If you are visiting us from the European Union or European Economic Area, please see the section entitled “Additional Information for European Union Users” for information on how we comply with privacy laws applicable to you.
- What information we collect
- How we use Information
- How we share Information
- How to manage your Information
- How we protect Information
- How to learn about health and financial privacy practices
- Specific Product Privacy Practices
- Additional rights for California residents
- Additional rights for European Union Users
- How to contact us
What Information We Collect
When you register for Online Services, we may collect the following information from you:
- First and last name
- E-mail address
- Health plan provider name, Member ID and Group ID (optional)
- Date of birth
- Other demographic info (optional)
- Thought records
- Assessments and questionnaires
- App usage data
- Messages and session recordings with your coach (if connected)
- Messages, appointments and session recordings with your clinician (if connected)
- Device and System data such as type of phone, operating system and network
When you use Online Services, you may provide certain information directly to us, including when you allow us to obtain information about you from other sources.
We may also obtain automatically-collected information through the Online Services. We may use common technologies such as cookies, tokens, tags, beacons, scripts and Web server logs, as well as functionality that can collect data from a mobile device. The automatically-collected information may include demographic, de-identified, aggregated, or certain information collected automatically through your device such as technical information about your device, web browser information, and server log files collected by us or provided by you. Our mobile applications may also collect information specific to use of your mobile device, such as a unique device identifier and precise geolocation information.
Certain features of the Online Services may actively record information about you as you use the Online Services. This tracking is accomplished through integration with Apple’s HealthKit API and the Apple Health App. We use this information solely for the purpose of providing you with health-related feedback and self-care suggestions.
You may limit the Information you provide or make available to us if you want to; however, that may limit your ability to access or use certain functions of the Online Services or to request certain services or information.
Our Online Services operate on computer servers in the United States; therefore, any Information you provide will be processed by a computer server located within the United States.
How We Use Information
We may use the Information for a number of purposes such as:
- To respond to an e-mail or particular request from you.
- To communicate with you.
- To provide you with content through our Online Services or other services that we may offer.
- To process an application for a product or service as requested by you.
- To authenticate you on any portion of our Online Services and with vendors acting on our behalf.
- To administer surveys and promotions.
- To personalize your experience on our Online Services.
- To provide you with informational or promotional offers, as permitted by law, that we believe may be useful to you, such as information about products or services provided by us or other businesses.
- To perform analytics and to improve our products, Online Services, and advertising.
- To comply with applicable laws, regulations, and legal process.
- To protect someone’s health, safety, or welfare.
- To keep a record of our transactions and communications.
- As otherwise necessary or useful for us to conduct our business, so long as such use is permitted by law or for any other purpose with your consent.
We may use Information to contact you through any contact information you provide through our Online Services or any other services we offer, including any e-mail address, telephone number, or cell phone number.
We may, when permitted, combine your Information with other information, whether online or offline, maintained or available to us from you or from other sources, such as from our vendors, and we may use and disclose combined data for the purpose described in this Section or for internal business purposes. We may, when permitted, use and disclose de-identified and aggregated data for any purpose, which may include, without limitation, disclosures to third parties for analytics purposes such as evaluating the Online Services and providing additional benefits, programs, and services.
How We Share Information
We will not sell your Information.
We will only share your Information with third parties as outlined in this Policy and as otherwise permitted by law or as permitted with your consent. We may share Information if all or part of the Company is sold, merged, dissolved, acquired, or disbanded to any extent in a similar transaction, or in connection with steps that may need to be taken in anticipation of such events.
We may share Information in response to a court order, subpoena, search warrant, or to comply with law or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting activities that are illegal, violate our rules, or may be harmful to other visitors.
We may also share Information within the Company, including among affiliates, or with our parent company, or subsidiaries.
We may also share Information with other third party companies that we have a business relationship with or hire to perform services on our behalf, including assisting with the purposes described under the “How We Use Information” section. For example, we may hire a company to help us send and manage e-mail, and we might provide that company with your e-mail address and certain other information in order for them to send you an e-mail message on our behalf. Similarly, we may hire companies to host or operate some of our Online Services and related computers and software applications. These service providers are not allowed to use or disclose your Information other than as specified in our contract and as permitted by law.
