Privacy Policy

Where This Privacy Notice Applies

This Privacy Notice applies when you:

• access, visit, integrate, upload information, or interact with or use ATHLIVO's Platform or Services;
• create or use an ATHLIVO Customer account;
• receive communication from us or otherwise communicate with us, including but not limited to emails, phone calls, texts, or interactions on branded social media pages including customer support interactions;
• register for, attend, or take part in events, webinars, and trainings; and
• participate in surveys, research, questionnaires, or other similar data collection facilitated by us.

This Privacy Notice does not apply to personal information that ATHLIVO processes on behalf of its customers in the course of providing the Platform and Services. In such cases, ATHLIVO acts as a "processor" or "service provider" and the relevant customer is responsible for the personal information they manage through the Platform and Services, including obtaining any required consents and providing applicable privacy notices. Please refer to the Data Processing Addendum located here https://athlivo.co/data-processing-addendum for more information. If you are an individual whose information has been submitted to the Platform or Services by a customer (for example, an agent uploading information about an athlete client), please direct any privacy-related inquiries to that customer directly.

Personal Information We Collect

Personal information is information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual or household. Personal information does not include aggregate data, which is data we may collect about the use of the Platform or Services or about a group or category of services or users, from which an individual's identity cannot be discerned and all other personal information has been removed. This Privacy Policy in no way restricts or limits our use of aggregate data and the personal information we collect depends on your interaction and relationship with ATHLIVO's Platform and Services. We collect and process the following categories and types of personal information with your consent or as otherwise required or permitted by law.

Information From You

We may collect or receive the following personal information from you subject to your use of our Platform or Services:

• Account information, such as account usernames, passwords, and security credential information;
• Contact information, such as full name, mailing address, email address, telephone number, and business contact information;
• Government identifiers, such as government-issued photo ID such as a driver's license or passport;
• Communication information, such as any information provided when you communicate with us;
• Feedback information, such as your responses to surveys or other feedback provided about the company, events, and interactions;
• Marketing and content preferences, such as how you like to be contacted and choices regarding marketing communications;
• Financial information, such as credit card information, payment card number, payment card expiration date and CVV code, bank account number, routing number, and balance and transaction information;
• Demographic information, such as gender, date of birth, age, racial or ethnic origin, marital status, and disability information;
• Information you provide to be inputted on the Platform or through any interactions with our Services;
• Audio and visual information, such as if you allow screen sharing, attend an event, or agree to being recorded; and
• Commercial information, such as records of products or services purchased, obtained, or considered, and purchasing histories.
• Athlete client and prospective client information, including, without limitation: Name, contact information, date of birth, nationality; Athletic performance metrics (e.g., stats, rankings, event results); Contractual information (e.g., team affiliations, contract values and terms, endorsement deals); Injury and medical history (where applicable and provided by Customer, subject to applicable law); Media assets (e.g., photos, videos, public bios); Travel documents and logistics information (e.g., passport number, visa status).

Information We Automatically Collect

We may automatically collect the following personal information based on your interactions with our Platform or Services.

• Internet or electronic usage data, such as data related to network and website interaction history, IP address, website cookie information, interaction with advertisements, device information, network log, and browsing time;
• Geolocation data, such as approximate location derived from IP address and precise location data if you have granted permission to share;
• Inferences, such as information from the categories of personal information described above in order to create inferences about you, to reflect your preferences, characters, behavior, and attitude; and
• Other identifiers and information contained in cookies and similar tracking technologies as described in the Cookies, Analytics, and other Tracking Technologies section.

Information From Other Sources

We may collect and receive information about you or another individual, including personal information, from third parties and combine this information with personal information collected from other sources. These sources may include:

• Financial institutions, credit bureaus, and third-party administrators, and our service providers; and
• Public and third-party data sources including aggregators and social media networks for marketing purposes (e.g., social profile, professional information).

Providing your personal information is optional. You are not under a legal duty to provide your personal information, but it may be necessary for certain Services, such as account registration and to access the Platform. In such cases, if you do not provide your personal information, we may not be able to provide you with the requested Services.

