Visiting Our Website
For each visitor to our website, our web server automatically recognizes only the IP address of your computer. When you visit the CFF Website to manage your MyiClub account, subscribe to fitness program/class schedules, and or sign-up for our Newsletter you may choose to give us basic information: name, email address, mailing address, ZIP code, phone, and credit card numbers. This allows us to process your transactions more efficiently, and ultimately, to give you a higher caliber of customer service. When you visit our website, we may collect more information: your Internet service provider's address, the name of the Web page directing you, as well as your clicks and activity on our site. This tracking data helps us understand how to make our site more available and user friendly to our customers.
Your Service Information
The personal information we collect is intended to offer better customer service and to improve communications. This information you provide can help CFF provide greater security and inform you of products and services that may be of interest.
CFF is proud to be a certified PCI DSS Compliant Service Provider. The CFF website uses Secure Socket Layer (SSL) technology to encrypt personal information such as User IDs, Passwords, and account information over the Internet. Any information provided to you is scrambled en route and decoded once it reaches your browser. We take the following steps to protect our customers' personal information against loss, misuse, and alteration.
Goals PCI DSS Requirements
Build and Maintain a Secure Network
Install and maintain a firewall configuration to protect cardholder data
Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Protect stored cardholder data
Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Use and regularly update anti-virus software or programs
Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Restrict access to cardholder data by business need to know
Assign a unique ID to each person with computer access
Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes
Maintain an Information Security Policy
Maintain a policy that addresses information security for all personnel
Name Removal From Our Lists At Any Time
To delete your name from the CFF email mailing list, simply contact us by email at email@example.com or by selecting the “unsubscribe” link at the bottom of any CFF email. Be sure to provide your full name, mailing address, email address, and phone number. We appreciate your patience as it may take up to four weeks to process your request from the date of receipt.
Children's Privacy Statement
CFF adheres to a strict privacy code regarding children and does not knowingly accept personal information from any child. If it is brought to our attention that a subscriber is under age, we will immediately remove all personal and identifiable information from our records in compliance with the Online Children's Privacy Protection Act of 1998. In addition, we will not disclose this information to any other companies.
This children's privacy statement explains our practices with respect to the online collection and use of personal information from children under the age of thirteen, and provides important information regarding their rights under federal law with respect to such information.
CFF’s website is not directed to children under the age of thirteen and we do NOT knowingly collect personally identifiable information from children under the age of thirteen as part of our website. If we become aware that we have inadvertently received personally identifiable information from a user under the age of thirteen as part of our site, we will delete such information from our records. If we change our practices in the future, we will obtain prior, verifiable parental consent before collecting any personally identifiable information from children under the age of thirteen.
We do NOT knowingly allow children under the age of thirteen to publicly post or otherwise distribute personally identifiable contact information through our website.
Because we do not collect any personally identifiable information from children under the age of thirteen as part of our website, we do NOT condition the participation of a child under thirteen in the website's online activities on providing personally identifiable information.
The CFF Privacy Guidelines express our absolute commitment to integrity, our related corporate values and ethical standards and the associated business conduct we expect from all our employees. The guidelines include very specific guidelines concerning the safeguarding of confidential information, which includes customer information. In general, these guidelines limit employee access to confidential information, and limit the use and disclosure of such information to specifically authorized processes and transactions. If it is determined that employees have violated the guidelines, corrective action may be taken, including immediate dismissal.
CFF makes reasonable efforts to maintain the security of your personal information in order to prevent unauthorized access to it through the use of technology and internal procedures.
Information Disclosed If Required By Law
If required by law, CFF may provide any and all information we have about you to law enforcement or other government agencies, pursuant to a subpoena, warrant, or other order by a court of competent jurisdiction. In all cases, we will require written documentation of the request, proof of the identity of the law enforcement official making the request, and we will take reasonable steps to authenticate the validity of the request. Any law enforcement or government agency request submitted with less than a court-issued order will be evaluated on a case-by-case basis according to the need and urgency, as well as the particular law enforcement agency making the request.
Consent to Receive Telemarketing Calls & Texts
By submitting information, I authorize CFF and ABC Financial Services to deliver to me, at the telephone, cellphone, or email address(es) provided, telemarketing calls, emails and texts and informational calls, emails and texts. I UNDERSTAND THAT I AM NOT REQUIRED TO AGREE TO BE CONTACTED AS A CONDITION OF PURCHASING ANY PROPERTY, GOODS OR SERVICES. I can request to not be contacted by CFF by emailing DNC@calfamfit.com or calling 1-866-4CALFIT (1-866-422-5348) or writing to the postal address below.
