Who Controls and Owns the Portal?

Management Science Associates, Inc. (“MSA”) controls and owns the Portal. 
For more information, contact healthmetric@msa.com. 

If you live in the European Economic Area, United Kingdom, Switzerland, Australia,  or the state of California, Management Science Associates, Inc. controls your personal data and provides you with the Portal and related services.  If you are seeking to exercise any of your statutory rights relating to the Portal, please contact our Data Protection Officer at MSADataProtectionOfficer@msa.com.  You may also contact MSA at: 

Management Science Associates, Inc.

Attn: HealthMetric

400 MSA Drive

Tarentum, PA 15084-2808

If located in the United Kingdom, you may contact the following: 

Management Science Associates, Inc. 

Attn: HealthMetric

MSA Focus International Ltd Neptune Court, Vanguard Way

Ocean Park, Cardiff, United Kingdom CF245PJ

If located in the European Economic Area or Switzerland, you may contact the following: 

Management Science Associates, Inc. 

Attn: HealthMetrics 

What Types of Personal Data Does the Portal Collect?

When a User accesses or uses the Portal, all data entered by the User, including, but not limited to, the following types of Personal Data, are collected:

• All data manually entered into the Portal 
• All data that has been authorized to use (read and/or write)
• All data collected to establish your account such as: 
  • your name
  • address
  • community where you reside
  • email address
  • cell phone number
  • mobile carrier
  • Portal username and password.
  • IP addresses
  • browser type
  • phone type
  • internet service provider (ISP)
  • Cookie

Information We Receive From Your Use of the Portal.  Your device collects data to estimate a variety of metrics.  The data collected varies depending upon which device you use.  When your device syncs with our application or software, data recorded on your device is transferred from your device to our servers.  

Location Services.  The Portal includes features that use and collect location data.  We collect this type of data if you grant us access to your location.  You can always remove our access to your location using the Portal account settings.  

Usage Data.  When you access or use our services, we receive certain usage data. This includes information about your interaction with the Portal, for example, when you view or search content, install applications or software, create or log into your account, pair your device to your account, or otherwise open or interact with the Portal.  We also collect data about the devices and computers you use to access the Portal, including IP addresses, browser type, language, operating system, mobile device information (including device and application identifiers), the referring web page, pages visited, location (depending on the permissions you have granted us), and cookie information.

Information We Receive From Third-Parties.  If you choose to connect your account on our services to your account on another service, we may receive information from the other service. For example, we may receive information like your name, profile picture, age range, language, email address, and friend list. You may also choose to grant us access to your exercise or activity data from another service. You can stop sharing the information from the other service with us by removing our access to that other service.

Health and Other Special Categories of Personal Data. To the extent that information we collect is health data or another special category of Personal Data subject to the European Union’s General Data Protection Regulation (“GDPR”) or  the California Consumer Privacy Act of 2018 (“CCPA”) and as amended and replaced by the California Privacy Rights Act (“CPRA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), the Virginia Consumer Data Protection Act (“VCDPA”), the United Kingdom’s Data Protection Act of 2018 (“DPA”) or Australia’s Privacy Act of 1988 and/or the Australian Privacy Principles (collectively “APP”), we ask for your explicit consent to process the data. We obtain this consent separately when you take actions leading to our obtaining the data, for example, when you pair your device to your account or grant us access to your exercise or activity data from another service. You can use your account settings and tools to withdraw your consent at any time, including by stopping use of a feature, removing our access to a third-party service, unpairing your device, or deleting your data or your account.

Any use of Cookies – or of other tracking tools – by the Portal unless stated otherwise, serves to identify Users and remember their preferences, for the sole purpose of providing the service required by the User.

Failure to provide certain Personal Data may make it impossible for the Portal to provide its services. 

Some of our pages utilize framing techniques to serve content to and from our partners while preserving the look and feel of our site.  