How We Use Personal Information

We use the personal information we collect for purposes described in this Privacy Notice or as otherwise disclosed to you. For example, we use personal information for the following purposes:

• Provide our Services;
• Process transactions;
• Manage accounts;
• Determine eligibility for our Services and our partners' programs;
• Operate, develop, evaluate, and improve our business, the Platform and our Services;
• Develop new products and features for our Services which may include the use of artificial intelligence ("AI");
• Protect against, identify, and prevent fraud, theft, and other illegal activity;
• Maintain and enhance the safety and security of our Platform and Services;
• Exercise our rights and remedies and defend against legal claims to protect us and our property;
• Comply with applicable law, regulation, industry standards, or legal process;
• Verify your identity;
• Resolve disputes and protect the rights of users and third parties;
• Monitor and enforce compliance with the applicable Terms of Service;
• Prevent or stop any activity that may be illegal, unethical, or legally actionable;
• Communicate with you as part of your use of Services;
• Respond to inquiries, requests or questions, provide support, and resolve disputes;
• Advertise and market our products and services and (where permitted by applicable law and, where required, with your consent) and to send you information about third-party products and services;
• Determine eligibility for, and administer participation in certain programs, features, events, and offers including but not limited to surveys, contests, sweepstakes, and promotions;
• Provide "personalized" or "interest-based" advertising including through the use of cross-device tracking; and
• For any other purpose for which we may describe to you.

Some features of the Platform may use AI or automated tools to provide suggestions, insights, or support to customers. These tools do not make decisions that have legal or similarly significant effects without human input.

How We Disclose Personal Information

We share your personal information with the categories of third parties listed below for the purposes described in the How We Use Personal Information section, unless otherwise noted at the point of collection or with your consent:

• Your organization where your organization is a customer or potential customer of ATHLIVO.
• Service providers that we have contracted with to provide services on our behalf such as IT and hosting, data analytics, identity verification, customer support, artificial intelligence technology, email fulfillment, and payment services.

We engage third-party service providers for infrastructure, analytics, AI support, and communications. A list of key subprocessors or categories of vendors is available in our Data Processing Addendum ("DPA") available at https://athlivo.co/data-processing-addendum

Other parties under the circumstances described below:

For legal reasons, including:

• with companies that help secure our Services and detect fraud;
• with legal and financial advisors, auditors, examiners, and certain (including potential) investors; and
• with companies that may acquire us, if we are involved in a merger, acquisition, or sale of assets.

To comply with applicable law, regulation, or legal process, including to:

• comply with law enforcement or national security requests;
• comply with legal process, such as a court order or subpoena (including in a country other than your home country);
• protect your, our, or others' rights, property, or safety;
• enforce our policies or contracts and collect amounts owed to us; and
• assist with an investigation or prosecution of suspected or actual illegal activity.

To further public policy goals, including:

• publishing reports that incorporate aggregated, non-personally identifiable information about customer attributes, transactions, and behavior;
• sharing data containing aggregated and/or non-personally identifiable customer information with non-profit or non-partisan organizations, academic institutions, think tanks, trade associations, consultancies, or similar organizations, only if they have signed an agreement with us that restricts how they can store, access, share, and use the information.

For any other purpose and to any other person with whom you, or your agent expressly authorize us to share your information.

How Long Do We Keep Personal Information

We will retain your personal information for as long as necessary to fulfil the purposes described in the How We Use Personal Information section above, unless a longer retention period is required or permitted by applicable laws. Unless otherwise required, we will delete or irreversibly anonymise personal information within seven (7) years after your last interaction with ATHLIVO or when the information is no longer needed for the purposes for which it was collected.

Cookies, Analytics, and Other Tracking Technologies

We and our third-party partner and service providers use various technologies, including cookies, web beacons, pixels, and other similar storage technologies (collectively, "Cookies") when you interact with our Platform or Services to collect information concerning your online activities, such as the device and browser information, the pages you visit and the content you view. This may include the use of session-recording technology to help us perform a number of functions, including to analyze purchase behavior and optimize our checkout process. We may also use third-party analytics tools to obtain such information.

