PRIVACY STATEMENT

Updated July 2024 

1. INTRODUCTION 

We know privacy is important to you.  

We have provided this Privacy Statement to explain how we, Clubessential Holdings and our  Affiliated Group Companies (collectively, “CEH,” “we,” “us” or “our”), collect, use, share and  otherwise process personal information collected through our services. “Services,” for purposes of  this Privacy Statement, shall include, as applicable, personal information provided through your  interaction with our technology platforms, websites, mobile applications, social media pages,  marketing activities, and related services, including setting up your account and collecting your  personal information for billing purposes. “Personal information” means any information relating to  an identified or identifiable natural person (as context requires, we may also refer to personal information as “personal data.” Our “Affiliated Group Companies” are identified below in Section  15. 

2. OUR DIFFERENT ROLES 

We provide Services to our customers, clients and subscribers (collectively, “Subscribers”) through  an agreement with them, and solely for their benefit and the benefit of their authorized personnel  and end users of the Services (collectively, “End Users”).  

This Privacy Statement does not apply where we process personal information as a service provider (or data processor) on behalf of Subscribers. Where we act as a data processor, it will be the privacy  policies of our Subscribers that will apply instead of this Privacy Statement. In that scenario, our data  processing activities will be governed by the terms and conditions of our agreement with the  Subscriber, including, without limitation, a Data Processing Addendum. If you have questions about  our Subscribers’ privacy policies, or if you wish to exercise any of your privacy rights with regard to  your personal information, please contact the Subscriber directly with whom you have a business  relationship. 

Where we act as a data controller, meaning we determine the purpose and means of the personal  data processed (for example, in the management of a Subscriber’s account with us), this Privacy  Statement will apply. Depending on the circumstances, there may be more than one data controller  processing your personal information; for example, your parent company, franchisor, financial  partner or employer may also be a data controller. In these situations, we act as an independent  controller over our processing activities, meaning we determine how your personal information will  be processed independently from these other data controllers. All other data controllers will have their own obligations under applicable privacy laws and we are not responsible for their processing  activities. There may be other situations where we, as a data controller, may share your personal  information with our Affiliated Group Companies and conduct processing activities as a joint  controller for the purposes set forth in this Privacy Statement. 

3. PERSONAL INFORMATION THAT WE COLLECT

The personal information that we collect or otherwise receive about you depends on the context of your interactions with us, how your account is configured, and the choices you make with respect to your privacy settings. The way we process your personal information may also depend on the particular Services you are using, where you are located, and applicable privacy laws. 

3.1. Information You Provide to Us. We collect personal information that you provide to us, including: 

(a) Contact Information and Account Data. We collect information from you (or your organization) when you activate Services, create an account with us, and/or upload content or data to our technology platform or systems. Personal information may include your name, title, company name, mailing address, contact for billing purposes, phone number, email address, communication preferences, business location details, and account credentials (such as your username and login). 

(b) Personal Identifiers. We may collect information to verify your identity such as your name, date of birth, social security number, driver’s license number, government issued ID details, or similar information to verify your identity. 

(c) Communication, Training, Support, Feedback and Related Data. We may collect personal information such as your name, email address, phone number and any other personal information that you choose to share when you contact us for support, to give us feedback, to participate in an optional survey, to attend our events, to receive training, or to otherwise communicate or engage with us. This information may include call center recordings and call monitoring records, chat and text records, voicemails, photographs and video images. 

(d) Marketing Data. You may provide us with your contact information and preferences for receiving our marketing communications. 

(e) Social Media and Websites. We receive content that you post to our social media pages or provide to us through our websites.  

(f) Financial Information. We collect payment and billing-related information when you sign up for Services. Finance-related information may include a primary point of contact for billing related purposes or your payment account details such as a bank account or credit card information.  

3.2. Information Received from Others. From time to time, we may receive personal information about you from other sources, including: 

(a) Authorized Users. Authorized users may provide information about you when they submit content through the Services. For example, your accountant or controller may enter payment details associated with your organization for us to be able to sendyou an invoice.  

(b) Linked Third Party Services. We may receive information about you when you link a third-party service (i.e., social media accounts, payment service providers) with our Services or your account. For example, you may allow our Services to connect with a third-party payment processor or social media provider. The information we receive when you link or integrate our Services with a third party depends on the settings, permissions and privacy policies controlled by the third-party provider.  

