Last modified: 10.15.2016
You may provide information to us when you visit our websites (the site where this policy is posted including any subdomains or mobile versions, the “Site”), or use one of our mobile applications (each, the “Mobile App”). We may refer to the Mobile App and Site, as the “Service(s)”.
Summary of Data Collection*
|Registration process and through your participation in programs offered through the Services||Name, birthdate, email, address, contact information (such as phone number), and information about your health, personal interests and other health-related information you share.||To provide and improve our Service (including the ability to process incentives you may be eligible for), comply with laws, and other similar uses.|
|Fitness devices||Varies by device, device vendor, or integrated Service; and typically includes information related to the purpose of the feature (for example, a pedometer would include information regarding the number of steps you’ve taken). Data may be collected continuously for so long as you allow.||To provide the Service to you, improve user experience, and enable features of our Service.|
|Contests, sweepstakes, and promotions||Varies by contest; typically name, contact information, participation information relating to the specific program or challenge (including information collected by wearable devices) relevant to the promotion.||To administer the contest, sweepstakes, or promotion, including winner notification and prize delivery confirmation.|
|Newsletters and emails||Email address and other Personal Data required by the online form.||Administer newsletter and to provide you with relevant communications regarding programs you have elected to participate in or features/programs that may be of interest to you.|
|Contact us||Typically your name, email address and phone number.||Used in the context of your request/inquiry.|
|Automatic collection/cookies||IP address, cookies, web beacons, ISP, browser version, other similar information.||Aggregated information used to improve the Service including Site appearance and Site as well as to analyze Site traffic patterns.|
|Use of third party services such as our ‘Connect Partners’ or other services.||As described in additional notice to you.||As described in additional notice|
|Feature||Data we typically collect||How we typically use that data|
*This summary is for your convenience and may be incomplete. For full details, see “Information we collect and how we use it” below.
Summary of Data Collection*
|To other users||You may disclose Personal Data to other users through our messaging service, or through your use of our profile pages and other features. Your profile may display personal and health data you provide such as your name, age, health interests, fitness information or information from wearable devices.|
|As part of promotions or sponsored programs||We may share data such as your name, age, health interests, fitness information or information from wearable devices with program sponsors, promotional partners, your employer or insurance provider (as the program sponsor), and other parties as required to fulfill applicable incentives available to you.|
|Employers & wellness providers||We may disclose certain information such as your name, age, health interests, as well as some sensitive information, as part of a contract with these providers, or with your opt-in consent.|
|HIPAA disclosures and PHI||We may disclose information regulated by HIPAA to HIPAA regulated entities, to the extent permitted by law. We disclose PHI as permitted by law and with your opt-in consent.|
|Children’s information||Children’s information, including name, screen name, age, and health information (including information collected from wearable fitness devices) may be made available to the child’s parent(s)/guardian(s) on the child’s profile page. Their screen name and a fitness accomplishment may be made public on a leaderboard.|
|Aggregate/ anonymized information||We may derive and share analytics and other information from the information you provide, but that cannot be reasonably used to identify you.|
*This summary is for your convenience and may be incomplete. For full details, see “Information sharing & disclosure” below.
Applicability; Additional terms
Information we collect and how we use it
We may collect personal and other information about you when you use our Service, as described below. “Personal Data” is information which can be used to distinguish or trace an individual’s identity, such as their name, a federal or state ID number, email address, etc. whether used alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual.
– As a registered user of our Service(s): We collect personal information during the account creation process such as your name, date of birth, email address, and information such as city, state, zip code, country, and certain information about your health, activities, and other interests. We may also collect the Personal Data you provide if you register for certain programs (such as participating in biometric screenings, health assessments, challenges or contests, joining sponsored communities, engaging with a coach or other programs available on the Services). For example, if you ask us to furnish you with certain products or services—such as a pedometer in connection with an activity challenge or incentive—fulfillment of your request may require additional Personal Data. From time to time or through your use of other features of our Service, we may collect additional information you provide about your health, interests and goals, and link such information to other Personal Data we hold about you.
