Privacy Policy for California Residents

Last Updated:

This Privacy Policy applies to California residents who are job applicants, prospective talent, employees, interns, agency workers, contractors, and consultants to and for Mindbody, Inc. (“Mindbody” “we,” “our” or “us”) or our group companies. This Privacy Policy does not apply to personal information we collect about customers or clients.

PURPOSE OF THIS POLICY: Under the California Consumer Privacy Act ("CCPA"), Mindbody is required to provide you with a description of your CCPA rights and certain details about the categories of personal information collected and disclosed in the preceding year. 

CATEGORIES OF PERSONAL INFORMATION COLLECTED: Generally, we may collect the following categories of personal information about you:

  • Name, Contact Information and other Identifiers. Identifiers such as a real name, alias, postal address, email address, phone number, account name, social security number, driver’s license number, passport number, federal identification authorizing work in the United States, insurance policy number or other similar identifiers, IP address and online identifiers and other unique identifiers.
  • Protected Classifications. Characteristics of protected classifications under California or federal law such as race, color, sex, sexual orientation, gender identity, age, religion, national origin, disability, citizenship status, military/veteran status, marital status, medical condition, and pregnancy.
  • Usage Data. Internet or other electronic network activity information, including, but not limited to, browsing history, access and/or passcodes, information regarding your interactions with our website and systems, and associated access logs and other activity information related to your use of any Mindbody network or device and any personal information that you provide while accessing Mindbody’s computer systems, such as personal credit card information and passwords.
  • Audio, Video and other Electronic Data.: Audio, electronic, visual, or similar information, such as, CCTV footage, photographs, and audio recordings (e.g., recorded meetings and webinars).
  • Employment History. Professional or employment-related information.
  • Education Information. Information about education history or background that is not publicly available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).
  • Financial and Benefits Information. Financial or commercial information, such as bank account details and payroll information, wage and benefit information transaction information and purchase history (e.g., in connection with travel or other reimbursements or purchases of benefits under the Company’s wellness offerings), medical information, health insurance information and beneficiary and emergency contact information.

SENSITIVE PERSONAL INFORMATION: The categories of data that Mindbody collects and discloses for a business purpose include “sensitive personal information” as defined under the CCPA. Mindbody does not use or disclose sensitive personal information for any purpose not expressly permitted by the CCPA.

SOURCES: We may collect personal information from you in a number of ways, including: directly (such as when you submit an application or onboard as an employee); via a recruiter or third-party submitting information about you on your behalf; automatically when you use our websites and registered devices; or from other sources, such as public databases and public social media pages and platforms (such as LinkedIn).

PURPOSES FOR COLLECTING AND USING PERSONAL INFORMATION: Generally, we may use personal information for the following business purposes:

  • Team Member and Business Administration. To operate, manage, and maintain our business and administer our relationship with you as an employee, consultant, applicant or prospective talent, including payroll and benefits administration, business management and planning, processing team member work-related claims (for example, insurance claims), conducting performance reviews and determining performance requirements, assessing qualifications for a particular job or task, gathering evidence for disciplinary action or termination, for education, training, and development requirements and to comply with health and safety obligations.
  • Recruiting, Hiring and Managing, and Evaluating Applicants. To review, assess, recruit, consider or otherwise manage Applicants and job applications, including:
    • Scheduling and conducting interviews;
    • Identifying applicants, including by working with external recruiters;
    • Reviewing, assessing and verifying information provided, to conduct criminal and background checks (where relevant and pursuant to applicable law), and to otherwise screen or evaluate applicants’ qualifications, suitability and relevant characteristics;
    • Extending offers, negotiating the terms of offers, and assessing salary and compensation matters;
    • Satisfying legal and regulatory obligations;
    • Communicating with applicants regarding their applications and about other similar position(s) for which they may be interested;
    • Maintaining applicant personal information for future consideration; and
    • Supporting our equal opportunity employment policy and practices.
  • Security and Monitoring. In order to monitor and secure our resources, network, premises and assets, including:
    • Monitoring for, preventing and investigating suspected or alleged misconduct or violations of work rules;
    • Monitoring for, preventing, investigating and responding to security and privacy incidents;
    • Providing and managing access to physical and technical access controls;
    • Monitoring activities, access and use to ensure the security and functioning of our systems and assets; and
    • Securing our offices, premises and physical assets, including through the use of electronic access systems and video monitoring.
  • Auditing, Accounting and Corporate Governance. Relating to financial, tax and accounting audits, and audits and assessments of our business operations, security controls, financial controls, or compliance with legal obligations, and for other internal business purposes such as administration of our records retention program.
  • M&A and Other Business Transactions. For purposes of planning, due diligence and implementation of commercial transactions (e.g., mergers, acquisitions, asset sales or transfers, bankruptcy or reorganization or other similar business transactions).
  • Defending and Protecting Rights. In order to protect and defend our rights and interests and those of third parties, including to manage and respond to legal claims or disputes, and to otherwise establish, defend or protect our rights or interests, or the rights, interests, health or safety of others, including in the context of anticipated or actual litigation with third parties.
  • Compliance with Applicable Legal Obligations. Relating to compliance with applicable legal obligations (such as hiring eligibility, responding to subpoenas and court orders) as well as assessments, reviews and reporting relating to such legal obligations, including under employment and labor laws and regulationssocial security and tax lawsenvironmental regulations, workplace safety laws and regulations, and other applicable laws, regulations, opinions and guidance.

DATA SHARING: We disclose personal information:

  • To employees, contractors, designated agents, investors or third-party service providers who require such information to assist us with administering our relationship with you and for our own business administration purposes, including third-party service providers who provide services to us or on our behalf. Third-party service providers may include, but not be limited to, payroll processors, benefits administration providers, data storage or hosting providers and professional advisors (e.g., accountants, lawyers, bankers); 
  • Where Mindbody is involved in a sale or business transaction (e.g., merger or acquisition), Mindbody will retain a legitimate interest in disclosing or transferring your Personal Information to third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), including in any negotiations leading to such. Such parties may include, for example, an acquiring or target entity and its advisors;
  • To other members of our group of companies, affiliates, and our board of directors for the purposes set out in this Privacy Policy - e.g. in order to perform any employment contract with you - or as part of our regular reporting activities to other members of our group, affiliates, and our board of directors; and
  • To law enforcement, public authorities and related third parties to comply with legal obligations or valid legal processes such as search warrants, subpoenas, court orders, or other lawful requests by public authorities, including to meet national security or law enforcement requirements.

We do not “sell”, “share” or disclose personal information to third parties in exchange for monetary compensation.

DATA RETENTION: Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal information for as long as necessary to fulfill the purposes for which we collected it, as required to satisfy any legal, accounting, or reporting obligations, or as necessary to resolve disputes. To determine the appropriate retention period for personal information, we consider our statutory obligations, the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.

CONSUMER RIGHTS: You may have certain rights as a consumer under the CCPA, including to request information about the collection of your personal information, to access your personal information in a portable format, to correct inaccurate personal information, to limit the use and disclosure of sensitive personal information (however, note that we do not use or disclose sensitive personal information in a manner that would trigger such right under CCPA) or to delete your personal information. If you, or an authorized agent under the CCPA, wish to do any of these things, please contact us at: [email protected]. Mindbody does not discriminate against individuals for exercising rights under the CCPA. If we reject your request to exercise a privacy right, under CCPA you may have the right to appeal our rejection by contacting us.

CONTACTING US ABOUT THIS PRIVACY POLICY:  If you have any questions or concerns regarding our use of personal information as described in this Privacy Policy, please contact [email protected].