What are Cookies

Cookies are small data files stored on your computer or portable device when you visit certain web pages. Cookies help us improve the user experience and allow us to personalize our Services, assess which areas and features of our Services are popular and understand customers' usage of the Services.

Why we use Cookies

When you visit or interact with our Services, we may use both session-based and persistent Cookies. Session-based Cookies exist only during a single session and disappear from your device when you close your browser. Persistent Cookies remain on your device after you close your browser until they are deleted or they expire. Except for strictly necessary Cookies, we will obtain your consent before placing Cookies on your device where required by applicable law. These Cookies, some of which may be set by third parties, serve the following purposes:

• Strictly necessary Cookies: These Cookies are required for our Services to function, enable basic features and services, and for security purposes.
• Performance Cookies: These Cookies enhance functions, and performance for our Services. These Cookies also are used to help us understand how you engage with our Services and advertising. If you do not allow these cookies, certain features or functions may become unavailable.
• Targeting Cookies: These Cookies enable us and third parties to gain a better understanding of your interests. This allows us to display personalized ads that are more relevant to you, not only on our Services but also on those of third-party partners.

Social Media Features

Our Services may contain social media buttons such as Facebook, LinkedIn, Twitter, and Instagram (that might include widgets such as the "share this" button or other interactive mini programs). These features may collect your IP address, which page you are visiting on our Platform and Services, and may set a cookie to enable the feature to function properly. Your interactions with these platforms are governed by the privacy policy of the company providing it.

How to Manage Cookies

• Cookie preferences: You have the right to decide whether to accept or decline Cookies. You can exercise your Cookies preferences via the "Your Privacy Choices" link at any time.
• Browser settings: You can manage cookies by activating the setting on your internet browser that allows you to refuse the setting of all or some cookies. Please refer to the instructions or the online help files available via your relevant browser if you wish to manage cookies in this way.
• Opt out of sharing for targeted advertising: Where online tracking technologies are deemed to be a "sale" or "share" (which includes targeted advertising, as defined under the applicable laws) under one or more applicable privacy laws, you can opt-out of these online tracking technologies by opting out of Targeting Cookies via the "Your Privacy Choices" link available at the bottom of the ATHLIVO website.

Links to Other Websites

Our Services may provide links to third-party websites and applications whose privacy practices may differ from ours. If you choose to provide personal information to any of these websites or applications, your personal information is governed by their privacy practices. ATHLIVO is not responsible for the privacy practices of these other websites and applications. We encourage you to read the privacy notice of any website you visit or application that you use.

Security

We use administrative, physical, and technical security measures designed to reduce the risk of unauthorized access, destruction, alternation, loss, and disclosure of personal information. We also follow industry standards to protect personal information during transmission and storage, including encryption where applicable. However, no security measures are perfect and the security of information transmitted over the internet cannot be guaranteed. You are responsible for the security of your password and the devices used to access our Services.

International Data Transfers

All information processed by us or our service providers may be transferred, processed, or stored anywhere in the world, including in countries that may have data protection laws that are different from the laws where you live. Your information may be subject to laws of another country and may require or permit the disclosure of personal information to the courts, law enforcement, and national security authorities upon request. We endeavor to safeguard your information consistent with the requirements of applicable laws. If your personal information is transferred to a country other than your home country, we will take measures to protect your personal information, for example, by implementing appropriate contractual clauses.

Your Privacy Rights and Choices

Depending on where you reside and how you interact with ATHLIVO, you may have certain rights over the personal information we process about you. Subject to applicable law, you may have the right to:

• request access to a copy of the personal information we hold about you;
• request the deletion of your personal information;
• request the correction of inaccurate, incomplete, or outdated personal information we have collected;
• withdraw your consent if we have collected and processed your personal information with your consent. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal. Withdrawing consent may impact your ability to use our Services and will not affect processing of your personal information processed on another basis;
• be free from discrimination for the exercise of a privacy right;
• lodge a complaint with your local data protection authority; and
• unsubscribe from marketing and promotional communications from us.