Posting Messages, Comments, and Content
Our Online Services may have collaboration areas, including but not limited to “blogs,” “bulletin boards,” “leader boards,” and “health games,” that permit users to have collaborative discussions and/or share information. Some of our Online Services may permit you to select a display name or image that will be “nickname” on the Online Service. Please note, any information you submit or post to these collaboration areas, including your display name or image, may be visible by other users of the Online Service, and such users may share with others. Therefore, please be thoughtful in what you write and understand that this information may become public.
How to Manage Your Information
Our Online Services may permit you to view your profile, if applicable, and access related Information about you and to request changes to, or deletion of, such Information. If this function is available, you may have access to a page on the Online Services through which you may review your profile, if applicable, and related Information about you, and you may have options to modify or delete or such Information. Please remember, however, if we have already disclosed some of this Information to third parties, we may not have access to that disclosed information and may not be able to force the deletion or modification of any information by the third parties to whom we have made those disclosures.
If you need additional assistance in opting-out of a communication, please contact us at firstname.lastname@example.org. Please be aware that opt-outs may not apply to certain types of communications, such as account status, Online Service updates, or other communications.
Cookies and Tracking
The Company may use various technologies, including cookies, tokens, tags, web logs, web beacons, scripts, and web server logs to automatically-collected information and may aggregate this information from our Online Services visitors or to enable certain features of our Online Services. This information may include demographic data, technical information about the technology (e.g. phone, computer) used to connect to the Online Services, web browser information, your IP address, operating system (“OS”), camera use, use of screen, patterns of application usage, and browsing behavior such as pages visited and how often they are visited (“Activity Information”). We may also use third party analytics companies to provide these services.
Activity Information is captured using various technologies and may include cookies. “Cookies” are small text files that may be placed on your computer when you visit an Online Service or click on a URL. Cookies may include “single-session cookies” which generally record information during only a single visit to a website and then are erased, and “persistent” cookies which are generally stored on a computer unless or until they are deleted or are set to expire. You may disable cookies and similar items by adjusting your browser preferences at any time; however, this may limit your ability to take advantage of all the features on our Online Services. In addition, you may also have additional means to manage the collection of Activity Information by:
- Managing the use of “flash” technologies, with the Flash management tools available at Adobe’s website;
- Clicking on the “Opt-Out” link at the bottom of the applicable home web page; and/or
- Visiting Google to “Opt-Out” of display advertising or customize Google display network ads.
Please note that we do not currently respond to web browser “Do Not Track” signals that provide a method to opt-out of the collection of information about online activities over time and across third party websites or online services because, among other reasons, there is no common definition of such signals and no industry-accepted standards for how such signals should be interpreted.
We gather Activity Information about you in order to improve the quality of our services, such as the best method and time to contact you. Without limiting the other ways in which we may use Information as described herein, we may otherwise use and disclose your Activity Information unless restricted by this Policy or by law. Some examples of the ways we use your Activity Information include:
- Customizing your experiences, including managing and recording your preferences;
- Authenticating your account information;
- Marketing, product development, and research purposes;
- Tracking resources and data accessed on the Online Services;
- Developing reports regarding Online Service usage, activity, and statistics;
- Assisting users experiencing problems with our services;
- Quality control of our coaching and clinical services;
- Updating and servicing our Online Services;
- Enabling certain functions and tools on the Online Services; and
- Tracking paths of visitors to the Online Services and within the Online Services.
As described above, we may use tracking technologies that allow us recognize your device when you return to our Online Services within a period of time, as determined by us, and to support automatic login to your Online Services. To maintain your privacy, you should affirmatively log out of your account prior to your session ending (whether you end your session or we end your session, for example if our Online Services has “timed out” – i.e. we have ended your session automatically after a period of inactivity as determined by us in our sole discretion). Unless you affirmatively log out of your account, you may be automatically logged back in the next time you or any user of your devices visits the Online Services.
How We Protect Information
We maintain administrative, technical, and physical safeguards designed to protect the information that you provide on our Online Services. These safeguards vary based on the sensitivity of the information that is being collected, used and stored. However, no security system is impenetrable and we cannot guarantee the security of our Online Services, nor can we guarantee the security of the information you transmit to us over the Internet, including your use of e-mail. We are not liable for the illegal acts of third parties such as criminal hackers.
