketing and promotional communications as described in the Opt-Out of Marketing Communications section.

• Compliance and Protection. We may use your personal information to support our compliance with valid inquiries and directives from law enforcement, government agencies, or others; in the event of exigent circumstances; to enforce the terms and conditions that govern the Services; to prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical, or illegal activity (including cyberattacks, identity theft and other violations of law and/or contracts) to protect the rights, safety, privacy of us or others.

Our Disclosure of Personal Information

We disclose your personal information as described below and as otherwise described in this Privacy Notice or at the time of collection.

• Service providers. We may share your personal information with companies and individuals that provide services on our behalf or help us operate the Services or our business (such as customer support, payment processors, vendors that help us verify your eligibility for a student discount, hosting, analytics, email delivery, and marketing). Our service providers are not authorized to use personal information for their own purposes.

• Professional advisors. We may disclose your personal information to professional advisors such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us.

• Advertising and Data Analytics Companies. See the Cookies and Other Similar Data Collection Technologies section of this Policy for a description of how we work with advertising and digital analytics providers.

• Social Media Platforms. We may disclose your hashed email address from our marketing database or other information we have collected as described in this Privacy Notice to social media advertising platforms, such as Meta, so that they can create custom audiences and deliver advertisements on our behalf to you and others.

• Law Enforcement Agencies, Courts, Regulatory Agencies, and Others . We may disclose your personal information when we believe that doing so is necessary to: comply with applicable law or respond to valid legal process (including from law enforcement, other government agencies, the courts or others);detect, investigate, prevent or otherwise address fraud or privacy issues; operate and maintain the security of our products, including to detect, investigate, prevent, stop, or remediate an attack on our information systems or networks; protect the rights or property of ourselves or others (including by enforcing our agreements, terms, and policies).

• Parties to Corporate Transactions. We may disclose your personal information as part of a proposed or completed corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution or proceedings involving a transfer, divestiture, or sale of all or a portion of our business or assets. This may include disclosures to recipient parties’ representatives.

3. Our Retention and Protection of Your Personal Information

Except as otherwise permitted or required by applicable law or regulation, to satisfy any legal or regulatory obligations, or to resolve disputes, we will retain your personal information for as long as necessary to fulfil the purposes for which we collected it. In determining what constitutes an appropriate retention period for personal information, we consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information, and whether those purposes can be achieved through other means.

We employ reasonable safeguards designed to promote the security of our systems and protect your personal information from unauthorized destruction, use, modification, or disclosure. Personal information is protected using various physical, administrative and/or technical safeguards. However, no method of safeguarding information is completely secure. While we use measures designed to ensure the protection of your personal information, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing our Services is secure.

4. Choice and Control of Personal Information

Privacy rights. You may be able to exercise privacy rights with respect to the personal information we process as described in the “Your Rights” section of this Policy.

5. Opt-outing of Marketing Communications.

• Email communications. You may opt-out of marketing-related emails by following the unsubscribe instructions provided at the bottom of any email you receive from us. Despite opting out of marketing-related emails, you may continue to receive service‑related and other non-marketing communications (including notices of updates to our Terms & Conditions and/or Privacy Policy ).

6. Your Privacy Rights

You may have certain rights regarding our processing of your personal information. Depending on your jurisdiction, applicable law may entitle you to additional consumer rights, including the right:

• Right to Know/Access. You can request information about the categories of personal information we have collected; the categories of sources from which we collected personal information; the business or commercial purposes for our collecting, sharing, and/or selling personal information; the categories of any personal information that we have sold or disclosed for a business purpose; and the categories of any third parties to whom we sold or shared personal information, or disclosed personal information for a business purpose.Where available under the applicable law, you can request that we transfer to you your personal information in a commonly used electronic format to allow you to transfer the personal information to another entity.

• Right to Correct. You can request that we correct inaccurate personal information that we have collected about you.

• Right to Delete. You can request that we delete your personal information. Please note that once we process a deletion request, we may be unable to provide support to you for past products or services you may have purchased.

• Opt out of Targeted Advertising/Sale. You can direct us not to “sell” your personal information for valuable or other monetary consideration, or “share” your personal information for cross-context behavioral advertising and targeted advertising.