You may unsubscribe from receiving marketing and promotional communications from us by following the instructions included in the communication you received. For example, you can opt out of receiving promotional emails by clicking the "unsubscribe" link in the footer of the email you receive. Alternatively, you can unsubscribe from marketing and promotional emails for ATHLIVO by contacting us at hello@athlivo.co.

To exercise any other privacy right, you may contact us at hello@athlivo.co. If you submit a privacy right request, we must verify your identity before fulfilling your requests. If we cannot initially verify your identity, we may request additional information to complete the verification process. We will only use personal information provided in a request to verify the requestor's identity. If you designate an authorized agent to submit a request on behalf, we will also need to verify your identity, which may require proof of your written authorization or evidence of a power of attorney.

We will respond to requests within the time period required by applicable law. If we require more time, we will inform you of the reason and extension period in writing.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

We cannot respond to your request or provide you with information if we cannot verify your identity and confirm the Personal Information relates to you. Submitting a verifiable consumer request does not require you to create an account with us.

We may deny certain requests, or only fulfill some in part, as permitted or required by law. For example, if you request to delete your personal information, we may retain some or all of it for legal purposes.

Children's Privacy

ATHLIVO's Platform and Services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children under the age of 13 (or higher if required by Applicable Law) in our capacity as a controller. Parents or guardians who believe their children's personal information has been provided to us without their consent should please contact us and we will take appropriate steps.

ATHLIVO's Platform and Services may process personal information relating to individuals under the age of 18, including youth athletes. In such cases, ATHLIVO acts as a processor or service provider, and you are solely responsible for ensuring that such data is collected and submitted in compliance with all applicable laws governing data protection and privacy, including any requirements for parental consent or lawful grounds for processing.

ATHLIVO does not verify the age or legal authority of data subjects submitted by you through the Platform or while using the Services and relies on you to ensure that all necessary notices and consents have been obtained. If we become aware that personal data of a child has been submitted to us without the appropriate authority or in breach of applicable law, we will take reasonable steps to delete the data or otherwise address the issue as required by law.

Personal Data Breach Notification

We have put in place procedures to deal with any suspected Personal Data Breach and will notify you and any applicable supervisory authority of a breach where we are legally required to do so. Where the EU GDPR or UK GDPR applies, we will:

• Assess the breach without undue delay to determine the scope, impact, and remediation steps;
• Notify the competent supervisory authority no later than 72 hours after becoming aware of the breach unless the breach is unlikely to result in a risk to your rights and freedoms; and
• Communicate the breach to affected individuals without undue delay when it is likely to result in a high risk to their rights and freedoms, describing in clear language the nature of the breach and recommended measures to mitigate possible adverse effects.

We will document all Personal Data Breaches in accordance with Article 33(5) GDPR and applicable US state data-breach statutes.

Changes to This Privacy Notice

This Privacy Notice may be modified or revised from time to time. We will notify you of any material changes to this Privacy Notice as required by law. Changes to this Privacy Notice will be posted on the website where this appears. The "Last Updated" date and the "Effective Date" at the top of this webpage indicates when this Privacy Notice was last revised and its effective date respectively. We recommend you review this Privacy Notice periodically.

Additional Notices

In addition to the rights listed above, residents of the EU/UK/California may have additional rights, described below:

EU/UK Customers

For most personal data collected through our website, Platform, and Services, ATHLIVO is the data controller under the EU General Data Protection Regulation (Regulation (EU) 2016/679) ("EU GDPR") and the UK General Data Protection Regulation ("UK GDPR"), as supplemented by the UK Data Protection Act 2018. Where ATHLIVO processes personal data on behalf of a customer (e.g., when the customer inputs client data into the Platform or your use of the Services), ATHLIVO acts as a data processor. The EU GDPR and the UK GDPR together exist to aid companies to stay and remain within the boundaries of their regulations. Under Article 6 of the EU GDPR and EK GDPR, all companies must have a legal basis for processing personal information. We rely on the following legal bases for collecting and processing your personal data:

• Processing is made based on your consent to the collection or processing of your personal data.
• Processing is necessary to perform our Services to you and your organization to fulfil a contractual obligation.
• Processing is necessary for ATHLIVO to fulfil a legal obligation.
• Processing is based on our legitimate interests or the legitimate interests of a third party, provided that your interests or fundamental rights do not outweigh them.

