Last Updated: 1/28/19
2.0 Transparency/Notice–What Personal Information We Collect and How We Use It
The types of Personal Information we may collect (directly from you or from Third Party sources) and our privacy practices depend on the nature of the relationship you have with Vytality Health and the requirements of applicable law. We endeavour to collect information only relevant for the purposes of Processing. Below are the legal bases and some of the ways we collect information and how we use it.
Vytality Health collects Personal Information regarding its users of the Services (collectively “Individuals”), which, for greater certainty, includes visitors to the Site. We acquire, hold, use and Process Personal Information about Individuals for a variety of business purposes including to:
· generally manage Individual information and accounts;
· respond to questions, comments and requests;
· provide access to certain areas and features of the Services, including pursuant to a Subscription;
· ensure internal quality control;
· verify Individual identity;
· enable Individuals to register for events or participate in webinars;
· communicate about Individual account and activities on Vytality Health’s Services and systems, and, in Vytality Health’s discretion, changes to any Vytality Health policies;
· tailor content, advertisements and offers we serve to Individuals;
· process payment for products or services purchased;
· measure interest in and improve Vytality Health’s Services;
· develop new products, processes and services;
· notify you about offers, products and services that may be of interest to you;
· process applications and transactions;
· comply with regulatory requirements;
· prevent potentially prohibited or illegal activities;
· provide Services to you;
· enforce our Terms of Service; and
· for purposes disclosed at the time that Individuals provide Personal Information or otherwise with consent.
2.2 How Vytality Health Collects Personal Information
The data we collect from or about Individuals includes information that may be deemed Personal Information, such as title, name, address, phone number, email address, user name, government identification (driver’s license, passport), Internet Protocol address, and credit card and other financial information related to payments for the Services. We may also collect other information that is not Personal information, such as demographic information you choose to provide (e.g., your business or company information, professional experiences, educational background, nationality, ethnic origin, gender, interests, preferences and favourites) and answers to a security question(s) and password.
In addition, if you participate in certain programs or use certain features of the Services, we may collect information regarding your medical history and other health-related information (collectively, “Health Data”), from Individuals or a third party. Any Health Data that is tied to an Individual’s Personal Information will be treated as Personal Information, provided that any Protected Health Data (as defined under HIPAA) will be protected in accordance with the requirements of HIPAA.
Some of the ways that Vytality Health may collect your Personal Information include:
· Vytality Health may collect Personal Information from you through various channels, including through Services, in surveys, during business or marketing events, and when delivering programs and services to you.
· When you use the Services, Vytality Health may provide you with opportunities to sign up to receive specific information or services and may ask for your contact information (e.g. name, home address, home phone number or personal email address), so that, with your consent, we can send you specific information about products, services and specific health conditions.
· When you enroll in a program that Vytality Health offers, or sign up for the Services, we may obtain your contact information and details of your health condition.
· Vytality Health may collect various information from healthcare professionals as part of marketing activities to healthcare professionals, including first name, last name, age, gender, home address, home phone number, medical specialization, professional qualifications, license number and scientific society membership number.
· As you navigate the Services, certain passive information may also be collected, including Internet Protocol addresses, navigational data, cookies and other similar technologies as described in Section 2.8. This type of information is used for the purposes of gathering data to provide improved administration of our Services, and to improve the quality of your experience when interacting with our Services.
· Vytality Health may also collect Health Data, including step count, heart rate, sleep hours, and daily mood, as you use the Services. Such Health Data will be collected only if you specifically permit the collection of each type of health-related information while using the Services.
2.3 How Vytality Health Uses Your Personal Information
Depending on how you interact with Vytality Health, we and our Third Party-service providers may also use Personal Information in a variety of ways, including:
· Providing Information and Services You Requested. Vytality Health may use the Personal Information about you to provide you information that you may request, e.g. information about our Services or a product or program we are offering. Vytality Health may also use your Personal Information to deliver a specific program or Service to you, or when you enroll to receive such programs or Services. Such use may include: (a) generally managing your information and accounts; (b) responding to questions, comments and requests; (c) providing access to certain areas and features of the Services; and (d) permitting you to register for events or participate in webinars.
· Administrative Purposes. Vytality Health may use the Personal Information about you for its administrative purposes, including, without limitation, to: (a) measure interest in Vytality Health’s Services; (b) perform internal quality control; (c) verify identity; (d) send communications regarding the Vytality Health Services, your account, or any changes to any Vytality Health policy or terms of service; (e) process payments; (f) prevent potentially prohibited or illegal activities; and (g) enforce our Terms of Service.