– When you connect a fitness device: When you choose to connect a wearable fitness device, such as FitBit®, we will collect the information provided by that third-party device (we may refer to all such information, regardless of platform, as “Wearables Data” and we refer to each device as a “Supported Device”). When you sync your Wearables Data or a Supported Device, we collect and use the information you choose to share using that Supported Device’s sync functionality or API. As the specific data comprising Wearables Data may vary depending on the device and/or APIs, you should review the documentation for your device and any permissions it requests before agreeing to provide Welltok with Wearables Data. We primarily use Wearables Data to log your achievements, track and analyze the activity and health habits of you, your colleagues, friends, and other users, and as necessary to administer our Service or certain features and Promotions. Please refer to any Supported Device documentation for details on any additional information the third-party manufacturer may collect or share. You may choose to link a Supported Device as part of your use of our Service. To disconnect a Supported Device, and stop providing Wearables Data to Welltok, you may modify your account settings through the links available on our Service.
Challenges, contests, sweepstakes & promotions: We may operate challenges, contests, sweepstakes or other promotions (each, a “Promotion”) through our Service, which may require registration on our Service in order to enter. Your participation in a Promotion confirms your authorization of Welltok to collect and disclose any Personal Data that may be required by the sponsor to support your participation in the Promotion. We may track additional health and wellness achievements as part of a Promotion, and, because you have elected to participate in the Promotion, certain information about your health or wellness may be made available to an organization with which you are affiliated.
Your personal information may be used by us to contact you for winner notification, or prize delivery confirmation If you participate in a Promotion, your acceptance of a prize or incentive may require you (unless prohibited by law) to allow us to post publicly some of your Personal Data on our Service or elsewhere, such as on a winner’s page. In some instances a sponsor may operate or host a Promotion on the Service together with us, and collect your information.
– If you sign up for our newsletters or emails or other communications: We may offer newsletters and other communications that provide information about our products, developments, research, and other matters. By providing your email address and any other Personal Data required by the online form, or by registering on the Site, you consent to our collection of this information and to receive these communications from us. We use this information primarily to administer and manage our newsletter subscriptions and to provide you with additional communications, offers, or newsletters we believe will interest you, or that you have consented to receive. You may receive emails from partners or other third party organizations directly associated with your use of the Services. Please contact those third parties for information on how to unsubscribe from third-party communications.
– If you contact us through our Service: You may contact us, using a form or feature available on our Service (such as live chat or help desk) or via email with questions about our Service or other matters. If you contact us through our Service, we will collect the Personal Data you voluntarily provide on the applicable form (typically your name, email address and phone number) or otherwise. Any information you provide through our Service will be used in the context of resolving your request or answering your inquiry, or to provide additional information related to that inquiry, and we may place you on our contact list for information related to your inquiry or other service that we provide.
– Information sent to us by your web browser: We collect information that is sent to us automatically by your browser. This information typically includes your IP address, the identity of your Internet service provider, the name and version of your operating system, the name and version of your browser, the date and time of your visit, and the pages you visit. Please check your browser if you want to learn what information your browser sends or how to change your settings.
An “IP address” is a number that is automatically assigned to your computer when you connect to the Internet. It is used to identify your computer’s “location” on the internet so that the information you request can be delivered to you. If you use a connection that assigns dynamic IP addresses, your computer will be assigned a new IP address each time you connect to the Internet. If, however, your computer is permanently connected to the Internet using a static IP address, the IP address assigned to your computer will generally be the same each time you use your computer.
We may also provide your IP address to our third-party service providers who can use it to identify your state and zip code. This gives us valuable demographic information about the individuals who use our Service. In addition, if, we suspect fraud or a threat to the security of our Service, we may share our server logs—which contain users’ IP addresses—with the appropriate investigative authorities, who could use that information to trace and identify individuals.
Please note, most modern browsers include a “do not track” feature that may help protect your privacy. Our Service does not respond to your browser’s do-not-track request at this time.
As described in a privacy notice or click-through agreement: We reserve the right to collect and use your Personal Data as described in any supplemental privacy notice posted and where you provide personal information, or as provided in any “click-through” agreement between you and us.
Information sharing & disclosure
Public information: Some of the information you provide when you register will be visible to other people using the Service. Users may control some profile fields which other users or sponsors can see by adjusting the privacy settings available on your account management page if available on the specific Site. Further, our Service may provide users the ability to communicate with each other, wellness coaches and health care professionals through the use of community forums and other public areas, which allow users to create and share content on the Service. Accordingly, you should have no expectation of privacy in the information you post to the public areas of the Service.