How We Use Information

MSA uses the information it collects from you for the following purposes:

Provide and Maintain the Portal.  Using the information MSA collects, it is able to deliver and operate the Portal and honor its Terms of Use with you.  For instance, MSA requires your information to enable you to find and connect with HealthMetric Users, enable HealthMetric Users to find you and connect with you, and to provide customer support.  

Improve, Personalize and Develop the Portal.  MSA uses the information it collects to improve and personalize the Portal and to develop additional features.  For example, MSA uses the information to troubleshoot and protect against errors, perform data analysis and testing, conduct research and surveys, and develop new features and services.  

Communicate With You. MSA uses your information when needed to send you service notifications and respond to you.  MSA also uses your information to promote new features and/or products it thinks you would be interested in.  You can control marketing communications and most service notifications by using your notification preferences in account settings or via the “unsubscribe” link in an email.

Promote Safety and Security. MSA uses the information it collects to promote the safety and security of the Portal, its users, and other parties.  For example, it may use information to authenticate users, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce its terms and policies.  

Personal Data concerning the User is collected for the following additional purposes:

• Displaying content from external platforms; 
• Providing Personal Data to third parties whom you have authorized MSA to release such data; 

MSA uses cookies and similar technologies for the purposes described above. 

For Personal Data subject to the GDPR the DPA, the APP, the CPRA, the CPA, the CTDPA, the UCPA,  and the VCDPA,, we rely on several legal bases to process the data. These include when you have given your consent, which you may withdraw at any time using your account settings and other tools; when the processing is necessary to perform a contract with you, like the Terms of Use; and our legitimate business interests, such as in improving, personalizing, and developing the services, marketing new features or products that may be of interest, and promoting safety and security as described above.  For more information, please see the “Legal Bases” section below.

How and Where Will Personal Data Be Processed?

Method of Processing

MSA processes the Personal Data of Users in a proper manner and takes appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of the Personal Data.

The Personal Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to MSA, in some cases, the Personal Data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as data processors by MSA. The updated list of these parties may be requested from MSA at any time.

Place

The Personal Data is processed at MSA’s operating offices and in any other places where the parties involved with the processing are located. For further information, please contact MSA.

Conservation Time

The Personal Data is kept for the time necessary to provide the service requested by the User, or stated by the purposes outlined in this Privacy Policy, and the User can always request MSA for their suspension or removal.  In the event that you terminate your HealthMetric account, MSA will continue to adhere to the policies and practices described in this Privacy Policy.

With Whom Will We Share Your Information?

Method of Processing

MSA processes the Personal Data of Users in a proper manner and takes appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of the Personal Data.

The Personal Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to MSA, in some cases, the Personal Data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as data processors by MSA. The updated list of these parties may be requested from MSA at any time.

MSA employs and maintains an information security management system, which utilizes certain data protection mechanisms, such as encryption, to prevent unauthorized or unlawful access, destruction, loss, alteration, or disclosure of the Personal Data of Users. The Portal undergoes periodic security assessments to ensure the constant protection of the Personal Data of Users. 

Place

The Personal Data is processed at MSA’s operating offices and in any other places where the parties involved with the processing are located. For further information, please contact MSA.

Conservation Time

The Personal Data is kept for the time necessary to provide the service requested by the User, or stated by the purposes outlined in this Privacy Policy, and the User can always request MSA for their suspension or removal.  In the event that you terminate your Portal account, MSA will continue to adhere to the policies and practices described in this Privacy Policy.

With Whom Will We Share Your Information?

We may disclose aggregated information about our Users, and information that does not identify any individual, without restriction.

We do not sell your Personal Data that you provide freely or that we collect in connection your use of the Portal. 

