Privacy Policy

Onlife Health (“Onlife”) takes your privacy seriously. This Privacy Policy (“Policy”) describes the types of information Onlife collects from and/or about you when you visit or use our websites (our “Website”), our Member Portal (“Member Portal”), our mobile applications (our “App”) or other interfaces and digital tools used to communicate with you and collect your information (collectively, “Platform”), and our practices for collecting, using, maintaining, protecting, and disclosing that information. For purposes of this Policy, our Platform and all related tools, services, and functionality that we provide through them are referred to as our “Digital Services”.

This Policy applies to any information relating to a natural person who is, or can be, identified either directly or indirectly from such information, and includes information such as a person’s name, address, telephone number, email address, Internet activity (such as browsing history), or other information directly linked to that person (“Personal Information”). You are not legally required to provide Personal Information to us, but if you refuse to provide such information, we may not be able to register you to use the Platform.

Please read this Policy carefully to understand our policies and practices regarding your Personal Information and how we will treat it. If you do not agree with our policies and practices, you may choose not to use our Digital Services. By accessing or using our Digital Services, you agree to this Privacy Policy, and related terms, and further acknowledge the type and manner of collection of Personal Information. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy below). Your continued use of our Digital Services after we make changes is deemed to be an acceptance of those changes, so please check this Privacy Policy periodically for updates.

For the purpose of this Privacy Policy, the following definitions describe the types of users who may access and use the information, products, and services offered by Onlife:

An Individual is any person visiting the public sections of our Website.

An Eligible Individual is an Individual who is eligible to participate in Onlife’s Digital Services.

A Registered User (or User) is any Eligible Individual that has registered and is authorized to enter the authenticated, secure sections of the Onlife Platform.

An Employer is the organization that offers the Onlife Digital Services as part of its benefits to the Eligible Individual.

An Insurer is the organization that the Eligible Individual’s Employer contracts with to provide health benefits to certain Eligible Individuals of the Employer’s employee group health benefit plan.

Some Personal Information we collect may include health and/or medical information that constitutes protected health information (“PHI”) under the U.S. Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”). Onlife maintains physical, technical, and administrative safeguards that comply with federal regulations to reasonably protect PHI. Onlife will only use and disclose PHI as permitted by HIPAA and Onlife’s business associate agreements with Insurers.

PERSONAL INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT

We collect several types and categories of Personal Information from and about users of our Digital Services, including:

• Your name, postal address, billing address, shipping address, e-mail address, telephone number(s), date of birth, health information, and other demographic information;
• Health- and wellness-related information;
• Information obtained from any trackers you have registered and connected to the Digital Services (i.e., FitBit, Apple Watch);
• Information pertaining to your Insurer and/or Employer; and
• Information about your Internet connection, the equipment you use to access or use our Digital Services and usage details.

We collect this information:

• Directly from you when you provide it to us;
• Automatically as you navigate through or use our Digital Services;
• Through the use of the global positioning system and Cell ID (“Geolocation”) which allows us to collect your precise or estimated location in real-time; and
• From third parties, for example, including affiliates, vendors, covered entities, and other business partners.

In addition, from time to time, we may use or augment the Personal Information we have about you with information obtained from other sources, such as public databases, social media platforms, and other third parties.

Personal Information You Provide to Us

Personal Information that you provide to us through our Digital Services includes:

• Information that you provide by filling in forms on our Digital Services. This includes, or may include, information provided at the time of registering to use our Digital Services or while using other services available through the Digital Services. We may also ask you for Personal Information when you report a problem with our Digital Services.
• Information we need to process inquiries and requests, such as customer service inquiries.
• Records and copies of your correspondence, including email addresses, if you contact us.
• Your responses to surveys that we might ask you to complete for research, development, and experience improvement purposes.

Personal Information We Collect Through Automatic Data Collection Technologies

In addition to information that you provide when interacting with our Digital Services, we also collect Personal Information through the use of technology. As you navigate through and interact with our Digital Services, we may use automatic data collection technologies to collect certain Personal Information about your equipment, browsing actions, and patterns, including, more specifically:

• Usage Details. Details of your visits to our Digital Services, such as traffic data, location, logs, referring/exit pages, date and time of your visit or use of our Digital Services, error information, clickstream data, and other communication data and the resources that you access and use on or in the Digital Services.
• Device Information. Information about your computer, mobile device, and Internet connection, specifically your IP address, operating system, browser type, and App version information.
• Location Data. Information about your location collected through Geolocation technology.

The technologies we use for this automatic data collection may include:

• Cookies (or browser cookies). We and our service providers may use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with our Digital Services through your computer or mobile device. A cookie is a small file or piece of data sent from a website and stored on the hard drive of your computer or mobile device. On your computer, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting, you may be unable to access or use certain parts of our Digital Services. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website or use our App.
• Pixels and Web Beacons. Pages on our Digital Services, or our e-mails, may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an e-mail and for other related Digital Services statistics (for example, recording the popularity of certain Digital Services content and verifying system and server integrity).
• Advanced Analytics and Tracking and Session Replay and Recording Technologies. We use tracking and session replay and recoding technologies to record your movements, clicks, keystrokes, data entry, and other activities while you interact with our Digital Services.

HOW WE USE YOUR PERSONAL INFORMATION

We use Personal Information that we collect about you or that you provide to us for several purposes, including to:

• Enable your use of our Platform and its functionality, contents, and services.
• Provide you our products and services.
• Provide you with information about products and services you may be interested in.
• Process, fulfill, support, and administer transactions and orders for products and services.
• Provide you with notices about your Onlife Health account.
• Contact you in response to a request.
• Fulfill any other purpose for which you provide the Personal Information.
• Carry out our obligations and enforce our rights arising from any contracts.
• Fulfill any other purpose with your consent or as required by law or regulation.