Postal: P.O. Box 2960, Orangevale, CA 95662
Phone: 916-987-2030 (Customer Service)
Hours of Operation: Monday-Friday, 8am-5pm, Pacific Standard Time
Whenever you visit our website, we will collect some information from you automatically simply by you visiting and navigating through this site, and some voluntarily when you submit information using a form on the website, enroll in or subscribe to our newsletter or marketing communications, request information, or use any of the other interactive portions of our website. Through this website, we will collect information that can identify you and/or your activity.
Additionally, whenever you communicate, interact or do business with us, whether online or at any of our physical locations or facilities, or whether you are contracted to perform services for us or apply for a position of employment, we will be collecting personal information from you or about you in the course of our interaction or dealings with you.
In the last 12 months, we have collected the following categories of personal information about you based on your specific transactions and interactions with us or our website. For each category of information, the categories of third parties and service providers to whom we have disclosed the information in the last 12 months are referenced by a letter that coincides with the letter in the list of categories of service providers and third parties that follows soon after this table.
|Category||Examples||Disclosed in Last 12 Months To||Sold or Shared in Last 12 Months to||Retention Period|
|Personal Identifiers||Name, alias, social security number, date of birth, driver’s license or state identification card number, passport number.||A, B, D, E, F, G, H, I, J, K, L, M, N||Neither “sold” nor “shared”||Duration of our relationship with you plus 4 years|
|Contact Information||Home, postal or mailing address, email address, home phone number, cell phone number.||A, B, D, E, F, G, H, I, J, K, L, M, N||Neither “sold” nor “shared”||Duration of our relationship with you plus 4 years|
|Account Information||Username and password for Company accounts and systems, and any required security or access code, password, security questions, or credentials allowing access to your Company accounts.||Not Disclosed||Neither “sold” nor “shared”||Username: permanent; Password or security code: while in use + 1 year|
|Protected Classifications||Race, ethnicity, national origin, sex, gender, sexual orientation, gender identity, religious or philosophical beliefs, age, disability, medical or mental condition, military status, familial status, union membership.||A, D, K||Neither “sold” nor “shared”||Duration of our relationship with you plus 4 years|
|Commercial Transactional Data||Information regarding products or services provided, purchasing history.||A, B, C, E, F, G, H, N, M||Neither “sold” nor “shared”||4 years after transaction, unless necessary to maintain for a longer period for product warranty, or OSHA / FDA or other regulatory compliance|
|Internet Network and Computer Activity||Date and time of your visit to this website; webpages visited; links clicked on the website; browser ID; browser type; device ID; operating system; form information downloaded; domain name from which our site was accessed; search history; and cookies; internet or other electronic network activity information related to usage of Company networks, servers, intranet, or shared drives, including system and file access logs, security clearance level, browsing history, search history, and usage history.||F, H, L||Neither “sold” nor “shared”||2 years|
|Geolocation Data||IP address and/or GPS location, latitude & longitude.||L||Neither “sold” nor “shared”||2 years|
|Mobile Device Data||Information collected when you navigate, access or use any of our websites via mobile device, including device type, software type; data identifying your device if you access our business networks and systems, including cell phone make, model, and serial number, cell phone number, and cell phone provider.||B, E, F, H||Neither “sold” nor “shared”||2 years|
|Financial / Employment Data||Information collected through credit or financing applications, including employment history, company name, role, salary, dates of employment, bank accounts, income sources.||A, D, I, J, K||Neither “sold” nor “shared”||4 years|
|Inferences||Based on analysis of your activity on the website, we may develop inferences regarding future purchase of our retail products or services or future or continued use of our retail products or services.||B, E, F, H||Neither “sold” nor “shared”||Duration of our relationship with you plus 4 years|
|Online Portal and Mobile App Access and Usage Information||Username and password, account history, usage history, file access logs, and security clearance level.||L||Neither “sold” nor “shared”||2 years|
|Visual, Audio or Video Recordings||Your image when recorded or captured in surveillance camera footage or pictures of you taken on our premises or at our events or that you share with us.||L||Neither “sold” nor “shared”||Surveillance video – 90 days; duration of our relationship with you plus 4 years|
|Pre-Hire Information||Information gathered as part of background screening and reference checks, pre-hire drug test results, information recorded in job interview notes by persons conducting job interviews for the Company, information contained in candidate evaluation records and assessments, information in work product samples you provided, and voluntary disclosures by you.||I, J, K||Neither “sold” nor “shared”||If hired, this data will be retained for duration of employment plus 5 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer .|
|Employment and Education History||Information contained in your resume regarding educational history, information in transcripts or records of degrees, vocational certifications obtained, and information regarding prior job experience, positions held, and when permitted by applicable law your salary history or expectations.||I, J, K||Neither “sold” nor “shared”||If hired, this data will be retained for duration of employment plus 5 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer.|
|Professional Related Information||Information contained in tax forms/1099 forms, safety records, licensing and certification records, and performance records, and information related to services provided by independent contractors, including in statements of work.||A, I, J, K||Neither “sold” nor “shared”||Duration of our relationship with you plus 4 years|
|Facility & Systems Access Information||Information identifying you, if you accessed our secure company facilities, systems, networks, computers, and equipment, and at what times, using keys, badges, fobs, login credentials, or other security access method.||L||Neither “sold” nor “shared”||2 years|
Of the above categories of Personal Information, the following are categories of Sensitive Personal Information the Company may collect from or about consumers, independent contractors, or applicants:
Personal information does not include:
We may disclose your personal information for the following business purposes as numbered above: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19(a), 19(b), 19(d), 20(a), 20(e), 20(f), 20(g), 20(h), and 20(i).