It is your responsibility to safeguard the devices you use to access our Online Services (such as laptops, tablets and mobile devices), and to use appropriate security settings on those devices. If those devices are lost, stolen or misplaced, others may be able to access your account and your personal information using those devices. If you log into the Online Services using a public computer or device, or the computer or device of another person, you should affirmatively log out of your account (i) prior to ending your session, or (ii) if you will be inactive on the Online Services for more than a few minutes otherwise, the next user of that computer or device may be able to access your account and the Information in your account if your session has not ended.
You agree that we are not responsible for any harm that may result from someone accessing your account or personal information on a lost, stolen or misplaced device or on a public computer or kiosk where you do not for any reason take the necessary steps to log out of your account prior to ending a session on such public computer or kiosk.
We offer mobile applications that enable us to communicate with you through push notifications. You may be able to turn off push notifications in your mobile phone settings. You may also be able to control preview settings in your e-mail applications. Please note, choosing to disable certain functionality of the mobile application may impact the functionality of other areas of the mobile application.
We retain Information for as long as necessary for the purpose for which it is collected, subject to a longer period if the information is relevant to a legal challenge.
Children under 13
We will not intentionally collect any personal information (as that term is defined in the Children’s Online Privacy Protection Act) from children under the age of 13 through our Online Services without receiving parental consent. If you think that we have collected such personal information from a child under the age of 13 through our Online Services, please contact us immediately at email@example.com.
SSN Protection Policy
It is our policy to protect the confidentiality of Social Security numbers (“SSNs”) that we receive or collect in the course of business. We secure the confidentiality of SSNs through various means, including physical, technical, and administrative safeguards that are designed to protect against unauthorized access. It is our policy to limit access to SSNs to that which is lawful, and to prohibit unlawful disclosure of SSNs.
Additional Rights for California Residents
California Privacy Rights
California law permits our customers who are California residents to request certain information regarding the use and disclosure of personal information.
Shine the Light Law
California residents may request certain information regarding the disclosure of personal information to third parties for their direct marketing purposes.
If we have disclosed any personal information to third parties for direct marketing purposes, we will provide a list of the categories of personal information, along with the names and addresses of these third parties to you at your request. To make such a request, contact us at the toll-free number, or e-mail address found in the “Contact Us” section of this Policy.
This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the specified e-mail or postal address. You should put “California Privacy Rights” in the e-mail subject line and in the body of your request. You must provide us with specific information regarding yourself so that we can accurately respond to the request.
California Consumer Privacy Act
1. California residents have the right to request any of the following information about the PI that we collect:
- What PI we collect about you
- Where and from whom we collect PI about you
- Our business purpose for collecting PI about you
- The types of third parties with whom we share your PI
- The specific pieces of PI we collect about you
- The types of PI that we disclosed about you for a business purpose, and the categories of third parties to whom we disclosed your PI
2. You have the right to receive the information referenced above free of charge; by mail or electronically; and in a portable and readily useable format, to the extent possible.
3. You have the right to be informed about the PI that we collect about you at or before we collect it. This is that notice.
4. You have the right to request that we delete any PI about you that we have. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why.
5. We will honor your rights by not:
- Denying you services
- Charging you different prices or rates for services, including through the use of discounts or other benefits or imposing penalties
- Providing you with a different level or quality of services
To make such a request, contact us at the toll-free number, postal, or e-mail address found in the “Contact Us” section of this Policy.
We will request specific information from you to help us confirm your identity and process your request. We will not use that information for any other purpose.
Our responses to any of your requests for the information described above will be limited to information collected in the past 12 months from the receipt of your verified request.
California Minors Under 18
If you are a California resident under the age of 18 and are a registered user of our Online Services, you may request that we remove from our Online Services any content you post to our Online Services that can be accessed by any other user (whether registered or not). Please note that any content that is removed from visibility on our Online Services may still remain on our servers and in our systems. To request removal of content under this provision, please write or e-mail us at the postal or e-mail address found in the please Contact Us section of this Policy. When you write us, provide us with a description of the content and the location of the content on our Online Services, and any other information we may require in order to consider your request. Please note that removal of content under this provision does not ensure complete or comprehensive removal of the content or information posted on the Online Services by you.