(c) Third-Party Vendors. We may receive information about you from third-party vendors and suppliers of ours that provide us with services or carry out functions related to the provision of our Services. 

(d) Affiliated Group Companies. We may receive information about you from other Affiliated Group Companies, as permitted by this Privacy Statement. 

(e) Business Partners. We may receive information about you and your activities from third party business partners, including resellers, joint marketers, payment service providers, market research firms, and companies that help us assess risk associated with our Services and technology platforms. Information that business partners provide may include billing information, contact information, company name, products and services that may be of interest to you, and the countries or places where your business operates. 

(f) Public Information. We may collect information about you from publicly available sources, such as open government databases, social media platforms, and others. 

3.3 Information Received Through Automatic Data Collection. We, our service providers, and our business partners may automatically log personal information about you, your computer or mobile device, such as: 

(a) Device Information. We collect information from your devices, including information about how you interact with our Services and the products or services of our third-party service providers. This information includes device-specific identifiers, browser version, usage information, operating type, mobile network information, device settings and software data. 

(b) Location Information. Certain features of our Services may collect your precise location information if you grant us permission to do so through your device settings.  

(c) Communication Interaction Data. We or our third-party service providers may collect information from email providers, communication providers and social networks, such as your interaction with our emails, texts or other communications. We may do this through use of pixel tags (also known as clear GIFs) which may be embedded invisibly in our emails. 

(d) Online Behavioral Data. We may automatically collect certain personal information about your use and interaction with our Services, including our websites, social media pages and marketing campaigns that we organize, including device information (such as your IP address and unique device ID), page view information and search results and links. 

3.4 Information Received Through Cookies and Similar Technologies. We collect information when you access content, advertising, websites, interactive widgets, applications and other products (both on and off of our Services) where our data collection technologies such as web beacons, development tools, cookies and other technologies are present. These data collection technologies allow us to understand your activity on and off our Services and to store information when you interact with our Services. For more information, please review our Cookies Notice.

4. HOW WE USE PERSONAL INFORMATION 

4.1 Use of Personal Information. We use personal information collected through the Services and through other means (for example, in person at one of our conferences or events) for the purposes described in this Privacy Statement, including: 

▪ With your consent; 

▪ To operate, audit and improve our Services and technology systems; 

▪ To provide customer service and support; 

▪ To provide and facilitate the delivery or products and services requested by you; 

▪ To send you business-related information, including confirmations, invoices, technical notices, updates, security alerts, training information and administrative messages; 

▪ To maintain your account with us; 

▪ To enhance security, monitor and verify identity and service access, combat fraud, malware and other information security risks; 

▪ To detect bugs, report errors and perform activities to maintain the quality and safety of our Services; 

▪ To develop and send you marketing, sales and promotional communications in line with your selected communication preferences; 

▪ To communicate with you about one of our events, conferences, webinars or demos; ▪ To implement or deploy our Services at your business location, either onsite or remotely; 

▪ To respond to your comments or questions, or provide you with information that you have requested; 

▪ To display and measure engagement with promotions across different devices and sites; ▪ To maintain legal and regulatory compliance; and 

▪ To process your information for other legitimate business purposes such as data analysis, audits, collecting and assessing feedback, identifying usage trends, determining the effectiveness of marketing campaigns, and to evaluate and improve our products, services, marketing and business relationships. 

4.2 Legal Basis for Processing for Subscribers in the EEA. If you reside in the European Economic Area (“EEA”), we collect and process personal information about you only where we have a legal basis for doing so under the EU’s General Data Protection Regulation 2016/679 (“EU GDPR”) and the United Kingdom’s Data Protection Act of 2018 (“UK GDPR”). The legal basis depends on the Services you use and how you use them. This means we collect and use your personal data only where: 

▪ We need it to provide you with Services, including to operate the Services, provide customer support and to protect the integrity of the Services and our technology systems where other clients, customers and subscribers are concerned; 

▪ It satisfies a legitimate interest, such as for research and development, to market and promote the Services, and to protect our legal rights and interests; 

▪ You give us consent to do so for a specific purpose; or 

▪ We need to process your personal information to comply with a legal obligation, including our provision of Services to you under an agreement with us. 

If you have consented to our use of personal information for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we have a legitimate interest in doing so, you have the right to object to that use, although, in some cases, this may mean no longer being able to use the Services. 

