Welcome to one of the websites of TOSD Corporation (“TOSD” “we,” “us,” or “our”), which provides payment processing and related services, and services accounts, for fitness facilities, health clubs, medical practices, and subscription services, among others (each, a "Client").  All of the websites owned or operated by TOSD and which contain a link to this Privacy and Security Policy are collectively, together with all services available through such websites, referred to as the “Site.”

TOSD respects our customers’ privacy.  This Privacy and Security Policy (“Privacy Policy”) describes the way we collect information from and about you when you visit our websites, use files or information downloaded from a website, use any software provided for your use by TOSD or a Client, or use our services (including through a Client), and how we treat, store, use, and protect your personal information.  This Privacy Policy applies to and is part of the Site, which is also governed by the Site’s Terms of Use.  Our Privacy Policy also applies to any information we collect or receive by email, text, or other electronic messages between you, and our websites and our company and its affiliates.  It also describes other sources we use to obtain information about you; tells you how we use, share and protect your information; and what choices you have about how your information is used, including how you can contact us regarding that information.

BY USING OR ACCESSING THE SITE, OUR SOFTWARE, OUR SERVICES, OR ANYTHING ACCESSED OR DOWNLOADED FROM THE SITE OR PROVIDED TO YOU BY A CLIENT, YOU AGREE TO THESE TERMS AND OUR PRIVACY POLICY.  FOR THAT REASON, YOU SHOULD CAREFULLY REVIEW THIS POLICY BEFORE PROCEEDING.  IF YOU DO NOT AGREE WITH OUR POLICIES AND PRACTICES, YOUR CHOICE IS TO IMMEDIATELY CEASE USING OUR WEBSITE, OUR SOFTWARE, AND OUR SERVICES.  IN ADDITION, BECAUSE OUR PRIVACY POLICY MAY CHANGE FROM TIME TO TIME, YOUR CONTINUED USE OF THIS WEBSITE, SOFTWARE, OR SERVICES AFTER THOSE CHANGES OCCUR WILL BE DEEMED ACCEPTANCE OF THOSE CHANGES, SO CHECK BACK PERIODICALLY FOR UPDATES.

For purposes of this Privacy Policy, “Personal Information” means information that does or is capable of being associated with a particular person through one or more identifiers, as more particularly described under applicable privacy legislation.  This can include, but not limited to, a full name, address, telephone number, email address, Social Security Number, driver’s license number, state identification card number, bank account number, credit or debit card number, passport number, alien registration number, or health insurance identification number.  Unless otherwise required by law, it does not include publicly available information that is lawfully made available to the general public from federal, state or local government records or widely distributed media.

How we collect information about you

TOSD is a payment processor, and as such, processes data (including personal data) on behalf of Clients.   In doing so, we collect various types of information depending on how you use the Site and our services.   For example (but not by way of limitation), if you become a member of a Client, register with a Client, or otherwise log-in using the Site, or if you request information about any of our or a Client’s products or services, you may be asked to provide your name, email address, telephone number and other personal information.  If you order a service from a Client using the Site, you may be asked for your name, postal address, email address, telephone number and your bank account or credit card number.   If you send an email, text message, or otherwise communicate electronically with us, or with a client, you will have provided us personal information, including but not limited to your name, email address, and other identifying information.  If you contact us by telephone, we may record certain information, including personal data such as telephone number, name, geographic location, call length, and any follow-up information.  Such calls may be recorded, so that any personal data you provide during the call may also be collected.  In addition, we may collect information based on any search queries you may perform on the Site, as well as copies of correspondence if you contact us.

