U.S. STATES PRIVACY NOTICE

Last Updated: March 1, 2023

This U.S. States Privacy Notice (“Notice”) supplements the information in and is part of the Peloton Privacy Policy. This Notice discloses information related to our privacy practices required by certain U.S. State privacy laws which include California, Colorado, Connecticut, Nevada, Virginia, Utah and any other future rights granting U.S. state. This Notice is intended to supplement the Peloton Privacy Policy in order to meet our disclosure requirements pursuant to relevant state law. To understand our privacy practices, you should refer to the Peloton Privacy Policy in addition to this supplement applicable to residents of rights granting states

This Notice applies to Personal Information, as defined below, that is processed by Peloton in the course of our business, including via the Peloton Site, the interfaces on tablets connected to Peloton fitness equipment such as the Peloton Bike and Tread, and through our Apps, forums, social media accounts, blogs, studios, retail showrooms, and other online or offline offerings (together with any and all future online and offline offerings operated by or on behalf of Peloton, the “Services”).

This Notice is not intended to apply to Personal Information we collect about our employees, applicants for employment, or contractors in the employment context.

The definition of “Personal Information” may be different under individual state regulations. Generally, the definition used in this Notice differs from the definition used in the Peloton Privacy Policy. As used in this Notice only, “Personal Information” refers to “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

1. WHAT PERSONAL INFORMATION WE COLLECT

The table below identifies the categories of Personal Information we collect and provides examples of Personal Information in such categories, along with information on the third parties with whom such categories of information are shared. For more information about the Personal Information we collect, please see section 1 of the Peloton Privacy Policy.

CategoryExamples of Personal Information in this CategoryThird Party Recipients
IdentifiersName, email address, mailing address, shipping address, phone number, username, physical characteristics, birthday, location, images of youVendors and Service Providers, Business Partners, Other Peloton Users, Third Party Advertising Partners
Protected CharacteristicsAge, GenderVendors and Service Providers, Other Peloton Users, Business Partners, Third Party
Commercial InformationPurchase history, use history (total number of classes taken, the dates you took those classes, class performance history, including leaderboard rank, achievements earned, total output, speed, distance and calories burned), in-studio attendance history, your followers and who you are followingVendors and Service Providers, Business Partners, Other Peloton Users, Third Party Advertising Partners
GeolocationInternet protocol (IP) address, GPS location, longitude/latitude, city, county, zip code and region, and your location and your smart device’s proximity to “beacons,” Bluetooth networks and/or other proximity systemsVendors and Service Providers, Business Partners, Other Peloton Users, Third Party Advertising Partners
Internet or other electronic network activity informationIP address, cookie identifiers, mobile carrier, mobile advertising identifiers, MAC address, IMEI, Advertiser ID, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type and language, geo-location information, hardware type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Services, and other actions taken through use of the Services such as preferencesVendors and Service Providers, Business Partners, Third Party Advertising Partners
Financial or health information or other Sensitive InformationPayment information, such as credit card number, status of loan application; to the extent you have worn a heart rate monitor, information about your heart rate over the course of a classVendors and Service Providers, Business Partners
Audio, electronic, visual, thermal, olfactory or similar informationYour visual image, likeness and voice recording (e.g., via photographs and/or video); recordings of member support and sales callsVendors and Service Providers
Professional InformationCompany name and title for visitors and guestsVendors and Service Providers
Inferences drawn from any of the above information categoriesInferences about the type of classes you prefer to enhance your Services experienceVendors and Service Providers

* We may also share each of the above listed categories of Personal Information with government entities if we believe doing so is necessary: (i) to comply with law enforcement or national security requests and legal process, such as, a court order or subpoena; (ii) to protect yours, ours or others’ rights, property or safety; or (iii) to enforce Peloton policies or contracts. Additionally, if we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets or transition of service to another provider, then each of the above listed categories of Personal Information may be shared with the involved corporate entities and their professional advisors, representatives and agents as part of the transaction as permitted by law and/or contract.*

The sources of the Personal Information we collect above include Personal Information that you directly provide to us (for example, on our Site or our Apps, and in our studios, showrooms, or by telephone), Personal Information that we gather from the devices you use to access our Services (for example, fitness equipment, heart rate monitors, mobile applications or websites), Personal Information we receive from third party partners (for example, our financing partners if you finance your purchase, or certain marketing, research or survey partners), and Personal Information that we generate internally (for example, we may generate identifiers internally that we associate with you).