Private messaging: If you choose to communicate directly with other users through our Service, those users may be able to view certain Personal Data related to your account, such as your user name and any information that you chose to post/share on the Service. Likewise, if you send an email to a user or invite a non-user to join our Service, we will provide your name and your email address to the intended recipient. In addition, by registering for our Service, you consent to receive regular communications from us, as well as the organization that sponsored your use of our Service.
Promotion sponsors & partners: Users may have the ability to participate in Promotions, as described above. If you elect to participate in a contest being sponsored by your employer or other third party such as your health insurance plan or health care provider, we will communicate your information to them as needed to confirm your participation, as well as your achievement of any milestone that applies to that contest (such as walking a certain distance each day).
Employers, third party wellness providers, and program sponsors: If you use our Service through a formal sponsorship from your health insurance plan, employer, third party program sponsor, or other third party such as your health care provider, we may provide them with your name, email address or other Personal Data as required to verify or administer your participation. We may also disclose your relevant Personal Data to third parties who have been engaged on your behalf to provide disease management, health management, behavioral coaching, or similar wellness-related services (“Third Party Wellness Providers“), subject to contractual restrictions and conditions between us and the Third Party Wellness Providers that obligate them to safeguard your Personal Data. These Third Party Wellness Providers may contact you to offer their services in support of your health management goals. These Third Party Wellness Providers are separate and distinct entities from Welltok. If you agree to accept the services offered by a Third Party Wellness Provider, such agreement is solely between you and the Third Party Wellness Provider, we are not responsible for the privacy practices or services of the Third Party Wellness Providers.
HIPAA covered entities and your PHI: We may disclose your Personal Data and/or PHI to entities subject to HIPAA (“covered entities” or “business associates”). Covered entities include, for example, health care providers such as doctors and dentists. Covered entities are also health plans, insurance providers, and may include health plans sponsored by your employer and which may be administered by other employees of your employer. Business associates include third parties that require access to PHI to perform part of the Service. In the United States, these entities are subject to HIPAA and HIPAA requires covered entities to safeguard your Personal Data in accordance with all applicable state and federal laws and regulations. We disclose your PHI only in accordance with HIPAA and with your express opt-in consent.
Aggregate Information: We may provide third parties, including covered entities, health plans, employers or others, with information about you and other users from which we have removed all identifiers and that can no longer be used to identify you (“Aggregate Information“). For example, we might inform third parties regarding the number of users of our Service and the features they used or Promotions they entered when using our Service. We may not limit the third parties’ use of the Aggregate Information, except that we require third parties to whom we disclose Aggregate Information to agree that they will not attempt to make this information personally identifiable by combining it with other databases.
Third–party vendors: We may, without your consent, share Personal Data collected through our Service with third-party vendors who act for or on our behalf in providing the Service. These third-party vendors may need information about you to perform their functions. In cases of onward transfer to third parties of Personal Data of EU individuals received pursuant to the EU-US Privacy Shield, Welltok is potentially liable.
As described in a privacy notice or click-through agreement: We reserve the right to disclose your Personal Data as described in any privacy notice or click-through agreement posted on a page of our Service where you provide that information. By providing your Personal Data on that page you will be consenting to the disclosure of your Personal Data as described in that privacy notice.
In general: We respect your right to make choices about the ways we collect, use and disclose your Personal Data. Discussed above are choices you have about delivery of cookies to your computer through our Service. In addition, we will sometimes ask you to indicate your choices at the time we collect your Personal Data. For example, we provide you with an opportunity to “opt in” or “opt out” of receiving certain communications from us. In addition, we will include an “unsubscribe” link in each electronic newsletter or promotional e-mail we send you, so that you can inform us that you do not wish to receive such communications from us in the future. Please note, if you do not wish for us to provide certain information to one or more of our commercial service providers, you may not use the Service.
Previously expressed preferences: You may change previously expressed preferences regarding how we use your Personal Data. If at any time you wish to be taken off our mailing lists, please contact us. Please provide your full name, postal address and e-mail address so that we can find you on our mailing lists. Once we have the information we need, we will remove you from our mailing lists as you have requested.
