WELLD HEALTH, LLC PRIVACY POLICY
Last Modified: April 3, 2019
Effective Date: April 3, 2019
This Privacy Policy (this “Privacy Policy”) describes the privacy practices for the Welld Website, the Welld Application, and associated Welld Service. WELLD HEALTH, LLC, a Delaware limited liability company, is referred to herein as “Welld”, “we”, “us”, or “our”, Welld respects your privacy and seeks to protect the privacy of its users through this Privacy Policy. If you choose to download or use the Welld mobile Application or the Welld Website Application (the “Application”), then this Privacy Policy is part of the Welld End User License Agreement, located at https://welldhealth.com/eula (the “EULA”). If you are reading a printed version of the Privacy Policy, an online copy of this Privacy Policy may be downloaded from the above link.
PLEASE CHECK THIS PRIVACY POLICY FREQUENTLY. WE MAY MODIFY THIS POLICY FROM TIME TO TIME, AS DESCRIBED IN PARAGRAPH 3. THIS NOTICE DESCRIBES HOW MEDICAL AND OTHER INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
1. DEFINITIONS.
Except as otherwise defined herein, capitalized terms used in this Privacy Policy have the meanings set forth in the EULA.
2. PURPOSE.
This Privacy Policy describes the types of information we may collect through your use of the Welld Service and our practices for collecting, using, and sharing that information. This Privacy Policy applies to information that we collect through the Welld Website, the Application, and the Welld Service. If you do not want to share information, you may decide to change how, or even if, you use the Welld Website, the Application, and the Welld Service. This Privacy Policy does not apply to information that you provide to third parties. Third parties may have their own policies and practices. In addition to the above link, this Privacy Policy will be available upon request in our office and on the Welld Website. Please tell us if you would like to receive a paper copy of this Privacy Policy. Otherwise, we will provide it to you electronically.
3. UPDATES TO PRIVACY POLICY.
As technology changes and as our business grows and develops, we may modify this Privacy Policy from time to time. Changes to this Privacy Policy will be made and will become effective upon our delivery of notice to you via email at the address you provided in connection with your use of the Welld Website, the Application, or the Welld Service. Any updates to this Privacy Policy will be available upon request in our office and at the above link on the Welld Website. Please tell us if you would like to receive paper copies of updates to this Privacy Policy. Otherwise, we will provide them to you electronically.
4. MINORS.
Use of the Application, Welld Website, or the Welld Service by anyone under 18 years old, including anyone under thirteen (13) years old, is expressly prohibited.
How does the Welld Service work?
5. THE WELLD SERVICE.
5.1 Introduction.
Welld provides online services that seek to connect fitness tracking information of a user with that user’s fitness club, physician, or employer’s wellness program.
(a) If you are just a visitor to the Welld Website, then the information Welld will collect will focus on your interaction with the Welld Website, such as non-personal browser information, website analytics, and information you may submit to us by email, as described in Section 9.
(b) If you decide to download our Application, you will be asked to provide information and register with Welld, and the information Welld will collect will expand to include your interaction with both the Application with the Welld Service. You can stop here and just enjoy the Application and Welld Website. You are not required to connect or interact with your fitness club, physician, employer’s wellness program, or others.
(c) However, if you choose to connect with others, then information will be shared with your connections as described below (and in the EULA), and you can make full benefit of the Welld Service.
Some of the description of the Welld Service, including definitions, may be repeated within the EULA or on the Welld Service. We want to ensure that you have the opportunity to understand how the Welld Service works, and how your information is handled.
5.2 Registration.
As used in this Privacy Policy, “Welld Service” (or “Service”) means, collectively, the Welld Website, the Application, and all related systems and services provided by Welld. In order to use the Application and the Welld Service to make connections with others, you must register with Welld and create an account (a “Welld Account”). Our registration process (which may change from time to time) currently requires you to complete a signup form, provide your e-mail address, and select a username and password (your “Login Credentials”). We may permit or require you to provide additional information in order to use the Welld Service or certain features of the Welld Service, which may consist of: (i) your name, date of birth, Social Security number (if provided), e-mail address, phone number, mailing address, and/or other identity or contact information (“Identity and Contact Information”); (ii) information about an End User’s physical activities (such as steps taken, distance walked, distance run, vital signs, blood pressure, or pulse) (“Activity Data”); and (iii) your Program Results, your Connected Device Data other than Activity Data, and any information that relates to your past, present, or future health or wellbeing, the provision of health care to you, or the past, present, or future payment for the provision of health care to you (“Health Information”).
