Please carefully read through this Policy. To join the Program and enjoy the Wellable services and Program benefits, you are required to accept all the terms in this Policy. If you choose to accept these terms and enroll in the Wellable Program, you will become a Member of the Program. We may update the terms of this Policy from time to time to reflect changes in our information practices. If we make any material changes to these terms, you will be notified via an update notice, and you will be given the opportunity to review and accept these terms prior to being able to access the platform or continue to use the Program. You may withdraw your consent to this Policy or its updated terms at any time by contacting and notifying us that you wish to terminate your membership.
Depending on the context of personal data you provide, we may act as the data controller or joint controller ("controller") or data processor ("processor") of your personal data under this policy. Wellable is a processor when an organization (the “Customer”) contracts with Wellable for the provision of services to its employees, members, or end users, in which case Customer is the controller of personal data and Wellable is the processor of such data. Customer’s service agreement with Wellable constitutes Customer’s complete and final documented instructions to Wellable for the processing of personal data.
This policy applies where we are acting as a controller with respect to the personal data and we determine the purposes and means of the processing of that personal data.
Please note that any translation of this Policy is intended solely to facilitate your access to this information. The English version is the only official version of this Policy and any translation inaccuracies or discrepancies are not binding and have no legal effect for compliance or enforcement purposes.
The controller in line with the General Data Protection Regulation and other national data protection laws of the member states, as well as other legal data protection provisions, is:
47 Winter Street, 5th Floor
Boston, MA 02108
The data protection officer of the controller is:
The level of data protection established in the United States of America (U.S.) is lower than the one established in the European Union (EU). To the extent that your personal data is subject to the GDPR, we take measures to ensure that your personal data is stored safely with us, and strive to meet regulatory privacy and security requirements imposed on European Union businesses.
Wellable will be compliant with the European General Data Protection Regulation (GDPR) on or before the established enforcement date, May 25, 2018. Wellable will be compliant with the California Consumer Privacy Act (CCPA) on or before the established enforcement date of January 1, 2020.
All transfers of your personal data out of the European Union, European Economic Area, and Switzerland are governed by the Standard Contractual Clauses, unless you have opted out of those clauses.
Wellable will abide by the requirements of European Economic Area and Swiss data protection law regarding the collection, use, transfer, retention, and other processing of personal data from the European Economic Area and Switzerland. All transfers of personal data to a third country or an international organization will be subject to appropriate safeguards as described in Article 46 of the GDPR and such transfers and safeguards will be documented according to Article 30(2) of the GDPR.
If you consider that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
In addition, Wellable is compliant with the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the European Union and Switzerland to the United States. Wellable is committed to subjecting all personal data received from EU member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website at https://www.privacyshield.gov.
Wellable is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Wellable complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Wellable is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Wellable may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, Wellable commits to resolve complaints about our collection or use of your personal data. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Wellable at firstname.lastname@example.org.
Wellable has further committed to refer unresolved Privacy Shield complaints to JAMS Mediation, Arbitration and ADR Services, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information or to file a complaint. The services of JAMS Mediation, Arbitration and ADR Services are provided at no cost to you.
Wellable commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) as well as comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Frequently Asked Questions
Depending on your Program design, your Program Sponsor may be able to create and submit customized surveys for its Members to complete. Wellable may not contribute to the creation of the questions in these surveys and may not review the questions in these surveys. If you decide to take part in a survey, the results will be shared with your Program Sponsor in aggregated reports. Your Program Sponsor will not be able to identify you from these reports. However, if the survey offered gives you the ability to respond to a question by writing in a response, the response will be shared with the Program Sponsor. If you include identifiable personal data in these open-ended responses, your Program Sponsor may be able to identify you.
Depending on your Program design, you may have access to a Personal Wellness Assessment (PWA). Through a number of questions, the PWA assesses your well-being across a number of dimensions wellness. You do not have to complete the PWA if you do not want to share this information with us. All responses will be shared with your Program Sponsor in aggregated, de-identified reports.
All your data, including any personal data we collect about you, is stored at Amazon Web Services data centers located in the United States of America (USA). Because your data is stored on USA soil, it may be subject to USA laws, including the “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001” (USA PATRIOT Act), as well as the jurisdiction of the USA government, tribunals, law enforcement, and regulatory agencies, which may require Wellable to grant them access to your data.
Wellable is committed to protecting your data and your privacy. To ensure data security, we follow reasonable physical, electronic, and managerial procedures designed to safeguard and secure your data and personal data. However, no company can fully eliminate security risks associated with the provision of online services.