• Right to Appeal. Depending on your state of residence you can appeal the decision on your request by emailing us at info@oneractive.com.

• You can exercise the rights described above free from discrimination as prohibited by applicable laws.

We do not use “sensitive personal information” for the purpose of inferring characteristics about you or other reasons besides those permitted by applicable laws. For this reason, we do not treat the sensitive personal information as subject to a right to request that we limit its use and, therefore, we do not offer a way for you to submit such a request.

7. How to Exercise Your Privacy Rights

• Right to know/access, correct, and delete. You may submit requests to exercise these rights by submitting the form HERE for each specific request, by contacting as at info@oneractive.com . We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.

• Opt out of sale and sharing for targeted advertising. If you would like to opt out of sale and sharing of personal information other than through cookies or other online tracking technologies, you can do so by filling out the request form HERE. You can also submit a request to opt-out of sale and sharing for targeted advertising through online tracking technologies (such as certain cookies) by clicking the Your Private Choices link in the footer of our site. Your request to opt out of online tracking technologies will apply only to the browser of the device from which you submit the request. California and Colorado residents may opt out by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to ensure that the browser or browser extension you use supports the GPC signal.

• Verification of Identity. We will need to verify your identity to process your right to know, access, correction, or deletion requests. To verify your identity, as permitted by applicable law, we may require authentication into your Services account, personal information that we can match against information we may have collected previously, or confirmation of your request using the email address or telephone number associated with your Services account.

• Authorized Agents. As available under applicable law, you may use an authorized agent to make requests on your behalf to exercise your rights. In responding to an agent’s request(s), we will require the agent to provide proof that you gave the agent signed permission to submit the request(s). Depending on the circumstances, we may also require you to (i) verify your identity directly with us and (ii) confirm with us that you provided the authorized agent permission to

8. Children and Minors

Our website is not intended for or directed to children under the age of 16 and children under 16 years of age are not permitted to use the Services. By using our Services, you represent that you are 18 years of age or older, or are 16 years of age or older and have valid parental consent to do so. We do not knowingly collect or use any information from consumers younger than 16 years of age. We do not knowingly collect personal information directly from children under the age of 16 without parental consent. If we become aware that a child under the age of 16 has provided us with personal information, we will delete the information from our records.

9. International Use

Your personal information will be stored and processed in the United States. If you are using the Services from outside the United States, by your use of the Services you acknowledge that we will transfer your data to, and store your personal information in, the United States, which may have different data protection rules than in your country, and personal information may become accessible as permitted by law in the United States, including to law enforcement and/or national security authorities in the United States. For transfers of data into and out of the European Economic Area, pursuant to Article 46 of the General Data Protection Regulation, we use standard contractual clauses adopted by the European Commission.

10. Your Nevada Privacy Rights

Nevada law permits our users who are Nevada consumers to request that their personal data not be sold (as defined under applicable Nevada law), even if their personal data is not currently being sold. Requests may be submitted by emailing us at info@oneractive.com .

11. Your Virginia, Colorado, Connecticut, and Utah Rights

If you are located in Virginia, Colorado, Connecticut, and Utah, you have certain rights regarding your personal data. The section describes how we collect, use, and share your personal data under the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“PDPOM”), and the Utah Consumer Privacy Act (“UCPA”) and your rights with respect to that personal data.

As a Virginia, Colorado, Connecticut, or Utah resident, you have some or all of the rights listed below. However, these rights are not absolute, and we may decline your request as permitted by law. You can ask to appeal any denial of your request in the same manner through which you may submit a request.

• Right to Access and Portability. You have right to access your personal data and/or receive a copy of the personal data that we have collected about you.
• Right to Correct. You have the right to correct inaccurate personal data that we have collected about you.
• Right to Delete. You have the right to delete the personal data we have obtained about you or that you have provided to us with certain exceptions.
• Right to Opt-out of Tracking for Targeted Advertising Purposes. You have the right to opt-out of certain tracking activities for targeted advertising purposes.
• Right to Opt-out of Profiling. If we process your personal data for profiling purposes as defined by the VCDPA, CPA, PDPOM, and/or UCPA you can opt-out of such processing.
• Right to Non-discrimination. You have the right to be free from discrimination as prohibited by the VCDPA, CPA, PDPOM, and/or UCPA.