5.3 Connected Devices.
The Welld Service allows you to connect a variety of third party devices or services (“Activity Trackers”) to your Welld Account, which may then be used to track or measure your activity, such as number of steps taken or other Activity Data. When you connect an Activity Tracker to your Welld Account (each, a “Connected Device”), the information received from the Connected Device (“Connected Device Data”) will be added to or associated with your Welld Account. Welld may use third-party service providers to connect to an Activity Tracker, and the Connected Device Data may come from that third party under the terms of any privacy policy associated with your Activity Tracker.
6. WELLD CONNECTIONS.
6.1 Definitions.
A (i) “Welld Connection” means a connection established between an Account and a Licensed Participant; (ii) “Licensed Participant” means a person or organization that has been licensed by Welld to access and use the Welld Service in connection with End Users with whom a Welld Connection has been established - in other words, a Licensed Participant is a fitness club, physician, employer, or other party that is eligible for connection by users; (iii) “Participating Fitness Club” means a fitness club that has been licensed by Welld to access and use the Welld Service; (iv) “Participating Physician” means a healthcare provider that has been licensed by Welld to access and use the Welld Service; (v) “Participating Employer” means an employer that has been licensed by Welld to access and use the Welld Service; and (vi) “Reported Information” means information about an End User that is provided or reported to Welld by a Licensed Participant (or other third party) or is submitted or entered into the Welld Service by a Licensed Participant.
6.2 Creation of Welld Connections.
Making a Welld connection with any other party is your choice. You may choose to create or accept Welld Connections with Participating Employers, Participating Fitness Clubs, or Participating Physicians (a “Connected Party”, or “Connected Parties”). You may terminate your Welld Connections at any time. When the Welld Connection with a Connected Party is terminated, that Licensed Participant will no longer have access to Shared Account Information stored in the Welld Service (except Identity Verification Information as defined below.)
6.3 Shared Account Information.
Welld will share the following categories of Account Information (“Shared Account Information”) as follows:
(a) Participating Employers:
(i) your Identity and Contact Information, (ii) the status or your enrollment in Wellness Programs, but not the identity of the specific Program, (iii) the Challenges in which you choose to participate and the results of your participation and the Activity Data associate with those Challenges, (iv) aggregated Program Results for all End Users that have established Welld Connections with that Participating Employer, (v) aggregated, deidentified results of any health screenings required by the Participating Employer, and (vi) other Account Information as permitted by the EULA and this Privacy Policy.
(b) Participating Fitness Clubs (if a Connected Party):
(i) your Identity and Contact Information, (ii) enrollment in Programs, if any, and the status of your enrollment, (iii) your Program Results (as defined below), (iv) the Challenges (as defined below) in which you choose to participate and the results of your participation; (v) your Activity Data; (vi) your Connected Device Data, and (vii) other Account Information as permitted by the EULA and this Privacy Policy.
(c) Participating Physicians (if a Connected Party):
(i) your Identity and Contact Information, (ii) the Programs (as defined below) in which you have enrolled, if any, and the status of your enrollment, (iii) your Program Results (as defined below), (iv) the Challenges (as defined below) in which you choose to participate and the results of your participation; (v) your Activity Data; (vi) your Connected Device Data, and (vii) other Account Information as permitted by the EULA and this Privacy Policy.
6.4 Integration of Shared Account Information.
Each Connected Party may integrate your Shared Account Information into an information system outside of the Welld Service or otherwise print, download, or copy your Shared Account Information outside of the Welld Service, and Welld can neither control how such Shared Account Information is used or anonymize, de-identify, or delete such Shared Account Information when your Welld Account is closed. How a Connected Party is permitted to use your Shared Account Information is determined by the nature of your relationship with the Connected Party and any separate agreement you may have with that Connected Party. You understand and agree that Welld is not responsible or liable for any misuse of your Shared Account Information by Licensed Participant
6.5 Challenges.
Licensed Participants may, from time to time, promote a competition or challenge for End Users to engage in certain physical activities (such as taking a certain number of steps within a specified period of time) (a “Challenge”). When you choose to participate in a Challenge, your Activity Data that relates to the subject of the Challenge will be shared with the Connected Party sponsoring the Challenge.
