Privacy Policy

Last Updated: January 2025

1. Data Controller

Spinebone operates the website spinebone.ddd. We are the data controller responsible for your personal information.

Contact Information:
YMCA of the USA
101 North Wacker Drive
Chicago, IL 60606
United States
Phone: +1 800 872 9622
Email: mailuse@spinebone.world

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when you:

• Fill out contact forms (name, email address, message content)
• Subscribe to our communications
• Participate in challenges or activities
• Create an account on our platform

2.2 Automatically Collected Information

When you visit our website, we automatically collect:

• IP address and device information
• Browser type and version
• Pages visited and time spent on pages
• Referring website addresses
• Operating system information

2.3 Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent for specific processing activities
• Contract: When processing is necessary to fulfill our services to you
• Legitimate Interests: When we have legitimate business interests that do not override your rights
• Legal Obligation: When we must comply with legal requirements

4. How We Use Your Information

We use collected information for the following purposes:

• Responding to your inquiries and providing customer support
• Delivering educational content and challenge materials
• Improving our website functionality and user experience
• Sending newsletters and updates (with your consent)
• Analyzing website usage and performance
• Complying with legal obligations
• Preventing fraud and ensuring security

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

• Service Providers: Third-party vendors who assist with website hosting, email delivery, and analytics
• Legal Authorities: When required by law or to protect our rights
• Business Transfers: In the event of a merger, acquisition, or sale of assets

All third-party service providers are contractually obligated to protect your data and use it only for specified purposes.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:

• Contact form submissions: 3 years from submission date
• Account information: Duration of account activity plus 1 year
• Marketing communications: Until you unsubscribe
• Analytics data: Aggregated and anonymized after 26 months
• Legal compliance data: As required by applicable laws

7. Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights:

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your supervisory authority

To exercise these rights, contact us at mailuse@spinebone.world. We will respond within 30 days.

8. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with equivalent data protection
• Privacy Shield certification (where applicable)

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• SSL/TLS encryption for data transmission
• Secure server infrastructure with regular security updates
• Access controls and authentication mechanisms
• Regular security audits and vulnerability assessments
• Employee training on data protection practices

While we strive to protect your information, no method of transmission over the internet is completely secure.

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information
• Right to deletion of personal information
• Right to non-discrimination for exercising privacy rights

We do not sell personal information as defined by CCPA.

12. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated revision date. Significant changes will be communicated via email or prominent website notice.

13. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us:

Email: mailuse@spinebone.world
Phone: +1 800 872 9622
Mail: YMCA of the USA, 101 North Wacker Drive, Chicago, IL 60606, USA