Your California Privacy Rights

California residents, see our “California Policy” for more information about certain legal rights.

12. Notice of Financial Incentive and Notice of Loyalty Program

We may offer various programs (such as a loyalty club and a student discount program (Programs)) that may constitute a financial incentives or loyalty programs under applicable privacy laws. We provide details regarding these programs in the chart below. The following parties are our Program Partners and the benefits they provide to you as part of the Program:

You have the right to withdraw from these programs and may do so by following the instructions provided in accordance with the relevant program’s terms. To withdraw from each of the relevant programs, you may contact us at info@oneractive.com and indicating the Program from which you wish to withdraw.

The value of the incentives provided in relation to the relevant programs depends on various factors such as: the benefits and insights that we realize and expect to realize when you continue to use our Services; sales directly or indirectly generated from participation in each program; whether the sales generated by the program exceeds the cost to us of offering the program; how many users sign up for the program; and increased goodwill toward us.

13. Changes to this Privacy Policy

We will update this Privacy Notice from time to time for any reason in our discretion. If we make material changes to the Privacy Notice, we will notify you by providing a new notice and changing the effective date listed in this Privacy Notice. Any modifications to this Privacy Notice will be effective upon our posting of the modified version as described above (or as otherwise indicated at the time of posting).

14. How to Contact Us

ONER ACTIVE Austria GmbH

Eduard Bodem Gasse 3

6020 Innsbruck, Austria

info@oneractive.com

California Policy

Effective Date: August 2024

This California Privacy Policy (“California Policy”) supplements the Policy and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopted this California Policy to comply with California privacy laws, including the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”). Any terms defined in the CCPA and not defined here have the same meaning when used in this California Policy.

1) Notice of Collection and Use of Personal Information

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). In addition, we may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, and is not personal information. To the extent this data is stored or associated with personal information, it will be treated as personal information; otherwise, the data is not subject to this California Policy.

Categories of Personal Information

Within the last twelve (12) months, we have collected the following categories of personal information:

1. Identifiers, such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, driver’s license number, or other similar identifiers.
2. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e)), such as name, signature, address, telephone number, credit card number, debit card number, or any other financial information.
3. Commercial information, including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
4. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
5. Geolocation data.
6. Audio, electronic, visual, thermal, olfactory, or similar information, such as voicemails, or social media profile pictures.
7. Inferences drawn from any of the information above to create a profile about a consumer reflecting the consumer’s preferences, characteristics (such as gender), and behavior; and
8. Sensitive personal information, such as precise geolocation data.

We will not collect additional categories of personal information other than those categories listed above. If we intend to collect additional categories of personal information, we will provide you with a new notice at or before the time of collection.

Use of Personal Information

We collect and process your personal information for our business and commercial purposes, which include the following:

• Providing you with information tailored to your requests, responding to inquiries, and delivering services and products;
• For marketing purposes, including sending you messages about us, our partners, and the products and services we offer, which may from time to time include contests, rewards, events, and special offers for products and services. These communications may be tailored based on the communications preferences you select when providing us with your information or your activity on the Services, such as an abandoned cart;
• Operating, maintaining, and improving the quality and security of the Services and such content, products and/or services as we may make available through the Services;
• Communicating with you by email and push notification, in each case with your consent if such consent is required in accordance with applicable laws or software platforms, about products, services, order status, and other topics;
• Compliance with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies;
• Endeavoring to protect our and our partners’ rights, property, or health and safety, and the rights, property, and health and safety of our customers, users and other third parties; and
• For other purposes, as permitted or required by law.

We will not use the personal information we collected for material different, unrelated, or incompatible purposes without providing you with notice.

Sources of Personal Information

We collect personal information from and about you from the following sources:

• From You - When you provide it to us directly;
• Operating Systems and Platforms - Automatically through logging and analytics tools, and as a result of your use of and access to the Services;
• Data Analytics Providers - That provide web analytics and usage information to us through the use of cookies, pixels, and tracking technologies, such as Google and Meta analytics;
• From Service Providers - That we have engaged to provide services to us, including services related to shipping, returns, customer support, fraud mitigation, and email marketing; and
• From Third Parties - From third-party sources, including payment processors, fulfillment providers, affiliates providing discounts, third-party sales or discount providers, and social networks (through your interactions with us on social media websites).

