Peloton Biometric and Fitness Data Privacy Policy
Last Updated: April 5, 2022
Peloton Interactive, Inc. together with our affiliates (“Peloton”, “we”, or “us”) respects you/our members’ privacy and we are committed to protecting it. This Policy provides our practices regarding the collection, use, disclosure, storage, retention, destruction, and security of Biometric identifier(s), Biometric Data and Fitness Data (collectively referenced herein as “Biometric and Fitness Data”). For more information about our general practices regarding the processing of your personal data, please see the Peloton Privacy Policy. Peloton is committed to complying with applicable laws and regulations when processing Biometric and Fitness Data, including those laws and regulations that may require Peloton to provide notice or obtain consent prior to processing Biometric and Fitness Data. Members may withdraw their consent at any time by contacting us as described below.
Definitions
"Biometric Identifier" means a retina or iris scan, fingerprint, voiceprint, scan of hand or face geometry, or other unique biological patterns or characteristics. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color.
"Biometric Data" means any data, regardless of how it is captured, converted, stored, or shared, based on an individual's biometric identifier used to identify an individual. Biometric Data does not include data derived from items or procedures excluded under the definition of biometric identifier.
"Fitness Data" means any information relating to your fitness performance and/or workouts, such as heart rate, calories burned, etc.
Sharing and Disclosure of Biometric and Fitness Data
Peloton will obtain a member’s consent and release prior to sharing Biometric and Fitness Data with vendors, service providers, or partners who are contracted to perform services directly related to the purpose of the collection of the Biometric and Fitness data. Vendors, service providers, and partners who have access to Biometric and Fitness Data are required to keep the information secure, confidential, and are restricted in their use of the data.
Peloton will not disclose, redisclose, or otherwise disseminate Biometric and Fitness Data unless:
- authorized by the member or an authorized representative of the member to whom the Biometric and Fitness Data relates;
- needed to complete a financial transaction requested or authorized by the individual;
- required by State or federal law or municipal ordinance;
- required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction; or
- as required under applicable law, necessary for the establishment, exercise or defense of legal claims of wherever courts are acting in their judicial capacity.
Automated Decision-Making
We may process your Biometric and Fitness Data to make automated decisions about you. We carry out this processing for the purposes of providing workout recommendations to you based on our inferences about your preferences and practices, including for example recommendations about certain muscle exercises based on your previous exercises.
Subject to local legal requirements and limitations, you can contact us to request further information about automated decision-making, object to our use of automated decision-making, or request an automated decision to be reviewed by a human being.
Security
Safeguarding Biometric and Fitness Data is important to us. While no systems, applications or websites are 100% secure, we strive to establish reasonable systems, policies and procedures to protect Biometric and Fitness Data from loss, destruction, misuse, and unauthorized access, acquisition, disclosure or alteration.
Retention and Destruction
Peloton will securely destroy Biometric and Fitness Data within the sooner of a reasonable time after the initial purpose for collecting or obtaining such data has been satisfied, or within 3 years of your last interaction with us. If Biometric and Fitness Data is maintained by a vendor on our behalf we will instruct them to destroy the Biometric and Fitness Data.
Where permitted under applicable law, Peloton will retain Biometric and Fitness Data if required to do so per a valid warrant or subpoena issued by a court of competent jurisdiction or if necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity.
Biometric and Fitness Data Collected and Purpose for Collection
Which Sensitive Personal Information do we process?
- Fitness Data: We collect data relating to your fitness performance and/or workouts, such as heart rate, calories burned, etc.
- Biometric Data: Biometric Data is temporarily processed by your Peloton Guide to support the functionality of the product. Peloton will obtain a member’s consent prior to uploading or sharing such Biometric Data from the Peloton Guide. Biometric Data uniquely identifies you such as visual details about your face and body (face and body scans), and voiceprints.
Why do we process your Sensitive Personal Information?
- Analyze your performance: We may use Biometric and Fitness Data captured through Peloton Guide to compare past and current performances and provide you with analytics about your progress over time.
- Provide workout recommendations: We may recommend workouts to you based on our inferences about your preferences and practices, including for example recommendations about certain muscle exercises based on your previous exercises. Recommendations include information derived from Biometric and Fitness Data we collect from you, and involve the use of automated decision making (see above for more details).
- Understand you: We may use your voiceprint to understand your voice commands and, if you opt in, to improve our abilities to understand voice commands in general when you are using Peloton Guide.
How to contact us?
If you have any questions or would like to contact us or our Data Protection Officer, you can do so by email at privacy@onepeloton.com or at the addresses below.
U.S. and Canadian residents:
Peloton Interactive, Inc.
441 Ninth Avenue, Sixth Floor
New York, NY 10001
USA
Attn: Legal Department
UK residents:
Peloton Interactive UK Ltd.
Orion House
5 Upper St Martin’s Lane
London WC2H 9EA
United Kingdom
Attn: Legal Department
Australia residents:
Peloton Interactive Australia Pty Ltd
20 Martin Place
Sydney NSW 2000
Attn: Legal Department