The Services are not intended for use in the event of an emergency or other urgent situations. If you believe you may have a medical emergency, call 911 or your local emergency medical system immediately.

This Privacy Policy explains how WELL Health Inc. (“WELL,” “we,” “us,” or “our”) collects, uses and discloses information from website visitors, job applicants, and our current and prospective clients (“clients” or “you”) when you use our websites, platform, and other online products and services that link to this policy (collectively, the “Services”) or when you otherwise interact with us.

This Privacy Policy does not apply to information that is protected health information or personal health information (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”) or other privacy law applicable to your relationship with your healthcare provider (“Provider”). Any collected information that constitutes PHI is governed by, and will be used and disclosed solely as permitted under, the business associate agreement or services agreement between WELL and your Provider, as required by law, to safeguard PHI.  For more information about the privacy of PHI, please contact your Provider.  Any information provided directly to a Provider is treated in accordance with that Provider’s notice of privacy practices, and we encourage you to ask the Provider for information about their practices before providing any information to them.

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you an email notification). We encourage you to review the Privacy Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you.

COLLECTION OF INFORMATION

As used in this Privacy Policy, “Personal Information” means any information that can be used to individually identify a person or household, and may include, but is not limited to, name, email address, postal or other physical address, title, and other information reasonably linkable to an individual or household with or without other identifying information in our possession. Personal Information also includes information relating to a person’s professional background, and may include, but is not limited to, education and training, employment history, and certifications.

There are three general categories of information we collect: (1) Information you provide to us; (2) Information we automatically collect from your use of the Services; (3) Information we collect from third parties. The types of Personal Information that WELL collects will depend on the nature of your dealings with us. For example, we process your Personal Information as a customer (or potential customer) of WELL’s Services differently than the data that we collect as part of our relationship with our customer’s end users.

Information You Provide to Us

We collect information you provide directly to us.  For example, we collect information when you create an account, participate in any interactive features of the Services, fill out a form, request customer support, apply for a job with us, or otherwise communicate with us.

The types of information we may collect from you include:

  • Account Information: When you register for an account on our Services, you will need to provide us with certain Personal Information to complete the registration, including information that can be used to contact or identify you, which may include your name, email address, username, password, and phone number.
  • Customer Information: When you contact our sales team or customer support team, or when you request more information about our Services, we may collect your name, email address, phone number, profession, company name, company address, number of employees, company website, and other professional information.
  • Information about Others: We may collect information about other individuals, such as the names and the contact information of your Providers and any dependents under your care.
  • Other Information You Choose to Provide: We may collect additional information that you provide, such as when you request technical or customer support, communicate with us, or apply for a job with us.

Information We Collect When You Use the Services

When you access or use our Services, we automatically collect information about you, including:

  • Usage Information: We collect information about your activity on our Services. For example, we may collect information about how our users use and interact with the Services.
  • Log Information:We may collect log information about your use of the Services, including the type of browser you use, access times, pages viewed and visited, and your IP address.
  • Information Collected by Cookies and Other Tracking Technologies:We and our service providers may use various technologies to collect information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. Web beacons are electronic images that may be used on our Services or emails to help deliver cookies, count visits, and understand usage and campaign effectiveness. Please see our separate Cookie Policy [wellapp.com/cookie-policy] to learn about how we use cookies on the Services and your choices in relation to the use of cookies.

Information We Collect from Other Sources

We may obtain information from other sources and use it as contemplated herein, including to provide the Services to and otherwise communicate with you.

USE OF INFORMATION

We may use information about you for various purposes, including to:

  • Provide and deliver the products and services you request;
  • Maintain and improve our Services;
  • Send you technical notices, updates, security alerts, and support and administrative messages;
  • Inform you of job opportunities and evaluate your suitability for a job;
  • Respond to your comments, questions, and requests, and provide customer service;
  • Communicate with you about products, services, offers, promotions, rewards, and events offered by WELL and others, and provide information we think will be of interest to you;
  • Monitor and analyze trends, usage, and activities in connection with our Services;
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities and protect the rights and property of WELL and others;
  • Carry out any other purpose for which the information was collected; and
  • Such other purposes as you may consent or as may be permitted or required by applicable law.

