Last revised on April 2020
The Wellness 360 program (the “Program”) is a voluntary employee wellness program that encourages healthy lifestyle changes. The Program is sponsored by your employer, your spouse’s employer, or other sponsoring organization (the “Program Sponsor”) and operated by Wellness 360 Technologies, Inc., (“Wellness360” "Us”, “We” or “Our”), a company established under the laws of the State of California.
This Privacy Notice applies to all Wellness360 programs unless a specific Privacy Notice has been published for the other program.
Wellness360 is committed to protecting customer privacy and rights. This Privacy Notice (the “Notice”) outlines the data we collect about you, how we store, interpret, and share the collected data through the platform (www.wellness360.co) and our mobile application. This Notice applies to all Personal Information, irrespective of whether it was collected online or offline. The Notice also defines your rights concerning your data, and how to contact us to request access, revisions, transfer, restriction, or deletion of the data collected about you.
Yes. We collect anonymous and Personally Identifiable Information about you in order to provide you with our program and services. “Personal Information” may imply any information, including personal data, and material facts, allowing identification of the person. The collected Personally Identifiable Information (PII) includes, but is not confined to:
Kindly note that the extent of the Personal Identifiable Information you may share with us will depend on the program and the features made available to you, based on your participation level in the program. Although you are not obligated to provide any Personal Information to us at any point in time, if you choose to withhold some Personal Information, we may not be able to provide you with certain services.
The sole purpose of collecting Personal Information is to provide you with access to our services, including:
We may also create “Anonymous Data” records by removing any Personal Identifiable Information (including any contact information) that would allow the remaining data to be linked back to you. The anonymous data may be used for internal purposes, including studying patterns and program engagement to improve our services. We may also use the anonymous data to investigate and interpret demographic trends, user behavior patterns and preferences, and data that can help us enhance the content and quality of the Program.
If you have opted to receive push notifications on your mobile device, we may send you push notifications with reminders and notifications. If you do not wish to receive such messages, you may turn them off from the device settings.
We may occasionally send you e-mails or newsletters with the program information, any available features, or related services. You may opt-in to receive our communications after you enroll in the program and platform, depending on your residing country rules. You may opt-out of the communications at any point in time during your active membership, at no extra costs, by changing your preferences in the Profile section or by contacting the support team.
You may share your phone number with us, or we may receive it from your program sponsor or third party. If you are a US resident, by accepting the relevant Membership Agreement for your Program, you give consent that we can contact you directly, including, but not restricted to, via phone, by an automated telephone dialing system, prerecorded and/or artificial voice, SMS, MMS, text, fax or other similar means, at any phone number included on your profile. You may update your profile at any time to change where and how we contact you.
We collect Personal Identifiable Information that you voluntarily provide when you submit it through the web-based platform and the mobile application, by reviewing your use of the web-based platform and mobile application (for example through the health assessment), your use of a synced tracking device, screenings, and when you participate in online or on-site services and events. We may also collect information about you and your participation in the program through engagement surveys. Depending on your Program design, your program sponsor may have the opportunity to create surveys (the “Wellness360 Surveys”) for its Members to complete.
We may also automatically collect additional information when you visit our web-based platform or mobile application, including the type of browser used, the internet service provider (ISP), referring and exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), date and time stamps of activity on the platform, the accessing IP address, and your device's operating system. We use this additional information to acquire a broad, non-specific understanding of the locations from which our Members access our services, and to enhance the security controls around platform access. We also use it to analyze trends, administer the web-based platform, track members’ movements on the platform and around the website, and gather demographic information about our member's base.
Depending on your wellness program, your program sponsor may create and submit customized Wellness360 surveys for its members to complete. Wellness360 does not contribute to the creation of the questions in these surveys and does not review the survey questions. If you decide to take part in these surveys, the aggregate results will be shared with your program sponsor. Your program sponsor will not be able to identify you from these reports. However, if the survey offered gives you the ability to respond to a question by writing in response, the response will be shared with the program sponsor. If you include identifiable Personal Information in these open-ended responses, your program sponsor may be able to identify you.