In addition to information you choose to provide to us, TOSD, our Clients, and third-parties may also use standard technologies to automatically collect certain additional information. For example, when you access and interact with the Site and use our Services, information may be collected about your visits in order to permit you to connect to and obtain the Services and so that we, our Clients, and third-parties can better understand the frequency with which specific visitors visit various parts of our Services.  We may collect your Internet Protocol (“IP”) address, which identifies the computer or service provider that you use to access the Site or receive Services, or information about your browser type, authentication identifiers, and other software and hardware information. If you access the Site or use the Services through a mobile or similar device, we may collect your mobile device identifier, geolocation data (including your precise location), or other transactional information for that device. We may combine this information with other information that we have collected to make our Services and our communications to you more targeted to your interests.  In addition, as you navigate through and interact with the Site or use the Services, we may use automatic collection technologies, that can provide us information about the details of your visits, the resources you access, searches that you perform, and information about the computer and internet connection (including IP address) that were used.

Non-personal information.  When you visit the Site, our servers (some of which are hosted by a third party) collect your IP address and standard web log information, such as your browser type, the web page from which you entered the Site, the length of time of each visit, and the pages you accessed on the Site.  By itself, an IP address is not personal information, although the IP address may be combined with other personal information to facilitate certain processing.  We and certain third-parties also collect non-personal information from you by means of Cookies (see below for a discussion regarding Cookies).  This automatically collected information provides us with data regarding the use of the Site, and we use this information to monitor and improve the Site.  In particular, we use IP addresses to analyze trends, administer the Site, track users’ movements, and gather information for aggregate use.

Personal information.  If a Client offers, you may become enrolled with or become a member of a Client (as may apply).  The Client may also allow you to make payments, change your personal information, schedule and pay for services, and otherwise interact with the Client, through use of the Site (“Services”).  In the ordinary course of providing our core services for the Client (including but not limited to payment processing), and (if chosen by the Client) providing you information regarding the Client’s business, services, charges, and other online services, we collect and maintain personal information about you from you and from the Client.  This information may include the following types of information:

• Contact information – your name, address, phone(s), email, birth date, and other similar information.
• Financial information – the bank account numbers and credit card numbers, with expiration date, for the accounts you choose to pay for services, and if you use the Site for these purposes, a Personal Identification Number (“PIN”).

Before permitting you to use the Services, the Client may require you to provide additional information used to verify your identity or address or manage risk, such as your social security number or other information.  We may also obtain information about you from the Client.

When you are using our Services, we collect information about your account transactions and we may collect information about your computer or other access device for fraud prevention purposes.

How We Use the Information We Collect

Our primary purpose in collecting personal information is to fulfill our obligations to our Client, including (when applicable) payment processing obligations, and to otherwise assist the Client with your account and with the services being offered by the Client.  We, our Clients, and third parties with whom we have relationships may use information we collect from and about you for a variety of business purposes, including to operate, maintain, modify and enhance the features of the Site, provide Services and fulfill business obligations, and otherwise provide Services to you and the Clients. 

We may use your personal information to:

•  Assist you in creating, maintaining, and managing a membership account or other relationship with a Client;
• Provide you information you request regarding a Client;
• Process transactions you request with respect to the Client;
• Allow you to change your personal information;
• Communicate with you;
• Facilitate your scheduling of and payment for services with the Client;
• Prevent potentially prohibited or illegal activities, and enforce our Terms of Use;
• Compare information for accuracy and verify it with the Client; and
• Protect your account from unauthorized access or identity theft.

We may also use Personal Information to perform business analyses and for other purposes intended to improve the quality of the Site, our Services, and the services offered by our Clients; to enhance the quality and contents of our Site based upon usage trends and visitor preferences; to pursue our legitimate business and other interests, including for our own internal administrative purposes, to investigate or report actual or potential crimes, to prevent or investigate fraud, to represent our interests in any proceedings, and to maintain records of contacts and sales; or, in accordance with your consent.

We only make your Personal Information available to the Client or in accordance with this Privacy and Security Policy, except that on rare occasions, we may be required to disclose your personal information by law pursuant to lawful requests such as subpoenas, court or agency orders, or as we may reasonably determine to be necessary to protect our rights or the rights of others, to deter fraud and credit risk, or to enforce our Terms of Use or this Privacy and Security Policy. 