7. Programs.
If you enroll in a fitness, health, or exercise program licensed through the Welld Service (“Program”), specific information about your enrollment in the Program and the activities, measurements, outcomes, and results associated with each Program in which you have enrolled (“Program Results”) will be shared with your Welld Connections. Some Programs may require you to complete the Program through a Participating Fitness Club and to establish a Welld Connection with such Participating Fitness Club before enrolling in the Program. Some Programs may only be available through a referral from a Participating Physician, and you may be required to establish a Welld Connection with a Participating Physician before enrolling in the Program. In the event that you close your Welld Account or delete your Welld Connection with the Participating Fitness Club or with the Participating Physician associated with a Program enrollment, that Program enrollment will be cancelled automatically.
What information does Welld collect, and how is it used?
8. DEFINITIONS.
It may be useful to describe some types of information used in this Privacy Policy:
“Personal Information” means personally-identifiable information (information relating to an individual that can be used to identify, locate, or contact that individual, alone or when combined with other personal or identifying information), such as: name, home or physical address, e-mail address, phone number, or personal characteristics (such as photos, age or date of birth, race, gender, height, weight, occupation, education, Health Information, Sensitive Information (as defined below)), or any other information about an individual that we collect through the Welld Service or maintain in personally identifiable form.
“Sensitive Information” means Social Security numbers, passport numbers, driver’s license numbers, insurance policy numbers, Login Credentials, or other similar information.
“Non-Personal Information” means information or content other than Personal Information, including, for example, aggregated, anonymized, or de-identified information about users and other information that does not identify any individual.
9. TYPES OF INFORMATION COLLECTED.
As described in the Introduction above, the type of information collected and used will depend on how you use the Welld Service. For example, if you just visit the Welld Website and do not submit any Personal Information to Welld, then Section 11 should not apply to you because Welld would not have received your Personal Information. Alternatively, if you register, use the Application, and use the Welld Service to connect with your physician, then Section 11 may apply for any of your Connected Devices.
9.1 Visitor Information.
We may automatically collect information about you when you use the Welld Website, the Application, and the Welld Service, such as the materials you access, the amount of data transferred, the links you click, the amount of time you spend interacting with content, and other information about your interactions with the Welld Website, the Application, and the Welld Service, as well as certain standard information that your browser sends to every website that you visit, including your Internet Protocol (IP) address, operating environment (such as browser type and version, browser plugins installed, operating system version, regional and language settings, screen size and/or resolution, windows size, and page size), access dates and times, and referring websites. We may also collect diagnostic information, including without limitation device hardware and operating system information, device state information, unique device identifiers, information relating to how the Welld Website and the Application function on the device you use to access the Welld Service. We may share such diagnostic information and other Non-Personal Information with our service providers to diagnose and improve the Welld Website, the Application, and the Welld Service. The Welld Service may use cookies (and similar technology such as HTML5 local storage), flash cookies, web beacons, and other technologies for a variety of purposes, such as providing the Welld Service, saving and retrieving information about you, your visit, and assisting in displaying promotions and advertising that are relevant to you. We may use such technologies to share NonPersonal Information with third parties or to retrieve Non-Personal Information from third parties. At this time, the Welld Service does not respond to “Do Not Track” signals sent to us by your browser.
9.2 Google Analytics.
We may, from time to time, use a tool called “Google Analytics” (including Demographic and Interest Reporting features) to collect information about your use of the Welld Service, which helps us provide content that is relevant to you and optimized for the devices that you use (such as smartphones and tablets). We respect and value your privacy, and we never combine the information collected through the use of Google Analytics with Personal Information. We use the information we receive from Google Analytics only to improve the Welld Service and our content and marketing. Google’s use and sharing of information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using Google’s Ad Settings tool. As an added privacy measure, you can use the Google Analytics Opt-out Browser Add-on.
9.3 Information Provided by You or Others.
In order to use the Welld Service, you must register for and create a Welld Account. When you create and use your Welld Account, you and your Connected Parties may provide us with a wide variety of information, such as your name, postal address, physical address, e-mail address, phone number, billing and payment information, Social Security number or other Sensitive Information, your Health Information, your User Content, and other types of information. We will store, share, and use such information only in accordance with the EULA and this Privacy Policy.