Depending on your program, you may have access to a health assessment questionnaire. Health assessments can be customized by program sponsors and may be used to assess your overall health, your lifestyle across multiple wellbeing areas, or both. If you do not want to share this type of information with us, you do not have to complete the health assessment. However, not completing the health assessment may not give the desired health insights about your health and wellness.
As is explained in the membership agreement, the Program is designed for adults over the age of 18. We do not knowingly collect Personal Information about children under the age of 18. If you believe that we have collected Personal Information about anyone under the age of 18, you can contact us to remove the Personal Information.
As a Program Member, you will be able to connect goal-tracking devices, such as smartwatches, smart scales, and other tracking devices, to your wellness account. If you choose to synchronize a tracking device with the program, we will receive limited information about your activity to populate your account. Tracking devices can track a wide number of different aspects of your daily activities, including, daily steps, fitness activity, distance, your heartbeat, calorie count, and sleep pattern. The data collected may vary based on the brand and model of the tracker in use. In general, companies selling tracking devices have specific privacy policies available, which outline what data the specific activity tracking device collects. We strongly suggest you review the right privacy notice to know what specific data points your activity tracking device collects about you.
Yes. We may receive information about you from various sources to support the program and services included in it. The sources may include:
Your Program Sponsor
Depending on your program, your Program Sponsor may provide us with your Personal Identifiable Information, called an "Eligibility File" to identify you as an individual who can join the Program and become a Member. Please contact your Program Sponsor directly if you do not wish for your Program Sponsor to send us your information. It is to be noted that if you are removed from the Eligibility File you cannot access or enroll in the Program.
Other Benefits Providers Hired by your Program Sponsor
In some cases, your Program Sponsor may offer benefits through other providers that integrate with the wellness program. With the consent of your Program Sponsor, we may exchange data with these other providers to provide our services to you. We may send them information, such as an employee ID, for your identification. They may send us your information specific to the program participation, either before or after you begin participating in the Program.
The Wellness360 Program Partners
Depending on your program design, you may have access to organizations through our program that partners with us to provide you
(a) Biometric or lab testing services or
(b) Additional health and related services (Our Program Partners).
If you use these services, the Program Partners may share activity information and results with us. This data sharing would be limited to information necessary to support your wellness goals or manage incentives in the Program.
Your Healthcare Provider
With your prior approval, we may receive healthcare-related information from your healthcare provider and any clinics or organized care facility with which your provider is associated.
Your Insurance Provider With the consent of your Program Sponsor, your health insurance provider may share claims-related information with us. We may use this claims-related information -
(a) To generate aggregate reports to help the Program Sponsor customize an effective program based on the specific needs of its member base;
(b) To recommend specific health and wellness objectives that would be most effective for you;
(c) To help identify effective health and wellness objectives based on changes to your claim history.
We may receive information about you from other sources including publicly available databases or third parties from whom we have purchased data. We combine this data with information we already have about you. We may also combine publicly available aggregated census and demographic data with your Personal Information. This can help us analyze our records to better evaluate the effectiveness of our services.
Examples of the types of Personal Information that we may obtain from public databases include:
Wellness360, its Program Partners, and vendors use tools such as cookies, tags, scripts, and other similar technologies to enhance and support user experience on the platform. These technologies help in managing the web-based platform and mobile application, measure traffic patterns, and the total user number, as well as to personalize and customize the platform’s content so that your settings are “remembered” when you log in.
We use mobile analytics software to allow us to review the functionality of our mobile software on your phone, to improve its quality, and our services. The mobile analytics software may record information such as how often you use the mobile application, the events that occur within the mobile application, crash reports, performance data, where the application was downloaded from, and other metrics, like aggregated usage. The information collected by the mobile analytics software is managed separately from other Personal Information you submit within the mobile application.