We also may use aggregated or de-identified information, which cannot reasonably be used to identify you, for various purposes, including, for example, to improve our automation and improve care. Once aggregated or de-identified, the data does not personally identify you, is no longer personal information, and is not subject to this Privacy Policy.

SHARING OF INFORMATION

We may share information about you as follows or as otherwise described in this Privacy Policy:

  • With vendors, consultants and other service providers, including, but not limited to, hosting providers, who need access to such information to carry out work on our behalf;
  • In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, regulation or legal process;
  • With other users of the Services as you direct through your use of the Service;
  • To enforce our rights if we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property and safety of WELL or others;
  • In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company;
  • Between and among WELL and its current and future parents, affiliates, subsidiaries and other companies under common control and ownership to the extent permitted by applicable law; and
  • With your consent or at your direction, or as may be permitted or required by applicable law.

We may also sell or share aggregated or de-identified information, which cannot reasonably be used to identify you.

LINKS TO THIRD PARTY SITES

Our Services may contain links to other web sites.  Other web sites may also reference or link to our Services.  These other web sites are not controlled by WELL.  We encourage our users to be aware when they leave our Services to read the privacy policies of each and every web site that collects personally identifiable information.  We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other web sites or mobile applications.  Visiting these other web sites is at your own risk.

SECURITY

WELL takes reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. However, please be advised that when information is transmitted over the internet, it cannot be guaranteed to be completely secure.

RETENTION OF YOUR INFORMATION

WELL will retain information about you only for as long as is necessary for the purposes set out in this Privacy Policy or as described to you, including for as long as your account is active, or as needed to provide the Services to you. If you no longer want WELL to use information about you to provide the Services to you, you may cancel your account. WELL will retain and use such information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws or to demonstrate our compliance with applicable laws governing our interaction with you), resolve disputes and enforce our agreements. We also retain log files for internal analysis purposes. These log files are generally retained for a limited period of time, except in cases where they are used for the safety and security of the Services, to improve functionality of the Services or we are legally obligated to retain them for longer time periods.

HOW WE RESPOND TO “DO NOT TRACK” SIGNALS

Some web browsers have “Do Not Track” or similar features that allow you to tell each website you visit that you do not want your activities on that website tracked.  At present, our Services do not respond to “Do Not Track” signals and consequently, the Services will continue to collect information about you even if your browser’s “Do Not Track” feature is activated.

USE FROM OUTSIDE THE UNITED STATES

If you are using our Services from a country outside the United States, we will collect, store, and process your personal information in the United States or other countries in the world where we or our service providers operate. The privacy laws that apply to us may be different from and not as comprehensive or protective as those in the country where you are. By using our Services, you understand and accept the transfer of your personal information to the United States.

YOUR CHOICES

Account Information

You may update, correct, or delete information by emailing us at privacy@wellapp.com. Note that we may retain certain information as required by law or for legitimate business purposes.  We may also retain cached or archived copies of information about you for a certain period of time.

Promotional Communications

You may opt out of receiving promotional communications from us by following the instructions in those communications. If you opt out, we may still send you non-promotional communications, such as those about your account or our ongoing business relations.

CONTACT US

If you have any questions about WELL’s privacy practices, please contact us at: privacy@wellapp.com

ADDITIONAL INFORMATION FOR RESIDENTS OF CERTAIN JURISDICTIONS

Information for Californian consumers

This part of the document integrates with and supplements the information contained in the rest of the Privacy Policy.

The provisions contained in this section apply to all users who are consumers residing in the state of California, United States of America, according to “The California Consumer Privacy Act of 2018” (Users are referred to below, simply as “you”, “your”, “yours”), and, for such consumers, these provisions supersede any other possibly divergent or conflicting provisions contained in the Privacy Policy.

This part of the document uses the term “personal information” as it is defined in The California Consumer Privacy Act (CCPA).

Categories of personal information collected, disclosed or sold

In this section we summarize the categories of personal information that we’ve collected, disclosed or sold and the purposes thereof. You can read about these activities in detail in the section titled “Sharing of Information” within this Privacy Policy.

Information we collect: the categories of personal information we collect

We have collected the following categories of personal information about you: identifiers and internet information, and IP address.

If you submit a job application through our website, we have collected the following categories of personal information about you: race / gender / ethnicity, professional / employment, and education.

