The Information We Collect and How We Collect It
Information you choose to provide: We collect Personal Information of visitors to our Site when they choose to specifically provide their Personal Information to us (for example, if you request to receive more information about StayWell through our “Contact Us” form, you may choose to provide your name, mailing address, telephone number, e-mail address, or information about your business). While we use recognized industry safeguards to protect Personal Information from unauthorized access or use, the sharing and storing of data online has inherent risks, so please take care to share only information that you believe is appropriate.
Account Holders are users of the Site who choose to create an account by registering with the Site. Account Holders may create a username and password, and may provide information such as credit card information, name, mailing address, telephone number, e-mail address, or information about their business. We protect credit card holder information by complying with the Payment Card Industry (PCI) Data Security Standard (DSS). For more information about PCI and DSS, see https://www.pcisecuritystandards.org/.
Information from Children
The Site is not designed or intended to attract children, and we do not collect or maintain information from individuals who we actually know are under the age of 13 years. If you are under 13, please do not attempt to register or send any information about yourself to us, including but not limited to your name, address, telephone number, or email address. No one under age 13 may provide any Personal Information to us. In the event that we learn that, through the Site, we have collected Personal Information from a child under age 13 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at the address below.
Information We Collect through Cookies on our Site
Information We Collect through Your Physician’s use of the KOF Product
When you are provided educational content through our KOF product, we collect information that is provided by your healthcare provider, including (1) information that is required from a technical perspective for the system to function, such as user identifiers and account identifiers, as well as unique identifiers that are generated to track the encounter, (2) certain medical information, such as your medical record number, date of birth, name, email address, gender, condition and diagnosis list, medications list, procedures list, and your preferred language, and (3) certain information about your healthcare provider, which may include their name, user ID, and account ID. To the extent that the information we collect through your use of the KOF product is considered “protected health information” under HIPAA, or is otherwise excluded from the definition of Personal Information hereunder, we still treat it confidentially and provide it with the appropriate protections as required by law.
How We Use Your Information
Information collected from our Site: We may use or aggregate your non-Personal Information with the non-Personal Information of our other users or other non-Personal Information collected offline. We may use some or all of this information to support our commercial activities such as for general statistical purposes, site tracking, or for any other purpose. Personal Information that we collect is used to provide services or products to you that you have requested or authorized, to respond to your questions, to provide better functionality to you, to help us manage our Site, and to comply with applicable law or valid legal process. We may share your Personal Information with our subsidiaries, affiliates and companies acquired by or merged with us and our affiliates. We may also share your Personal Information with third-party advertising networks, social media networks, and websites and mobile apps, so that we can market and advertise on third party platforms, websites, and apps.
Information collected from our KOF Product: The information collected from your usage of the KOF product generally falls under the definition of “protected health information” under HIPAA and is therefore excluded from the definition of “Personal Information” hereunder. However, we believe it is important for you to understand how we use such information. The information that we collect from your usage of our KOF product is used to (1) provide services or products to you that have been contracted for by your healthcare provider as our client and (2) provide aggregate reporting to your healthcare provider when such reporting is a requirement under our contracted with such healthcare provider. Additionally, we may de-identify your personal information so that it no longer identifies you, and use such de-identified information for any lawful purpose, including for our own internal analysis, as well as product improvement or product development.
We Use Your Personal Information as an Account Holders on our Site to:
- Send you information about your orders;
- Fulfill your orders;
- Process and collect your payments;
- Customize, analyze, adjust and improve our services and products to better meet your needs;
- Enforce our agreements with you;
- Prevent fraud and other prohibited or illegal activities; and
- Comply with requests of law enforcement or data protection agencies.
Third Party Service Providers
We may employ other companies and individuals to perform functions on our behalf, such as but not limited to, as applicable, fulfilling orders, delivering packages, sending postal mail and e-mail, serving ads on our behalf, providing search results and links, processing credit card payments and other services to support our business. These third-party service providers may have access to your Personal Information needed to perform their functions, but they may not use it for any other purpose.