Our DPA is the contract between a data controller (the organization which you represent) and a data processor (ATHLIVO) that governs the processor's handling of personal data. You may find a copy of the ATHLIVO DPA here: https://athlivo.co/data-processing-addendum

Without limitation to your rights and remedies set forth in Section 10 - Your Choices & Access to Your Personal Information below, if you reside in the EU/EEA, you may have the following rights with regard to your personal information:

• Right of information and access — You have the right to access your Personal Information we have about you and to be provided with a copy of your Personal Information.
• Right to rectification — You have the right to correct or update your inaccurate or out of date Personal Information.
• Right of erasure — You have the right to request that your Personal Information be permanently erased/deleted.
• Right to restrict processing — You have the right to restrict the processing of your Personal Information.
• Right to object to processing — You have the right to object to specific types of processing of your Personal Information.
• Right to portability — You may ask to receive a portable copy of your personal information in a format that may be transferred to another organization.
• Right not to be subject to decisions based solely on Automated Decision Making — You have the right not to be subject to decisions based solely on automated processing.
• Right to complain to a data protection authority — You have the right to complain to a supervisory authority in the country in which you reside, details of which can be provided upon request or contacting ATHLIVO at the contact details below.
• Right to withdraw consent — If you have given us consent to collect or process your Personal Information, you may withdraw that consent at any time.
• The Right to Non-Discrimination — We may not discriminate against you if you exercise your privacy rights.

If you wish to exercise any of these rights, please contact ATHLIVO at the contact details below. We may charge a reasonable fee if your request is not valid under applicable law, repetitive or excessive. We may also request additional information from you in order to verify your identity before processing your request.

Data Protection Officer & European/UK Representative

If you have any questions about this Privacy Notice or our data-handling practices, you may also contact our Data Protection Officer and, where applicable, our appointed representatives in the European Union and the United Kingdom: will@athlivo.co

California Customers

Sensitive Personal Information We Collect: As listed in the How We Use Personal Information section above, California treats certain government identification numbers, account log-in, financial information, disability information, sexual orientation, and racial or ethnic origin as "sensitive personal information".

Your California Privacy Rights: Under CCPA, California residents have the following rights:

• The right to know what categories and specific pieces of personal information we collect, the purposes for which we collect personal information, the sources from which we collect personal information, and whether personal information is disclosed, sold, or shared with third parties.
• The right to request deletion of your personal information, subject to certain exceptions.
• The right to request that we correct inaccurate or incomplete personal information.
• The right to limit the use and disclosure of your sensitive personal information.
• The right to opt out of the sale or sharing of your personal information, and the right to opt out of automated-decision making technology.
• The right not to receive discriminatory treatment for exercising your rights.

To exercise this right, please contact us at hello@athlivo.co.

Additional Notice to International Customers

We collect, use, and share your personal information only where we have a valid legal basis to do so. These legal grounds may vary depending on the context and the applicable law but generally include:

• Consent: Where you have provided your consent for specific uses of your personal information.
• Contractual necessity: Where the processing is necessary to provide our services or fulfill our agreement with you or your organization.
• Legal obligation: Where we are required to process personal information to comply with applicable laws or legal requests.
• Legitimate interests: Where we have a valid business reason to process your personal information that is not overridden by your rights or interests — for example, to secure our services, prevent fraud, or improve our products.

In some situations, we may also rely on other legal grounds as permitted under applicable law. We will only process your personal information for the purposes described in this Privacy Notice or as otherwise permitted by law.

Exercising Your Privacy Rights

If you wish to exercise your privacy rights, please contact us via the Contact Information section above.