How We Share Personal Information
Except as disclosed herein, we do not share or use your personal information for marketing purposes.  We will not sell or rent your personal information to third parties, except as disclosed in this Privacy and Security Policy.  To perform the Services, and fulfill our obligations to the Client, we may share your personal information with the Client.  We may also share your personal information with:

• Various departments of our company responsible for different aspects of the Services and our relationship with the Client;
• Service providers under contract who help with parts of our business operations (examples include fraud prevention, agreements with financial institutions and others for payment processing, technology, and security).  Our service providers, by contract, only use personal information in connection with the services they perform for us and not for their own benefit.
• Companies that we would consider merging with, or being acquired by, or as part of a corporate reorganization, stock sale or other change in control.
• When we believe, in good faith, that disclosure is appropriate to comply with the law or a regulatory requirement or to comply with a subpoena or court order; to prevent or investigate a possible crime, such as fraud or identity theft; to protect the rights, property or safety of its employees, customers and visitors to the Site.

How Do We Protect and Store Personal Information
Some of our servers are physically located at our business premises.  Some of our servers are dedicated servers hosted on a secure network of third-party service providers with whom we have contracts for the hosting and for other related services, including through Cloud-based storage and processing.  Our contracts require, among other things, that the service provider not use any of our confidential information except in performing services for us, or as required by law to protect its servers.  Further, our service providers are required to comply with security practices, procedures, and controls set forth in the contract.

Because of the nature of storage, Personal Information and data collected by us or provided to us may be stored and processed in any country where TOSD or our service providers maintain facilities or servers.  As a result, we do not have control over where any data or information may be physically stored in the Cloud.  TOSD is headquartered in the United States, and as a result, it is expected that data, including personal information, is likely to be maintained in or transferred to the United States.   Where information is transferred between countries, such transfer will be subject to a contract which ensures the production of information.  Insofar as you have given your consent for us to collect your personal information and process your data, the respective consent forms the legal basis for the processing covered by the consent. This applies to all data and personal information you provide to us, including but not limited to any consent to telephone or e-mail marketing you may have granted.  You may withdraw your consent at any time with effect for the future, or unsubscribe from any email or other newsletters at any time, by sending a message to the entity or person through whom you signed up for services. 

Although no website can fully eliminate security risks and no data transmission over the internet can be guaranteed to be 100% secure, we employ various security measures designed to help protect the personal information that we collect about you.  Our privacy policies are the same whether you are online or not, although we have extra measures to protect your privacy when you use the Services on the Site.  We maintain reasonable physical, electronic and procedural safeguards that comply with federal and state regulations to guard your Social Security Number and other personal information.  The information you provide to us online is protected by firewalls and Secure Socket Layer (SSL) technology.  SSL scrambles your account information as it moves between your PC’s browser and our computer systems.  When information is scrambled, or encrypted in this way, it becomes nearly impossible for anyone other than TOSD to read it.  This secure session helps protect safety and confidentiality of your personal information when you interact with us online. 

If you use the Site to enter personal information, or change your personal information, this information is sent to the Client electronically in encrypted format for review and/or approval.

We enforce physical access controls to our buildings and files, and we authorize access to personal information only for those employees who require it to fulfill their responsibilities.  All documents, materials, or computer screens that display all or more than four sequential digits of a Social Security Number or your personal information are kept out of public view at all times.  All documents containing Social Security Numbers and other personal information are stored in a physically secure manner, such as a locked safe, and no personal information is stored on computer or other electronic devices that are not secured against unauthorized access.

Documents containing personal information are retained in accordance with the requirements of Federal and state law.  At such time as documents containing personal information may be disposed of, we dispose of physical documents and electronic media containing Social Security Numbers and other personal information in such a manner that destroys, erases, or makes unreadable the data, computer files and documents containing personal information through the use of disposal methods such as shredding and the use of electronic “scrubbing” programs that permanently erase all data stored on electronic media.

