WELLFRAME inc.

PRIVACY POLICY

This Privacy Policy is designed to inform users of the Wellframe Inc. ("Wellframe") websites, mobile application and services (collectively, the "Service") about how we gather and use personal information collected by us in connection with your use of the Service. You may have been invited to use, download or install the Service from a third party as part of a research or clinical care initiative, or you may have subscribed or downloaded and installed the Service for your personal use. This Privacy Policy covers how Wellframe treats your Personally Identifiable Information ("PII") and Protected Health Information ("PHI") (PII and PHI, collectively hereafter "Personal Information") that Wellframe collects, receives, maintains, stores or transmits, including information you transmit or submit to our Service. Your Personal Information includes information that individually identifies you or is information about you that can be traced back to you, your IP address, or your location. It may include, but is not limited to your name, address, employer, email address, phone number, and information about your health.

Wellframe complies with the EU-US Privacy Shield framework set forth by the US Department of Commerce, regarding the collection, use and retention of Personal Information from European Union member countries. Wellframe has certified that it adheres to the Privacy Shield principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access and recourse, enforcement and liability. If there is any conflict between the policies in Wellframe's Privacy Policy, and the Privacy Shield principles, the Privacy Shield principles shall govern. To learn more about the Privacy Shield program, and to review our certification page, please visit https://www.privacyshield.gov.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time by posting a new version online. You should check this page occasionally to review any changes. If we make any material changes affecting you as determined by Wellframe we will notify you by posting the revised Privacy Policy on our websites and, if you are an enrolled user of our platform, by providing notice through the Wellframe app. This helps you to always be aware of what information we collect, how we use it and under what circumstances, if any, it is disclosed. Your continued use of the Service, and/or continued provision of Personal Information to us will be subject to the terms of the then-current Privacy Policy.

Information Collection and Use

Wellframe collects Personal Information when you register with Wellframe or when you use Wellframe's Service. When registering with Wellframe, we will ask you to provide us with your name, address, e-mail address, phone number, sponsoring provider and monitored health data for which you are registering and other related information that Wellframe may ask of you from time to time, and you may submit additional information and comments through the Service. We may use your contact information to send you information about our Service or our other services we may provide to you, or information relating to your health, or to help prevent spam, fraud or abuse. It is always your choice whether or not to provide us with such information. If you choose not to provide the requested information you may not be able to use certain features or functions of our websites, mobile application or services. Whenever you visit our websites, Wellframe also receives and records information on our server logs from your browser, including your IP address, Wellframe's cookie information, and the pages you request, and relates it to the Personal Information you provide.

Wellframe collects and uses Personal Information you provide for the following purposes:

  1. Registration — When you register for the Service, we collect your Personal Information as part of the registration process, including but not limited to your name, address, location, sponsoring provider and program preferences.
  2. Self-Reported Health-Related Information — We collect the information that you enter during the course of using the Service, such as information regarding your health and/or medical condition and related behaviors.
  3. Provider-Reported Health-Related Information — We collect the information about you that is submitted with your permission by your health care provider during the course of using the Service, such as information regarding your health and/or medical condition, including information that is protected under the HIPAA privacy and security regulations.
  4. Social Information — We collect information that you provide to us pertaining to the people with whom you consent to share your Personal Information (such as a family member, another patient or doctor), as well as communications between you and such individuals.
  5. Communications With a Health Professional — We collect communications that take place through the Service between you and your healthcare provider, health manager or health coach.
  6. Public Forums — We collect information that you publicly post through the Service on message boards or other public forums.
  7. Email — If you communicate with us via email, then we will collect your email address.
  8. Automatically Tracked Health-Related Information — We may use automated tracking methods such as cookies, GPS data and connected accelerometers, to collect information regarding your behaviors relative to the Service.
  9. Demographic Information — We may also collect demographic information, such as age, gender and geographic location, as part of your profile in the Service.
  10. Surveys and User Research — From time to time, we may send you survey question or contact you with questions related to your experience to provide us with feedback on our Service. We collect any responses that you provide. Participation in surveys or research tasks is elective and does not necessarily impact your access to the Service.
  11. Mobile Devices — If you are accessing the Service through a program whereby you receive a sponsored Wellframe-enabled mobile device, we will collect and manage your data and other telephonic information as part of the device provision and maintenance.

Wellframe is committed to adhering to the Privacy Shield principles. Wellframe will not process your information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. To the extent necessary for those purposes, Wellframe will take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. Wellframe will adhere to the Privacy Shield principles for as long as it retains any information transmitted while a member of the Privacy Shield.

You may affirmatively opt-out of receiving future messages and announcements and remove your name from our mailing lists. The opt-out provisions do not apply to information collected by cookies or used internally to recognize you and/or facilitate your visits to our websites, or information we may retain to comply with legal requirements.

You may dis-enroll from the Service at any time by emailing us at help@wellframe.com.

"Cookies" are small text files that we place in visitors' computer browsers to store their preferences. Cookies themselves do not contain any Personal Information. We use Google Analytics, Google AdWords Conversion tracker, and other Google services that place cookies on a browser across our websites. We may use AdWords remarketing to market our websites across the web. We place a cookie on a browser, and then a 3rd party (Google) reads these cookies and may serve an ad on a 3rd party site. We abide by Google's remarketing principles and prohibitions for personalized advertising. You may opt out of this ad serving on Google's opt out page. If you are concerned about 3rd party cookies served by networks, you should also visit the Network Advertising Initiative opt-out page.

