Last Updated: October 8, 2021
- WellRight Services
WellRight services provided by the Company (the “Services”) are an interactive health risk assessment and health and wellness management program that generates reports and recommended plans of action, as well as educational materials, based on information entered into the system. This information may be entered by you or by someone using the Services on your behalf (such as a friend, family member, or other person). These reports can be used by you to learn more about Health Information (defined below), and to track and monitor your particular health situation. The more you engage with the Services, the more you will learn about your particular health situation.
We provide the Services to you on behalf of an employee benefits administrator, pharmacy, retailer or other entity that provided you access to WellRight (“Third Party Provider”), in some cases through an embedded or co-branded website. We are contractually bound to process Personal Information under their instructions, and we strongly advise you to review privacy notices provided by any Third Party Provider.
- WellRight Websites
II. WHAT IS PERSONAL INFORMATION AND HEALTH INFORMATION?
“Personal Information” means information that would allow someone to identify, relates to, describes, or is reasonably capable of being associated with or linked to an individual. For example, your name, address, telephone number, and e-mail address. Personal Information does not include aggregated information that, by itself, does not permit the identification of individual persons, such as statistics about how many visitors WellRight received last month.
“Sensitive Personal Information” means information that would identify someone by revealing their racial or ethnic origin; political opinions; genetic or biometric data (where used for ID purposes); religion; sex life or sexual orientation; trade union membership; health; or religious or philosophical beliefs.
“Health Information” means information related to a medical condition or other indicia of health. Health Information does not include contact and account information entered when registering for WellRight. Health Information is also Personal Information unless it cannot be linked or associated with the individual to which it relates. By way of example, we may aggregate Health Information (without linking it to Personal Information) with that of other WellRight users to generate statistics regarding the number of WellRight users who are at risk of certain diseases based on self-reported answers to historical diagnosis information.
“UID” means a unique user identification number, which is provided to WellRight by the Third Party Provider allowing you to establish your account.
III. WHAT TYPES OF PERSONAL INFORMATION OR HEALTH INFORMATION DOES WELLRIGHT COLLECT?A. Information that You Provide Us
We collect a range of Personal Information and Sensitive Personal Information in order to provide our Services to you. If you do not provide the Personal Information we request, we may not be able to provide you with our Services, you may be required to provide us with the following types of Personal Information:
Creating an Account. We require you to establish an account to use WellRight. The Third Party Provider for your account will provide WellRight with a UID that carries no information other than the authorization rights to create an account. If you choose to create an account, we collect, at a minimum, the following information: (a) an e-mail address, (b) a password, and (c) a reminder hint in case you forget the password. You may also be asked to provide additional information such as (a) name, (b) mailing address, and (c) phone number. Once an account has been created, we will continue to use your assigned UID for you.
Health Information for Reports. WellRight collects Health Information provided on a voluntary basis and in accordance with consent. You may provide us Health Information directly (e.g., by completing an Assessment) or through other sources that you authorize us to receive information from (e.g., a wearable device). Use and disclosure of Health Information is limited (see Section IV, Health Information and Section V), and its transmission is protected using encryption technology (see Section IX, Security Measures). To withdraw your consent for the processing of Health Information about you, you may send a request to email@example.com and we will promptly take steps in accordance with applicable law to honor your request. If you withdraw your consent, you may be ineligible for rewards offered through the Services that are based on health-related objectives and metrics.B. Information Collected Automatically
We collect information automatically through your use of the Services:
Browsing Information. When you browse or use the WellRight Site or Services, we may collect certain browsing information, to the extent applicable, including the following: (a) IP address, (b) the date and time at which you accessed the Services, (c) the pages that you visited, (d) the link you followed to reach the Services, and (e) your browser and operating system.
Android Advertising ID. The Android Application uses a 3rd party (Google Firebase Analytics) which makes use of the Android Advertising ID to collect analytics information. The Android Advertising ID is not used in any other context within the application.
Website Analytics. We use Google Analytics, an analytics service to help us analyze the traffic on the Service. For more information on Google Analytics’ processing of Personal Information, please see “How Google uses data when you use our partners' sites or apps.” You can opt out of Google Analytics by installing Google’s opt-out browser add-on.
We may use a variety of cookies:
Type of Cookies
Required cookies are essential for the Platform to function properly and for you to navigate our Site and use its features, such as accessing secure areas of the Platform and using our services.
These cookies collect information about how you use the Platform, including which pages you go to most often and if they receive error messages from certain pages. These cookies do not collect information that individually identifies you. All information these cookies collect is aggregated and anonymous. It is only used to improve how the Platform functions and performs.
Functionality cookies allow the Platform to remember information you have entered or choices you make (such as your username, language, or your region) and provide enhanced, more personal features. These cookies also enable you to optimize your use of the Platform after logging in. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize.
Targeting or Advertising
By way of example, as you visit the Platform, advertising cookies may be placed on your computer so that we can understand what you are interested in. Our advertising partners then enable us to present you with retargeted advertising on other sites based on your previous interaction with the Platform.
Third parties, with whom we partner to provide certain features on the Platform or to display advertising based upon your web browsing activity, use Flash cookies to collect and store information. Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored.
You can control cookies and tracking tools. Some browsers have a “do not track” feature that prevents a website from tracking you, as well as additional cookie settings. Our Platform does not currently respond to these signals. If you choose to block cookies and other trackers, certain features of the Platform may not work. Blocking or rejecting cookies will not stop all of the tracking described in this Policy. These features and options are browser and device specific and are not uniform. You can usually find these settings in the options or preferences menu of your browser. To understand these settings, the following links for commonly used browsers may be helpful, or you can use the help option in your browser for more details:
- Cookie settings in Internet Explorer
- Cookie settings in Firefox
- Cookie settings in Chrome
- Cookie settings in Safari web and iOS.
To find out more on how to manage and delete cookies, visit aboutcookies.org. For more details on your choices regarding use of your web browsing activity for interest-based advertising you may visit the following sites:
On a mobile device, you may also be to adjust your settings to limit ad tracking.
IV. HOW DOES WELLRIGHT USE PERSONAL INFORMATION OR HEALTH INFORMATION?
De-identified and Aggregated Information. We may use de-identified information such as browsing information or aggregated user information to develop reports and analyses that help us enhance or promote our services.
Personal E-mails/Messages. We may use Personal Information to contact you if you request or have consented for us to do so, if there is a problem or an update to your account that requires you to be notified, or, if you are a registered user of the Services, to send you information relating to the Services or similar services that we provide. You may withdraw your consent or opt out to receiving certain communications (e.g., marketing communications) by following the instructions provided in the messages that you receive.
Health Information. Health Information, in non-aggregated form, is used primarily for the creation of reports and interactive educational and tracking features through the Services. Reports may include treatment options, interactive features, and trackers and tools. Based on the data that is entered into WellRight, we may provide you with links to personal challenges, courses, or other features of WellRight that are likely of interest to you.
WellRight provides social and community features. These sections are voluntary to join. No Health Information that is Personal Information is directly provided to the community by WellRight. Some of the community sections, such as a “Diabetic Forum” may allow other participants to draw inferences about a particular user’s health, even though no specific details regarding the user’s health is provided by WellRight to the community. As a user, you must decide what information you wish to provide to the community forums.
Additional Uses. In addition to the above uses, we may use Personal Information for any of the following purposes: (1) to provide, analyze, administer, and improve our Site and services; (2) to provide the Services and Site; (3) to respond to specific requests from you and other visitors; (4) to provide any necessary notices to you or other visitors if situations prompt such notification; (5) to protect the security or integrity of our Services if necessary; and (6) as necessary to meet legal obligations.
V. UNDER WHAT CONDITIONS DOES THE COMPANY DISCLOSE YOUR INFORMATION?
Contractors. We use contractors to help with some of our operations. Some of these contractors will have access to our database on a temporary basis for specific tasks. The Company may also use contractors to help with certain aspects of its operations (such as ensuring we do not send email messages to those who have opted out of our messaging programs, clinical trials recruitment and enrollment, newsletters and other similar features), which may require the contractor to access Personal Information. For example, we work with Springbuk for data analytics, Google Analytics to analyze the traffic on the Site, eHealth Screenings for biometric services, and Amazon Web Services to host the Site and the Services. The Company takes steps to ensure that these contractors maintain the confidentiality of Personal Information and use Personal Information only as necessary to perform the services they are asked to perform.
Other Disclosures. We may share Personal Information with third parties under the following circumstances: (i) in connection with a court order, subpoena, government investigation, or when otherwise required by law; (ii) in the event of a corporate sale, merger, acquisition, or similar event; (iii) working with third-party companies to support any technical operation or execute a specific promotion or program (such as providing responses to conduct surveys, or maintain a database of visitor information, etc.); or (iv) to facilitate your transactions with our third-party marketing partners.
VI. HOW CAN YOU EXERCISE YOUR RIGHTS RELATING TO PERSONAL INFORMATION?
You have certain choices about how we use your Personal Information. You can opt out-out of certain marketing. To opt-out of marketing communications, please email us at firstname.lastname@example.org or by following the instructions included in the email or text correspondence. Please note that, even if you unsubscribe from certain correspondence, we may still need to contact you with important transactional or administrative information, as permitted by law.
You also have the right to access and update or change any information you believe is incorrect. You may change Personal Information and Health Information within WellRight online at any time. Alternatively, you may make a request to email@example.com to review Personal Information about you. If you request that certain Personal Information be changed, we will make the changes in accordance with applicable law.
At any time, you may also request that we remove Personal Information and Health Information from our database. Depending on where you live, you may have additional rights under applicable law, such as the rights to export or object to or restrict the processing of Personal Information, and the right to erasure of Personal Information. To exercise such rights, send us a request at firstname.lastname@example.org and we will promptly respond in accordance with applicable law.
You may also have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning Personal Information. We encourage you to first reach out to us, so we have an opportunity to address your concerns directly before you do so.
VII. CHILDREN'S PRIVACY
The Services are not intended for use by children. Accordingly, we do not intend to collect Personal Information from anyone we know to be under 18 years of age. The Platform is not designed for use by persons under the age of 13. If you are a parent or legal guardian and think your child has given us information you can email us at email@example.com. You can also write to us at the address listed in the “Contact Us” section of this Policy. Please mark your inquiries “COPPA Inquiry.”
IX. HOW DOES THE COMPANY PROTECT PERSONAL INFORMATION AND HEALTH INFORMATION?
Compliance Statement. The Company is neither a “Covered Entity” nor “Business Associate” to Covered Entities as those terms are defined by the Health Insurance Portability and Accountability Act of 1996 and its regulations (“HIPAA”), except in specific cases. In those cases, we will enter into “Business Associate Agreements” when required, and abide by all legal requirements of such agreements. When we participate with a third party which operates and maintains a personal health record (“PHR”) which is subject to the Health Information Technology for Economic and Health Act (“HITECH”) of the American Recovery and Reinvestment Act (“ARRA”), they shall abide by any federal regulations applicable to PHR related entities. Nevertheless, recognizing the importance to our users of protecting and securing their Personal Information as well as their Health Information, we have adopted a corporate compliance plan which includes adoption of the administrative, physical and security safeguards set forth in the current HIPAA Privacy and Security Compliance Program for the Company.
X. YOUR CALIFORNIA PRIVACY RIGHTS
California Civil Code Section 1798.83 permits users that are residents of California to request certain information regarding a company’s disclosure of personal information (as defined by California law) to third parties for such third parties’ direct marketing purposes. If you are a California resident and would like to make such a request, please contact us as set forth in Section XIII below.
In addition, the state of California provides California residents with certain other rights concerning their Personal Information. This section describes (1) the categories of Personal Information, collected and disclosed by us, subject to California privacy law, (2) your privacy rights under California privacy law, and (3) how to exercise your rights.
- Collection and Disclosure of Categories of Personal Information under California Privacy Law
- Identifiers (for example, name, email address, IP address, and online identifiers);
- Internet or other electronic network activity information, including information on your usage of our Sites.
- Inferences drawn from any information identified above to create a profile
We may disclose each of these categories of Personal Information with our service providers for our business purposes (to enable the service providers to provide their services) and as otherwise described in the “Sharing of Personal Information” section above.
- Your Privacy Rights Under California Law
If you are a resident of the California, you have the following rights:
- Right to Know. You may have the right to request information on the categories of personal information that we collected in the previous twelve (12) months, the categories of sources from which the Personal Information was collected, the specific pieces of Personal Information we have collected about you, and the business purposes for which such personal information is collected and shared. You also have the right to request information on the categories of Personal Information which were disclosed for business purposes, and the categories of third parties in the twelve (12) months preceding your request for your personal information.
- Right to Delete. You may have a right to request us to delete Personal Information that we collected from you.
- Right to Opt-Out. You have a right to opt-out of certain disclosures of Personal Information to third parties, if such disclosures constitute a “sale” under California law. As noted above, in the past twelve (12) months we enabled advertisers to collect certain information from the Site, which the advertisers may use to improve their interest-based advertising networks. Regardless of whether this is a “sale” as defined by the California Consumer Privacy Act, you may opt-out of interest-based advertising as described in Section 2(B), above.
If you would like to exercise your rights listed above, please contact (or have your authorized agent contact) us at firstname.lastname@example.org. When doing so, please tell us which right you are exercising and provide us with contact information to direct our response.
We must verify your identity before fulfilling your requests. If we cannot initially verify your identity, we may request additional information to complete the verification process. Any Personal Information you disclose to us for purposes of verifying your identity will solely be used for the purpose of verification.
You have a right not to receive discriminatory treatment by any business when you exercise your California privacy rights.
Note to Job Applicants: Under California law, information collected and used in connection with a job application is exempt from the rights stated above. Therefore, to help prevent the unauthorized access or deletion of Personal Information, we may decline any requests to access or delete Personal Information collected from job applicants. We will treat all such information as confidential and dispose of it in accordance with our retention policy.
- How to Exercise Your California Privacy Rights
If you otherwise believe that we have collected Personal Information about you, and would like to exercise your rights listed above, please send (or have your authorized agent send) an email to email@example.com. You have a right not to receive discriminatory treatment by any business when you exercise your California privacy rights.
While we take measures to ensure that those responsible for receiving and responding to your request are informed of your rights and how to help you exercise those rights, when contacting us to exercise your rights, we ask you to please adhere to the following guidelines:
- Tell Us Which Right You Are Exercising: Specify which right you want to exercise and the Personal Information to which your request relates (if not to you). If you are acting on behalf of another consumer, please clearly indicate this fact and your authority to act on such consumer’s behalf.
- Help Us Verify Your Identity: Provide us with information to verify your identity. Please note that if we cannot initially verify your identity, we may request additional information to complete the verification process. Any Personal Information you disclose to us for purposes of verifying your identity will solely be used for the purpose of verification.
- Direct Our Response Delivery: Please provide us with an e-mail or mailing address through which we can provide our response. If you make the request by email, unless otherwise requested, we will assume that we can respond to the email address from which you made the request.
Please note that you don’t need to create an account with us in order to make a request to exercise your rights hereunder.
- How We Respond to Your Requests.
In all cases, we will respond to your request within 45 days. However, where reasonably necessary, we may extend our response time by an additional 45 days, provided we send you notice of such extension first. We will provide the information to you via your preferred delivery mechanism. If the information is provided to you electronically, we will provide you the information in a portable format and, to the extent technically feasible, in a machine readable, readily useable format that allows you to freely transmit this information without hindrance.
Please note that we will not charge you for making a request, provided that you make no more than two (2) requests per year. If you make three (3) or more requests in any given twelve (12) month period, we may refuse to respond to such requests, if determined by us to be unfounded or excessive (e.g. repetitive in nature), or we may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested. If we refuse to act on the request, we will provide you notice and the reason for our refusal to act.XI. Retention of Personal Information