Last Modified: July 25, 2018
All American Strength and Conditioning LLC (“CrossFit,” “we”, “us”, or “our”) is responsible for this website and is the controller of
data provided to us through it. We respect your privacy and aim to protect it along with your personal
data. We currently operate the website CrossFit.com, including all of its subsites (typically any web pages
that include fitness.com as the URL, such as games.fitness.com and journal.fitness.com) and all
software, applications, products, features and services made available, displayed or offered by or through
1. Who We Are
This Site is published and maintained by or on behalf of All American Strength and Conditioning LLC , with offices located at7470-D S. University Blvd Centennial, CO 80122. Any questions about your data privacy or this privacy
policy, please contact us at firstname.lastname@example.org, or by mail care of CrossFit Data Privacy.
Third Party Links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links
or enabling those connections may allow third parties to collect or share data about you. We do not
control these third-party websites and are not responsible for their privacy statements. When you leave
our website, we encourage you to read the privacy notice of every website you visit.
2. The Data We Collect About You and How We Collect It
We collect several different types of personal data from you depending on how you interact with our sites.
Most of the information we collect is given to us by you through filling out forms, registering for an
account, or otherwise providing information when asked. Occasionally, we do collect information about
you without you providing it, such as when you participate in a race and we collect your race times, etc.
Because we may change our website and the services we offer from time to time, the means and methods
to provide us with personal data may also change. Depending on how you interact with us and use the
website, the personal data we collect may vary.
Please read below for the common ways in which we collect your personal data.
Creating an Account on the Sites
You are not required to provide any information to the CrossFit sites. However, if you create an account
with CrossFit, we collect data from you in order to associate the account with you. This information
includes your full name, email address, a password you create, and your date of birth (we use your
birthdate to make sure you are put into the correct race categories and to make sure you are eligible to
participate in CrossFit events) (“Account Information”). By default, we’ll only use your personal data to
administer your account and to provide the products and services you requested from us.
Filling Out Your Athlete Info
Once you have created an account, you are free to provide other personal information about yourself
related to your CrossFit status. This can include uploading a picture of yourself, including your height,
weight, workout benchmarks, athlete bio, and other information about yourself (“Personal Bio”). By
providing this information you are consenting to our processing of it. You may edit, delete, and otherwise
change this information at any time.
Applying for Certification Course
When you apply to be a Certified CrossFit Trainer, we ask you for personal information to help us
determine whether you are qualified to enroll in a course and, if you are, to enroll you. This information
includes you full name, email address, date of birth, telephone number, and mailing address (“Contact
Information), as well as information about your education and experience, and any CPR certificates you
hold (“Education Information”).
Enrolling in Events
If you enroll or sign up for an event, competition, or the CrossFit Games Open, you will be asked to
provide information about yourself in order to help us facilitate the event. This may include Contact
Information, Billing Information, Personal Bio, and other information. We use this information for
various purposes, including verifying the identity of an athlete, ensuring that the competition rules and
requirements are complied with, recording competition results and records of participation, preventing
fraud, ensuring the safety of race participants, and generally creating a level playing field.
Making a Purchase
When you make a purchase on our website or elsewhere, we collect your contact information, shipping
address, payment card information/account information and billing address (“Billing Information”). We
use this information to process payment, process shipments of goods, and for legitimate interests like
Entering Sweepstakes and Contests
If you decide to enter into a contest or sweepstakes we sponsor, you agree to provide information on
necessary to enter and fulfill all of the terms of the contest or sweepstakes. This information varies
depending on the contest/sweepstakes, and we will provide you with more information about how your
information is used in the related documentation.
Message Boards and User Contributions
When you volunteer information on a message board, comment section, chat feature, or other public
comment section, you consent to our processing of that information as you would in any other public
forum. Depending on the forum and the comment, we may collect, store, and use that information for
various reasons. All Site users must comply with our Terms and Conditions regarding the user
Information Collected Automatically From Using Our Site
As you interact with the CrossFit sites, we may automatically collect information about your equipment,
browsing actions and patterns (“Technical Data”). We collect this technical data by using cookies and
other similar technologies. Technical data may include your IP address; device identifier data, the type of
device you use, your operating system and version, the URLs of our web pages that you visit, the URLs
of referring and exiting pages, the pages you view, the time spent on a page, the number of clicks made,
the platform type, and generalized, non-specific location data. When we collect data that does not identify
you as a natural person, we are permitted to use and disclose this information for any purpose,
notwithstanding anything contrary in this notice, except where prohibited by law.