With respect to the Personal Information we collect automatically, such information is used to help us to improve our Digital Services and to deliver a better and more personalized service, including to:

• Estimate our audience size and usage patterns.
• Improve our customer service responses and response times.
• Improve our product and service offerings.
• Store information about your preferences, allowing us to customize our Digital Services according to your individual interests.
• Recognize you when you return to our Digital Services.

We may also use aggregate or de-identified data that is not personally identifiable for any legally and contractually permissible purposes without restriction.

DISCLOSURE OF PERSONAL INFORMATION

Your Personal Information may be disclosed to:

• Our third-party service providers that provide services such as hosting of the Platform, data analysis, IT services and infrastructure, customer service, e-mail delivery, auditing and other similar services;
• Third parties or our affiliates, for the purposes described for uses of Personal Information in this Privacy Policy, including marketing purposes relating to their products and services;
• A third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, liquidation or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceeding); and
• A third party as we believe to be necessary or appropriate: (a) under applicable law; (b) to comply with legal process; (c) to respond to requests from public or government authorities; (d) to enforce the Terms of Service; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, or that of our affiliates, you, or others; (g) at our discretion under emergency circumstances, to notify emergency services or your family members, personal representative or other individuals involved in your care of your location and condition; or (h) to allow us to pursue available remedies or limit the damages that we may sustain.

Onlife does not, to the best of our knowledge, sell or rent Personal Information that we have collected or retained about you to any other third-party for any purpose. Accordingly, we do not offer individuals the ability to “opt-out” of the selling or renting of Personal Information because we do not engage in those practices.

We may also disclose to third parties aggregate or de-identified data that is not personally identifiable for any legally and contractually permissible purposes without restriction.

Disclosure to Other Users for Team Challenges: Team Challenges are available to participate in via the Platform. Team Challenges are voluntary, but if you elect to participate in a Team Challenge, you acknowledge that you will be disclosing some of your Personal Information such as your name, email address, and progress in the challenge to other members enrolled in the challenge. Your team’s total progress may be shared with other teams for the purposes of the Challenge. Onlife may also share your name and email address with members of your prior teams for the purposes of inviting you into new Team Challenges.

Disclosure to Employers: If your access to Onlife Services is provided as part of the benefits package offered by your Employer, the only Personal Information Onlife discloses to your Employer is the names of Participants employed by Employer who have completed the Health Assessment and biometric screening process. No other identifying information, including your responses to the Health Assessment or the results of your biometric screening, is provided or disclosed.

Disclosure to Insurers: If your wellness benefits are provided through an Insurer, Onlife only collects information reasonably necessary for the Insurer to perform its function for the Insurer and any member data collected by Onlife can be shared with the Insurer. Onlife limits the information to the amount of information reasonably necessary for the health plan to perform its function for the health plan.

RETENTION OF PERSONAL INFORMATION COLLECTED

We will only store Personal Information for as long as it is needed to fulfill the purposes for which it was collected, subject to applicable data retention periods imposed upon us by applicable law or contract. This may mean that your Personal Information is stored by us for a number of years, depending on the purpose and need for that data to be processed.

CALIFORNIA RESIDENTS

If you are a California Resident, please review Onlife’s California Consumer Privacy Act Privacy Notice, which can be found here.

WASHINGTON RESIDENTS

If you are a Washington Resident, please review Onlife’s Washington Consumer Health Data Privacy Notice, which can be found here.

SECURITY

Onlife has in place reasonable administrative, physical, and technical controls to safeguard and secure the Personal Information we collect online. Unfortunately, no data transmission over the Internet or data storage system is 100% secure, and therefore we cannot guarantee against all potential security breaches. We are not responsible for circumvention of any privacy settings or security measures contained on the Platform, in your operating system, or in any application. If you believe someone has accessed your information without authorization, please contact Onlife immediately at support@OnlifeHealth.com.

CHILDREN’S PRIVACY

Onlife is concerned about the safety and privacy of children online. Because of this, we will make all efforts to comply with the Children’s Online Privacy Protection Act of 1998 (“COPPA”). COPPA and its accompanying FTC regulations establish United States federal law that protects the privacy of children using the internet. Further, Onlife’s services are intended only for minors who are 13 or older and whose parent/legal guardian have consented to their use of such services. However, it is possible that by fraud or deception by others we may receive information given to us or pertaining to minors, including children under 13. If we are notified of this, as soon as we verify the information, we will immediately delete the information from our servers. If you want to notify us of our unauthorized receipt of information by minors, including children under 13, please email support@OnlifeHealth.com.

CORRECTING/UPDATING PERSONAL INFORMATION

If the Personal Information of an Eligible Individual of our services changes Onlife will endeavor to provide a way to correct or update that Eligible User’s data in our registration files. To correct or update Personal Information, contact Onlife at support@OnlifeHealth.com or call Onlife Participant Services at 877-709-0201

THIRD PARTIES

This Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including Employers, Insurers, the manufacturers of your mobile device or fitness trackers, and any other third party mobile application or website to which the Platform may contain a link. We encourage you to review the privacy policies of each website and application you visit and use.

CHANGES TO OUR PRIVACY POLICY

Onlife reserves the right, in its sole discretion, to modify this Policy at any time, with or without cause, and with or without notice by updating the locations where it is posted or referenced by the Digital Services. We will update the “Last updated” date at the top of this Privacy Policy. You should, therefore, periodically review this Policy so you are aware of any such revisions. Your continued use or access to our Digital Services shall constitute your agreement to the revised Privacy Policy, terms, notice, and disclosures.