5. WHEN WE SHARE YOUR PERSONAL INFORMATION 

We do not disclose and share your personal data with third parties other than as follows:

▪ Where it has been de-identified, including through aggregation or anonymization;

▪ When you instruct us to do so; 

▪ With your consent, for example, when you agree to our disclosing your personal information with other third parties subject to their separate privacy policies and practices; 

▪ With our Affiliated Group Companies; 

▪ With third party vendors, consultants and other service providers who work with us and need access to your personal information to carry out their work function. Examples include vendors and third-party service providers who provide assistance with marketing, scheduling, billing, payment processing, data analysis, fraud detection and prevention, network and IT system security, technical support and customer service; 

▪ With third party business partners who are involved in providing products and services to our Subscribers, including filling product requests, providing training or customer support, or implementing the Services. 

▪ To comply with laws or to respond to lawful requests and legal process; 

▪ To protect our rights and property (including that of our agents, representatives and business partners), and to enforce our agreements, policies and terms of service;

▪ In order to protect any individual’s vital interests (but only where we believe it reasonably necessary in order to protect that individual’s vital interests); and 

▪ In connection with or during negotiation of any business transfer, merger, financing, acquisition, dissolution transaction or proceeding involving sale, transfer, divestiture or disclosure of all or a portion of our business or assets to another company. 

6. DATA SECURITY 

Although no company or service can guarantee complete security, we use appropriate technical and  organizational measures to protect personal information that we collect and process. We have  implemented information security policies, password protection protocols, rules and other technical  measures to protect the personal information under our control from unauthorized access, improper  use or disclosure, and unlawful destruction or accidental loss. The measures we use are designed to  provide a level of security appropriate to the risk of processing your personal information. While  information security risks are always evolving, so are the controls. The controls that we have  implemented are periodically reviewed as part of internal and external audits.  

7. RETENTION AND DELETION 

We retain personal information that we collect from you where we have an ongoing legitimate business  need for doing so (for example, to comply with applicable legal requirements or to enforce our  agreement with you). When we have no ongoing legitimate business need to process your personal  information, we will either delete or anonymize it; or, if this is not possible (for example, because your  personal information has been stored in backup archives), then we will securely store your personal  information and isolate it from any further processing until deletion is possible. When processing  personal information of End Users on behalf of Subscribers, we will retain such End User data for as  long as we are required under our agreement with the Subscriber; for as long as the Subscriber asks  us to retain the End User data; or as required by applicable law. 

8. PROTECTING CHILDREN’S PRIVACY 

Our Services are not intended or directed to children under the age of 13. We do not knowingly collect  personal information from children without prior parent consent. If you believe we may have information  from a child, please contact us.  

9. THIRD-PARTY SITES AND SERVICES 

This Privacy Statement does not apply to the practices of companies that we do not own or control, or  to people that we do not employ or manage. If our Services include links to third-party websites, please  be aware that we are not responsible for the privacy practices of these third parties. We encourage you  to familiarize yourself with the privacy policies for third-party companies so you have an understanding  about how your personal information might be collected and used by them.  

10. YOUR PRIVACY RIGHTS AND CHOICES 

10.1 Privacy Rights for Subscribers. Certain privacy laws around the world, including the EU GDPR,  UK GDPR and the California Consumer Privacy Act (as modified by the California Privacy Rights Act,  which takes effect July 1, 2023 (together, the “CCPA”), provide users with rights related to their personal  information. Consistent with those laws, we give you the choice of accessing, editing, or removing  certain information, as well as choices about how we contact you. You may change or correct your  account information through your account settings. You may also remove certain optional information that you no longer wish to be publicly available through the Services. You can also request to  permanently close your account and delete your personal information. Depending on your location, you  may also be entitled to other rights. 

▪ Right to Access & Portability. You can access certain personal information associated with  your account by visiting your account privacy settings. You can request a copy of your personal  information by emailing us at privacy@clubessentialholdings.com with the subject heading:  “Information Request.” 

▪ Right to Correction. You have the right to request that we rectify inaccurate information about  you. By visiting your account settings, you can correct and change certain personal information  associated with your account. 

▪ Right to Restrict Processing. In certain cases where we process your personal information,  you may also have the right to restrict or limit the ways in which we use such information. 

▪ Right to Deletion. In certain circumstances, you have the right to request the deletion of your  personal information, except information we are required to retain by law, regulation, or to protect  the safety, security, and integrity of the Services and our other clients or customers. 