Like many websites, our server logs capture technical data automatically as your browse the particular
3. Sensitive Personal Information
From time to time, we collect and process sensitive personal information which may include racial or
ethnic origin, genetic data, biometric data, and data concerning health. Other than a few necessary
exceptions, you are never required to provide this information, but may consent to our processing it. For
example, you may provide information about your personal fitness (exercise regimen, workout routines,
vital sign numbers, etc.) on your personal bio page to share that information with other members of the
CrossFit community. Whenever the processing of this data is based on consent, you are free to withdraw
that consent at any time by removing such information or asking us to remove it for you.
Drug Testing Policy
CrossFit is committed to maintaining drug-free competitions in order to ensure a safe and level playing
field. Moreover, the health and safety of the CrossFit athletes and the integrity of the sport are our top
priorities. Therefore, when participating in an event, you may undergo drug testing, sometimes randomly,
in order to participate in the event to which you signed up. Information regarding how we process
sensitive personal data, including the legal basis for such processing, is included in our Drug Testing
4. How We Use Your Personal Data.
We will only use your personal data when allowed by law. Generally, we will use your personal data: (a)
where we need to perform the contract we are about to enter into or have entered into with you; (b) where
it is necessary for our legitimate interests and your interests and fundamental rights do not override those
interests; and (c) where we need to comply with a legal or regulatory obligation.
Purposes for Which We Will Use Your Personal Data
Below is a chart of some of the common ways in which we process your personal data. We have
identified what our legitimate interests are where appropriate. Note that we may process your personal
data for more than one lawful ground depending on the specific purpose for which we are using your data.
Please contact us if you need details about the specific legal ground we are relying on to process your
personal data where more than one ground has been set out in the table below.
Purpose/Activity Type of data
Lawful Basis for Processing
Including Basis of Legitimate
To fulfill a purchase
In furtherance of performance
of a contract with you.
Notifying you about
changes to our terms or
Contact Information Necessary to comply with a
To administer and protect
our business and this
analysis, testing, system
reporting and hosting of
Necessary for our legitimate
interests (for running our
business, provision of
administration and IT services,
network security, to prevent
fraud and in the context of a
business reorganization or
group restructuring exercise)
To provide you with
our products and services.
Contact Information Consent
Legitimate interests (in
marketing goods or services in
which you may have a
personal interest based on our
ongoing business relationship).
To provide you with third
party offers that may be
relevant to you.
Contact Information Consent
To respond to customer
service requests including
order status and chat
Contact Information Legitimate interest (for
running our business, provision
of administration and IT
services, network security, to
prevent fraud and in the
context of a business
reorganization or group
To enroll you in a race or
Performance of a contract
Legitimate interest (for
running our business, provision
of administration and IT
services, network security, to
prevent fraud and in the
context of a business
reorganization or group
5. Disclosures Of Your Personal Data
From time to time, we may need to share your personal data with others.
Publicly Available Information
Some of your data will be shared with the general public, including:
● your posts to a public area or feature of our site, such as a message board, chat room, bulletin
board, list serve, blog, vlog, wiki or other open forum;
● if you participate in an event like the CrossFit Games or the Open, your name, event results,
performance times, and other information about may be posted publicly;
● the information you include in your profile page on the CrossFit website;
● posts, new articles, updates, race results, and other information that we provide to the public
about our events may include personally identifiable information. For example, we may report on
the winners of a particular event which requires us to identify them by name.
Please note that when information is made publicly available it may be accessed by anyone with access to
the site or forum to which the information is posted. It may also be indexed by third-party search engines,
and be imported, exported, distributed, aggregated, and redistributed by others without our knowledge.
Please take caution before posting information publicly.
Third-Party Service Providers—We may share your information, including but not limited to contact data
and technical data, with third party service providers who perform various functions to enable us to
provide our services and help us operate our business, such as website design, sending email
communications, fraud detection and prevention, customer care, payment processing, or performing
analytics. Our contracts with these third parties require them to maintain the confidentiality of the
personal data we provide to them, only act on our behalf and under our instructions, and not use personal
data for purposes other than the product or service they’re providing to us or on our behalf.
With our Affiliates and Partners—When participating in events or activities that we offer along with our
partners and/or affiliates, you may be asked to share personal information with those affiliates and/or
partners. For example, some of our certificate courses, events, competitions, seminars, programs, contests,
sweepstakes and other offerings may be co-sponsored by another company or companies. In those
situations, the information we obtain from you in connection with such contest, sweepstake or offering
may be shared with our co-sponsor, unless you instruct us not to. In some of those cases, we may act as
co-controllers of your personal information, depending on the circumstances.