· Marketing Products and Services. Vytality Health may use the Personal Information about you to provide you with materials about offers, products and services offered by us, including new content or services, and Vytality Health’s other websites. Vytality Health may provide you with these materials by phone, postal mail, facsimile or email, as permitted by applicable law. If you do not wish us to use your Personal Information for marketing purposes, you may contact us at any time to opt out of the use of your Personal Information for such purposes, as further described below.
· Research and Development. Vytality Health may use your Personal Information to create non-identifiable information that we may use alone or in the aggregate with information obtained from other sources, in order to help us to optimally deliver our existing products, Services or develop new products, processes and services.
· Information Submitted Via the Services. You agree that Vytality Health is free to use the content of any communications submitted by you via the Services, including any ideas, inventions, concepts, techniques, or know-how disclosed therein, for any purpose including developing, manufacturing, and/or marketing goods or services. However, Vytality Health will not release your name or otherwise publicize the fact that you submitted materials or other information to us unless: (a) you grant us permission to do so; (b) we first send notice to you that the materials or other information you submit to a particular part of a Service will be published or otherwise used with your name on it; or (c) we are required to do so by law.
· Sharing Content with Friends or Colleagues. Vytality Health’s Services may offer various tools and functionality. For example, Vytality Health may provide functionality on its Services that will allow you to forward or share certain content with a friend or colleague. Email addresses that you may provide for a friend or colleague will be used to send your friend or colleague the content or link you request, but will not be collected or otherwise used by Vytality Health or any other Third Parties for any other purpose.
· Pseudonymous Data. Including as discussed below in Section 2.10, Vytality Health may use and share your anonymized or aggregated information within the Vytality Health group of companies or with Third Parties for public health, research, analytics and any other legally permissible purposes.
· Other Uses. Vytality Health may use your Personal Information for other purposes disclosed to you at the time you provide Personal Information or with your consent.
2.4 Social Media
Generally, online social media resources are interactive tools that enable Individuals to collaborate and share information with others. Social media resources include, but are not limited to, social networks, discussion boards, bulletin boards, blogs, wikis, and referral functions to share website content and tools with a friend or colleague.
Vytality Health may collect Personal Information to enable Individuals to use online social media resources offered either by Vytality Health or a Third Party. We may also enable you to use these social media resources to post or share Personal Information with others. When using social media resources, you should take into careful consideration what Personal Information you share with others.
2.5 Information from Third-Party Sources
Vytality Health may collect information about you from Third-Party sources to supplement information provided by you. This supplemental information allows us to verify information that you have provided to Vytality Health and to enhance our ability to provide you with information about our business, products and services. Vytality Health’s agreements with these Third Party-sources typically limit how we may use this supplemental information.
If you sign up for an Account based on an existing third-party account like Facebook, Google or other social media accounts (each, a “SNS Account”), we will obtain from your existing social media account certain information such as your user name, profile photo, and other personal information (but to the extent that your social media account privacy settings permit us to access such information).
2.6 Direct Mail, Email and Outbound Telemarketing
Individuals who provide us with Personal Information, or whose Personal Information we obtain from Third Parties, may receive periodic emails, newsletters, mailings or phone calls from us with information on Vytality Health or our business partners’ products and services or upcoming special offers/events we believe may be of interest. We offer the option to decline these communications at no cost to the individual by following the instructions in Section 3.0 below.
2.7 Research/Survey Solicitations
From time to time, Vytality Health may perform research (online and offline) via surveys. We may engage Third Party-service providers to conduct such surveys on our behalf. All survey responses are voluntary, and the information collected will be used for research and reporting purposes to help us better serve Individuals by learning more about their needs and the quality of the products and Services we provide. The survey responses may be utilized to determine the effectiveness of our Services, various types of communications, advertising campaigns and/or promotional activities. If an Individual participates in a survey, the information given will be used along with that of other participants. We may share anonymous individual and aggregate data for research and analysis purposes.
2.8 All Internet Users – Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based Advertising
Like many other websites, Vytality Health or its business partners may employ a cookie, or small piece of computer code that enables Web servers to “identify” visitors, each time an Individual initiates a session on our Site. A cookie is set in order to identify Individuals; tailor our Services to you; measure and research the effectiveness of our features, offerings and advertisements; and authenticate users for registered services. Cookies can only access Personal Information that you have provided on our Sites and cannot be accessed by other sites. Individuals also have the ability to delete cookie files from their own hard drive at any time by clicking on the Privacy or History tab typically found on the Settings or Options menu in your internet browser. However, please also be advised that cookies may be necessary to provide access to much of the content and many of the features of Vytality Health’s Sites.
