- collecting, storing and using your Personal Information to provide you with the service accessed through this mobile application. We may use third parties to provide this service to you on our behalf and may share your Personal Information with them for this purpose, including our cloud host provider. These third parties will not use your Personal Information for their own purposes;
- disclosing your Personal Information to your health care professionals and providers;
- transferring your Personal Information to and hosting your Personal Information in data centers within the United States of America or the European Union;
- de-identifying your Personal Information (so it no longer identifies you) and providing it in aggregated or non-aggregated form to selected third parties, including our health care partners and/or any of their affiliates; and
- disclosing your Personal Information to the extent required by law.
Information Collection and Use
Below is a list of the Personal Information Wellframe collects and how we use it with your consent. You may be asked additional questions regarding items on this list to ensure we have your consent to collect and use your Personal Information for specific purposes.
- Registration — When you register for the Service, we collect your Personal Information as part of the registration process, including but not limited to your email address, name, address, location, sponsoring provider and program preferences.
- Self-Reported Health-Related Information — We collect the information that you enter during the course of using the Service, such as information regarding your health and/or medical condition and related behaviors.
- Provider-Reported Health-Related Information — We collect the information about you that is submitted with your permission by your healthcare provider during the course of using the Service, such as information regarding your health and/or medical condition, including information that is protected under the HIPAA privacy and security regulations.
- Communications With a Health Professional — We collect communications that take place through the Service between you and your healthcare provider, health manager or health coach.
- Social Information — We collect information that you provide to us through the Services, pertaining to the people with whom you consent to share your Personal Information (such as a family member, another patient or doctor), as well as communications within the Services between you and such individuals.
- Demographic Information — We may also collect demographic information, such as age, gender and geographic location, as part of your profile in the Service.
- Automatically Tracked Health-Related Information — We may use automated methods to track data from fitness wearables and other biometric monitoring devices for use in the app that you have allowed to communicate with the app.
- Product Improvement — Wellframe may utilize your demographic and health information, information about your device, and data derived through your utilization of our service to help improve the Wellframe product. We may also send this information to your healthcare provider or sponsor to help them improve their products or services.
- Surveys and User Research — From time to time, we may send you survey questions or contact you with questions related to your experience to provide us with feedback on our Service. We collect any responses that you provide. Participation in surveys or research tasks is elective and does not necessarily impact your access to the Service. We may provide this information to your healthcare provider or sponsor to help them improve their products or services.
- Marketing Communication — We occasionally may contact you via email about new product and features. You may remove your name from our mailing lists to stop receiving these emails.
- Mobile Devices — If you are accessing the Service through a program whereby you receive a sponsored Wellframe-enabled mobile device, we will collect and manage your data and other telephonic information as part of the device provision and maintenance.
In addition to the uses of Personal Information above, we may remove the identifiable parts of your information to create de-identified forms (“De-identified Information”). De-identified Information may be compiled with other data in aggregated forms. We use this aggregated or non-aggregated data in the following ways:
- Disclosure for Business Purposes — We may also license, sell or otherwise share De-identified Information with institutional clients, partners, investors and contractors for any purposes related to our business practices.
- Product Improvement — We may use De-identified Information for product improvement including the Service as well as third-parties to evaluate their products or services.
- Research — We may use De-identified Information for research whether scientific, marketing, or business in nature. This research may be made public through publication such as within a scientific journal.
Wellframe is committed to adhering to the Privacy Shield principles. Wellframe will not process your information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. To the extent necessary for those purposes, Wellframe will take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. Wellframe will adhere to the Privacy Shield principles for as long as it retains any information transmitted while a member of the Privacy Shield.
Independent Recourse Mechanism
In compliance with the Privacy Shield principles, Wellframe commits to resolve complaints about your privacy and our collection or use of your Personal Information. Wellframe will respond to the inquiry or complaint within forty-five (45) days. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Wellframe at: email@example.com.
Wellframe has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield principles to the JAMS EU-US Privacy Shield program, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or your complaint is not satisfactorily addressed by Wellframe, please visit the JAMS website at: https://www.jamsadr.com/eu-us-privacy-shield for more information or to file complaint. The services of JAMS are provided at no cost to you. Please note that if your complaint is not resolved through these channels, as a last resort and under limited circumstances, a binding arbitration option may be available before a Privacy Shield panel.
The Federal Trade Commission ("FTC") has jurisdiction over Wellframe’s compliance with the Privacy Shield. Wellframe is subject to the investigatory and enforcement powers of the FTC.
Information Sharing and Disclosure
Wellframe does not rent, sell, or share your Personal Information with other people or non-affiliated companies, except to provide products or services you have requested, when we have your authorization to share such information, or when we provide the information to companies or consultants working on our behalf under confidentiality agreements. These companies and consultants do not have any independent right to share your Personal Information.
If Wellframe ever transfers your Personal Information to a third-party, Wellframe is responsible for the processing of Personal Information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Wellframe will remain liable under the Privacy Shield principles if its agent processes your Personal Information in a manner inconsistent with the Privacy Shield principles, unless the third-party organization can prove that it is not responsible for the event giving rise to the damage.
We may also be required to disclose your Personal Information in response to a legal process, for example, in response to a court order or a subpoena to comply with its applicable legal and regulatory reporting requirements. We also may disclose your Personal Information in response to a law enforcement agency's request, or where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our End User License Agreement, or to verify or enforce compliance with the policies governing our products and services and with applicable laws, or as otherwise required or permitted by law or consistent with legal requirements. In addition, we may transfer your Personal Information to an entity or individual that acquires, buys, or merges with Wellframe, or our other business units.
Confidentiality and Security
We have taken reasonable and necessary steps to ensure that all Personal Information collected will remain secure. We have put in place appropriate physical, electronic, and administrative procedures in an effort to safeguard and help prevent unauthorized access, maintain data security, and correctly use the Personal Information that we collect.
Wellframe is not responsible for and will not be a party to any transactions between you and a third party provider of products, information or services. Wellframe does not monitor such interactions to ensure the confidentiality of your Personal Information, including credit card information. Any separate charges, data records or obligations you incur in your dealings with third parties linked to or in conjunction with Wellframe's Service are solely your responsibility.
Accessing, Changing, and Deleting Your Information
You may request access, changes, or deletions to your Personal Information and request information about our collection, use and disclosure of such information by contacting us at firstname.lastname@example.org. We use best efforts to keep our records as accurate and complete as possible. You can help us maintain the accuracy of your information by notifying us of any changes to your Personal Information as soon as possible. Your rights to access, change, or delete your Personal Information are not absolute. We may deny you such rights when required by law or if the request would likely reveal Personal Information about a third party.
- Termination — Wellframe reserves the right to decide, at its sole discretion, to no longer offer you the Service. If Wellframe decides to terminate your account, Wellframe will either return or permanently destroy any copies it maintains of your Personal Information in accordance with its obligations under applicable law.
- Children — Wellframe does not knowingly collect Personal Information from children under the age of 13, and our Service is not directed at users under the age of 13. If we find that Personal Information has inadvertently been collected for an individual under the age of 13, we will immediately delete it.
Questions and Suggestions
If you have questions or suggestions or wish to correct your Personal Information, please email Wellframe at email@example.com or write to us at:
ATTN: Privacy Officer
321 Summer St. Floor 7
Boston, MA 02210