We take reasonable measures to enforce this Privacy and Security Policy, and to correct and prevent the reoccurrence of any known violations.  Any employee who knowingly obtains, uses, or discloses personal information for unlawful purposes or contrary to the requirements of this Privacy and Security Policy or applicable law is subject to discipline up to and including termination of employment.  We cooperate with appropriate law enforcement and administrative agencies in the apprehension and prosecution of any person who knowingly obtains, uses, or discloses personal information through the Company for unlawful purposes.  We have a duty to inform you of any breach of security involving your personal information, if such were ever to occur.  We have no control over the public or third party network through which you send your personal information to the Site.

COOKIES

What are Cookies and Do We Use Them?
A cookie is a small piece of information that our Site or a permitted third-party (see below) places on your computer.  The cookie is saved on the hard drive by your computer’s browser.  It holds information our Site may need to interact with you and personalize your experience, and helps the Site recognize you.  When you return to the Site, your browser gives data back to our server.  At present, while some cookies may not reveal personal information without your consent, you may agree to such use by accessing websites and using services where the provider requests your consent.  By your use of our services and the Site, you acknowledge that you have reviewed the terms and conditions, and consent to the use of cookies and the sharing of your data and personal information in accordance with our terms and conditions.

Clients, and third-party tools that we use in connection with providing our Services, may also use cookies. We, our Clients, and third-parties use cookies for a variety of purposes in order to enhance the quality of our sites. We use transient (also called “session ID”) cookies to provide continuity from page to page. A session ID cookie expires when you close your browser. We also use persistent cookies. Persistent cookies allow parts of our site to recognize your browser when you return after your first visit to that part of our site and also track your activity after you have left our site, serving you marketing content on partner and affiliate sites. Cookies allow us to personalize your return visits to our site and to save you time during certain activities. You have the choice to set your browser to accept all cookies, reject all cookies, or notify you when a cookie is set. For more information, please consult the “Help” menu of your Internet browser.  It is your decision whether to allow us to send you cookies. If you do not accept cookies from us, however, your ability to use some aspects of our Services may be limited.

As a matter of security, we do not imbed your Social Security Number or other personal information in our cookies.  Any personal information you provide to us in utilizing the Site is stored safely and separately on our secured servers, and you need a password to access it.

Most web browsers allow you to exercise control over cookie files on your computer by erasing them, blocking them, or notifying you when such a file is stored.  Please take a look at your particular browser for instructions on this function.  If you do elect to disable our cookies, please note that you may not be able to take full advantage of a personalized experience on the Site.

If you are a registered user of the Site, we recommend that you complete your online transactions and log off before surfing to other sites or turning off your PC.  We also suggest that you do not surf to other sites during your online session on the Site.

Third-Party Cookies
Notwithstanding anything else in this policy, we and/or our partners may place or read use cookies to enable you to receive customized ads or content. These cookies contain no personally identifiable information. The cookies may reflect de-identified demographic or other data linked to data you voluntarily have submitted to us, e.g., your email address, which we may share with a data provider solely in hashed, non-human readable form. Users can also express their choices for display advertising, through the following platforms: Digital Advertising Alliance opt-out platform or the Network Advertising Initiative opt-out platform.

We and/or our partners use cookies and web beacon technology to associate certain Internet-related information about you, such as your Internet Protocol address and what Web browser you are using, with certain of your online behaviors, such as opening emails or browsing websites. Such information is used to customize ads or content and may be shared with our partners.

Web Beacons and other tracking technologies.
The Site, and Services, may also use other tracking tools, including so-called “pixel tags,” “web beacons,” “web bugs,” “clear GIFs,” etc. (collectively “Web Beacons”) to collect user activity information about your activities on the Services. These are small electronic images embedded in web content (including online ads) and email messages and are ordinarily not visible to users.  Like cookies, Web Beacons enable us and third-parties to track pages and content accessed and viewed by users.  While you may receive emails from Clients, we do not send direct emails to you, nor are we involved in the emails you may receive from a Client, and thus any questions you may have regarding such emails should be directed to the club, practice, or service with whom you have a relationship.

