PRIVACY POLICY

Wellable, LLC (“Wellable” or “we”, “us”, “our”) is committed to protecting your rights and your privacy. This Privacy Policy (the “Policy”) explains what data we collect about you and how we store, analyze, and share the data we collect about you through the platform (https://app.wellable.co/) and the Wellable mobile application. The Policy also explains your rights with regards to your data, and how to contact us to request access, corrections, transfer, restriction, or deletion of the data we have collected about you. Nothing in this Policy limits your rights under applicable laws, including your ability, depending on your country of residence, to file a complaint with your local Data Protection Authority.

Please carefully read through this Policy. To join the Program and enjoy the Wellable services and Program benefits, you are required to accept all the terms in this Policy. If you choose to accept these terms and enroll in the Wellable Program, you will become a Member of the Program. We may update the terms of this Policy from time to time to reflect changes in our information practices. If we make any material changes to these terms, you will be notified via an update notice, and you will be given the opportunity to review and accept these terms prior to being able to access the platform or continue to use the Program. You may withdraw your consent to this Policy or its updated terms at any time by contacting and notifying us that you wish to terminate your membership.

Depending on the context of personal data you provide, we may act as the data controller or joint controller ("controller") or data processor ("processor") of your personal data under this policy. Wellable is a processor when an organization (the “Customer”) contracts with Wellable for the provision of services to its employees, members, or end users, in which case Customer is the controller of personal data and Wellable is the processor of such data. Customer’s service agreement with Wellable constitutes Customer’s complete and final documented instructions to Wellable for the processing of personal data.

This policy applies where we are acting as a controller with respect to the personal data and we determine the purposes and means of the processing of that personal data.

Please note that any translation of this Policy is intended solely to facilitate your access to this information. The English version is the only official version of this Policy and any translation inaccuracies or discrepancies are not binding and have no legal effect for compliance or enforcement purposes.

The controller in line with the General Data Protection Regulation and other national data protection laws of the member states, as well as other legal data protection provisions, is:

Wellable, LLC

47 Winter Street, 5th Floor

Boston, MA 02108

The data protection officer of the controller is:

Matyas Chlebovsky

matyas@wellable.co

 

What laws and regulations does Wellable comply with?

The level of data protection established in the United States of America (U.S.) is lower than the one established in the European Union (EU). To the extent that your personal data is subject to the GDPR, we take measures to ensure that your personal data is stored safely with us, and strive to meet regulatory privacy and security requirements imposed on European Union businesses.

Wellable will be compliant with the European General Data Protection Regulation (GDPR) on or before the established enforcement date, May 25, 2018. Wellable will be compliant with the California Consumer Privacy Act (CCPA) on or before the established enforcement date of January 1, 2020.

All transfers of your personal data out of the European Union, European Economic Area, and Switzerland are governed by the Standard Contractual Clauses, unless you have opted out of those clauses.

Wellable will abide by the requirements of European Economic Area and Swiss data protection law regarding the collection, use, transfer, retention, and other processing of personal data from the European Economic Area and Switzerland. All transfers of personal data to a third country or an international organization will be subject to appropriate safeguards as described in Article 46 of the GDPR and such transfers and safeguards will be documented according to Article 30(2) of the GDPR.

If you consider that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

In addition, Wellable is compliant with the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the European Union and Switzerland to the United States. Wellable is committed to subjecting all personal data received from EU member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website at https://www.privacyshield.gov.

 

Wellable is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Wellable complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Wellable is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Wellable may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the Privacy Shield Principles, Wellable commits to resolve complaints about our collection or use of your personal data.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Wellable at support@wellable.co.

Wellable has further committed to refer unresolved Privacy Shield complaints to JAMS Mediation, Arbitration and ADR Services, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information or to file a complaint.  The services of JAMS Mediation, Arbitration and ADR Services are provided at no cost to you.

Wellable commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) as well as comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.

Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

If you are a California consumer, the California Consumer Privacy Act Notice supplements this Privacy Policy and informs you of the categories of personal information that we collect from you and disclose to third parties, and the purposes for which such personal information will be used.

 

Frequently Asked Questions

There are two general categories of personal data we collect.
 
Data You Give to Us.
 
(a)       We collect your account data, which may include name, email address, location, gender and year of birth (“Account Data”). The Account Data may be processed for the purposes of providing to you our Services and of ensuring their security, maintaining back-ups of our databases and communicating with you. This information is necessary for the adequate performance of the contract between you and us and to allow us to comply with our legal obligations. Without it, we may not be able to provide you with all the requested Services.
 