We may disclose Personal Data that you provide freely or that we collect automatically:

• To our subsidiaries and affiliates to provide support to you in connection with your use of the Portal.
• To contractors, service providers, websites linked to the Portal, and other third parties we use to support the Portal and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them. 
• To fulfill the purpose for which you provide it. 
• To third parties in our sole and absolute discretion but in any event, MSA shall do so with my Personal Data only: (i) after my Personal Data has been de-identified; (ii) for the purposes of health management and/or health research; and (iii) after express consent is provided by you in the following form, “I hereby grant MSA complete permission to receive, use, and disclose my Personal Data in de-identified form to such third parties as contemplated under this paragraph.”  
• For any other purpose disclosed by us when: (i) you provide the information; or (ii) we might subsequently revise the express provisions of this Privacy Policy, our Terms of Use to disclose such other purpose and in such latter case, you shall consent to such other use through your continued use of the Portal.
• With your consent.

We may also disclose your Personal Data and information:

• To the extent that it is required to do so by law, in legal proceedings or in the stages leading to possible legal action arising from improper use of the Portal or the related services or to establish, exercise or defend its legal rights.
• To enforce or apply our Terms of Use and other agreements.
• If we believe in good faith that disclosure is necessary or appropriate to protect the rights, property, or safety of MSA, our customers or others, or to investigate fraud. 

With Whom Will We NOT Share Your Information?

Any sharing of the Personal Data of Users is limited to those purposes outlined in preceding section. All other transfers, uses or sale of the Personal Data of Users is prohibited, including: 

• Transferring or selling the Personal Data of Users to third parties like advertising platforms, data brokers, or any information resellers. 
• Transferring, selling, or using the Personal Data of Users for serving ads, including personalized or interest-based advertising. 
• Transferring, selling or using the Personal Data of Users to determine credit-worthiness or for lending purposes. 
• Transferring, selling or using the Personal Data of Users with any product or service that may qualify as a medical device pursuant to Section 201(h) of the Federal Food Drug & Cosmetic Act if the Personal Data of Users will be used by the medical device to perform its regulated function. 
• Transferring, selling or using the Personal Data of Users for any purpose or in any manner involving Protected Health Information (as defined by HIPAA) unless express written approval is provided.  

Data Retention

MSA keeps your account information, including, but not limited to, your name, email address, and password, for as long as your account is in existence because we need it to operate your account. In some cases, when you give us information for a feature of the Portal, we delete the data after it is no longer needed for the feature. We keep other information until you use your account settings or tools to delete the data or your account because we use this data to provide you with other aspects of the services. We also keep information about you and your use of the services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm, including as described in the “How We Use Information” section of this Privacy Policy.

The Rights of Users

MSA provides account settings and tools to access and control your Personal Data, as described below, regardless of where you live.  If you live in the European Union, European Economic Area, United Kingdom, Switzerland or Australia (“the Designated Countries”) or the states of California, Colorado, Connecticut, Utah, and Virginia, you have a number of legal rights with respect to your information, which your account settings and tools allow you to exercise, as outlined below.

Right to Opt-Out of the Sale of Personal Data. Under the CPRA, CPA, CTDPA, UCPA, VCDPA,  the DPA, the APP and the GDPR, you have the right to opt-out of the sale of your Personal Data by a business. MSA does not sell your Personal Data that you provide freely or that we collect in connection your use of the Portal.

Accessing and Exporting Data.  By logging into your account, you can access much of your Personal Data. To receive the entirety of your Personal Data collected by the Portal in a commonly used file format, please contact MSA’s Data Protection Officer at MSADataProtectionOfficer@msa.com. Before your Personal Data that has been collected by the Portal is produced, you will be asked to verify your request and your identity. A request for the production of your Personal Data may be made by your authorized agent if your authorized agent provides your written permission to MSA.   

Editing and Deleting Data.  Your account settings let you change, correct and delete your Personal Data.  For example, you may edit or delete the profile data you inputted in the Portal through your account settings.  You may request the entirety of your Personal Data be deleted through the “Help: Privacy Question” section in account settings and submitting a request to MSA. Before your Personal Data is deleted, you will be asked to verify your request and your identity. A request to delete your Personal Data may be made by your authorized agent if your authorized agent provides your written permission to MSA.   If you choose to delete your account, please note that while most of your information will be deleted within thirty (30) days, it may take up to ninety (90) days to delete the entirety of your information.  We may also preserve data for legal reasons to prevent harm. Please note that deleting and/or removing the Portal from your device(s) does not delete, or request a delete, of your account and Personal Data.