9.4 Cookie Policy.
We use cookies and other similar technologies, such as HTML5 local storage, to provide the Welld Website and Welld Service.
9.5 Cookies and Local Storage.
Cookies are small text files placed onto your device when you visit and interact with the Welld Website. Local storage is a technology that allows a website or application to store information locally on your device. These technologies enable us to provide and enhance your experience using the Welld Service.
9.6 How We Uses Cookies and Local Storage.
We use these technologies to provide the Welld Service to you and to analyze and improve the Welld Website, the Application, and the Welld Service. Our uses generally allow us to: (a) enable essential functions of the Welld Service, such as to facilitate logging you in to the Welld Service, protecting your security, and helping us fight spam, abuse, and violations of our Acceptable Use Policy (available at https://welldhealth.com/); (b) remember information about your browser and your preferences; (c) help us understand and measure how you use the Welld Website and the Application and to improve the Welld Service; and (d) help us deliver ads, measure their performance, and make them more relevant to you.
9.7 Blocking and Removing Cookies.
Most browsers allow you to modify your settings to accept or deny all cookies or to request your permission each time a website attempts to place a cookie on your device, and most browsers allow you to delete cookies that have already been placed on your device. However, the Welld Service will not function properly if you prevent it from placing cookies on your device. Your browser may allow you to limit cookies to those from websites you choose.
10. USE OF NON-PERSONAL INFORMATION.
We may use Non-Personal Information (including, for example, aggregated information about our users or information that does not identify any individual) for any purposes whatsoever (including without limitation, advertising, marketing, enhancing, designing, or developing products and/or services, and research), and we may share Non-Personal Information with others, including our partners, affiliates, and our service providers.
11. USE OF PERSONAL INFORMATION.
11.1 Storage of Personal Information.
We will only store and use your Personal Information as is reasonably necessary or appropriate in connection with your use of the Welld Service, including: (a) to contact you in connection with your use of the Welld Service, including to respond to your inquiries; (b) for authentication and identification purposes; (c) to enable us to provide the Welld Service; (d) to fulfill any other purpose for which such information has been submitted to us by you or your Connected Parties; (e) in any other way we may describe to you when you choose to provide the information; (f) to carry out our obligations and enforce our rights; (g) to provide you with relevant advertising and promotions; (h) to ensure your compliance with the EULA and/or to investigate any potential breach of the EULA; and (i) to protect our networks, data, software, or business interests. You understand and agree that we may transfer, process, maintain, and store your Personal Information, your Account Information, and other information with third parties in any country (or in multiple countries), including countries other than your country of residence or the country or countries where you use the Welld Service.
11.2 No Sale of Personal Information.
We are committed to protecting your privacy and we will not sell or lease your Personal Information to any third party, and we will not knowingly disclose your Personal Information to a third party if we know or have reason to believe that the third party will use your Personal Information for direct marketing purposes. We may use the information we have collected from you to enable us to display advertisements to our advertisers’ target audiences. Even though we do not disclose your Personal Information for these purposes without your consent, if you click on or otherwise interact with a third-party advertisement, the advertiser may have a different policy and may assume that you meet its target criteria.
11.3 Sharing of Personal Information.
We may share your name, contact information, and other information required (collectively, “Identity Verification Information”) with Licensed Participants who are in the process of becoming a Connected Party. Licensed Participants are only authorized to use Identity Verification Information to verify the identity of an End User in the course of creating or accepting a Welld Connection (as defined in the EULA) with you or another End User, except that your Connected Parties may use your Identity Verification Information (and other Shared Account Information) pursuant to the terms of the EULA and this Privacy Policy.
11.4 Disclosure of Personal Information.
In addition to using and disclosing your Personal Information in the manner described elsewhere in Privacy Policy (and the EULA), we may disclose your Personal Information:
(a) to your Connected Parties as described in the EULA;
(b) to any person, entity, or organization which you request or consent for us to disclose your Personal Information to, including through your use of certain features of the Welld Service that enable you to share your User Content or other Account Information with other Welld Users or other persons;
(c) to a buyer of, or other successor to us, in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Information held by us about our users is among the assets transferred.