2. HOW WE USE PERSONAL INFORMATION

The Peloton Privacy Policy describes our uses of Personal Information (see section 2).

3. WHAT PERSONAL INFORMATION WE SHARE

In addition to the table above, the Peloton Privacy Policy provides information regarding the categories of third parties with whom we share Personal Information (see section 3).

State laws, such as those in California, require that we also list the categories of Personal Information that we have disclosed to third parties for business purposes in the last 12 months. In the last 12 months, we have disclosed all of the categories of Personal Information we describe in the “What Personal Information We Collect” section for business purposes. For example, we may share your IP address or device ID with service providers that provide crash monitoring and reporting services to us.

Some states allow residents to have the right to opt out of disclosures of Personal Information to third parties for valuable consideration (which may be considered “sales” for example under California law even if no money is exchanged). If you reside in one of these states, and would like to minimize “selling” of your information with third parties for marketing purposes, please opt out of sale/share by using the “Do Not Sell/Share My Personal Information” link on the bottom of our website in states granting this right to opt out.

Please Note: The California Privacy Rights Act (CPRA) defines the term “sale” broadly, and it may include selling/sharing certain information for particular purposes through technology such as cookies or other identifiers. We never sell personal information to third parties for money nor do we “share” it for targeted advertising purposes (as defined by state privacy laws). However, under the CPRA, when you visit this website, we and our partners may collect certain information about you, your devices, and your behavior through cookies, tags or other identifiers that may be considered a “sale/share” even if no money is exchanged.

4. YOUR RIGHTS

Your state’s law may allow you have certain rights, such as:

  • Right to data portability/access. You may be entitled to receive the specific pieces of Personal Information we have collected in the 12 months preceding your request, including, where applicable, in an electronic and readily-usable format.

  • Right to know. You may be entitled to receive information regarding the categories of Personal Information we collected, the sources from which we collected Personal Information, the purposes for which we collected and shared Personal Information, the categories of Personal Information that we sold and the categories of third parties to whom the Personal Information was sold, and the categories of Personal Information that we disclosed for a business purpose in the 12 months preceding your request.

  • Right to deletion. You may be entitled to request that we delete the Personal Information that we have collected from you. We will use commercially reasonable efforts to honor your request, in compliance with applicable laws. Please note, however, that we may need to keep such information, such as for our legitimate business purposes or as required to comply with applicable law.

  • Opt out/Limiting Use. You may be able to opt out of some collection or uses of your Personal Information.

  • Rectification. You have the right to correct inaccurate information.

You may freely exercise these rights without fear of being denied goods or services. We may, however, provide a different level of service or charge a different rate reasonably relating to the value of your Personal Information. If you would like to exercise one of your rights, please fill out and submit the Privacy Request Form or contact us at 1-844-559-0051.

You may opt out and we honor certain technologies broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) if you are a resident of certain states. This occurs on the browsers and/or browser extensions that support such a signal. This request will be linked to your browser identifier only.

We are required to verify the requests we receive from you when you exercise certain rights listed above. We (or third parties we engage to assist us) may ask you to provide certain information to us in order for us to verify your request, including your name, email address, Peloton username, physical address, date of birth and phone number (the “Verification Information”). This information will be used to generate a brief quiz with personalized questions to verify your identity. If you fail the identity verification quiz twice, our third-party verification partner will ask you to verify your identity by submitting a copy of state-issued ID and a photograph of yourself.

You may also designate an authorized agent to exercise your rights on your behalf. If you have provided an authorized agent with a power of attorney pursuant to your state’s Probate Code, we will work directly with your authorized agent to complete your request. Where you have not provided an authorized agent with a power of attorney pursuant to your state’s Probate Code, we will reach out to you directly to confirm the authorized agent’s authority and collect the Verification Information.

In addition to these rights, pursuant to California’s “Shine the Light” law, California residents who share personal information with us have the right to request and obtain from us once per year, free of charge, a list of the third parties to whom we have disclosed their Personal Information (if any) for direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. If you would like to exercise this right, please use the contact information listed below to contact us.

5. HOW TO CONTACT US

If you have any questions about our privacy practices, this Notice or would like to contact us you can do so by email at privacy@onepeloton.com or at the address below.

Peloton Interactive, Inc. 441 Ninth Avenue, Sixth Floor New York, NY 10001 USA Attn: Legal Department

6. UPDATES TO OUR PRIVACY NOTICE

We may update our Privacy Notice from time to time. When we do, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws. You can see when this Privacy Notice was last updated by checking the "last updated" date displayed at the top of this Notice.