Third-Party Content.
Included on the Site may be links to third-party websites and content providers, including but not limited to YouTube, Facebook, LinkedIn, Twitter, Google, and others.  We do not control and are not responsible for the actions and policies of any third parties, and once you click on a link for any website other than ours’s, you will be subject to the third-parties’ privacy policies, and our Privacy Policy will not apply.  In the event that any such third-party websites request information from you, the use of any such information is solely the responsibility of that third-party, and we caution you to carefully review their policies prior to providing any information.

Links to and from Other Websites
We are not responsible for the privacy practices and policies of non-TOSD websites, including those of the Client.  We have no knowledge of or control over how the Client or any third party uses cookies, or how they collect, use, store, and protect your non-personal or personal information.  You should read the legal, privacy and security information contained in each and every website you visit.

Policies for Children
The content on our Site, and our services, are intended for adults and are NOT directed to or intended for children.  While a Client may, pursuant to its own Privacy Policies, provide access or services to children under 18, we do not knowingly permit children under age 18 to register for or download any files or information from the Site, nor to use or access any services.  We do not knowingly collect, use, or disclose personal information about users under age 18, except as permitted by law.  If you are under the age of 18, you should immediately leave our website, not use our websites or services, nor provide any information to our website.  If you believe your child has impermissibly provided us with his or her personal information, please contact us, so that we can identify and delete that information.

DATA RETENTION

We will retain your information and data for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless longer retention is required by a Client or is allowed by law.  We will delete your personal data as soon as it is no longer needed for these purposes.  As soon as your personal data is no longer needed for the aforementioned purposes, it will be removed from our databases and no longer be available for further use, and will be deleted at the end of the retention periods stipulated by law, unless you have expressly consented to further utilization of your data.  We reserve the right to data utilization after said retention periods in any way permitted by your consent, by law and as described in this Privacy Policy.

California Privacy Rights and Do Not Track Signals.
Under legislation enacted in California in June of 2018, California consumers are entitled to certain information from businesses which meet certain criteria, including with respect to revenues, the residence of persons whose data is processed, and the use of data.  TOSD does not believe that it meets those criteria.

If you are a California consumer, it is possible that one or more entities through whom you may have signed up and for whom we provide services may meet the criteria imposing obligations under the California statutes.  If you are a California consumer, you may contact the person or entity with whom you signed up to review their policies and exercise your rights under applicable law.   As we do not control such information, we suggest you contact such entities directly.  Please note that we will not accept requests you may make with respect to the California laws, and we are not responsible for notices that are not sent properly, and we do not have the obligation nor the ability to act on any such requests.

CONNECTICUT DATA PRIVACY ACT
This Privacy Notice for Connecticut Residents (the “CT Privacy Notice”) supplements the information contained in the TOSD Privacy Notice and applies solely to all visitors, users, and others who reside in the State of Connecticut (“consumers” or “you”). We adopt this CT Privacy Notice to comply with applicable Connecticut law, including the Data Privacy Act, as amended from time to time (“CTDPA”) and any terms defined in the CTDPA have the same meaning when used in this CT Privacy Notice.  Any other capitalized but undefined terms shall have the meanings set forth in the general Privacy Notice.

As used in this CT Privacy Notice “Personal Data” means any information that is linked or reasonably linkable to an identified or identifiable natural person.  Personal Data does not include de-identified data, publicly available information, or data outside the scope of the CTDPA.

TOSD considers itself to be a “processor” under the CTDPA, as it processes data on behalf of other entities (referred to under the CTDPA as “controllers”).  As such, those controllers are responsible for the use of data, and communications regarding your data should be directed to the controllers.  