(d) to any person, entity or organization in order to facilitate the provision of the Welld Service, subject to the limitations in this Privacy Policy and the EULA;
(e) to comply with any governmental requirements, subpoena, discovery requests, or court orders, to defend any legal or administrative proceedings, or as we believe in good faith is necessary to comply with any laws or legal requirements;
(f) as we believe is necessary or appropriate in an emergency situation, including without limitation, to prevent criminal activity, personal injury, or property damage;
(g) to law enforcement, financial institutions, or other appropriate authorities in connection with any investigation of suspected criminal or fraudulent activity by any person or entity; and
(h) if we believe it is necessary or appropriate to protect the rights, property, or safety of Welld, our users, or third parties (including, without limitation, to facilitate the enforcement of our rights under the EULA).
12. THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996, AS AMENDED (“HIPAA”).
If your Health Information is protected by HIPAA because it was obtained from, or created on behalf of, a Covered Entity (as that term is defined by HIPAA), Welld will comply with its obligations as a HIPAA Business Associate. Those obligations include, among other things, compliance with the Covered Entity’s Notice of Privacy Practices. You may exercise any rights granted to you by HIPAA by contacting Welld’s HIPAA Security Officer at Cassandra@welldhealth.com.
Here are some additional details:
13. SECURITY.
We have implemented what we consider to be reasonable measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, and disclosure. All information you transmit through the Welld Website and the Application is encrypted in transit using TLS. The safety and security of your information also depends in part on you. You are responsible for safeguarding your Login Credentials and notifying us immediately if you suspect your Login Credentials or Welld Account have been compromised. Unfortunately, the transmission of information via the Internet is not completely secure. Although we take reasonable measures to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to or through the Welld Service. Any transmission of Personal Information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures in the Welld Service by you or others.
14. THIRD PARTY SITES.
The Welld Service may contain links to other websites that are operated by third parties. Once you have clicked on a link connecting you to such third party website, you will leave the Welld Service and be taken to a website that we do not control. This Privacy Policy does not apply to any Personal Information (or other information) collected on a third party site. We suggest you read the privacy policy of the third party site before providing any Personal Information on such third party site. We are not responsible for any use by any person or entity of any information that you may provide while accessing or using any websites or services provided by a third party.
15. ACCESS TO AND CHANGE OF PERSONAL INFORMATION.
You may contact us at any time to: (a) request the removal of the Personal Information you provided to us from our databases; and (b) update your Personal Information. However, certain information associated with operation of the Welld Service may be retained permanently for legal, tax, and business reasons. In addition, because certain Personal Information may be necessary to provide the Welld Service to you, you understand that the removal of that Personal Information may require us to close your Welld Account. When your Personal Information (or other Account Information) is updated or deleted, copies of such information may remain in our backups for a period of time.
16. CONTACTING US.
You may contact us with questions relating to this Privacy Policy referenced herein, the Welld Service, or your Welld Account, you may contact us by email at legal@welldhealth.com or by mail at Welld Health, LLC, Attn: Chris Craytor, 455 2nd Street SE, Suite 301, Charlottesville, VA 22902.
17. YOUR CALIFORNIA PRIVACY RIGHTS.
To the extent you, as an individual, natural person, use the Welld Service, and you are a resident of California, then this section may apply.
FOR RESIDENTS OF CALIFORNIA ONLY.
Section 1798.83 of the California Civil Code requires select businesses to disclose policies relating to the sharing of certain categories of customers' personal information with third-parties. These businesses are required to accept requests for disclosures of these policies from customers but are only required to honor one request per calendar year. Businesses have thirty (30) days to respond to each inquiry to the designated address. Each inquiring customer will receive an explanation of the categories of customer information shared and the names and addresses of any third-party businesses. In limited circumstances, customers' failure to submit requests in the manner specified will not require a response from the business.
If you are a current Welld user in California, you may request such information from Welld by sending an email correspondence noting your name, address, and email address. You must also include a request that Welld provide such information to you using the following or similar verbiage. "I request that Welld provide its third-party information sharing disclosures required by section 1798.83 of the California Civil Code." The same request may be made by regular mail by sending the above information to the address in Section 16. We can be reached via e-mail at legal@welldhealth.com or you can reach us by telephone at (434) 974-9890.