With Unaffiliated Controllers—In some cases we may transfer personal data to unaffiliated third-party
data controllers. These third parties do not act as agents or service providers and are not performing
functions on our behalf. We may transfer your personal data to third-party data controllers for the
following purposes: 1) to provide you with third-party offers; 2) to provide us information about the
quality of our services offerings. We will only provide your personal data to third-party data controllers
where you have not opted-out of such disclosures, or in the case of sensitive personal data, where you
have opted in if the disclosure requires consent. We enter into written contracts with any unaffiliated
third-party data controllers requiring them to provide the same level of protection for your personal
information that is required of us. We also limit their use of your personal data so that it is consistent with
any consent you have provided and with the notices you have received.
Protection of CrossFit and Others—We may share personal data when we believe it is appropriate to
enforce or apply our Terms of Service and other agreements; or protect the rights, property, or safety of
CrossFit, our products and services, our users, or others. This includes exchanging information with other
companies and organizations for fraud protection and risk reduction. This does not include selling,
renting, sharing, or otherwise disclosing personal data of our customers for commercial purposes in
violation of the commitments set forth in this notice.
Response to Subpoenas and Other Legal Requests—We may share your information with courts, law
enforcement agencies, or other government bodies when we have a good faith belief we’re required or
permitted to do so by law, including to meet national security or law enforcement requirements, to protect
our company, or to respond to a court order, subpoena, search warrant, or other law enforcement request.
Sale of Our Business—If we sell, merge, or transfer any part of our business, we may be required to share
your information. If so, you will be asked if you’d like to stop receiving promotional information
following any change of control.
With Your Consent—Other than as set out above, we will provide you with notice and the opportunity to
choose when your personal data may be shared with other third parties.
6. SMS Messages
We may make available a service through which you can receive messages on your wireless device via
short message service (“SMS Service”). If you subscribe to one of our SMS Services, you thereby agree
to receive SMS service messages at the address you provide for such purposes. Such messages may come
from CrossFit, the rest of the CrossFit family and/or the rest of the third parties with which we share your
address (unless and until you have elected not to receive such messages by following the instructions in
the Right to Opt In and Opt Out section above).
You understand that your wireless carrier’s standard rates apply to these messages, and that you may
change your mind at any time by following the instructions in the Right to Opt In and Opt Out section
above. You represent that you are the owner or authorized user of the wireless device you use to sign up
for the SMS service, and that you are authorized to approve the applicable charges. To use the SMS
service, you must be 18 years of age or older and reside in the United States. You must first register and
provide all required Personal Information, which may include, for example, your name, SMS address,
wireless carrier and, if fees are applicable to the SMS Service you subscribe to, billing information (either
your credit card information or mobile service carrier information if applicable fees will be billed through
your carrier). We may also obtain the date, time and content of your messages in the course of your use of
the SMS Service. We will use the information we obtain in connection with our SMS service in
your carrier with your applicable information in connection therewith. Your wireless carrier and other
service providers may also collect data about your wireless device usage, and their practices are governed
by their own policies.
You acknowledge and agree that the SMS service is provided via wireless systems which use radios (and
other means) to transmit communications over complex networks. We do not guarantee that your use of
the SMS service will be private or secure, and we are not liable to you for any lack of privacy or security
you may experience. You are fully responsible for taking precautions and providing security measures
best suited for your situation and intended use of the SMS service. We may also access the content of
your account and/or wireless account with your carrier for the purpose of identifying and resolving
technical problems and/or service related complaints.
By signing up for the SMS service, you consent to receiving, from time to time, further messages which
may include news, promotions and offers from us, our subsidiaries, entities owned, related to or
controlled by us and partners, and you consent to our sharing of your personal information with such
parties for such purposes, unless and until you have opted out of these activities by following the
instructions in the Right to Opt In and Opt Out section above. Please follow the instructions provided to
you by third parties to unsubscribe from their messages.
7. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally
lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your
personal data to those employees, agents, contractors and other third parties who have a business need to
know. They will only process your personal data on our instructions and they are subject to a duty of
confidentiality. We have put in place procedures to deal with any suspected personal data breach and will
notify you and any applicable regulator of a breach where we are legally required to do so.
8. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for,
including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the
appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the
personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the
purposes for which we process your personal data and whether we can achieve those purposes through
other means, and the applicable legal requirements. In some circumstances you can ask us to delete your
data (see “EU Data Subjects Legal Rights”). In some circumstances we may anonymize your personal
data (so that it can no longer be associated with you) for research or statistical purposes in which case we
may use this information indefinitely without further notice to you.
9. International Data Transfers
CrossFit has its headquarters in the United States. Information we collect from you will be processed in
the United States. Where we transfer your personal data to third party service providers outside of the
European Economic Area (EEA), we rely on appropriate suitable safeguards or specific derogations
recognized under data protections law, including the GDPR.
The European Commission has adopted standard data protection clauses, which provide safeguards for
personal data transferred outside of the EEA. We may use Standard Contractual Clauses when
transferring personal data from a country in the EEA to a country outside the EEA.
10. EU Data Subjects Privacy Rights
EU data subjects have certain rights with respect to your personal data that we collect and process. We
respond to all requests we receive from individuals in the EEA wishing to exercise their data protection
rights in accordance with applicable data protection laws.
● Access, Correction or Deletion—You may request access to, correction of, or deletion of your
personal data. You can often go directly into the service under Account Settings to take these
actions. Please note that even if you request for your personal data to be deleted, certain aspects
may be retained for us to: meet our legal or regulatory compliance (e.g. maintaining records of
transactions you have made with us); exercise, establish or defend legal claims; and to protect
against fraudulent or abusive activity on our Service. Data retained for these purposes will be
handled as described in Section 7 “Data Retention,” above.
● Objection—You may object to processing of your personal data where we are relying on a
legitimate interest (or those of a third party) and there is something about your particular situation
which makes you want to object to processing on this ground as you feel it impacts on your
fundamental rights and freedoms. You also have the right to object where we are processing your
personal data for direct marketing purposes. In some cases, we may demonstrate that we have
compelling legitimate grounds to process your information which override your rights and
● Restriction—You have the right to ask us to suspend the processing of your personal data in the
following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the
data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if
we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have
objected to our use of your data but we need to verify whether we have overriding legitimate
grounds to use it.
● Portability—You have the right to request the transfer of your personal data to you or to a third
party. We will provide to you, or a third party you have chosen, your personal data in a
structured, commonly used, machine-readable format. Note that this right only applies to
automated information which you initially provided consent for us to use or where we used the
information to perform a contract with you.
● Withdraw Consent—If we have collected and processed your personal data with your consent,
you can withdraw your consent at any time. Withdrawing your consent will not affect the
lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing
of your personal data conducted in reliance on lawful processing grounds other than consent.
● File a Complaint—You have the right to file a complaint with a supervisory authority about our
collection and processing of your personal data.
To file a request or take action on one of your rights, please contact us at the contact details provided.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights).
However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your
right to access your personal data (or to exercise any of your other rights). This is a security measure to
ensure that personal data is not disclosed to any person who has no right to receive it. We may also
contact you to ask you for further information in relation to your request to speed up our response. We try
to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if
your request is particularly complex or you have made a number of requests. In this case, we will notify
you and keep you updated.
11. Children’s Privacy
We are committed to complying with the Children’s Online Privacy Protection Act (COPPA). CrossFit
sites and services are not directed to children under the age of 16. We do not knowingly collect personal
information from children under the age of 16. If we receive personal information that we discover was
provided by a child under the age of 16, we will promptly destroy such information. Additional
information is available on the Direct Marketing Association’s home page at http://www.the-dma.org. If
you would like to learn more about COPPA, visit the Federal Trade Commission home page at
12. Updates to Our Privacy Notice
By using this website, you agree to the terms and conditions contained in this Privacy Notice and
Conditions of Use and/or any other agreement that we might have with you. If you do not agree to any of
these terms and conditions, you should not use this website. You agree that any dispute over privacy or
the terms contained in this Privacy Notice will be governed by the laws of the State of Arizona. You also
agree to arbitrate such disputes in Arizona and to abide by any limitation on damages contained in any
agreement we may have with you.
This notice is expected to change from time to time. We reserve the right to amend this Notice at any time
and provide notice to you by posting of the amended Privacy Notice on the website. We may also email
you to give you notice of material changes to this Notice. The provisions contained herein supersede all
previous notices or statements regarding our privacy practices and the terms and conditions that govern
the use of this website.
13. How to Contact Us
If you have any questions or wish to register a complaint in relation to this Privacy Notice or the manner
in which your personal data is used by us, please contact us by any of the following means:
By Email: email@example.com
By Post: 7470-D S. University Blvd Centennial, CO 80122