(b)       We process information that you post for publication through our Services, such as comments and contributions you may make on the web-based platform or mobile application (“Publication Data”). The Publication Data is processed for the purposes of enabling such publication and administering our Services. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. Without it, we may not be able to provide you with all the requested Services.
 
(c)       We may process information contained in or relating to any communication that you send to us (“Correspondence Data”). The Correspondence Data may include the communication content and metadata associated with the communication. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
 
Data We Automatically Collect from Your Use of the Services.
 
When you use the Services, we will automatically process information about your health, fitness, and related wellness activities offered within the Program, information about your participation and performance in challenges and the rewards that you may be able to earn through the Program. We may automatically process information about your computer and internet connection (including your IP address, operating system and browser type), your mobile carrier, device information (including device and application IDs), search terms, cookie information, as well as information about the timing, frequency and pattern of your service use (collectively, “Service Data”). The Service Data is processed for the purpose of providing our Services, to enhance the security controls around platform access and resolve bugs and errors that may exist on the Platform. The legal basis for this processing is the adequate performance of the contract between you and us.
Account Data, Publication Data and Correspondence Data are submitted by you. Service Data is collected automatically through your use of the Services.
 
Depending on the Program design chosen by your Program Sponsor, we may collect personal data through your use of additional services, such as one of the many technologies integrated with Wellable. These integrated solutions will have their own and separate consent process required prior to you using them with Wellable.  Wellable may also collect information about you and your participation in the Program through engagement surveys.

As a Program Member you will be able to connect activity trackers to your account. Activity tracking devices can track a wide number of different aspects of your daily activities, including, among others, your daily steps and fitness activity as well as your nutrition. Depending on the brand and model of activity tracker you use, the data collected may vary. In general, companies selling activity tracking devices have specific privacy policies available, which outline what data the specific activity tracking device collects. We strongly suggest you review the right privacy policy to know what specific data points your activity tracking device collects about you.

Depending on your Program design, your Program Sponsor may be able to create and submit customized surveys for its Members to complete. Wellable may not contribute to the creation of the questions in these surveys and may not review the questions in these surveys. If you decide to take part in a survey, the results will be shared with your Program Sponsor in aggregated reports. Your Program Sponsor will not be able to identify you from these reports. However, if the survey offered gives you the ability to respond to a question by writing in a response, the response will be shared with the Program Sponsor. If you include identifiable personal data in these open-ended responses, your Program Sponsor may be able to identify you.

Depending on your Program design, you may have access to a Personal Wellness Assessment (PWA). Through a number of questions, the PWA assesses your well-being across a number of dimensions wellness. You do not have to complete the PWA if you do not want to share this information with us.  All responses will be shared with your Program Sponsor in aggregated, de-identified reports.

We will use the personal data collected only to provide you with access to our services, including:
 
  • To administer and manage your Wellable account and membership;
  • To identify you when you sign-in;
  • To track your progress in the Program and the rewards you earn;
  • To provide you with information about the Program and Program features; and
  • To respond to your questions and requests.
Additionally, we may use your personal data to create “Anonymous Data” records by removing any information (including any contact information) that would allow the remaining data to be linked back to you. We may use the Anonymous Data for internal purposes, such as analyzing patterns and program usage to improve our services. Additionally, we may use Anonymous Data to analyze and understand demographic trends, customer behavior patterns and preferences, and information that can help us enrich the content and quality of the Wellable Program. We reserve the right, subject to applicable laws and regulations, to disclose Anonymous Data at our discretion.

All your data, including any personal data we collect about you, is stored at Amazon Web Services data centers located in the United States of America (USA). Because your data is stored on USA soil, it may be subject to USA laws, including the “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001” (USA PATRIOT Act), as well as the jurisdiction of the USA government, tribunals, law enforcement, and regulatory agencies, which may require Wellable to grant them access to your data.

Wellable is committed to protecting your data and your privacy. To ensure data security, we follow reasonable physical, electronic, and managerial procedures designed to safeguard and secure your data and personal data. However, no company can fully eliminate security risks associated with the provision of online services.

Among the security features we use to protect your personal data and other data, We require that you create and use a username and unique password to access the web-based platform and mobile application. We use multiple layers of security to protect your personal data and data, including firewalls, intrusion detection tools, and antivirus. We retain your username as part of your personal data, to allow us to recognize you when you login, but we do not share your username with anyone.

Wellable employees may be required to access your personal data to allow us to provide you with quality services, including Member support services. Our employees are obligated to respect the confidentiality of your personal data and are only authorized to access your personal data as necessary to provide you with services or support.
 