Objecting to Data Use.  We give you account settings and tools to control our data use. For example, through your account settings, you can limit how your information is visible to other users of the Portal; using your notification settings, you can limit the notifications you receive from MSA; and under your application settings, you can revoke access of third-party applications that you previously connected to your Portal account. 

If you live in a Designated Country, in certain circumstances, you can object to our processing of your information based on our legitimate interests, including as described in the “How We Use Information” section of this Privacy Policy. You have a general right to object to the use of your information for direct marketing purposes. Please see your notification settings to control our marketing communications to you. 

Restricting or Limiting Data Use. In addition to the various controls that we offer, if you reside in a Designated Country, you can seek to restrict our processing of your data in certain circumstances. Please note that you can always delete your account at any time.

If you need further assistance regarding your rights, please contact our Data Protection Officer at MSADataProtectionOfficer@msa.com, and we will consider your request in accordance with applicable laws. If you reside in a Designated Country, you also have a right to lodge a complaint with your local data protection authority.

Users have the right, at any time, to know whether their Personal Data has been stored and can consult MSA to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, canceled, updated or corrected, or for their transformation into anonymous format or to block any Personal Data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to MSA’s Data Protection Officer at MSADataProtectionOfficer@msa.com.

The Portal does not support “do not track” requests.

To understand if any of the third party services it uses honor the “do not track” requests, please read their privacy policies.

Right to Non-Discrimination. If you choose to exercise your rights as a user of the Portal as outlined above, we will not discriminate against you or otherwise treat you differently than other users. 

Information Security

MSA works hard and takes precautions to keep your data safe. We utilize a combination of technical, administrative, and physical controls to maintain the security of your data.  This includes the measures to encrypt much of the data submitted to and collected by the Portal.  However, no method of transmitting or storing data is completely secure.  If you have a security-related concern, please contact MSA’s Data Protection Officer at MSADataProtectionOfficer@msa.com.  

In the case of breach of Personal Data, MSA shall without undue delay notify affected Users by describing the nature of the breach, providing contact information of its Data Protection Officer, and advising of the likely consequences of the breach.  

In support of MSA’s efforts to keep your data safe, we recommend Users employ their devices’ password features and ensure that the settings on such devices allow Users to encrypt data.   

Legal Bases

MSA is committed to providing our members with meaningful information and choices about the information they share through the Portal and the services. The GDPR and the DPA requires organizations to have legal bases to collect, use, share, and otherwise process information about users residing in the European Union or the United Kingdom, respectively. If you habitually reside in the European Union or the United Kingdom, there are particular rights available to you. While some of these rights apply generally, certain rights only apply depending on the legal bases we rely on to process data. We’ve explained these legal bases and your rights below.

To provide the Portal and the Services

As described in the Terms of Use, the Portal cannot be provided, and the Terms of Use cannot be performed, without MSA processing your Personal Data. Since we process data you provide to us which is necessary to perform our contract with you, you have the right to port or transfer that data if you habitually reside in the European Union. 

With your consent 

We ask for your permission to process your Personal Data for certain purposes and you have the right to withdraw your consent at any time. We ask for your consent to:

• Collect or infer health information which is used to provide helpful statistics and visualizations.
• Send you marketing communications.
• Collect and process information from third-party products, services, devices, and apps which are connected to the Portal.

When we process data you provide to us based on your consent, you have the right to withdraw your consent at any time via your account settings. You also have the right to port or transfer the data.

Legal obligation or for the establishment, exercise or defense of legal claims 

We process data where we have a legal obligation to do so, for example, where we’re responding to valid and binding legal process from law enforcement agencies for certain data. In addition, processing may be needed for us to establish, exercise or defend civil or criminal claims in connection with actual or potential litigation including to protect the Portal and related services, our property or other legal rights, including those of our members or partners.