2.8.2 Pixel Tags/Web Beacons
Vytality Health may use “pixel tags,” also known as “web beacons,” which are small graphic files that allow us to monitor the use of our Services. A pixel tag can collect information such as the Internet Protocol (“IP”) address of the computer that downloaded the page on which the tag appears; the URL of the page on which the pixel tag appears; the time the page containing the pixel tag was viewed; the browser type and language; the device type; geographic location; and the identification number of any cookie on the computer previously placed by that server. When corresponding with you via HTML capable email, we or our Third Party-service providers may use “format sensing” technology, which allows pixel tags to let us know whether you received and opened our email.
2.8.3 Analytics Information
We may also use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics, and to develop website content. This analytics data is not tied to any Personal Information. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout.
2.8.4 Interest-BasedTargeted Advertising
Through our Services, Vytality Health may in the future allow Third-Party advertising partners to conduct targeted advertising to you through the newsfeed function on our Services. However, you will be asked to opt in to receiving such advertising before relevant advertising materials are delivered to you. Once you opt in, such Third-Party advertising will only occur through your newsfeed on the Services, and not through other contact methods such as sending emails or physical mailings. set tracking tools (e.g., cookies) to collect anonymous, non-Personal Information regarding your activities (e.g., your IP address, page(s) visited, time of day). We may also share such de-identified information we have collected with Third-Party advertising partners. These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering targeted advertisements to you when you visit non-Vytality Health related websites within their networks. This practice is commonly referred to as “interest-based advertising” or “online behavioral advertising.”
2.9 Mobile Devices
Vytality Health may provide websites and online resources that are specifically designed to be compatible and used on mobile devices. Vytality Health will collect certain information that your mobile device sends when you use such websites or online resources, like a device identifier, user settings and the operating system of your device.
2.10 Anonymous and Aggregated Information
Vytality Health may use your Personal Information and other information about you to create anonymized and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access the Services or other online services, or other analyses we create. Anonymized and aggregated information is used for a variety of functions, including the measurement of users’ interest in and use of various portions or features of the Services. Anonymized or aggregated information is not Personal Information, and Vytality Health may use such information in a number of ways, including research, internal analysis, analytics and any other legally permissible purposes. We may share this information within Vytality Health and with Third Parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.
3.0 Choice/Modalities to Opt Out
Where you have consented to Vytality Health’s Processing of your Personal Information or Sensitive Personal Information, you may withdraw that consent at any time and opt out by following the instructions in this Section 3.0. Additionally, before we use Personal Information for any new purpose not originally authorized by you, we will provide information regarding the new purpose and give you the opportunity to opt out.
Prior to disclosing Sensitive Data to a Third Party or Processing Sensitive Data for a purpose other than its original purpose or the purpose authorized subsequently by the Individual, Vytality Health will endeavour to obtain each Individual’s explicit consent (opt-in). Where consent of the Individual for the Processing of Personal Information is otherwise required by law or contract, Vytality Health will comply with the law or contract.
3.2 Email and Telephone Communications
We maintain telephone “do not call” lists and “do not mail” lists as mandated by law. [NTD: please confirm you maintain such lists. We process requests to be placed on do not mail, do not phone and do not contact lists within 60 days after receipt, or such shorter time as may be required by law.
3.3 “Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Vytality Health does not recognize or respond to browser-initiated DNT signals.
3.4 Advertising Choices
While Vytality Health does not currently participate in interest-based advertising, it may in the future use your browsing or personal opt-in selections as described in section 2.8.4 for interest-based advertising purposes. In the event that we do so, an opportunity to opt-out of such interest-based advertising will be provided through an AdChoices link. [ 1]
Even if you opt-out through AdChoices, we may still collect and use non-Personal Information regarding your activities on our Services and/or information from the advertisements on Third-Party websites for non-interest based advertising purposes, such as to determine the effectiveness of the advertisements.
4.0 Onward Transfer
4.1 Information We Share
4.1.1 Service Providers
Vytality Health may share Personal Information with our service providers that we have retained to perform services on our behalf including (i) provision of IT and related services; (ii) provision of information and services you have requested; (iii) payment processing; and (iv) customer service activities. Payment information will be used and shared only to effectuate your order and may be stored by a service provider for purposes of future orders.
Vytality Health requires our service providers to agree in writing that they will not use or share your Personal Information except as necessary to perform the contracted services on our behalf or to comply with applicable legal requirements.
4.1.2 Business Partners
Vytality Health may share Personal Information with our business partners, and affiliates for our and our affiliates’ internal business purposes or to provide you with a product or service that you have requested. Vytality Health may also provide Personal Information to business partners with whom we may jointly offer products or services, or whose products or services we believe may be of interest to you. In such cases, our business partner’s name will appear, along with Vytality Health’s. Vytality Health requires our affiliates and business partners to agree in writing to maintain the confidentiality and security of Personal Information they maintain on our behalf and not to use it for any purpose other than the purpose for which Vytality Health provided them.