Our web-based platform and mobile application may contain links to other websites that we do not own or control. We provide these links and connections for your convenience. We have no control over these third parties, their privacy policies, and the content they display on their websites or mobile applications. If you choose to submit your Personal Information while visiting these websites or using these mobile applications, please be aware your rights will be governed by the third party's privacy policies. We strongly advise you to carefully read the privacy notice of any website or mobile application you visit or use.
We rely on role-based access and only grant access to our employees, contractors, and agents who are involved with delivering the program services to you, in line with our policies and methods. Our employees may be required to access your Personal Information to provide you with the best quality services. Our employees respect the confidentiality of your Personal Information and only authorized personnel will access your Personal Information as it is necessary to provide you with the right services or support.
You can become “Friends” with other members of the program offered by your Program Sponsor. You can send “Friend” requests to other members taking part in your program, and they will be able to send you “Friend” requests. You can choose to accept or decline these “Friend” requests. You can also choose to remove a “Friend” anytime after adding him or her. If you become “Friends” with another member, that person will have access to -
(a) Certain portions of your profile;
(b) Number of steps you have taken in challenges you choose to participate in;
(c) Other activity data related to your participation in the program.
By joining a Wellness360 program, your name, profile picture (if you add one), and challenge performance information will be visible to other members in the program. Some performance information such as a leader board may be shared with your Program Sponsor on an individual or team basis.
Also, the program may make message boards and messaging forums available to you. Please be aware that any information disclosed in these settings may become public information. You should exercise caution if disclosing Personal Information while using these features. You can change the settings on your web platform or mobile app.
The type of information we share with your Program Sponsor depends on who your Program Sponsor is. In general, across all types of Program Sponsors, we share anonymous and aggregated data with your Program Sponsor. Your Program Sponsor will not be able to use such anonymous or aggregated data to directly identify you. Your Program Sponsor may use the anonymous information at its discretion, including to evaluate the overall program, as well as to provide additional benefits, programs, and services.
In specific circumstances and for limited purposes, such as to ensure proper Program administration or to support tax compliance, We may share reports containing identifiable information with your Program Sponsor. In these circumstances, we limit the only provide the necessary Personal Information to support the specific purpose.
If your activity information indicates there may be an abnormality or program abuse, we may share your activity information with your Program Sponsor to make adjustments, suspend, or terminate your account, following your Program Sponsor’s instructions.
Medical care providers
If your Program Sponsor is also your medical care provider, we may share your Personal Information, including detailed health and wellness-related information, to facilitate treatment activities.
Health Insurance Providers
If your Program Sponsor is your Health Plan, we may share additional information about you and your participation in the program, to ensure you are provided access to any additional services or engagement opportunities and benefits that may be offered through your Health Plan.
Some Program Sponsors hire their own wellness coaches who use our systems to deliver their coaching services. These coaches are employees of the Program Sponsor and are subject to their own privacy notice. We may share necessary Personal Information with these coaches for them to provide wellness coaching services directly to you. You can ask your coach, the program administrators, or program sponsors for more details about the coach.
We may share your Personal Information with third parties, when necessary, to provide you with our best services. If we need to share your Personal Information with third parties, the disclosed information will be limited to the minimum amount necessary to ensure the provision and quality of the services we offer you. We will never use, disclose, or share your Personal Information for marketing purposes, and we never sell, rent, or lease your Personal Information. Subject to any limitations imposed by applicable laws, we reserve the right to disclose anonymous data at our discretion.
If we (a) undergo reorganization or liquidation under bankruptcy, or (b) are sold to a third party, any Personal Information that we hold about you may be transferred to the reorganized entity or third party, following applicable laws. In any such event, the new entity will continue to use your Personal Information under and within the limits of this notice to ensure the continuation of service.
Benefits Distributors and Aggregators
Your Program Sponsor may have engaged our services through a distributor or aggregator service. With the consent of your Program Sponsor, we may share limited Personal Information with these services related to your program participation and to facilitate coordination of services across multiple health and wellness providers.