▪ Right to Object. If we process your information based on our legitimate interests as explained  above, or in the public interest, you can object to this processing in certain circumstances. In  such cases, we will cease processing your information unless we have compelling legitimate  grounds to continue processing or where it is needed for legal reasons.  

▪ Right to Withdraw Consent. Where we rely on consent, you can choose to withdraw your  consent to our processing of your personal information using specific features provided to enable  you to withdraw consent, like an email unsubscribe link in an email or your account privacy  preferences. If you have consented to share your precise device location details but would no  longer like to continue sharing that information with us, you can revoke your consent to the  sharing of that information through the settings on your mobile device.  

The CCPA provides California residents with the following additional rights: 

▪ Right to Know. California residents may request disclosure of the specific pieces and/or  categories of personal information that the business has collected about them, the categories of  sources for that personal information, the business or commercial purposes for collecting the  information, the categories of personal information that we have disclosed, and the categories  of third parties with which the information was shared. 

▪ Right to Opt-Out of the “Sale” of Personal Information. We do not “sell” personal information  as that term is traditionally understood. We also do not knowingly “sell” personal information of  consumers under 16 years of age. 

Limiting use of, or deleting, your personal information may impact features and functionalities that rely  on that information. However, we will not discriminate against you for exercising any of your rights,  including otherwise denying you use of the Services, providing you with a different level or quality of  Services, or charging you a different price.  

10.2 Privacy Rights of End Users. If you are an End User and the personal information pertaining to  you as an individual has been submitted to us by or on behalf of a Subscriber, and you wish to exercise  any data protection rights you may have with respect of such data under applicable law – including the  right to access, port, correct, amend or delete such data – please send your request directly to the  Subscriber with whom you have a business relationship. We have limited ability to access or correct a 

Subscriber’s content or data. If, as an End User, you make your request directly to us, please provide  the name of the Subscriber who submitted your personal information to our Services, and we will refer  your request to that Subscriber and support them as we are able in responding to the request in a  reasonable timeframe. 

10.3 Exercising Your Privacy Rights. If you would like to manage, change, limit or delete your  personal information, you can do so via your account settings in the Services. Alternatively, you can  exercise any of the rights above by contacting us at privacy@clubessentialholdings.com. 

10.4 Verification Procedures. To help protect privacy and the security of your personal information,  we may ask you to provide us with additional information to verify your identity and/or ownership rights  before we fulfill your privacy rights request. If we cannot verify your identity or your ownership rights in  the data, we may not be able to act on your request until proper documentation is provided.  

10.5 How to Opt Out from our Marketing. You can opt out from receiving marketing communications  from us by: 

▪ Clicking on the unsubscribe link within each marketing email; 

▪ Updating your communication preferences within the Services (go to the account settings menu);  or 

▪ By contacting us directly to have your contact information removed from our distribution list.  

Please note that even after you opt out from receiving marketing messages from us, you may continue  to receive generic (non-targeted) ads and transactional (non-promotional) messages from us regarding  our business relationship with you.  

11. HOW WE TRANSFER DATA INTERNATIONALLY 

We reserve the right to store and process your personal information in the United States and in any  other country where we, our Affiliated Group Companies and our third-party service providers have  operations in accordance with and as permitted by applicable privacy laws. Some of these countries  may have privacy or data protection laws that are different from the laws of your country (and, in some  cases, may not be as protective). When we transfer, store or process personal information outside of  your jurisdiction (including to or in the United States), we take appropriate safeguards to require that  your personal information remains protected in accordance with this Privacy Statement and applicable privacy laws.  

Some of these recipients of your personal information are located in countries for which the European  Commission and the United Kingdom Government (as and where applicable) have issued adequacy  decisions, which means that these countries are recognized as providing an adequate level of data  protection under applicable United Kingdom and/or European data protection laws and the transfer is  therefore permitted under Article 45 of EU GDPR. 

Other recipients of your personal information are located in countries outside the EEA or United  Kingdom that are not the subject of an adequacy decision, for example, the United States. In these  cases, we may use the Standard Contractual Clauses approved by the European Commission or, as  applicable, the International Data Transfer Agreement approved by the United Kingdom Government,  to help ensure your personal information is protected. Please contact us for additional information about  the transfer safeguards we and our Affiliated Group Companies rely on. 