Among the security features we use to protect your personal data and other data, We require that you create and use a username and unique password to access the web-based platform and mobile application. We use multiple layers of security to protect your personal data and data, including firewalls, intrusion detection tools, and antivirus. We retain your username as part of your personal data, to allow us to recognize you when you login, but we do not share your username with anyone.
To the extent that you participate in any wellness challenges as part of the Wellable Program, please be aware that your name and performance information will be available to other Members participating in the challenge and to your Program Sponsor. Additionally, the Wellable Program may make message boards and messaging forums available to you. Please be aware that any information disclosed in these settings may become public information. You should exercise caution if disclosing personal data while using these features.
We may, from time to time, share your personal data with third parties to allow us to provide you with our services. If we need to share your personal data with third parties, we will limit the information disclosed to the minimum amount necessary to ensure the provision and quality of the services we offer you. We do not make your personal data available to any third parties without your permission. We never use, disclose, or share your personal data for marketing purposes, and we never sell or rent your personal data.
Agents and contractors
In some instances, we may disclose your personal data with agents or contractors that work on our behalf and assist us in providing and supporting the services we offer.
Third Party Providers
We may use or disclose your personal data to allow your participation in additional third-party provided wellness services. These additional wellness services may be offered to you by us (“Program Partners”), your Program Sponsor, or other entities your Program Sponsor contracts with directly (“Third Party Providers”). We will only use or share your personal data for the following general purposes:
Wellable may be required to disclose your personal data if:
Wellable and its Program Partners and vendors use tools such as cookies, tags, scripts, and other similar technologies to enhance and support your experience on the platform. These technologies help us administer the web-based platform and mobile application, measure traffic patterns and the total number of users, as well as to personalize and customize the platform’s content, so that your settings are “remembered” when you login.
We use mobile analytics software to allow us to review the functionality of our mobile software on your phone and how to improve its quality and our services. The mobile analytics software may record information such as how often you use the mobile application, the events that occur within the mobile application, crash report and performance data, where the application was downloaded from, and aggregated usage, and other metrics. The information collected by the mobile analytics software is managed separately from other personal data you submit within the mobile application.
Automated decision-making occurs when a decision is made solely by automated means without any human involvement.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making unless we have a lawful basis for doing so and we have notified you.
Yes, all our Members, regardless of residency, except in specific circumstances identified by local laws, have a legal right to access the information Wellable has collected about you. You can request a copy of all the personal data and data we hold about you. We will provide you with a copy of all the data we have collected about you in a standard format (such as Excel) through a secure channel. You can contact us at email@example.com to request a copy of all your data. We will respond to your request within a reasonable timeframe.
For California Users: In accordance with the California Civil Code Section 1798.83, you may contact us at the address above to request certain information about the disclosure of personal data (as defined in Section 1798.83) to third parties for their direct marketing purposes.
Yes, if your personal data changes over time or you realize your personal data is outdated or incorrect, you have a right to be able to update it or correct it. You may update or correct the information by modifying it directly within the web-based platform or mobile application. If you are unable to directly update or correct the information within your account, you can contact us at firstname.lastname@example.org to request that we update or correct the information for you. We will respond to your request within a reasonable timeframe.
At any time during the course of your membership with Wellable, you may request that all your personal data and other data be transferred to a different wellness services provider. To complete the transfer, we will require additional information about the new vendor to ensure a secure channel is used, so that your personal data and other data remain protected. To request such transfer you may contact us at email@example.com. We will respond to your request within a reasonable timeframe.
Yes, you can request that the data collected about you be deleted from our system. You may terminate your Program membership at any time by submitting a deletion request to firstname.lastname@example.org. Once your membership is terminated, you will (i) no longer be able to participate in the Program; (ii) no longer be entitled to receive any benefits or to earn any Wellable Points; (iii) not be able to redeem any unused Wellable Points, and (iv) no longer have access to the Program. Your personal data will be permanently and irreversibly de-identified.
Due to the type of services we offer, we are unable to accommodate requests to restrict the processing of certain sets of data. You, however, will be able to limit the personal data added to your profile based on the consent you provide when connecting an activity tracking device to your account or when you opt to track or add an activity directly in Wellable. If you wish for us to stop processing parts of your data, you can request that all data be deleted through the process explained above. You can also limit the personal data provided to us as you participate in the program.
*This Policy was last updated in August 2020.