In the event that we (a) undergo reorganization or (b) that Wellable is sold to a third party, any personal data we hold about you may be transferred to the re-organized entity or third party, in accordance with applicable laws. In the event that such acquisition occurs, the new entity will continue to use your personal data within the limits of this Policy, to ensure continuation of service.

To the extent that you participate in any wellness challenges as part of the Wellable Program, please be aware that your name and performance information will be available to other Members participating in the challenge and to your Program Sponsor. Additionally, the Wellable Program may make message boards and messaging forums available to you. Please be aware that any information disclosed in these settings may become public information. You should exercise caution if disclosing personal data while using these features.

We may, from time to time, share your personal data with third parties to allow us to provide you with our services. If we need to share your personal data with third parties, we will limit the information disclosed to the minimum amount necessary to ensure the provision and quality of the services we offer you. We do not make your personal data available to any third parties without your permission. We never use, disclose, or share your personal data for marketing purposes, and we never sell or rent your personal data.

Agents and contractors

In some instances, we may disclose your personal data with agents or contractors that work on our behalf and assist us in providing and supporting the services we offer.

Third Party Providers

We may use or disclose your personal data to allow your participation in additional third-party provided wellness services. These additional wellness services may be offered to you by us (“Program Partners”), your Program Sponsor, or other entities your Program Sponsor contracts with directly (“Third Party Providers”). We will only use or share your personal data for the following general purposes:

  • To coordinate enrollment in such additional services;
  • To enhance your Program experience;
  • To provide you with information about the services available to you through the Program and platform or provided to you by a Program Partner or a Third Party Provider;
  • To ensure that you receive appropriate rewards for participation in our services and other similar services provided by your Program Sponsor or Third Party Providers;
  • To evaluate the overall quality and effectiveness of the program(s) you may participate in; and
  • To assess your eligibility for other programs that your Program Sponsor or Third Party Providers may offer.

Our Program Partners are industry leading wellness providers we select to enhance your experience. In certain instances, the use of such Program Partners may require you to provide additional personal data and data to these Program Partners. If you choose to use Program Partner services or you provide additional personal data and data to these Program Partners, you will be subject to the Program Partner’s privacy policy and terms of use.

Government entities

Wellable may be required to disclose your personal data if:

  • Legally required to do so by the USA government, tribunals, law enforcement, and regulatory agencies (for example as part of an ongoing investigation, subpoena, similar legal process, or proceeding);
  • As otherwise required under any applicable law, regulation, or rule; and
  • If we believe, in good faith, that such disclosure is necessary to protect or defend our rights or the rights of others, to assist in an investigation, or to prevent illegal activity.
We may provide information in an anonymous and aggregated format or provide your personal data in a group format to third parties that process that personal data (“Analytics Processors”) to generate Anonymous Information and derive analytical information to be shared with your Program Sponsor. The Analytics Processors do not have any independent right to use your personal data, except to provide the aggregation and analysis services. Your Program Sponsor will not be able to use such Anonymous Information or aggregated reports to directly identify you. Your Program Sponsor may use the Anonymous Information in its discretion, including to evaluate the overall program, as well as to provide additional benefits, programs, and services. Additionally, your Program Sponsor may have access to additional information about you, for the limited purposes above in the section “Does Wellable share my personal data with third parties?”.
 
We may share Anonymous Data with your Program Sponsor, in an aggregated or group format. Your Program Sponsor may request that we share Anonymous Data with Third Party Providers and partnering organizations for research and analysis purposes. You can request the names of such Third Party Providers and partnering organizations from us or your Program Sponsor at any time.
If your Program Sponsor is your Health Plan, Wellable may share additional information about you and your participation in the Program, to ensure you are given access to any additional services, rewards, and benefits that may be offered through your Health Plan.
Your Program Sponsor will also have access to individual reports and results in order to monitor challenges and deliver the Program.
If you have opted to receive push notifications on your mobile device, We may, from time to time, send you push notifications to provide you with reminders and notices. If you no longer wish to receive such communications, you may turn them off at the device level.
 
From time to time, We may send you e-mails or newsletters with information about your Program and the Wellable platform and services. Depending on your country of residence and/or Program, you may be given the opportunity to opt-in to receive these communications as you enroll in the platform. Regardless of your initial selection, you may opt-out of these communications, free of charge, at any time during your Membership, by contacting support@wellable.co.  Depending on your Program, you may also be able to subscribe to receive text messages.  You will be able to opt-out at any time.

Wellable and its Program Partners and vendors use tools such as cookies, tags, scripts, and other similar technologies to enhance and support your experience on the platform. These technologies help us administer the web-based platform and mobile application, measure traffic patterns and the total number of users, as well as to personalize and customize the platform’s content, so that your settings are “remembered” when you login.