Additional Rights for European Union Residents
Controller and Data Protection Officer
Sanvello Health is the controller of your personal information for purposes of European data protection legislation. You can contact our Data Protection Officer at firstname.lastname@example.org.
Lawful Basis for Data Processing
We will only collect, store, and process your personal information where a lawful basis for such processing exists, which will typically fall under one of the following scenarios:
1. You, the Data Subject, have given consent to the processing of your personal information for one or more specific purposes, for example by consenting to receiving electronic marketing, in which case you may withdraw your consent subsequently at any time (by emailing email@example.com) without affecting the lawfulness of processing based on consent before its withdrawal;
2. Processing is necessary for the performance of a contract to which you, the Data Subject, are party;
3. Processing is necessary for compliance with a legal obligation to which Sanvello Health
as a Controller is subject;
4. Processing is necessary for the purposes of the legitimate interests pursued by us as the Controller, or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you, the Data Subject, which require protection of your personal information.
Use for New Purposes
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Information) for six years after they cease being customers for tax purposes.
In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.
European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
- Opt-out. Stop sending you direct marketing communications. You may continue to receive Service-related and other non-marketing emails.
- Provide you with information about our processing of your personal information and give you access to your personal information.
- Update or correct inaccuracies in your personal information.
- Delete your personal information.
- Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You can submit these requests by email to firstname.lastname@example.org. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described below or submit a complaint to the data protection regulator in your jurisdiction.
Contact us regarding this Policy; our privacy practices; or you believe we, or any company associated with us, has misused your information, at email@example.com or 877-441-0121.
December 19, 2019
Social Media Disclaimer
Are you using social media? So are we! We encourage you to read, share, follow us and provide commentary on Facebook®, Twitter®, Pinterest®, Instagram® and other social media sites (“Social Media Site”). Before you post, please make sure you read our social media disclaimer:
We are under no obligation to screen or monitor your posts or any other user content; however, we reserve the right to monitor participation to ensure that you stay on topic, are courteous and avoid making offensive comments. Your posts and user content must adhere to the following requirements and cannot:
- Contain any third party material including logos, drawings, tattoos, photographs, pictures, sculptures, paintings and other images or works of art, phrases, trademarks, trade secrets or other items without explicit prior written permission to use such materials
- Contain sexually explicit, graphic, gratuitous or unnecessarily violent content or defamatory or derogatory content against any ethnic, racial, gender, religious, sexual orientation, professional or age group or contain any pornographic or nude material
- Contain any private information about yourself or any other individual, including without limitation, information related to the health of the individual, financial information about the individual or any identification or account numbers related to the individual, with or without their permission or consent
- Contain any software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software, hardware or telecommunications equipment
- Contain any advertising, promotional materials, “junk mail”, “spam”, “chain letters”, “pyramid schemes”, or promote illegal activity and/or illegal contests, sweepstakes, gambling, including any online casino, sports books, bingo, poker or any other form of solicitation
We reserve the right to edit comments for content, remove off-topic contributions, delete offensive comments or remarks, block offensive contributors and delete actual or suspected spam content from any Social Media Site. Please be aware that once you post something online, there is the potential for numerous individuals to read your words, even years from now. Therefore, we suggest that you exercise caution when posting on any Social Media Sites and that you not disclose Information like your location, medical record number, personal medical information, financial information, etc. We are not responsible for the content of any comments or responses posted by others to any website or Social Media Site we manage or monitor. We do not control the placement of any marketing or advertising displayed on our pages by social media or third party organizations.
Please remember that information posted on any of our social media profiles or platforms is for general informational purposes only and should not be considered medical advice and should not replace a consultation with your health care or financial professional. Always consult an appropriate health care or financial professional for your specific needs. If you are experiencing a medical emergency, call 9-1-1 or your local emergency number. Some treatments mentioned on social media formats may not be covered by your health plan. Please refer to your benefit plan documents for information about coverage.
We reserve the right to respond to any post or user content and may occasionally privately request your contact information to assist offline with your consent by routing the matter to the appropriate persons or department for further handling. Any further questions about your account, claims or benefits or request for additional information can be addressed by visiting your member website or calling the toll-free member phone number on the back of your health plan ID or other membership card.
All trademarks are the property of their respective owners.