How we collect information: what are the sources of the personal information we collect?

We collect the above mentioned categories of personal information, either directly or indirectly, from you when you use the Services.

For example, you directly provide your personal information when you submit requests via any forms on the Services. You also provide personal information indirectly when you navigate the Services, as personal information about you is automatically observed and collected. Finally, we may collect your personal information from third parties that work with us in connection with the Service or with the functioning of the Services and features thereof.

How we use the information we collect: sharing and disclosing of your personal information with third parties for a business purpose

We may use and disclose the personal information we collect about you as described above in the Sections titled “Use of Information” and “Sharing of Information”.

Sale of your personal information

For our purposes, the word “sale” means any “selling, renting, releasing, disclosing, disseminating, making available, transferring or otherwise communicating orally, in writing, or by electronic means, a consumer’s personal information by the business to another business or a third party, for monetary or other valuable consideration”.

This means that, for example, a sale can happen whenever an application runs ads, or makes statistical analyses on the traffic or views, or simply because it uses tools such as social network plugins and the like.

Your right to opt out of the sale of personal information

You have the right to opt out of the sale of your personal information. This means that whenever you request us to stop selling your data, we will abide by your request.

Such requests can be made freely, at any time, without submitting any verifiable request, simply by following the instructions below.

Instructions to opt out of the sale of personal information

If you’d like to know more, or exercise your right to opt out in regard to all the sales carried out by this Website, both online and offline, you can contact us for further information using the contact details provided in this document. You may also exercise your right to opt out by:

Your California privacy rights and how to exercise them

WELL provides services which enable Provider customers to communicate with their respective patients. If you are a patient of a Provider and wish to exercise your CCPA rights, you must contact your Provider, not WELL. However, if you would like to exercise your CCPA rights with respect to your use of our website, please see additional information below:

The right to know and to portability

You have the right to request that we disclose to you:

  • the categories and sources of the personal information that we collect about you, the purposes for which we use your information and with whom such information is shared;
  • in case of sale of personal information or disclosure for a business purpose, two separate lists where we disclose:
    • for sales, the personal information categories purchased by each category of recipient; and
    • for disclosures for a business purpose, the personal information categories obtained by each category of recipient.

The disclosure described above will be limited to the personal information collected or used over the past 12 months.

If we deliver our response electronically, the information enclosed will be “portable”, i.e. delivered in an easily usable format to enable you to transmit the information to another entity without hindrance – provided that this is technically feasible.

The right to request the deletion of your personal information

You have the right to request that we delete any of your personal information, subject to exceptions set forth by the law (such as, including but not limited to, where the information is used to identify and repair errors on the website, to detect security incidents and protect against fraudulent or illegal activities, to exercise certain rights, etc.).

If no legal exception applies, as a result of exercising your right, we will delete your personal information and direct any of our service providers to do so.

How to exercise your rights

To exercise the rights described above, you need to submit your verifiable request to us by contacting us via the details provided in this document.

For us to respond to your request, it’s necessary that we know who you are. Therefore, you can only exercise the above rights by making a verifiable request which must:

  • provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative;
  • describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We will not respond to any request if we are unable to verify your identity and therefore confirm the personal information in our possession actually relates to you.

If you cannot personally submit a verifiable request, you can authorize a person registered with the California Secretary of State to act on your behalf.

If you are an adult, you can make a verifiable request on behalf of a minor under your parental authority.

You can submit a maximum number of 2 requests over a period of 12 months.

How and when we are expected to handle your request

We will confirm receipt of your verifiable request within 10 days and provide information about how we will process your request.

We will respond to your request within 45 days of its receipt. Should we need more time, we will explain to you the reasons why, and how much more time we need. In this regard, please note that we may take up to 90 days to fulfill your request.

Our disclosure(s) will cover the preceding 12 month period.

Should we deny your request, we will explain the reasons behind our denial.

We do not charge a fee to process or respond to your verifiable request unless such request is manifestly unfounded or excessive. In such cases, we may charge a reasonable fee, or refuse to act on the request. In either case, we will communicate our choices and explain the reasons behind it.

We will not discriminate against you for exercising any of your California privacy rights.