Accessing, updating and correcting your Personal Data
You have the right to access, correct and delete inaccuracies in your Personal Data and privacy preferences at any time. With respect to registration information, this may be accomplished by logging in to your account and visiting your account management page where you can view and make changes to your Personal Data where supported by the Service. If you wish to access, update or correct other Personal Data, please contact us. We will respond to you within a reasonable time and, in any case, within the time limits established by applicable law. We may ask you for additional information to verify your identity. We may limit or deny your request if the law permits or requires us to do so or if we are unable to verify your identify.
You may have limited rights to edit or remove any content that you post, share or otherwise distribute on our Service that includes your Personal Data, depending on the specific portion of the Service on which it is posted. For example, a user will not have the ability to edit or delete information posted in a public forum.
To request removal of information you have made available on our Sites, please send a letter or email to the address below with (i) your name, (ii) a complete description of the content you would like removed, and (iii) the web address(es) of the content you would like removed. Please be aware that our fulfillment of this request does not ensure complete or comprehensive removal of the content or information you have posted on our Sites.
Steps we take to safeguard your Personal Data
We maintain reasonable administrative, physical, and technological measures to protect the confidentiality and security of Personal Data you provide us, based on nature of the information provided. Unfortunately, no Web site, server or database is completely secure or “hacker proof.” We therefore cannot guarantee that Personal Data you provide will not be disclosed, misused or lost by accident or by the unauthorized acts of others.
Except as permitted by the Children’s Online Privacy Protection Act (“COPPA”), we do not intentionally collect information from children under the age of 13 without first obtaining verifiable parental consent. Some of our Services may be directed at children. As part of these child-directed services, we may collect your child’s name and email address, birthdate, gender, age, and other health interest or wellness-related information. Parents should be aware that our Service may include features that allow children to post certain heath-related information on their profile page. By default, a child may only share information with the parent(s) or guardian(s) who set up the child’s account. We may, however, publicize a child’s screen name and accomplishments on our physical activity leaderboard.
Note, our Service may monitor physical activity when your child uses a wearable fitness device, and may collect information continuously, or in the background. Please be aware of any privacy policies of any third party products, sites and services before allowing your child to use them.
Our various Services may require different methods of consent due to their unique features, and we will notify you accordingly when you register your child for one of our Services. We may contact parents and guardians using the information provided in the applicable sign up form to obtain this consent. In the event we contact you via email for consent, we may attempt to contact you twice, and if we have not received a response with your consent pursuant to COPPA, all information provided will be deleted.
We do not share children’s Personal Data with third parties (other than those providing support services for the internal operations of our Service) or use this information except to provide services directly related to the program for which a child’s information has been provided in connection with COPPA. We use that information only to provide services directly related to our Service or the particular program, such as sending your child special offers, news, team updates or other appropriate information.
You may choose to review, delete or prohibit our further use of your child’s Personal Data at any time. Further, you may revoke any consent you have previously provided. To do so, simply submit a request to us using the contact information below.
Except when collection is expressly allowed under COPPA or if the information has been provided by a parent (e.g. a parent registering their child for one of our programs), we will promptly delete any Personal Data we possess about children under the age of 13. If you believe we have inadvertently collected information outside these contexts, please contact us at the address below.
EU-US Privacy Shield
The U.S. Department of Commerce has jurisdiction over Welltok’s compliance with the Privacy Shield.
Welltok is also subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
1515 Arapahoe Street, Tower 3, Suite 700
Denver, CO 80202
attn: General Counsel
email us at firstname.lastname@example.org.
Welltok has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Limitation of liability
By providing us with any Personal Data, you expressly and unconditionally release and hold harmless Welltok, its parents, subsidiaries, affiliates, related companies and their respective shareholders, owners, users, directors, officers, employees and agents (collectively, the “Releasees”) from any and all liability for any injuries, loss or damage of any kind arising from or in connection with the use and/or misuse of your collected Personal Data. In addition, while we take reasonable steps to prevent third-party companies from making unauthorized use of your Personal Data, we cannot be held liable for any injuries, loss or damage of any kind arising from or in connection with the use and/or misuse of your Personal Data collected by those third parties.
Changes to this policy
1515 Arapahoe Street, Tower 3, Suite 700
Denver, CO 80202