We do NOT and will not sell your personal information in exchange for monetary or other valuable consideration. We do not share your personal information for cross-context behavioral advertising.
We do not and will not use or disclose your sensitive personal information for purposes other than the following:
We will retain each category of personal information in accordance with our established data retention schedule as indicated above. In deciding how long to retain each category of personal information that we collect, we consider many criteria, including, but not limited to: the business purposes for which the Personal Information was collected; relevant federal, state and local recordkeeping laws; applicable statutes of limitations for claims to which the information may be relevant; and legal preservation of evidence obligations.
We apply our data retention procedures on an annual basis to determine if the business purposes for collecting the personal information, and legal reasons for retaining the personal information, have both expired. If so, we will purge the information in a secure manner.
'We may use other companies and individuals to perform certain functions on our behalf. Examples include administering e-mail services and running special promotions. Such parties only have access to the personal information needed to perform these functions and may not use or store the information for any other purpose. Subscribers or site visitors will never receive unsolicited e-mail messages from vendors working on our behalf.
In the event we sell or transfer a particular portion of its business assets, information of consumers, contractors and applicants may be one of the business assets transferred as part of the transaction. If substantially all of our assets are acquired, information of consumers, contractors and applicants may be transferred as part of the acquisition.
We may disclose specific personal and/or sensitive personal information based on a good faith belief that such disclosure is necessary to comply with or conform to the law or that such disclosure is necessary to protect our employees or the public.
The personal data record created through your registration with our website can only be accessed with the unique password associated with that record. To protect the integrity of the information contained in this record, you should not disclose or otherwise reveal your password to third parties.
We do not knowingly sell or share the personal information of consumers under 16 years of age.
The protection of the information that we collect about visitors to this website is of the utmost importance to us and we take every reasonable measure to ensure that protection, including:
We do not target, market to, or offer our products or services to consumers outside of the United States. You agree not to submit your personally identifiable information through the website if you reside outside the United States.
You can submit any of the above types of consumer requests through any of the 3 options below:
If you are a California resident, when you submit a Right to Know, Right to Access, Right to Delete, or Right to Correct request through one of the methods provided above, we will ask you to provide some information in order to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us. For example, we may need you to provide your name, email, phone number, IP address, browser ID, amount of your last purchase with the business, and/or date of your last transaction with the business.
Upon receiving a verifiable request from a California resident, we will confirm receipt of the request no later than 10 business days after receiving it. We endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to an additional 45 calendar days, or 90 calendar days total from the date we receive your request), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
For a request to correct inaccurate personal information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own documentation that the personal information is accurate. You should make a good-faith effort to provide us with all necessarily information at the time that you make the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.
If you are a California resident, you can authorize someone else as an authorized agent who can submit a request on your behalf. To do so, you must either (a) execute a valid, verifiable, and notarized power of attorney or (b) provide other written, signed authorization that we can then verify. When we receive a request submitted on your behalf by an authorized agent who does not have a power of attorney, that person will be asked to provide written proof that they have your permission to act on your behalf, and we will also contact you and ask you for information to verify your own identity directly with us and not through your authorized agent. We may deny a request from an authorized agent if the agent does not provide your signed permission demonstrating that they have been authorized by you to act on your behalf.
The California Civil Code permits California Residents with whom we have an established business relationship to request that we provide you with a list of certain categories of personal information that we have disclosed to third parties for their direct marketing purposes during the preceding calendar year. To make such a request, please send an email firstname.lastname@example.org or write to us at the address listed below. Please mention that you are making a “California Shine the Light” inquiry.
This policy is in a form that is accessible to consumers with disabilities.
**This policy was last updated January 10th, 2023.