12. ADDITIONAL DISCLOSURES FOR CALIFORNIA RESIDENTS

12.1 Shine the Light. California law entitles residents to ask for notice describing what categories  of personal information we share with third parties for their own direct marketing purposes. We do  not share any personal information with third parties for direct marketing purposes.  

12.2 Notice of Collection. In addition to the rights and choices described above in Section 10, the  CCPA requires disclosure of the categories of personal information collected over the past 12  months. While this information is provided in greater detail in Section 3, titled “Personal Information That We Collect,” the categories of personal information that we have collected (as described by the  CCPA) are:  

▪ Identifiers, including name, email address, location name, physical address. 

▪ Other individual records such as phone number, billing address, or credit or debit card  information. This category includes personal information protected under pre-existing California  law (Cal. Civ. Code 1798.80(e)) and overlaps with other categories listed here. 

▪ Demographics, such as your age or gender. This category includes data that may qualify as  protected classifications under other California or federal laws. 

▪ Commercial information, including purchases, transaction data, and engagement with the  Services. 

▪ Internet activity, including your interactions with the Services and what led you to those Services.

▪ Sensory visual data, such as pictures posted on the Service. 

▪ Geolocation data provided through location enabled services such as WiFi and GPS.

▪ Inferences, including information about your interests, preferences and favorites. 

12.3 Sources and Purposes for Our Collection. We collect these categories of personal information  from the sources described above, and we use these categories of personal information for our  business and commercial purposes as described in Section 4, titled “How We Use Personal  Information,” including providing and improving the Services, maintaining the safety and security of the  Services, processing payments and sales transactions, and for marketing purposes. 

12.4 “Do Not Track” Signals. Some browsers have incorporated Do Not Track (“DNT”) features that  can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is  not yet a common understanding of how to interpret the DNT signal, our Services do not currently  respond to browser DNT signals. You can use the range of other tools we provide to control data  collection and use, including the ability to opt out from receiving marketing from us as described above. 

12.5 Accessibility. If you have a disability and would like to access this policy in an alternative format,  please contact us by email at privacy@clubessentialholdings.com. 

13. CHANGES TO THIS PRIVACY STATEMENT

We may update this Privacy Statement from time to time, so you should check back periodically. If  we make changes that are material, we will provide you with appropriate notice before such changes  take effect.  

14. HOW TO CONTACT US 

Your information is controlled by Clubessential Holdings, LLC and the Affiliated Group Company with whom you have a business relationship. If you have questions about this Privacy Statement or our privacy practices, please direct your inquiry to Clubessential Holdings, LLC and the relevant Affiliated Group Company at the contact information listed below. 

15. AFFILIATED GROUP COMPANIES

UNITED STATES
Clubessential	Clubessential, LLC  Attn: Privacy Team  4600 McAuley Place, Ste. 350  Cincinnati, OH 45242  Email: privacy@clubessentialholdings.com
ClubReady	ClubReady, LLC  Attn: Privacy Team  14515 North Outer Forty, Ste. 300  Chesterfield, MO 63017  Email: privacy@clubready.com
foreUP	Golf Compete, Inc. d/b/a foreUP  Attn: Privacy Team  1064 S N County Blvd., Ste. 260  Pleasant Grove, UT 84062  Email: privacy@foreup.com
RecDesk	RecDesk, LLC  Attn: Privacy Team  300 Plaza Middlesex   Middletown, CT 06457  Email: privacy@recdesk.com
taskTracker	Advanced Scoreboards, LLC  Attn: Privacy Team  4600 McAuley Place, Ste. 350  Cincinnati, OH 45242  Email: privacy@clubessentialholdings.com
Vermont Systems	RecTrac, LLC d/b/a Vermont Systems  Attn: Privacy Team  12 Market Place  Essex Junction, VT 05452  Email: privacy@vermontsystems.com

 

EUROPEAN ECONOMIC AREA (EEA)
Innovatise	Innovatise GmbH  Attn: Privacy Team  Goethestraße 4-8  60313 Frankfurt am Main  Germany  Email: privacy@innovatise.com
TAC	TAC Informatiostechnologie GmbH  Attn: Privacy Team  Schildbach 211  8230 Hartberg, Austria  Email: privacy@tac.eu.com
Exerp	Exerp ApS  Attn: Privacy Team  Rued Langgaards Vej 8, 2 Floor  2300 Copenhagen, Denmark  Email: dpo@exerp.com
EEA Representative	Attn: Lawrence Goodman  lgoodman@clubessentialholdings.com