"Web beacons" are small pieces of code placed on a web page to monitor the behavior and collect data about the visitors viewing a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page. We may use web beacons on our websites from time to time for this purpose.

Information Sharing and Disclosure

Wellframe does not rent, sell, or share your Personal Information with other people or nonaffiliated companies, except to provide products or services you have requested, when we have your authorization to share such information, or when we provide the information to companies or consultants working on behalf of or with us under confidentiality agreements. These companies and consultants do not have any independent right to share your Personal Information.

If Wellframe ever transfers your Personal Information to a third-party, Wellframe is responsible for the processing of Personal Information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Wellframe will remain liable under the Privacy Shield principles if its agent processes your Personal Information in a manner inconsistent with the Privacy Shield principles, unless the third-party organization can prove that it is not responsible for the event giving rise to the damage.

We may also be required to disclose your Personal Information in response to a legal process, for example, in response to a court order or a subpoena to comply with its applicable legal and regulatory reporting requirements. We also may disclose your Personal Information in response to a law enforcement agency's request, or where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our End User License Agreement, or to verify or enforce compliance with the policies governing our products and services and with applicable laws, or as otherwise required or permitted by law or consistent with legal requirements. In addition, we may transfer your Personal Information to an entity or individual that acquires, buys, or merges with Wellframe, or our other business units.

Confidentiality and Security

We have taken reasonable and necessary steps to ensure that all Personal Information collected will remain secure and in its original form, i.e., free from any alteration. We have put in place appropriate physical, electronic, and administrative procedures in an effort to safeguard and help prevent unauthorized access, maintain data security, and correctly use the Personal Information that we collect.

Wellframe is not responsible for and will not be a party to any transactions between you and a third party provider of products, information or services. Wellframe does not monitor such interactions to ensure the confidentiality of your Personal Information, including credit card information. Any separate charges, data records or obligations you incur in your dealings with third parties linked to or in conjunction with Wellframe's Service are solely your responsibility.

Accessing, Changing, and Deleting Your Information

You may request access, changes, or deletions to your Personal Information and request information about our collection, use and disclosure of such information by contacting us at help@wellframe.com. We use best efforts to keep our records as accurate and complete as possible. You can help us maintain the accuracy of your information by notifying us of any changes to your Personal Information as soon as possible. Your rights to access, change, or delete your Personal Information are not absolute. We may deny you such rights when required by law or if the request would likely reveal Personal Information about a third party.

Disclosure for Marketing and Business Purposes

We may also license, sell or otherwise share de-identified versions of your Personal Information and other data in aggregated or non-aggregated forms ("De-identified Information") with institutional clients, partners, investors and contractors for any purposes related to our business practices. Permitted uses of your De-identified Information may include but are not limited to, product development, marketing, or research made available to the public.

General Information

  1. Links — The Wellframe Service may contain links or deep links to other websites, open search results, public feeds, or curated channels. Wellframe generally reviews the content of health news articles or publications linked through third party websites, but is not responsible for such content, the privacy practices, or any advertisements on third party websites. Users should be aware of this when they leave our Service and are encouraged to review the privacy statements of each third party website. Moreover, Wellframe is not responsible for any disclosures to third parties to whom you may disclose your Personal Information directly, including family members and/or friends. This Privacy Policy applies solely to information collected by Wellframe in relation to the Service.
  2. Termination — Wellframe reserves the right to decide, at its sole discretion, to no longer offer you the Service. If Wellframe decides to terminate your account, Wellframe will either return or permanently destroy any copies it maintains of your Personal Information in accordance with its obligations under applicable law.
  3. Children — Wellframe does not knowingly collect Personal Information from children under the age of 13, and our Service is not directed at users under the age of 13. If we find that Personal Information has inadvertently been collected for an individual under the age of 13, we will immediately delete it.

Independent Recourse Mechanism

In compliance with the Privacy Shield principles, Wellframe commits to resolve complaints about your privacy and our collection or use of your Personal Information. Wellframe will respond to the inquiry or complaint within forty-five (45) days. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Wellframe at: help@wellframe.com.

Wellframe has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield principles to the JAMS EU-US Privacy Shield program, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or your complaint is not satisfactorily addressed by Wellframe, please visit the JAMS website at: https://www.jamsadr.com/eu-us-privacy-shield for more information or to file complaint. The services of JAMS are provided at no cost to you. Please note that if your complaint is not resolved through these channels, as a last resort and under limited circumstances, a binding arbitration option may be available before a Privacy Shield panel.

The Federal Trade Commission ("FTC") has jurisdiction over Wellframe’s compliance with the Privacy Shield. Wellframe is subject to the investigatory and enforcement powers of the FTC.

Questions and Suggestions

If you have questions or suggestions, or wish to correct your Personal Information, please email Wellframe at help@wellframe.com or write to us at Wellframe Inc., 330 Congress St. Floor 4, Boston, MA 02210.

This Privacy Policy was last updated on July 27, 2017.

Copyright © 2012- Wellframe Inc.  All rights reserved.  Legal Notices