Cookies are small pieces of text sent to your browser by a website you visit. Cookies help our web-based platform to remember information about your visit, like your preferred settings. Cookies play an important role, they can make your next visit easier and the web-based platform more useful to you. You can learn more about cookies by visiting www.allaboutcookies.org, where you will also find information about how to block cookies on different types of browsers. Depending on your location, additional information about cookies may be presented to you when you visit the web-based platform, and you are given the opportunity to object to the use of cookies. However, please be aware that by blocking or deleting cookies you may not be able to take full advantage of the web-based platform or mobile application.

Wellable’s web-based platform uses cookies to collect information about Member usage of the Program. Additionally, some cookies on our web-based platform are set by third parties who are delivering services on our behalf. Within the mobile application, webpages are sometimes displayed. Cookies allow you to avoid having to reenter your login credentials when accessing webpages.

We use Cookies:

  • To remember that you have used the website before, allowing us to identify you, as well as the number of unique visitors We receive and manage capacity;
  • To allow you to navigate the website more quickly and easily;
  • To remember your log-in session as you move from one page to the next within the platform;
  • To store your settings and preferences;
  • To customize some aspects of the platform to reflect your interests and preferences; and
  • To collect statistical information about how you use the website, allowing Us to improve our services over time.

 

We use mobile analytics software to allow us to review the functionality of our mobile software on your phone and how to improve its quality and our services. The mobile analytics software may record information such as how often you use the mobile application, the events that occur within the mobile application, crash report and performance data, where the application was downloaded from, and aggregated usage, and other metrics. The information collected by the mobile analytics software is managed separately from other personal data you submit within the mobile application.

Automated decision-making occurs when a decision is made solely by automated means without any human involvement.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making unless we have a lawful basis for doing so and we have notified you.

Our web-based platform and mobile applications may contain links to other websites that are not owned or controlled by Wellable. We provide these links and connections for your convenience. Wellable has no control over these third parties, their privacy policies, and the content they display on their websites or mobile applications. If you choose to submit personal data while visiting these websites or using these mobile applications, please be aware your rights will be governed by the third parties’ privacy policies and terms of use. We strongly encourage you to carefully read the privacy policy and terms of use of any website or mobile application you visit or use.

Yes, all our Members, regardless of residency, except in specific circumstances identified by local laws, have a legal right to access the information Wellable has collected about you. You can request a copy of all the personal data and data we hold about you. We will provide you with a copy of all the data we have collected about you in a standard format (such as Excel) through a secure channel. You can contact us at support@wellable.co to request a copy of all your data. We will respond to your request within a reasonable timeframe.

For California Users: In accordance with the California Civil Code Section 1798.83, you may contact us at the address above to request certain information about the disclosure of personal data (as defined in Section 1798.83) to third parties for their direct marketing purposes.

Yes, if your personal data changes over time or you realize your personal data is outdated or incorrect, you have a right to be able to update it or correct it. You may update or correct the information by modifying it directly within the web-based platform or mobile application. If you are unable to directly update or correct the information within your account, you can contact us at support@wellable.co to request that we update or correct the information for you. We will respond to your request within a reasonable timeframe.

At any time during the course of your membership with Wellable, you may request that all your personal data and other data be transferred to a different wellness services provider. To complete the transfer, we will require additional information about the new vendor to ensure a secure channel is used, so that your personal data and other data remain protected. To request such transfer you may contact us at support@wellable.co. We will respond to your request within a reasonable timeframe.

Yes, you can request that the data collected about you be deleted from our system. You may terminate your Program membership at any time by submitting a deletion request to support@wellable.co. Once your membership is terminated, you will (i) no longer be able to participate in the Program; (ii) no longer be entitled to receive any benefits or to earn any Wellable Points; (iii) not be able to redeem any unused Wellable Points, and (iv) no longer have access to the Program. Your personal data will be permanently and irreversibly de-identified.

Due to the type of services we offer, we are unable to accommodate requests to restrict the processing of certain sets of data. You, however, will be able to limit the personal data added to your profile based on the consent you provide when connecting an activity tracking device to your account or when you opt to track or add an activity directly in Wellable. If you wish for us to stop processing parts of your data, you can request that all data be deleted through the process explained above.  You can also limit the personal data provided to us as you participate in the program.

If you have any questions, comments or concerns, about this Policy or your rights and obligations under this Policy, you may contact Us via email at support@wellable.co.
 
Alternatively, you can contact us by writing to:
 
Wellable, LLC
Attn: Data Privacy Officer
47 Winter Street, 5th Floor
Boston, MA 02108

 

*This Policy was last updated in August 2020.