Sale or Sharing of Personal Information

We do not “sell” or “share” your personal information as these terms are defined under the CCPA. Within the last twelve (12) months, we have disclosed the following categories of personal information for a business purpose with the following categories of third parties:

• Category 1 (e.g., identifiers): Affiliates, Payment Processors, Fulfillment Providers and Government Entities
• Category 2 (e.g., customer records): Affiliates, Payment Processors, Fulfillment Providers and Government Entities
• Category 3 (e.g., commercial information): Affiliates, Fulfillment Providers and Government Entities
• Category 4 (e.g., internet activity): Affiliates, Fulfillment Providers and Government Entities
• Category 5 (e.g., geolocation): Affiliates and Fulfillment Providers
• Category 6 (e.g., audio, electronic): Affiliates and Government Entities
• Category 7 (e.g., inferences): Affiliates
• Category 8 (e.g., sensitive personal information): Affiliates and Fulfillment Providers

Retention of Personal Information

We retain personal information for no longer than we deem necessary for the purposes for which it is processed as described above, including but not limited to compliance with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, and to the extent we reasonably deem necessary to protect our and our partners’ rights, property, or health and safety, and the rights, property, and safety of our customers, users and other third parties.

Thereafter, as a general matter, your personal information will be archived and stored to be used and otherwise processed in the event of legal or regulatory requirements, statutes of limitations, disputes, or actions, and will be stored and, if applicable, used and otherwise processed until reasonably after the end of any such requirement, limitation, dispute, or action, including any potential periods of review or appeal. Subsequently, your personal information will be anonymized, deleted or archived as permitted by applicable law.

2) Your California Privacy Rights

California Civil Code Section 1798.83, known as the “Shine the Light” law, permits our users who are California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for their own direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once per year per person, must be sent to the email address below, and are free of charge.

We do not disclose personal information protected under the “Shine the Light” law to third parties for their own direct marketing purposes.

In addition, the CCPA provides California residents with the following rights:

• Right to Know:You have the right to request that we disclose certain information to you about the personal information we collected, used, disclosed, shared and sold about you in the past 12 months. This includes a request to know any or all of the following:

· The categories of personal information collected about you;

· The categories of sources from which we collected your personal information;

· The categories of personal information that we have shared, sold or disclosed about you for a business purpose;

· The categories of third parties to whom your personal information was shared, sold or disclosed for a business purpose;

· Our business or commercial purpose for collecting, selling or sharing your personal information; and

· The specific pieces of personal information we have collected about you.

• Data Portability:You have the right to request a copy of personal information we hold about you.
• Right to Deletion:You have the right to request that we delete the personal information we collected from you and maintained, subject to certain exceptions. Please note that if you request deletion of your personal information, we may deny your request or may retain certain elements of your personal information if it is necessary for us or our service providers to:

· Complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between our business and you.

· Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.

· Debug to identify and repair errors that impair existing intended functionality.

· Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.

· Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.

· Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent.

· To enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.

• Comply with a legal obligation.

· Otherwise use the personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

• Right to Opt-In to Financial Incentives:You have the right to opt-in to financial incentives. You also have the right to opt-out at any time. Please see the “Notice of Financial Incentive(s)” section below for more information about our loyalty and/or financial incentive that we may offer.
• Right to Opt-Out/In:You have the right to opt-out of the sale or sharing of your personal information. You also have the right to opt-in to the sale of personal information. However, we do not sell or share your personal information. We do not and will not knowingly sell and share the personal information of minors under the age of 16 without affirmative authorization.
• Right to Non-Discrimination:You have the right not to receive discriminatory treatment by us for the exercise of your CCPA privacy rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.

· Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

· Provide you a different level or quality of goods or services.

· Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

• Right to Correct: You have the right to correct inaccurate Personal Information about you. Once we receive and verify your request, we will use commercially reasonable efforts to correct the inaccurate Personal Information about you.
• Right to Restrict or Limit the Use of Sensitive Personal Information : You have the right to restrict the use and disclosure of sensitive personal information to certain purposes related to the offering of goods or services as listed in the CCPA.