Third-Party Providers We may use or disclose your Personal Information to allow your participation in additional third-party provided wellness services or to support the administration of the program. These third parties may be our partners (“Program Partners”), your Program Sponsor, or other entities your Program Sponsor contracts with directly (“Third Party Providers”).
We may provide information in an anonymous and aggregated format or provide your Personal Information in a group format to third parties that process that Personal Information (“Analytics Processors”) to generate Anonymous Information and derive analytical information. The Analytics Processors do not have any independent right to use your Personal Information, except to provide the aggregation and analysis services.
We may be required to disclose your Personal Information if:
We may need to disclose limited amounts of your Personal Information depending on the circumstances. Our disclosures are limited to the least amount of information that is required to meet the permissible purpose. Your Personal Information may be disclosed for the following limited purposes:
All your data, including any collected Personal Information, is stored at Amazon Web Services data centers located in the United States of America (USA). Because your data is stored on USA soil, it may be subject to USA laws, including the “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001” (USA PATRIOT Act), as well as the jurisdiction of the USA government, tribunals, law enforcement, and regulatory agencies, which may require us to grant them access to your data.
Wellness360 is committed to protecting your data and your privacy. To ensure data security, we follow all the needed physical, electronic, and managerial procedures to secure your data and Personal Information. We also adhere to HIPAA guidelines to ensure the confidentiality of all your personal information. However, no company can fully eliminate security risks associated with the provision of online services.
Among the security features that we use to protect your Personal Information and other data, we require that you create and use a username and unique password to access the web-based platform and mobile application. We use multiple layers of security to protect your Personal Information and data, including firewalls, intrusion detection tools, and antivirus software.
When we receive Personal Information from a third party or share Personal Information with a third party, we produce appropriate written agreements based on the applicable jurisdiction. We follow GDPR, HIPAA, and other standard contractual clauses while sharing information with authorized third parties. Wellness360 processes the personal data it receives and subsequently transfers to a third party acting as an agent on its behalf while complying with all the needed regulations.
Various laws from around the world establish varying levels of data subject rights. At Wellness360, we strive to provide a similar level of data rights to all our members, regardless of where they live, but some of those rights are governed by local laws. In addition to the basic rights of confidentiality, those rights include -
You can use our online data management tool, available on your profile page, to submit data subject rights requests.
Yes, you can review and change your Personal Information by logging into the platform or mobile application. All our Members, regardless of residency, except in specific circumstances identified by local laws, have a legal right to access, correct, or update the information that we have collected about you. You can also request a copy of all your stored Personal Information and data. We will provide you with a copy of all the stored data in a standard format (such as Excel) through a secure channel. You can contact us to request a copy of all your Personal Information or to request a change in your Personal Information by writing to our support team at email@example.com. We will respond to your request at the earliest.
If we feel that the changes may violate any laws or cause the information to be inaccurate or incorrect, we may not be able to accommodate your request. Also, we may not be able to fulfill a request where it may risk your privacy, or where your request may affect another individual’s rights to privacy. If we cannot fulfill a request, we will provide all the reasons why we are unable to comply.
Yes, you can request that all your Personal Information and other data be transferred to a different wellness services provider. To complete the transfer, we will require additional information about the new vendor to ensure a secure transferring channel that protects your Personal Information and other data. However, there may be circumstances when we may not support a transfer. However, we will provide you with your Personal Information which you can disclose to anyone you choose. To request such a transfer you may contact us by writing to our support team at firstname.lastname@example.org. We will respond to your request at the earliest.
Yes, you can request that we delete your identifying information from our system. You may terminate your Program Membership at any time by submitting a deletion request to our support team, or your program administrator. Your membership will be terminated after we receive your request. We will permanently and irreversibly delete your personally identifying information that was collected from your participation in the program at the end of an additional grace period.
