Privacy Policy

Effective Date: 10-27-2024
Next Scheduled Review: 04-27-2025

At WalkTheNation.com ("we," "us," or "our"), we are committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you use our website and services.

Quick Reference

Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Legal Basis for Processing (GDPR)
  4. Consent Management
  5. Information Sharing and Disclosure
  6. Data Security and Breach Notification
  7. Cookies and Tracking Technologies
  8. Your Rights and Choices
  9. Automated Decision Making
  10. International Data Transfers
  11. Data Retention and Minimization
  12. Children's Privacy
  13. Privacy Impact Assessments
  14. Regional Privacy Rights
  15. Marketing Communications
  16. Third-Party Links
  17. Changes to This Privacy Policy
  18. Contact Us

1. Information We Collect

1.1 Information You Provide

We collect personal information that you voluntarily provide:

  • Personal Identifiers: Name, email address, physical address, phone number
  • Account Information: Username, password (encrypted)
  • Payment Information: Credit card details (processed and stored by PCI-DSS compliant processors only)
  • Health and Activity Data: Step data, fitness goals, heart rate, sleep patterns
  • Device Data: Device identifiers from Garmin, Apple Watch, Fitbit, or desk treadmills
  • Questionnaire Responses: Fitness goals, preferences, health conditions

1.2 Automatically Collected Information

  • Technical Data: IP address, browser type, device information
  • Usage Data: Click patterns, feature usage, time spent
  • Location Data: GPS data (with explicit consent only)

2. How We Use Your Information

We follow data minimization principles and only collect/process information necessary for:

2.1 Essential Services

  • Account creation and management
  • Service delivery and personalization
  • Payment processing
  • Security and fraud prevention

2.2 Enhanced Features

  • Product recommendations
  • performance analytics
  • community features
  • personalized coaching

2.3 Support and Communication

  • Customer support
  • service updates
  • technical notifications

3. Legal Basis for Processing (GDPR)

  • Consent: Marketing communications, health data processing.
  • Contract: Service delivery, account management.
  • Legal Obligation: Tax records, legal compliance.
  • Legitimate Interests: Security, fraud prevention, service improvement.

4. Consent Management

Obtaining Consent

  • Clear opt-in checkboxes
  • Just-in-time consent notices
  • Granular consent options
  • Easy-to-understand language

Withdrawing Consent

  • Account settings
  • Email preferences center
  • Contacting our DPO

5. Information Sharing and Disclosure

We handle your information responsibly:

  • No Sale of Personal Data: We do not sell your personal data to third parties.
  • Service Providers: We share data with processors who adhere to strict data protection agreements, conduct regular security audits, and meet breach notification requirements.
  • API Integrations: Data sharing with device partners is encrypted and controlled by user permissions.
  • Legal Requirements: We may disclose information as required by law or to protect rights and safety.

6. Data Security and Breach Notification

Security Measures

  • AES-256 encryption at rest
  • TLS 1.3 for data in transit
  • Multi-factor authentication
  • Regular security audits
  • Employee access controls
  • Intrusion detection systems

Breach Notification Protocol

In case of a data breach:

  • We will notify affected users within 72 hours.
  • Provide detailed incident information
  • Outline remediation steps
  • Offer identity protection services if necessary.

7. Cookies and Tracking Technologies

Cookie Types

  • Essential: Authentication, security
  • Functional: User preferences, language
  • Analytics: Usage patterns, performance
  • Marketing: Ad personalization (optional)

Cookie Management

  • Cookie preference center
  • Browser-level controls
  • Third-party opt-out links
  • Regular cookie scans and updates

8. Your Rights and Choices

Access Rights

  • View personal data
  • Download data in common formats
  • Request data source information
  • View processing purposes

Control Rights

  • Edit personal information
  • Delete account data
  • Restrict processing
  • Object to processing
  • Data portability requests

Response Timeline

  • Initial response within 72 hours
  • Request completion within 30 days
  • Extension notice if needed
  • No fee for standard requests

9. Automated Decision Making

Types of Automation

  • Workout recommendations
  • Activity analysis
  • Performance predictions
  • Health insights

Human Oversight

  • Review of significant decisions
  • Appeal process available
  • Manual review options
  • Opt-out choices

10. International Data Transfers

Transfer Mechanisms

  • Standard Contractual Clauses
  • Adequacy decisions
  • Privacy Shield (where applicable)
  • Data Processing Agreements

Data Localization

  • Primary storage in EU/US
  • Regional data centers
  • Transfer impact assessments
  • Regular compliance reviews

11. Data Retention and Minimization

Retention Periods

  • Active accounts: Duration of service
  • Inactive accounts: 24 months
  • Financial records: 7 years
  • Marketing data: 36 months

Minimization Principles

  • Collect only necessary data
  • Regular data cleaning
  • Automated deletion processes
  • Purpose limitation enforcement

12. Children's Privacy

  • Minimum age: 18 years
  • Parental consent required under 18
  • Age verification measures
  • Immediate deletion of unauthorized data

13. Privacy Impact Assessments

  • New features/products
  • Processing changes
  • Vendor assessments
  • Technology updates

14. Regional Privacy Rights

California (CCPA/CPRA)

  • Right to know
  • Right to delete
  • Right to correct
  • Right to limit sharing

EU/EEA (GDPR)

  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to object

15. Marketing Communications

15.1 Opt-in Process

  • Clear consent mechanism
  • Separate marketing consent
  • Granular preferences
  • Easy opt-out process

15.2 Communication Types

  • Product updates
  • Feature announcements
  • Wellness tips
  • Community events

16. Third-Party Links

  • Independent privacy policies
  • No control over third parties
  • Regular partner reviews
  • Clear marking of external links

17. Changes to This Privacy Policy

  • 30-day notice for material changes
  • Email notifications
  • In-app announcements
  • Version history maintained

18. Contact Us

18.1 Data Protection Officer

For questions, please contact [email protected].

18.2 Physical Address

WalkTheNation.com 110 16th St. Denver, CO 80202

18.3 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority.