StayWell Privacy Policy

StayWell Privacy Policy

 

Welcome to the StayWell Privacy Policy (the “Privacy Policy”). Protecting your privacy is important, and The StayWell Company, LLC (“StayWell”, “we”, “us”, “our”) is committed to clearly explaining how we treat your Information.

 

This Privacy Policy explains how we collect, use, share, and protect your Personal Information and Personal Health Information (as those terms are defined below in the section titled “The Information and How We Collect It”) (collectively “Information”) when you visit our websites, portals and/or portal-related mobile applications (such mobile applications collectively referred to hereinafter as the “App”) (together with the programs offered through or facilitated by such sites, portals, and App, the “StayWell Services”). Please read this Privacy Policy carefully and be aware that by accessing the StayWell Services and clicking “agree,” “accept,” or the equivalent, you agree that you have read this Privacy Policy and that you accept and, where applicable, consent to the privacy practices described here. 

 

This Privacy Policy describes:

  • The Information we collect

  • How we collect your Information

  • How we use your Information

  • How we share your Information with third parties

  • Your rights and choices as a participant

  • How StayWell protects your Information

  • California Privacy Rights

  • Canadian Privacy Rights

  • Personal Data Privacy Notice under Mexican Law

  • Australian Privacy Rights

  • Changes to the Privacy Policy and

  • Questions about this Privacy Policy

 

If we collect your Information on behalf of your group health plan (your “Plan”), we will use and disclose your Information only as permitted by your Plan, in compliance with all applicable law, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  Use of the StayWell Services, including the portal, website, and App is also subject to our Terms of Use, found under “My Account” (the “Terms of Use”).  In the event of a conflict between the provisions of this Privacy Policy and the provisions of (a) our Terms of Use and/or (c) StayWell’s services agreement with your employer, the provisions which provide greater protection for Information will control.

 

The Information We Collect

 

“Personal Information,” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to any individual or a household. It does not include anonymous or aggregated data that cannot be associated with or linked to an individual or household. 

 

We may collect, use, store and transfer different kinds of Information about you which we have grouped together as follows:

  • Identity Data includes first name, last name, marital status, title, date of birth and gender.

  • Contact Data includes address, email address, telephone numbers and other contact information.

  • Non-Medical Employer Data, your employee or unique identification number and other non-medical information from you or from your employer or its designated representative (your “Employer”), or your Plan.

  • Personal Health Information, your health or medical condition, medications, procedures, your answers to a health self-assessment offered by the StayWell Services (a “Health Assessment”), biometric screening results, and health, fitness and activity information from your connected fitness devices that you choose to link to the StayWell Services, or from your participation in challenges or other wellbeing programs and medical records if you choose to sync these records from your health provider (all such health- and medical-related Personal Information is collectively referred to as “Personal Health Information.”)

  • Profile Data includes goods and services provided to you, your preferences, feedback and survey responses.

  • Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, referral URLs, and other technology on the devices you use to access the StayWell Services.

  • Usage Data includes information about how you use the StayWell Services.

  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

 

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your Personal Information but is not considered Personal Information under applicable law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your Personal Information so that it can directly or indirectly identify you, we treat the combined data as Personal Information which will be used in accordance with this privacy notice.

 

Children’s Privacy - The StayWell Services are intended for adult use only and are not directed towards children, minors, or anyone under the age of 18.  If you are under the age of 18, you are not authorized to provide us with any Personal Information.  You are responsible for your underage dependents’ use of the StayWell Services.

How We Collect Your Information

We may collect Information from a variety of sources and methods. This includes:

  • Direct interactions. You may give us Information by signing up and using the StayWell Services.  This includes Personal Information you provide when you:

  • Subscribe to our service or publications;

  • Fill out a contact us form;

  • Request marketing to be sent to you;

  • Give us feedback;

  • Engage in any coaching encounters;

  • Call, text, email, or chat with us;

  • Submit questions submitted to Doctor Chat or Coach Messaging

  • Post to the Community Wall;

  • Sync your electronic health records from your provider;

  • Participate in any challenges

  • Automated technologies or interactions. As you interact with the StayWell Services, we may automatically collect technical data about your equipment, browsing actions and patterns.  We collect this Information by using cookies, tracking technologies and other similar technologies.

  • Third parties. We may receive Information about you from various third parties including others that use the StayWell Service, such as when they submit content to us or post on the StayWell Service. Additionally, we may, from time to time, supplement the Information we collect directly from you on the StayWell Services with outside records from third parties. We also receive technical data from analytics providers such as Google Analytics.

  • Cookies.  A cookie is a small data file stored on your hard drive that your browser provides to us when you visit certain web pages.  Cookies are text files containing small amounts of information that are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies are useful because they allow a website to recognize a user’s device. You can find more information about cookies at: www.allaboutcookies.org

 

We use cookies for a variety of purposes to improve your experience on the StayWell Services, marketing, analytics, and site functionality, including:

  • Keeping you signed in

  • Understanding how you use the StayWell Services

    If you do not want to store cookies on your computer, you can set your browser to refuse cookies or to alert you when cookies are being sent.  However, some parts of the StayWell Services may not function properly if you choose not to accept cookies.  If you are concerned that you have created a cookie in a previous visit, you can delete cookies that are already stored on your hard drive by accessing your computer’s cookie file.

  • Device and App Integration. You may elect to share certain information collected by various fitness and wellbeing devices and applications, like FitBit and Apple® HealthKit, by authorizing StayWell to connect to your device/application using our Sync Devices integration option. If you share your Information, StayWell may integrate the Information into your StayWell account, and/or provide the Information to your StayWell health coach (if applicable). When you download, install, and use the App on your mobile phone or other device, you agree to permit the App to automatically gather certain Information, including without limitation, advertiser IDs, carrier providers, a unique device identifier, the types of mobile devices accessing the App, and the types of operating systems accessing the App (collectively, "Mobile Device Data") to track the number of unique users using our App and to enable you to better interact with us and use the App. A unique device identifier is a string of alphanumeric characters (similar to a serial number) used to uniquely identify and distinguish each mobile phone or other device. We link your Mobile Device Data with the technical information accessed through your use of our App so that we may better provide you with services, administer resets to your account, or to delete information when you request that we do so. Location services can be enabled or disabled at any time, through your mobile device settings.

How We Use Your Information

 

Our primary purpose for collecting Information is to provide you with health management services such as Health Assessments, challenges, telephonic coaching or group coaching and onsite services.  We may also use your user Information for the following purposes:
 

  1. To facilitate the creation of and secure your account, as well as to identify you as a user in our system;
     

  2. To communicate with you in written, electronic, and verbal form;
     

  3. To provide information on products or services and to customize the StayWell Services to meet your needs and preferences or to make your experience smooth and efficient;
     

  4. To personalize our services and to provide you more relevant content;
     

  5. To offer you additional StayWell health management services or wellbeing program related services from other contractors engaged by StayWell, your employer or your Plan, this may include offering you biometric screenings or flu shot services;
     

  6. To improve and optimize our services and to develop new products and services;
     

  7. To send newsletters, marketing materials, and promotional offers; and
     

  8. For any other purpose prominently disclosed at the point of collection.

 

Disclosures of Your Information

 

We do not sell your Information to third parties.  Below are the following ways we may share your Information. 

Third-Party Service Providers: We will share your Information with third-party service providers to help us provide services to you. Third-party service providers have access to Information only as needed to perform their functions and they must process the Information in accordance with this Privacy Policy.  The following are some examples of the types of third-party service providers with which we share your Information and our purpose for doing so.

 

As part of biometric screenings or flu shot services that may be offered through the wellbeing program, certain of your Information, such as your name, address, email address, date of birth, appointment date and time, and the service you registered for, may be provided to an onsite coordinator for the limited purpose of administering these services. That coordinator may be a contractor or an employee of your sponsoring Employer.

 

We may also disclose your Information to the companies, agents, contractors, service providers, or others engaged to perform functions on our behalf (such as processing of payments, provision of data storage, hosting of our website, conducting audits, and performing web analytics). In addition to this Privacy Policy, these third parties’ use of your Information may be subject to, and controlled by, the third party’s own privacy policy as well as the third party’s service contract with StayWell (if any). 

 

We may also share your Information with a third party provider of rewards for incentive points earned by using the StayWell Services, including eligibility information, dollar value, points earned, award message, and delivery information such as physical address or email address. 

 

We may also share limited Information with third party service providers offering wellness programs in order to confirm your eligibility to participate in such programs. 

 

Legal Compliance and Protections: We may also disclose your Information to third parties when such disclosure is reasonably necessary to (a) enforce or apply the terms and conditions of the StayWell Services, including investigation of potential violations thereof, (b) comply with legal or regulatory requirements or an enforceable governmental request, (c) protect the rights, property or safety of us, our users or other third parties, (d) prevent a crime or protect national security, or (e) detect, prevent or otherwise address fraud, security or technical issues. 

Corporate Transactions: Additionally, we may disclose and transfer your Information to a third party in the event of a sale, merger, or transfer of all or substantially all of the assets of our company relating to the StayWell Services, or in the unlikely event of a bankruptcy, liquidation, or receivership of our business. 

 

Your Employer:  We may also provide certain Information to your Employer to notify them whether or not you have completed your Health Assessment and/or to notify them whether or not you are eligible for an incentive, in compliance with applicable law.  If you were not eligible for an incentive and you request a reconsideration of that determination, we will provide your Employer with the following information for health plan administration purposes only: whether or not you have completed your Health Assessment or the follow up program(s) tied to the incentive, and the date of completion. 

 

Plan and Plan Vendors. StayWell may share your Personal Health Information with your Plan or with vendors of your Plan, as directed by your Plan for the purpose of health plan administration, in compliance with the requirements of HIPAA and other applicable laws.  Your Plan may request that we receive, store and display certain information provided by third-party vendors that offer services on behalf of the Plan, such as disease management vendors and third party administrators. Your Plan may also direct us to disclose your information to a third party that provides services on behalf of your Plan, in order to carry out specific activities related to the wellbeing program, or for health plan administration purposes. We may also provide certain Personal Information and Personal Health Information to your Plan for purposes of treatment, payment and health care operations, including benefits administration, appeals, and incentive management, in compliance with HIPAA and other applicable law.

 

Aggregate and Anonymous Data.  StayWell may disclose anonymous and aggregated information about our other users, to our clients, business partners, merchants, advertisers, investors, potential buyers and other third parties provided that such information cannot be associated with or linked to an individual or household. 

 

User Disclosures.  Some Personal Information is disclosed as a matter of course as a result of your use of certain services such as the Community Wall.  Any Personal Information shared by you via any public forum using the StayWell Services or on another website (such as Facebook, Google, LinkedIn, Instagram or Twitter) may become public information. We cannot control the use of information disclosed in these public forums. You should exercise caution when disclosing information in these public areas, especially your Personal Health Information and location data, and be careful how you disclose your Personal Information. Content posted in public areas of the StayWell Services, including advice and opinions, represents the views and is the responsibility of those who post the content. We do not necessarily endorse, support, verify, or agree with the content posted. If you have any questions or comments about any content posted using the Staywell Services, please contact us at the address below.

USERS ASSUME ALL RESPONSIBILITY FOR ANY LOSS OF PRIVACY OR OTHER HARM RESULTING FROM THEIR OWN VOLUNTARY DISCLOSURE OF PERSONAL INFORMATION IN PUBLIC FORUMS.

 

Your rights and choices as a participant

 

  • You have the right to be treated with respect. As a participant, you have the right to be treated courteously and respectfully by StayWell and to receive services that (1) respect your privacy and dignity, (2) help you achieve your wellbeing goals, and (3) do not discriminate against you, regardless of your race/color, ethnicity, religion, national origin, disability, gender, age, marital status, or sexual orientation. As a participant you may not engage in offensive and/or abusive conduct when using the StayWell Services, including but not limited to posting offensive and/or abusive content on the portal or mobile apps, using an offensive nickname or posting offensive pictures.  If you engage in offensive/abusive conduct, StayWell may remove any offensive/abusive content and may limit your access to the StayWell Services.  If you see content posted by another StayWell Services user that you feel is offensive or abusive, please contact the StayWell Helpline at 1-800-926-5455.

 

  • Marketing and advertising. StayWell does not accept any advertising on the StayWell website, portal or mobile Apps, and StayWell does not receive income from sponsors or advertisers. From time to time StayWell may offer programs or solutions in which StayWell has a financial interest. Those relationships will be prominently disclosed on the portion(s) of the StayWell Services where these programs or solutions are offered. Any mention of a particular service is otherwise not an endorsement but mentioned to you so that you will be aware of programs for which you are eligible.

 

  • E-mail, text and unsubscribing. StayWell and its agents may use postcards or letters, e-mail or SMS text to send you notifications on behalf of your Employer or Plan about programs and services available to you.  By submitting your Personal Information to us that includes your telephone number (which submission you understand and agree to constitute making an “inquiry” to StayWell and its affiliated entities), you accept the terms of this Privacy Policy (as evidenced by your clicking “agree,” “accept,” or similar), and you expressly consent to receive these letters, e-mails, texts, or phone calls from StayWell and its agents at the e-mail address or phone number in your StayWell profile whether or not you are on the Do Not Call list (federal or state). In addition to these general program e-mails, calls, and texts, StayWell or its agents may send you targeted e-mails or texts to notify you of programs that may be available to you, such as programs that you qualify for based on your Health Assessment results.  You may unsubscribe from targeted emails or texts at any time.  Please note that unsubscribing from StayWell targeted e-mails and/or texts will not affect e-mails or texts you receive from StayWell and its agents that are sent on behalf of your Employer or Plan.  By including your telephone number and/or email address in any submission to StayWell, you are extending an express invitation and providing your express written consent to StayWell and our agents and service providers (i) to contact you by telephone at the numbers you have provided (including through auto-dialed, pre-recorded, artificial voice, and/or text messages) so we or they may assist you with your use of the StayWell Services, and/or notify you of programs that may be available to you, and you hereby consent to any such calls even if your phone number is on any Do Not Call list; and (ii) to contact you by email at any email address you provide. You agree that StayWell has obtained your consent to receive a prerecorded message call in a manner permitted by the Electronic Signatures In Global and National Commerce Act (E-SIGN Act).

 

How StayWell Protects your Information

We have technical, administrative, and physical security measures in place to protect your Information from unauthorized access or disclosure and improper use.  For example, we utilize a confidential subscriber identifier and unique user password limit access to the StayWell Services and the Information of the users. Note, users of the StayWell Services should not share their passwords with others. You are responsible for maintaining the privacy and security of your individual username and password. You should take care to access the Services on private computers and/or close out of your browser session to avoid unauthorized access to your account if accessing on shared or public computers.  Whenever Information is transmitted to or from StayWell’s systems, it is encrypted using Secure Sockets Layer (SSL) technology, the standard for secure communication over the Internet.  Information is stored on StayWell’s servers behind a firewall, a device that is intended to prevent unauthorized users from accessing data on our servers.  However, despite our precautions no security measure is ever perfect or impenetrable, so we cannot guarantee the security of your Personal Information.

Third Party Links.  Please be aware that the StayWell Services may contain links to websites that are not operated by, affiliated with or endorsed by StayWell. Because these third-party sites are not under our control, we cannot be responsible for them, and this Privacy Policy does not apply to the privacy or security practices of those sites. Information you disclose once you access those other sites is not subject to this Privacy Policy. We encourage you to review the privacy policies of these linked sites for an explanation of how they may use your information.

 

California Privacy Rights.

 

California Consumer Privacy Act. The California Consumer Privacy Act of 2018 (“CCPA”) provides California residents with specific rights regarding their Personal Information.  This section describes your CCPA rights and explains how to exercise those rights. This section applies solely to our users who are California residents as defined under the CCPA.

 

Categories of Information We Collect.  Within the last twelve (12) months, we have or may have collected the following categories of information from our users:

  • Identifiers;

  • Personal Information listed under Cal. Civ. Code § 1798.80(e);

  • Protected classification characteristics under California or federal law;

  • Commercial information;

  • Biometric information;

  • Internet or other similar network activity;

  • Geolocation data;

  • Sensory data;

  • Professional or employment-related information; and

  • Inferences drawn from other Personal Information.

Categories of Sources from Which Personal Information is Collected.  We obtain the categories of Personal Information listed above from the following categories of sources:

  • From your Employer;

  • From third-party vendors (such as biometric screening vendors) that have been directed by you or your Employer to send your Personal Information to us;

  • Directly from you when you use the StayWell Services; and

  • Indirectly from you through our use of cookies and other similar technology.

Using and Sharing Personal Information.  The Personal Information described in the categories above may be used for the business purposes listed above under the “How We Use Your Information” section.

 

We disclose your Personal Information for a business purpose to the following categories of third parties: (a) service providers, and (b) third parties to whom you authorize or direct us to disclose your Personal Information in connection with the StayWell Services.  In the preceding twelve (12) months, we have disclosed the Personal Information in the categories listed above for a business purpose. 

 

Personal Information “Sold” to Third Parties.  In the preceding twelve (12) months, we have not sold your Personal Information to third parties.

 

Your Rights Under the CCPA.  Upon verification of your identity you may:

  • No more than twice in any 12-month period, request disclosure of the following information:

    • Categories of Personal Information we collect.

    • Categories of sources from which Personal Information is collected.

    • Categories of Personal Information sold or disclosed to third parties.

    • Categories of third parties with whom such Personal Information is sold or disclosed.

    • Business or commercial purpose for collecting or selling Personal Information.

    • Specific pieces of Personal Information we collect.

  • Request access to certain Personal Information we have collected.

  • Request deletion of your Personal Information, subject to the exceptions provided by law.

  • Opt-out from having your Personal Information sold to third parties, if applicable. 

 

Requests can be submitted by emailing us at privacy@staywell.com.  Please note that these rights apply only to select California consumers and exclude applicants, employees, and business contacts.  Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. 

 

The verifiable consumer request must:

  • Include your full legal name and phone number, which we will need to contact you in order to verify that you are the person about whom we collected Personal Information or an authorized representative.

  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.  Making a verifiable consumer request does not require you to create an account with us.  In order to verify your identity, one of our representatives will call you at the phone number provided.  You will need to provide your name, date of birth and last four digits of your social security number in order to verify your request.  We will only use this information to verify the requestor’s identity or authority to make the request.

 

Nondiscrimination.  The CCPA provides the right to be free from discrimination if you choose to exercise your rights under the statute, including but not limited to, by:

  • Denying you goods or services.

  • Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

  • Providing you a different level or quality of goods or services.

  • Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

 

Shine the Light.  A California resident who has provided Personal Information to a business with whom he/she has established a business relationship for personal, family, or household purposes (“California Customer”) is entitled to request information about whether the business has disclosed Personal Information to any third parties for the third parties’ direct marketing purposes.  In general, if the business has made such a disclosure of Personal Information, upon receipt of a request by a California Customer, the business is required to provide a list of all third parties to whom Personal Information was disclosed in the preceding calendar year, as well as a list of the categories of Personal Information that were disclosed.  However, under the law, a business is not required to provide the above-described lists if the business adopts and discloses to the public (in its privacy policy) a policy of not disclosing a customer’s Personal Information to third parties for their direct marketing purposes unless the customer first affirmatively agrees to the disclosure, as long as the business maintains and discloses this policy.  Rather, the business may comply with the law by notifying the customer of his or her right to prevent disclosure of Personal Information to third parties for direct marketing purposes and providing a cost free means to exercise that right.  To prevent disclosure of your Personal Information for use in direct marketing by a third party for its own purposes, do not opt in to or authorize such use when you provide Personal Information through the Services.  Please note that whenever you allow your Personal Information to be shared with a third party to communicate with you (including StayWell), your information will be subject to that third party’s privacy policy.  If you later decide that you do not want that third party to use your information, you will need to contact the third party directly.  You should always review the privacy policy of any party that collects your information to determine how that entity will handle your information.  California Customers may request further information about our compliance with California’s privacy law by e-mailing privacy@staywell.com. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this e-mail address.

 

Do Not Track.  Some web browsers incorporate a “Do Not Track” feature (DNT) that signals to the websites that you visit that you do not want to have your online activity tracked. Many websites and applications, including the StayWell Services, do not currently respond to web browser DNT signals because such signals are not yet uniform. For more information about DNT signals, please visit http://allaboutdnt.com. However, we also do not track your online activities over time and across third-party websites or online services or allow third parties to do so.

 

EU Privacy Rights.

 

General Data Protection Regulation

 

The EU General Data Protection Regulation and UK General Data Protection Regulation (together 'GDPR') require certain information to be provided to data subjects located in the European Union, and grant them certain rights regarding their personal data. This section applies solely to the processing activities that are governed by the GDPR.

  1. Who is in charge of the data processing?
     

    • When you access the StayWell Services through a corporate program, your employer and The StayWell Company, LLC, 800 Township Line Road, Yardley, PA 19067, United States (“Staywell”) are separate controllers of certain processing activities related to your personal data. StayWell has appointed Aptus Health International France SAS as its representative in the European Union. StayWell’s Data Protection Officer can be contacted at privacy@staywell.com. This Privacy Notice describes how Staywell processes your personal data.

  2. What legal grounds is StayWell relying on to use personal data?

    • We may process your personal data in order to perform a contract with you (e.g., to deliver the StayWell Services you have requested) or in order to take steps at your request prior to entering into such contract. For example, we may process your personal data to:
       

      • In order to provide you the StayWell Services, you need to create an account with StayWell and we need to verify you as the account owner.
         

      • As part of the StayWell Services, we may need to contact you in order to provide you with information about your account or other health management and wellbeing program services.
         

      • As part of the StayWell Services, we propose personalized services and more relevant content which is tailored to you, based on the information you provide to us and on the information we collect as part of your use of the Services.
         

      • As part of the StayWell Services, we provide you information for general service and transactional purposes, such as answering your questions, administering your account, responding to your complaints, and processing your data subject rights requests.  The communication channels we use may include email, phone, and online chat via the portal.
         

      • We offer health management and wellbeing programs as part of the StayWell Services, and in order for you to participate in these programs, we may receive certain types of data from contractors engaged by us, your employer, or your Plan.  These contractors may include entities that offer biometric screenings or flu shot services.
         

    • We may process your personal data for the purposes of our legitimate interests or for the legitimate interests of third parties (e.g., your employer or company), provided that such processing shall not outweigh your rights and freedoms. For example, we may process your personal data to:
       

      • Comply with laws that apply to us.
         

      • Enable or administer our business, such as for quality control, consolidated reporting, and customer service.
         

      • Manage corporate transactions, such as mergers or acquisitions.
         

      • Understand and improve our business and services.
         

    • Finally, we may process your personal data when you have given your explicit consent to a particular processing of your personal data, in particular:
       

      • To process the sensitive personal data you provide to us.
         

      • To send you newsletters, marketing materials, and other promotional offers.
         

    • Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object.
       

  3. Transfers of personal data outside of the European Economic Area
     

    • ​StayWell, who is the controller of your personal data, is located in the United States. As part of providing you the Services, your personal data is therefore processed by StayWell in the United States. StayWell may also transfer your personal data to third parties service providers to help us provide services to you. This includes for instance WebMD Health Services Group, Inc., which is an affiliate of StayWell located in the United States, and which stores the data collected on My StayWell. This means that if You are located in the EU, your personal data is transferred to the US, which is not considered to have the same level of data protection as in the EU. However, we have implemented appropriate safeguards by entering into standard contractual clauses with our affiliates located outside the EU so as to ensure an adequate level of protection.  Information may be stored and processed in any country where StayWell has engaged service providers such as in the US. We may also transfer aggregated information and de-identified data or, if you have consented to it, your personal data to our clients located outside the EU. These operations may also involve transfers to countries which do not have data protection laws considered to be equivalent to those under EU law. However, we ensure all data transfers comply with applicable legal requirements (for example, by implementing appropriate contractual clauses).
       

  4. How long will personal data be retained?
     

    • ​StayWell will retain your personal data up to ninety (90) days after your account deactivation. Thereafter, the data will be archived in order to comply with applicable law or regulation that you, StayWell, or your employer or Plan may be subject to, such as the Health Insurance Portability and Accountability Act (HIPAA), or the data will be fully anonymized.
       

  5. What are Users' rights regarding their personal data?
     

    • ​In so far as granted by applicable law (in particular in the European Union), You may ask for access to your personal data or ask us to rectify, erase, restrict or port your personal data and object to the use of your personal data. To exercise these rights or if You have any questions/comments regarding your personal data and its use, please contact us at privacy@staywell.com. When the personal data processing is based on your consent, You have the right to withdraw your consent concerning such data processing, at any time, without affecting the lawfulness of processing based on consent before your withdrawal, by sending a written request to the following email address: privacy@staywell.com. For processing necessary to perform the contract, or based on legitimate interest, we may not be able to accommodate your request to stop the processing, or if we do so, it may mean that You can no longer access the StayWell Services.
       

  6. What if You have concerns?
     

    • You have a right to complain to your local data protection authority if You are concerned about how your personal data is used through or in the context of the StayWell Services.
       

  7. Do I have to provide personal data?
     

    • Some of the personal data is required if You become a StayWell member. If You do not want to provide your (or part of your) personal data, You may not enjoy all or part of the StayWell Services.
       

  8. Do we make automated decisions about You?
     

    • We make no automated decisions about you that create legal effects or otherwise significantly affect You.
       

  9. Our safeguards and security measures.
     

    • We have implemented technology and security measures to protect your personal data from unauthorized access, disclosure, improper use, alteration, unlawful or accidental destruction, and accidental loss.

    • These measures include, but are not limited to, the use of firewalls, the use of Secured Sockets Layer (SSL) to ensure an encrypted connection between our web server and your browser, and encryption of your data while stored on our servers. Personal information is stored on limited access servers and physical access to our servers requires individual authorization and authentication. In addition, we require that all of our employees and others who have access to or are associated with the processing of your data keep your personal information confidential. We regularly train our employees on proper use and handling of personal information. Our service providers are also required to maintain security measures similar to ours.

    • We use security methods to determine the identity of registered users, so that appropriate rights and restrictions can be enforced for these users. If You are a registered user, we require a user ID and password to authenticate You. You are responsible for maintaining the security of your login credentials.

    • By using the StayWell Services or providing personal information to us, You acknowledge that we may communicate with You electronically about security, privacy, and administrative issues relating to your use of the StayWell Services. If You have any reason to believe that your interaction with us is no longer secure, please contact us immediately at privacy@staywell.com.

 

We have implemented technology and security measures to protect your personal data from unauthorized access, disclosure, improper use, alteration, unlawful or accidental destruction, and accidental loss.

 

These measures include, but are not limited to, the use of firewalls, the use of Secured Sockets Layer (SSL) to ensure an encrypted connection between our web server and your browser, and encryption of your data while stored on our servers. Personal information is stored on limited access servers and physical access to our servers requires individual authorization and authentication. In addition, we require that all of our employees and others who have access to or are associated with the processing of your data keep your personal information confidential. We regularly train our employees on proper use and handling of personal information. Our service providers are also required to maintain security measures similar to ours.

 

We use security methods to determine the identity of registered users, so that appropriate rights and restrictions can be enforced for these users. If You are a registered user, we require a user ID and password to authenticate You. You are responsible for maintaining the security of your login credentials.

 

By using the StayWell Services or providing personal information to us, You acknowledge that we may communicate with You electronically about security, privacy, and administrative issues relating to your use of the StayWell Services. If You have any reason to believe that your interaction with us is no longer secure, please contact us immediately at privacy@staywell.com.

 

Canadian Privacy Rights

 

Cross-Border Transfer.  The collection, use and disclosure of your Personal Information through the App or StayWell Services is governed by applicable Canadian laws is also subject to US privacy laws.  StayWell may transfer your Personal Information outside Canada to its affiliates or third-party service providers with operations in other countries, which are subject to laws of a foreign jurisdiction.  StayWell transfers and stores Personal Information on StayWell servers in the US.  By accepting this Privacy Policy, using the App or providing us with your Personal Information you acknowledge and consent to your Personal Information being processed by third parties on StayWell’s behalf and transferred, accessed and/or stored in countries outside Canada.

 

Canada Anti-Spam Law.   In accordance with Canadian Anti-Spam laws, we obtain your consent in order to send you commercial electronic messages.  You may subscribe or unsubscribe to receive marketing communications from us, such as announcements of new features. We do not share email addresses or other contact information with third parties without your permission. 

 

Consent for StayWell Services.  StayWell will seek your specific consent for the collection, use or disclosure of Personal Information in connection with StayWell Services that involve the provision of health care or wellness services.  The purposes for which this Information is collected, used or disclosed are set out at the time of collection.

 

Withdrawal of Consent, Access and Correction.  You may withdraw your consent for the collection, use or disclosure of Personal Information at any time by notifying privacy@staywell.com, however such withdrawal shall not have retroactive effect.  You may also make a request to access or correct your Personal Information by making a request in writing.

 

Personal Data Privacy Notice under Mexican Law.

 

Privacy Notice. This privacy policy constitutes the personal data privacy notice (the “Privacy Notice”) required under the Federal Protection Law of Personal Data in Possession of Private Parties and its Regulations of the United Mexican States (collectively, the “Mexican Privacy Law”). In compliance with Mexican Privacy Law, this Privacy Notice sets forth above (i) what Personal Information we collect from you, (ii) how we collect your Personal Information, (iii) how we use your Personal Information and (iv) how we share your Personal Information with third parties.

 

Consent. Pursuant to Mexican Privacy Law, you hereby agree and grant your express consent for StayWell to use your Personal Information in accordance with the terms and conditions of this Privacy Notice, unless you oppose such use.  At any time you may revoke your consent in writing as hereinafter set forth below in the paragraph “ARCO Rights”.

 

Security of your Personal Information. This Privacy Notice sets forth above the administrative, technical and physical security measures that we have implemented to protect your Personal Information from unauthorized access or disclosure and improper use. Compliance of such measures shall be likewise requested from any third parties with whom we share your Personal Information.

 

ARCO Rights. As holder of the Personal Information, you may exercise your rights of access, rectification, cancellation and opposition to the use of your Personal Information (“ARCO Rights”) provided by Mexican Privacy Law, or your right to revoke your consent granted to StayWell for the use of your Personal Information by contacting us as set forth below.

 

For such purposes, you shall provide the following: (a) name and address or other means to give you a response to your request; (b) your identification documents or, if applicable, legal representation documents; (c) a clear and precise description of the Personal Information with respect of which you wish to exercise any of the ARCO Rights; (d) your express revocation of your consent, if applicable, to the use of your Personal Information and, therefore, to stop using the same; and (e) any other element which may facilitate the identification of the Personal Information.

 

Australian Privacy Rights

 

Australian Privacy Act. The Australian Privacy Act 1968 (“Privacy Act”) provides Australian citizens with certain rights regarding their Personal Information. This section contains additional information about StayWell’s collection, use and disclosure of Australian users’ Information through the App or StayWell Services.

 

Definition of Personal Information: For Australian users of the App or StayWell Services, Personal Information has the meaning set out in the Privacy Act, which at a high level includes any information or opinion about an individual who is reasonably identifiable.

 

Accuracy of Personal Information:  We try to maintain your personal information as accurately as reasonably possible. We rely on the accuracy of personal information as provided to us both directly (from you) and indirectly. We encourage you to contact us if you become aware of any personal information we hold about you is incorrect or to notify us of a change in your personal information. Our contact details are set out in the section of this Privacy Policy titled “Questions about this Privacy Policy”.

 

Complaints: If you have any questions, comments or complaints about our collection, use or disclosure of personal information, or if you believe that we have not complied with this Privacy Policy or the Privacy Act, please contact us (StayWell’s contact details are set out in the section of this Privacy Policy titled “Questions about this Privacy Policy”).  We will take any privacy complaint seriously and any complaint will be assessed with the aim of resolving any issue in a timely and efficient manner.  We request that you cooperate with us during this process and provide us with any relevant information that we may need. 

 

If you are not satisfied with the outcome of our assessment of your complaint, you may wish to contact the Office of the Australian Information Commissioner.

 

Overseas disclosure of Personal Information: StayWell may disclose Personal Information outside of Australia to our related bodies corporate, service providers and other third parties including those located in the United States.

 

Changes to the Privacy Policy

 

From time to time, StayWell may change this Privacy Policy and our privacy practices because of changes in legal or regulatory requirements, in our business practices, or to provide you with better services. When we do, we will post a revised Privacy Policy on our website. When the change involves how we handle your Information, we will bring it to your attention when you log in or notify you by e-mail.

Please note that the StayWell Services and this Privacy Policy are not used to communicate with you about changes to your Plan’s privacy practices, the Plan’s notice of privacy practices, or the Plan’s disclosure of your Information.

 

Questions about this Privacy Policy

 

If you have questions about this Privacy Policy, or any of StayWell’s other services, or if you would like to receive information about StayWell or its staff qualifications or to request a copy of your Information, please contact us at privacy@staywell.com or by writing to:

 

The StayWell Company, LLC 
Attention: Legal Department 
800 Township Line Road, Suite 100

Yardley, PA 19067

 

Use of the StayWell Services is subject to the Terms of Use found on the “My Account” page of the portal or to the separate terms of use found on the App and/or staywell.com.

 

Copyright © 2021. The StayWell Company, LLC.  StayWell is a registered trademark of The StayWell Company, LLC or its affiliates.

 

Revised April 16, 2021