4.1.3 Information Disclosed for Our Protection and the Protection of Others
We may disclose information about you: (i) if we are required to do so by law, court order or legal process; (ii) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; (iii) under the discovery process in litigation; (iv) to enforce Vytality Health policies or contracts; (v) to collect amounts owed to Vytality Health; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) if we, in good faith, believe that disclosure is otherwise necessary or advisable.
In addition, from time to time, server logs may be reviewed for security purposes – e.g., to detect unauthorized activities. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.
4.1.4 Information Disclosed in Connection with Business Transactions
4.1.5 Information Disclosed to Other Users of the Services
Certain Personal Information or Health Data may be shared with, accessed by, or viewed by other users of the Services. As described in the Terms of Service, you can add other users of the Services as your connections, and each user will belong in different Groups made available on the Services. Users in different Groups will have varying degrees of access to your Personal Information or Health Data based on the specific consent you give to each user. Such Personal Information or Health Data will only be accessible to users who are specifically permitted by you to access the information, and you may discontinue other users’ access to your Personal Information or Health Data at any time by changing the applicable privacy/permission setting through the Services.
4.2 Data Transfers
All Personal Information or Health Data sent or collected via or by Vytality Health may be stored anywhere in the world, including but not limited to, in the United States, in the cloud, our servers, the servers of our affiliates or the servers of our service providers. Your Personal Information may be accessible to law enforcement or other authorities pursuant to a lawful request. By providing information to Vytality Health, you consent to the storage of your Personal Information in these locations.
5.0 Rights of Access, Rectification, Erasure and Restriction
This Section 5.0 only applies to users of the Services who are residents in the European Union.
In accordance with applicable law, you may have the right to: (i) request confirmation of whether we are processing your Personal Information; (ii) obtain access to or a copy of your Personal Information; (iii) receive an electronic copy of Personal Information that you have provided to us, or ask us to send that information to another company (the “right of data portability”); (iv) restrict our uses of your Personal Information; (v) seek correction or amendment of inaccurate, untrue, incomplete, or improperly Processed Personal Information; and (vi) request erasure of Personal Information held about you by Vytality Health, subject to certain exceptions prescribed by law. If you would like to exercise any of these rights, please contact us as set forth below.
We will process such requests in accordance with applicable laws. To protect your privacy, Vytality Health will take steps to verify your identity before fulfilling your request.
6.0 Data Retention
7.0 Security of Your Information
The security of all Personal Information provided to Vytality Health is important to us, and Vytality Health takes reasonable steps designed to protect your Personal Information. Unfortunately, no data transmission over the Internet or storage of information can be guaranteed to be 100% secure. As a result, while Vytality Health strives to protect your Personal Information, we cannot ensure or warrant the security of any information you transmit to Vytality Health, and you do so at your own risk. You are responsible for maintaining the secrecy of your own passwords. If you have reason to believe that your passwords or Personal Information is no longer secure, please promptly notify us at firstname.lastname@example.org.
8.0 Redress/Compliance and Accountability
Vytality Health will address your concerns and attempt to resolve any privacy issues in a timely manner.
9.0 Other Rights and Important Information
9.1 Information Regarding Children
Due to the nature of Vytality Health’s business, Services are not marketed to Minors. Vytality Health does not knowingly solicit or collect Personal Information from children under the age of 13 (and in certain jurisdictions under the age of 16). If we learn that we have collected Personal Information from a Minor, we will promptly delete that information.
9.2 California Privacy Rights
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the Third Parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. Vytality Health does not share Personal Information with third parties for their own marketing purposes.
9.3 Links to Third-Party Websites
“Agent” means any third party that processes Personal Information pursuant to the instructions of, and solely for, Vytality Health or to which Vytality Health discloses Personal Information for use on its behalf.
“HIPAA” means Health Insurance Portability and Accountability Act.
“Personal Information” is any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Sensitive Data” or “Sensitive Personal Information” is a subset of Personal Information which, due to its nature, has been classified by law or by policy as deserving additional privacy and security protections. Sensitive Personal Information includes Personal Information regarding EU-residents that is classified as a “Special Category of Personal Data” under EU law, which consists of the following data elements: (1) race or ethnic origin; (2) political opinions; (3) religious or philosophical beliefs; (4) trade union membership; (5) genetic data; (6) biometric data where Processed to uniquely identify a person; (6) Health Data; (7) sexual orientation or information about the individual’s sex life; or (8) information relating to the commission of a criminal offense.
“Third Party” is any natural or legal person, public authority, agency or body other than the Data Subject, Vytality Health or Vytality Health’s Agents.