Some of our Services, however, may require your personal information. If you choose not to provide your personal information that is necessary to provide any aspect of our Services, you may not be able to use those Services. In addition, it is possible to change your browser settings to block the automatic collection of certain information.

3) Submitting a Verified Consumer Request

To exercise your Right to Know, Data Portability, and Right to Delete, you must provide us with sufficient information to allow us to verify your identity, and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. Once we receive the information you provide to us, we will review it and determine if more information is necessary to verify your identity as required by law, and we may request additional information in order to do so.

Only you, or a person authorized by you to act on your behalf, may make a verifiable consumer request related to your personal information.

You may only make a verifiable consumer request for Right to Know or Data Portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Given the sensitivity of your personal information that we collect and retain, we will need to verify your identity with at least 2 pieces of information, such as Name, Address or Customer Email.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We may deny your request if we are unable to verify your identity or have reason to believe that the request is fraudulent.

Consumer Request by an Authorized Agent

If any authorized agent submits a consumer request on your behalf, in order to confirm that person or entity’s authority to act on your behalf and verify the authorized agent’s identity, we require a verifiable request be submitted by emailing us at info@oneractive.com. Your email should include the below items:

• To verify your authorization to request on behalf of a California resident, provide one or more of the following: (1) California Secretary of State authorization, (2) written permission from the California resident, or (3) power of attorney.
• To verify your identity, provide evidence of your identity.
• To verify the identity of the California resident for whom the request is being made, provide the information set forth above for the verification of the consumer request.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require to create an account with us. However, if you do have an existing login, we will require you to log in to submit a request. We will only use personal information provided in a verifiable consumer request to verify the request’s identity or authority to make the request.

We will acknowledge receipt of the request within ten (10) business days of its receipt. We will respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For Data Portability requests, we will provide the responsive information in a portable and, to the extent technically feasible, in a readily usable format that allows you to transmit the information to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Do Not Track

We use analytics systems and providers and participate in ad networks that process personal information about your online activities over time and across third party websites or online services. We do not currently process or comply with any web browser’s “do not track” signal or other mechanisms that provide consumers with the ability to exercise choice regarding the collection of personal information about your online activities over time and across third party websites.

4) Notice of Financial Incentives

From time to time, we may offer a financial incentive and/or price or service difference to our customers related to the collection of personal information. This Notice of Financial Incentive(s), in conjunction with the notice of financial incentives in the Policy, explains the financial incentives or price or service differences that we may offer, so that you can make an informed decision on whether you would like to participate.

Customers who sign up for our emails (including in exchange for any product we sell as part of a giveaway or promotion) may receive a coupon code on their next purchase. You can opt-in to receive this code by providing your email address and/or phone number. You have the right to withdraw your consent to participate at any time and can do so by clicking on the “Unsubscribe” link at the bottom of our marketing communications.

Generally, we do not assign monetary or other value to personal information. However, in the event we are required by law to assign such value in the context of financial incentives or price or service differences that we offer, we have valued the Personal Information collected and used as being equal to the value of the discount code or financial incentive offered, and the calculation of the value is based upon a reasonable and good-faith estimate often involving the consideration of (i) the categories of Personal information collected (e.g., email addresses and phone numbers), (ii) the value of the discount offered, and (iii) the value of the total purchase (excluding taxes and fees). The disclosure of the value described herein is not intended to waive, nor should be interpreted as a waiver to, our proprietary or business confidential information, including trade secrets, and does not constitute any representation with regard to generally accepted accounting principles or financial accounting standards.

5) Modifications and Updates to this California Policy

We reserve the right, at any time, to modify, alter, and/or update this California Policy, and any such modifications, alterations, or updates will be effective upon our posting of the revised California Policy. Your continued use of the Services following our posting of any revised California Policy will constitute your acknowledgement of the amended California Policy.

6) Additional Information and Assistance

If you have any questions or complaints about this California Policy and/or how we process personal information, or would like to exercise any of the rights set forth above, please contact us at:

ONER ACTIVE Austria GmbH

Eduard Bodem Gasse 3

6020 Innsbruck, Austria

info@oneractive.com

For more information about how users with disabilities can access this California Policy in an alternative format, please contact us at info@oneractive.com .