To protect vital interests 

We process data where it is necessary to protect an interest which is essential to someone’s life or protect any person from serious bodily injury. This includes processing information to combat harmful conduct both on and off of our Services.

Carrying out a task in the public interest 

Where set forth by the law of the European Union or a member state thereof or the United Kingdom, we may process users’ data to perform processing in the public interest. This may include protecting against harm and undertaking research for social good. You have the right to object to, and seek restriction of, our processing of your Personal Data when we process data using this legal basis.

In furtherance of legitimate interests 

We process your information for our legitimate interests, and those of third parties, while applying appropriate safeguards that protect your privacy, rights and interests. We do this to:

• Market the Portal and other commercial products or services. For example, our partners may pay us to promote their products, services, events, gear or devices on the Portal. This is one of the ways we are able to provide the Services on a sustainable basis. We provide controls and safeguards for our members, including the ability to object.

• Maintain our business by conducting research and continuously improving the services so as to offer innovative and customized offerings to our members and partners.

• Convert it into aggregated form (by removing certain information, such as your name, and combining the resulting information with similar information from other members) for use by us and our partners. Our partners may use this information to improve infrastructure or for other commercial purposes, including developing useful insights. 

• Keep the services safe and secure by using information to prevent or detect violations of our Terms of Use, fraud or abuse, and other harmful or illegal conduct. We may also share information with third parties, including law enforcement agencies for this purpose.

• Promote the services, including email and in-product marketing campaigns to inform members about our services.

• Encourage users to find new ways to interact, including activities, followers, clubs, or events. We rely on our legitimate interest in retaining members when ensuring that we offer new opportunities of interest to our users.

You have the right to object to, and seek restriction of, our processing of your Personal Data based on legitimate interests. Please contact MSA’s Data Protection Officer at MSADataProtectionOfficer@msa.com if you object to us using your information.

Changes to this Privacy Policy

MSA reserves the right to make changes to this Privacy Policy at any time by giving notice to Portal Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a User objects to any of the changes to this Privacy Policy, the User must cease using the Portal and can request MSA to erase their Personal Data. Unless stated otherwise, the then-current Privacy Policy applies to all Personal Data MSA has about Users.

Information about this Privacy Policy

MSA is responsible for this Privacy Policy.

Additional Information

More details concerning the collection or processing of Personal Data may be requested from MSA at any time at its contact information.

Definitions

Cookie.  Small piece of data stored in the User’s/your device.

HealthMetric.  MSA’s HealthMetric Mobile Application.

HealthMetric User. Third party individuals who use HealthMetric to track, analyze and support their wellness and exercise based activities

HealthMetric User Data.  Any electronic data or information of a HealthMetric User submitted or provided by a HealthMetric User to User through use of the Portal.

Personal Data. Any information regarding a natural person, a legal person, an institution or an association, which is, or can be, identified, even indirectly, by reference to any other information, including a personal identification number when a User/you access or use the Portal.  MSA will collect and use your Personal Data consistent with applicable law and as more particularly outlined in this Privacy Policy and in the applicable provisions of the Terms of Use of the Portal, concerning both of which you/the User are simultaneously agreeing to abide by downloading and using the Portal.

Portal. MSA’s portal software tool that allows Users to connect and interact with HealthMetric Users to access, retrieve, use and disclose HealthMetric User Data in order to provide additional wellness and exercise services and support to said HealthMetric Users.

Usage Data. When you access and use the Portal, we may automatically collect certain details of your access to and use of the app or website, including traffic data, logs, and other communication data.  We may collect information about your mobile device or computer and internet connection, including the device’s unique device identifier, IP address, operating system, browser type, and phone type.

User. The individual using the Portal, which must coincide with or be authorized by the Personal Data subject, to whom the Personal Data refers.

Version 1.3 (Modified 12/15/2022)