HOW WE COLLECT, USE, AND DISCLOSE YOUR PERSONAL DATA
While we are primarily a processor, we may collect, use, and disclose your Personal Data as set forth above in this Privacy Notice.  We will obtain your explicit consent and provide your ability to opt into such collection prior to any collection of this information.  If we use de-identified data, we also will maintain and use such de-identified data without attempting to re-identify such data.

RIGHTS AND CHOICES OF CONNECTICUT RESIDENTS
The CTDPA provides Connecticut residents with specific rights regarding their Personal Data.  Among other things, the rights afforded to Connecticut residents include Opt-Out Rights with respect to targeted advertising and sale of your information; Access Rights to information about you and the use of Personal Data; Data Correction Rights, Deletion Rights, and Data Portability Rights.  Because TOSD is a Processor, should you wish to exercise any rights or obtain further information, you should contact the person or entity with whom you signed up for services for which TOSD is providing processing.  If you have any questions or comments regarding the manner in which a Client collects or uses your data, please contact that Client directly.  

OTHER IMPORTANT INFORMATION

Third Party Sites
If you click on or interact with a hyperlink that you find on our Site, you may leave our Site or send information to a different website or application.  This may include Google, Facebook, LinkedIn, Twitter, X, a Client’s website, and other third-party websites.  Our Privacy Policy does not apply to your interactions with third-party websites or mobile apps, even if you find a link to them on or access them through our Site.  Thus, you should read the privacy policy of the third-party provider to see how your personal information will be treated on its site.  We have no control over such third-parties, their Internet sites, or their products or services.

Visiting Our Services from Outside the United States
Please be aware that your personally identifiable information may be accessed from, transferred to, processed, and stored in any country where we have facilities or engage service providers. By using our website or providing us with any personal information through the Services, you consent to the transfer, processing and storage of your personal and non-personal information in countries outside your country of residence, including the United States, where the data protection and other laws might be different from those in your country. This includes the use of cookies and other tracking technologies as described above. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in the United States may be entitled to access your personal information. As a result, please read this Privacy Policy with care.

Changes in this Privacy Policy
We may amend or update this Privacy Policy at any time without notice to you by posting the most recent version of the Policy on the Site, along with an indication of the date on which the Policy was amended most recently. The revised version will be effective at the time we post it, so please check our Privacy and Security Policy and our Terms of Use periodically for changes. 

Contact Us
If you have questions or wish to send us comments about this Privacy Policy, you may do so at:
Webmaster, TOSD Corporation
1463 Berlin Turnpike
Berlin, Connecticut 06037, USA
ATTN:  Customer Service – Privacy and Security Policy

This is also our postal address.  If you have additional questions or would like further information on this topic, please feel free to write to us or email us at webadmin@tosd.com. 

Acceptance of Privacy and Security Policy and Terms of Use
By viewing, accessing, or using this Site; becoming a member of or enrolling with a Client, accessing or modifying your account information, making a payment, and/or by scheduling and/or paying for services offered by a Client using the Site, you accept and agree to all the terms, conditions and notices contained in or referenced on the Site, including this Privacy and Security Policy.  If you do not agree with all of the terms, conditions and notices on the Site or the Terms of Use, you must immediately leave the Site, and not use the Site nor any Service or information provided by the Site.

Safety and security also depend on you.  Where you have been given or chosen a password and username to access certain parts of our Site or a Client’s site, or to provide us information or communicate with us, you are responsible to keep this password confidential.  You should not share your password with anyone.

It must be recognized that no method of transmitting or storing electronic data is ever completely secure.  As a result, we cannot and do not warrant or guarantee that the security of any information you transmit to us, over the Internet or otherwise, nor that information provided to us will never be accessed, used or released in a manner that is inconsistent with this Privacy Policy.  Your provision to us of any personal information is at your own risk.

Public Display

Updated June 4, 2024

This Privacy and Security Policy is the publicly displayed privacy protection policy of TOSD Corporation in accordance with §42-471 of the Connecticut General Statutes.