Residents of the European Economic Area and the United Kingdom

In addition to the aforementioned information, the following information applies to any individual located in the European Economic Area (“EEA”) or in the United Kingdom (“UK”). For the purposes of this section, any defined terms have the meaning under the European Union’s General Data Protection Regulation (“GDPR”). If you are a resident of the EEA or UK, you have certain rights and protections under the law regarding the processing of your Personal Data. 

Data Controller

Well Health Inc.
1025 Chapala Street
Santa Barbara, CA 93101

Data Protection Officer / Representative: privacy@wellapp.com

WELL may also act as a data processor or business associate on behalf of third-party data controllers and may receive Personal Data from such data controllers. Personal Data received by WELL as a processor will be governed by the privacy policies and contracts with the applicable data controller.

Lawful Basis for Processing

If you are a resident of the EEA or the UK, we primarily rely on the following bases to process your Personal Data lawfully.

  • First, it is necessary for us to process your Personal Data in certain ways in order to provide the Services to you.
  • Second, where you have given us valid consent to use your personal data in certain ways, we will rely on your consent. For example, this includes situations where we will obtain your consent prior to sending you information about our products and Services.
  • Third, in certain cases we may process your Personal Data where necessary to further WELL’s legitimate interests, where those legitimate interests are not overridden by your rights or interests. This includes usage statistics, analytics and internal analyses we run to better understand how to use our Services so that we can improve our Services and also provide you with recommendations on how to get the most out of our Services. This also includes information we process and disclose to detect, prevent, and address fraudulent and illegal activities on our Services.
  • Fourth, in some cases we may process your Personal Data where necessary to satisfy our legal obligations. This includes records containing your personal data that we may be required to retain for a period of time or may be legally required to disclose to a government authority or third party.

Data Subject Rights Requests

Except for information we collect on our website, we are a processor for Providers who act as data controllers; thus, if you are a patient of a Provider and wish to exercise your rights, you must contact your Provider, not WELL. However, you have the following rights related to the information that we maintain about you when you use our websites:

  • The right to be informed about how your information is used. This is the reason we provide this Privacy Policy to you.
  • The right to access the information we hold about you.
  • The right to request the correction of inaccurate information we hold about you.
  • In some circumstances, the right to request that we delete your information, or stop processing it or collecting it.
  • The right to stop direct marketing messages, which you can do by clicking on any “unsubscribe” link in any marketing email you receive from us. You also have the right to withdraw your consent for other processing activities for which you have given us your consent.
  • The right to request that we transfer your information either to you or a third party.
  • The right to complain to your data protection regulator.

If you want to exercise your rights, please complete the Data Subject Request Form.

If you have any questions or concerns, please reach out to us using the contact information in this Privacy Policy.

Transfers Outside of the EEA and the UK

WELL is headquartered in the United States. WELL may transfer or provide access to your Personal Data to affiliates, service providers or collaborators in countries that do not provide the same level of protection as your own region. WELL is committed to complying with this Privacy Notice and European privacy laws with regard to information transferred from Europe. The USA does not have a decision of adequacy from the European Commission, meaning that the laws in the USA may not be as protective as the laws in Europe. Because of this, we rely on safeguards such as your consent, or model contracts in a form approved by the EU Commission. For information on the model contracts, please visit: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm.

Questions or Complaints

If you are a resident of the EEA or the UK and have a concern about our processing of your personal data that we are not able to resolve, you have the right to lodge a complaint with the data protection authority where you reside. For contact details of your local Data Protection Authority, please see the links below:

For individuals in the EEA or the UK:  http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.

Residents of Canada

Canadian privacy laws may provide you with the right to request access to, or correction of, your personal information in our control.  If you want to exercise your rights, please complete the Data Subject Request Form.

We may need to verify your identity before responding to your request. In some circumstances, we may not provide access to your personal information, for example, if it contains the personal information of other persons, if it constitutes confidential commercial information, or if it is otherwise not properly the subject of an access request.

If you have any questions, requests or complaints about our personal information practices, please contact our Privacy Officer.

You may contact our Privacy Officer by email at privacy@wellapp.com or by mail at the following address:

Privacy Officer
Well Health Inc.
1025 Chapala Street
Santa Barbara, CA 93101

Last Updated: 06/02/2021