Following your deletion request, we may still receive some information about you on your Program Sponsor-provided Eligibility Files or in the claims-related information discussed earlier in this notice. To remove your information from these sources you will need to submit that request directly to your Program Sponsor.
Your Personal Information will also be permanently and irreversibly de-identified, following the above timelines, once the program ends and your account is canceled as per the terms of the Membership Agreement. You will not be able to claim any incentive rewards after we terminate your membership.
Beyond the information necessary for enrollment you are not required to share any additional information with us, however, choosing not to share information may limit your ability to earn rewards if they are made available to you by your Program Sponsor. You can choose to limit the data you share with us by not including or not using certain features. However, once you have shared information, we are unable to accommodate requests to restrict the processing of certain sets of data. If you wish for us to stop processing parts of your data, you can request that all data be deleted by canceling your account.
Yes, you can object to our processing of your data by contacting the support team at email@example.com, or your program administrator, by notifying that you wish for your account to be suspended while your concerns about the processing of your data are resolved. Once you feel comfortable resuming use of the program, you can contact us to unlock your account. If you realize during the time your account is suspended that you do not feel comfortable resuming use of the program, you can cancel your account. Your data will be deleted following our standard process, except that you will not be able to access your account while the cancellation process takes place unless you first request for the suspension to be lifted.
Wellness360 recognizes that you have a right to opt-out of any “sale” of your Personal Information. We do not, however, provide your Personal Information to anyone in exchange for consideration that would be considered a sale. Because we do not sell your information, we have not implemented an opt-out process.
We may update these policy terms from time to time to reflect changes in our information practice and services offered. If we make any material changes to this notice, you will be notified via an update notification, and you will be allowed to review and accept the new notice before being able to access the platform or continue using the program. The latest update date can be found at the top of the notice. If there are typographical mistakes, like grammar or spelling errors, in the notice we may correct them without notifying you.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our support team with a written complaint to firstname.lastname@example.org. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
We comply with all the applicable laws and regulations based within the US geographical location. Any discrepancy between your true residence and the information disclosed to us, and how that may affect the functionality of the platform, remains your responsibility.
Wellness360 is compliant with the European General Data Protection Regulation (GDPR) on or before the established enforcement date, May 25, 2018. Wellness360 is also compliant with the California Consumer Privacy Act (CCPA) on or before the established enforcement date of January 1, 2020. All transfers of personal data to a third country or an international organization will be subject to appropriate safeguards as described in Article 46 of the GDPR and such transfers and safeguards will be documented according to Article 30(2) of the GDPR.
The level of data protection established in the USA is generally lower than the one established in the European Union (EU) and other countries with data protection laws similar to the EU; therefore, we take measures to ensure that your Personal Information is stored safely with us, meeting regulatory privacy and security requirements imposed on US and EU businesses. Nothing in this notice limits or attempts to limit your rights under applicable laws, including your ability, depending on your residence location, to file a complaint with your local Data Protection Authority.
Furthermore, Wellness360 is compliant with the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the European Union and Switzerland to the United States. Wellness360 is committed to subjecting all personal data received from EU member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website at https://www.privacyshield.gov.
Wellness360 is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Wellness360 complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
Concerning personal data received or transferred according to the Privacy Shield Framework, Wellness360 is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Wellness360 may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, Wellness360 commits to resolve complaints about our collection or use of your personal data. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy can contact us at email@example.com
Wellness360 is committed to referring unresolved Privacy Shield complaints to JAMS Mediation, Arbitration, and ADR Services, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information or to file a complaint. The services of JAMS Mediation, Arbitration, and ADR Services are provided to you at no extra cost.
Wellness360 commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) as well as comply with the advice given by such authorities concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Wellness360's privacy practices, described in this Privacy Notice, comply with the required regulations and laws to ensure the protection of personal information.
Please note that any translation of this notice is intended solely to facilitate your access to this information. The English version is the only official version of this notice and any translation inaccuracies or discrepancies are not binding and have no legal effect for compliance or enforcement purposes.