Additional State-granted Privacy Rights
This section is provided to comply with the requirements of certain applicable U.S. data privacy laws and regulations, including the California Consumer Privacy Act , the California Privacy Rights Act, and other California privacy laws, as well as the Virginia Consumer Data Protection Act (collectively, “Applicable Data Privacy Laws”). This section applies solely to Site visitors and Account Holders who are residents of the states that have enacted the laws identified above, and only to the extent that they are a resident of the applicable state.
We may collect certain Personal Information from Site visitors and Account Holders that qualifies as a subset of Personal Information known as “Sensitive Personal Information.” Although not all of the information included in the definition of “Sensitive Personal Information” is collected by us, we believe that you should be aware of what is considered Sensitive Personal Information. To that end, Sensitive Personal Information may include: (1) personal information that reveals (a) a social security, driver’s license, state identification card, or passport number, (b) account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, (c) precise geolocation, (d) racial or ethnic origin, immigration status, religious or philosophical beliefs, or union membership, (e) the contents of mail, email, and text messages except where we are the intended recipient of the communication, (f) genetic data; (2) the processing of biometric or genetic information for the purpose of uniquely identifying a consumer; (3) personal information collected and analyzed concerning a consumer’s health or diagnosis; (4) personal information collected and analyzed concerning a consumer’s sex life or sexual orientation; and (5) personal information collected from a known child.
We may collect and store certain categories of Sensitive Personal Information (e.g., account log-in, precise geolocation) in order to provide the Site’s services to you and for short-term, transient use based on your interactions with the Site.
Information We Collect
Within the last twelve (12) months, we have or may have collected the following categories of Personal Information from our Site visitors and Account Holders: identifiers; Personal Information listed under Cal. Civ. Code § 1798.80(e); commercial information; internet or other similar network activity; geolocation data; professional or employment-related information; and inferences drawn from any of the information identified in this section.
Categories of Sources from Which Information is Collected
As described in the “The Information We Collect and How We Collect It” section above, we obtain the categories of Personal Information listed above from the following categories of sources: directly from you; and directly and indirectly through cookies and other technologies.
Using and Sharing of Personal Information
The Personal Information described in the categories above may be used for the business purposes listed in the “How We Use Your Information” section above.
We disclose your Personal Information for a business purpose to the following categories of third parties: (a) service providers and (b) third parties to whom you authorize or direct us to disclose your personal information in connection with our products and services. In the preceding twelve (12) months, we have disclosed the Personal Information described in the categories listed above for the business purposes listed in the “Third party Service Providers” section above. We may also share your Personal Information for any other purpose(s) disclosed to you at the time we collect your information or with your consent.
Personal Information “Sold” to Third Parties
In the preceding twelve (12) months, we have not sold your Personal Information to third parties.
We do not sell the Personal Information of Site visitors or Account Holders that we know are minors under 16 years of age without affirmative authorization as required under applicable law.
Retention of Personal Information
If you have an account on the Sites, we may retain your personal information as long as your account is active in order to provide the relevant services to you and for a period of (2) years thereafter. If you do not have an account, we may retain certain Personal Information based on your interactions with the Site, such as IP address, as long as relevant to your use of the services or Site.
Your Rights under the Applicable Data Privacy Laws
Applicable Data Privacy Laws provide consumers with specific rights regarding their Personal Information. This section describes your consumer rights and explains how to exercise those rights:
- You may request, up to two (2) times each year, that we disclose to you, once we receive and confirm your verifiable consumer request: (1) categories and specific pieces of Personal Information that we have collected about you; (2) categories of sources from which your Personal Information is collected; (3) business or commercial purpose for collecting your Personal Information; (4) categories of Personal Information that we disclosed for a business purpose; (5) categories of Personal Information that we sold about you; (6) categories of third-parties with whom we have shared your Personal Information; and (7) business or commercial purpose for selling your Personal Information.
- Subject to certain exceptions and up to two (2) times each year, you may request that we delete any of your personal information that we collected from you. Once we receive and confirmed your verifiable consumer request for deletion, we will delete (and direct our service providers to delete) such personal information from our records, unless an exception applies.
- You have the right to request that we correct any inaccurate personal information about you, taking into account the nature of the personal information and the purposes of processing your personal information. Once we receive and verify your consumer request, we will use commercially reasonable efforts to correct (and direct our service providers to correct) your inaccurate personal information from our records, unless it is impossible or involves a disproportionate effort.
- Right to opt -out of the sale or sharing of your personal information. The CCPA defines “sale” and “share” broadly, and it may include our sharing information that we have about you, such as a cookie ID or IP address, with third party advertising partners who may use this information, on our behalf, to help us deliver advertising, including advertising on third party websites. You have the right to opt -out of the sale or share of your personal information subject to certain exclusions. Once we receive your request, we will not sell or share your personal information, unless an exclusion applies. We may request that you authorize the sale or sharing of your personal information after 12 months following your opt-out.
To exercise the rights described above, please contact us through the address or email listed under the “How to Contact Us” section below.
You will be asked to provide certain identifying information, such as your name, email, and residency. While processing your request, we may ask you to provide further verifying documentation. We will only use personal information provided in a request to verify the requestor’s identity or authority to make the request. Only you, or a person registered with the applicable state that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide proof of written authorization to do so, and you must verify your identity directly with us, unless such authorized agent provides proof of a power of attorney pursuant to Probate Code sections 4000 to 4465.
We will not discriminate against you for exercising any of your rights under the Applicable Data Privacy Laws. Accordingly, and unless permitted by the Applicable Data Privacy Laws, we will not: deny you services; charge you different prices or rates for services; provide you a different level of service; or suggest that you may receive a different price or rate for services or a different level for services. We may charge a different price or rate or provide a different level of service if the difference is reasonably related to the value provided by your personal information.
Advertising and Marketing
StayWell does not accept any advertising of third parties on our Site nor do we receive income from marketing sponsors or advertisers. Any mention of a particular service is not an endorsement and is provided for solely for your convenience.
Note to Site Visitors and Account Holders Outside of the United States
Additional Information for Visitors from the European Economic Area (EEA) and the UK
The EU General Data Protection Regulation and UK General Data Protection Regulation (together the “GDPR”) require certain information to be provided to data subjects located in the EEA and the UK, and grant them certain rights regarding their personal information. This section applies solely to the processing activities that are governed by the GDPR.
Data Controller and EEA Representative
StayWell is the controller of the personal information provided to, collected by or for, or processed in relation with, the Site and Services. StayWell has appointed Dentons Europe Consulting B.V. DPO Team as its representative in the EEA. StayWell’s Data Protection Officer can be contacted at email@example.com.
Legal Bases for Processing
Where we rely on your consent to process your personal information, you have the right to decline consent or withdraw your consent at any time. Where we rely on our legitimate interests to process your personal information, you have the right to object.
Your Rights Under the GDPR
If you are a Site visitor or Account Holder in the EEA, you can: (i) access personal information we have about you (we will try to provide information within 30 days of your request); (ii) have your personal information corrected or deleted (in most cases you can correct personal information you have submitted to us through your account); (iii) in certain circumstances, you can object to our processing of your personal information and we will discontinue such processing unless we have compelling legitimate grounds to continue; (iv) withdraw consent previously provided (including, in limited circumstances, the right to ask us to stop processing your personal information, with some exceptions, by contacting us); or (v) if you believe that we have not complied with applicable data protection laws, you may lodge a complaint with your local supervisory authority. If you wish to inquire as to whether we maintain any of your personal information and if so, whether you wish to exercise any of those rights that are available to you with respect to such personal information, you may contact us as described in the “How to Contact Us” section below. We will respond to your request within a reasonable timeframe.
Transfers Outside the EEA and the UK
We are located in the United States. Accordingly, as the controller, we process your personal information in the United States. We may also transfer your personal information outside the United States to service providers with operations in other countries. For more information, please refer to the “Note to Site Visitors and Account Holders Outside of the United States” section above.
Automated Decision Making
We do not make automated decisions that create legal effects or otherwise significantly affect you.
How to Contact Us
The StayWell Company, LLC
800 Township Line Rd, Suite 100
Yardley, PA 19067
Attn: Legal Department
Copyright © 2022. The StayWell Company, LLC. StayWell is a registered trademark of The StayWell Company, LLC or its affiliates.
Revised November 30, 2022
11/30/2022: Added revision history; minor edits; updated data collection, data retention, and state privacy rights. Updated GDPR DPO designation to Dentons Europe.