Well Privacy Policy

This privacy policy (this **“Privacy Policy”** or **“Policy”**) was last updated on July 7, 2025. Well Dot, Inc. (**“Well”, “Us”, “We” or “Our”**) takes Your privacy seriously. We want You to know how We collect, use, share and protect the personally identifiable information (“**Personal Information**”) on Our website, and mobile iOS and Android applications (collectively, the “**Applications**”) in order to facilitate Your access to certain health and wellness information and programs. This may include content and other resources, participation in challenges and goal-setting to encourage improvement in health and wellbeing, incentives and opportunities to earn rewards for completion of various actions, and engagement with any support persons, as applicable, through Well (the “**Service**"). This Policy also describes the choices available to You regarding Well’s use and sharing of Your Personal Information and how You can access and update Your Personal Information. “**You**” and “**Your**” means the registered users of Well who have accessed the Applications in order to use the Service. By using or accessing the Service in any manner (which, for clarity, requires using the Applications), You acknowledge that You have read, understand, and agree to this Privacy Policy, and You hereby consent that Well will collect, use, and share Your Personal Information in the ways set forth below. This Policy applies to information We collect on the Applications, through the Service, and when We communicate with You on the telephone, in email, text, or other electronic messages between You and Well. This Policy does not apply to information collected by (i) any website operated by a third party, including through any application or content (including advertising) that may link to or be accessible from or on the Applications; or (ii) is related to Your or any other individual’s employment or potential employment with Us. Your use of Well’s Service is at all times subject to the Terms of Service, which incorporates this Privacy Policy. Any terms We use in this Policy without defining them have the definitions given to them in the Terms of Service. Well’s Terms of Service are available at [www.well.co/terms](https://www.well.co/terms). ## 1. Your Personal Information Well gathers various types of Personal Information from You and other Providers (as defined in Section 3), as explained in more detail below, and We use this Personal Information internally in connection with Our Service, including to personalize, provide, and improve Our Service, to allow You to set up an account and profile, to contact You, to fulfill Your requests for certain products and services, and to analyze how You use the Service. In certain cases, We may also share some Personal Information with third parties, but only as described below. ## 2. Children As mentioned in Well’s Terms of Service, Well does not knowingly collect or solicit Personal Information from anyone under the age of 18. If You are under 18, please do not attempt to register for the Service or send any Personal Information about Yourself to Us. If We learn that We have collected Personal Information from a child under the age of 18, We will delete that information as quickly as possible. If You believe that a child under 18 may have provided Us Personal Information, please contact Us by: (a) sending an email to: privacy@well.co, or (b) sending a letter via United States Postal Service to: Well Dot, Inc., 501 W Franklin Street, Chapel Hill, NC 27516. ## 3. Health Insurance Portability and Accountability Act Under a United States federal law called the Health Insurance Portability and Accountability Act of 1996 and related implementing regulations, all as amended from time to time (collectively “**HIPAA**”), most of the demographic, health and/or health-related information that Well collects as part of providing the Service is considered “protected health information” or “**PHI**.” For example, some of the identifiable information Well receives about You from or on behalf of Your employer, or employer sponsored health plan, healthcare specialists, professionals, providers (including, without limitation, Your health insurance provider), or organizations (“**Providers**”) may be PHI. HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. We will only use and disclose Your PHI in compliance with HIPAA and as permitted pursuant to the agreements between Us and the Providers. ## 4. Dependents As noted in Well’s Terms of Service, if You meet the eligibility requirements as established by Well, You may sign up to become a registered user of the Service. If You are a registered user of the Service, You may invite a legal dependent over the age of 18 to create an account (such as a parent, spouse, family member or other legal dependent). By inviting this person to create an account, You confirm that this person meets the eligibility requirements to create an account. If Your employer or a third party is providing Well to You, You may invite such a dependent to create an account only if permitted by Your employer or the third party. If Well creates any reports for such dependents who You invite to create an account, those reports are only accessible to the dependent who created the account. For the avoidance of doubt, Well does not knowingly permit children under 18 to set up an account or add information to an account. ## 5. How Well Collects Personal Information ### Personal Information you provide to Us Well may collect the following Personal Information about You when You provide such information directly to Us. For example, through the registration process and/or through Your account settings, Well may collect Personal Information such as the following: * Contact Information (first and last name, email address, mailing address, phone number) * Social security number (if provided by Your employer or health provider) or employee identification number * Demographic information (such as age, education, gender) * Biometric information (such as Your blood pressure or weight) * Health or medical Information * Anything You upload or choose to share, which can include Personal Information and/or PHI if You include Personal Information and/or PHI in such content You may also provide information to be published or displayed (hereinafter, “posted”) on public areas of the Service or transmitted to other users of the Service (collectively, “**User Contributions**”). Your User Contributions are posted on and transmitted to others at Your own risk. Please be aware that no security measures are perfect or impenetrable. Additionally, We cannot control the actions of other users of the Service with whom You may choose to share Your User Contributions. Therefore, We cannot and do not guarantee that Your User Contributions will not be viewed by unauthorized persons. Please note that certain information may be required to register with Us or to take advantage of some of Our features. ### Information Collected Automatically Whenever You interact with Our Service, We automatically receive and record information on Our server logs from Your browser or device, which may include the following: * Information about Your use of the Applications and/or challenges * IP address * Device identifiers and information * Browser information * Page view statistics * Browsing history * Usage information * Transaction information (e.g. transaction amount, date and time such transaction occurred) * Cookies and certain other tracking technologies * Location information (e.g. IP address, zip code) * Log data (e.g. access times, hardware and software information) Mobile Analytics: We use mobile analytics software to review the functionality of Our mobile application on Your device and to improve the quality of Our software and services. This software may record information such as usage frequency, the events that occur within the mobile application, crash reports, performance metrics, the source of application download and aggregated usage statistics. The information gathered through this process is managed separately from other Personal Information You submit within the mobile application. Cookies: We use cookies and similar technologies and JavaScript (collectively, **“Cookies”**) to enable Our servers to recognize Your web browser and tell Us how and when You visit and use Our Service, to analyze trends, learn about Our user base and operate and improve Our Service. Cookies are small files – usually consisting of letters and numbers – placed on Your computer, tablet, phone, or similar device when You use that device to visit Our Service. We sometimes combine information collected through Cookies that is not Personal Information with Personal Information that We have about You, for example, to tell Us who You are or whether You have an account with Us. We may also supplement the information We collect from You with information received from third parties. Our service providers may also transmit cookies to Your browser or device in certain situations, such as when You click on a link to a third party website or service. This Privacy Policy does not cover the use of cookies by any third parties, and We aren’t responsible for their privacy policies and practices. Please be aware that cookies placed by third parties may continue to track Your activities online even after You have left Our Services, and those third parties may not honor “Do Not Track” requests You have set using Your browser or device. We only place non-essential Cookies on Your device and use other interaction and/or performance monitoring tools with Your affirmative consent. You can decide not to accept cookies. One way You can do this is through Your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent Your browser from accepting new Cookies, as well as (depending on the sophistication of Your browser software) allow You to decide on acceptance of each new Cookie in a variety of ways. You can also delete all cookies that are already on Your computer. If You do this, however, You may have to manually adjust some preferences every time You visit a site and some Service and functionalities may not work. To explore what Cookie setting are available to You, look in the “preferences” or “options” section of Your browser’s menu. To find out more information about Cookies, including information about how to manage and delete Cookies, visit [http://www.allaboutcookies.org/](https://allaboutcookies.org/). Well may collect information stored on Your mobile device, including in other applications should You opt in. This may include health, fitness, and wellness information. In particular, if You opt in, We may collect information through Your mobile device’s native health application, e.g. HealthKit or Health Connect, as applicable. This data will be used and shared only to provide and improve Our Service and will not be used or shared with third parties for marketing purposes. We use Google Analytics, a web analysis service provided by Google Inc. ("**Google**") which is based on cookies technologies. The information generated by the cookie is sent to a Google server in the United States, where it is stored. On behalf of Well, Google will use the generated information to evaluate Your use of the site, to compile reports on site activities, and to provide the site operator with additional services connected with site and Internet use. The IP address transmitted by Your browser in connection with Google Analytics is not collated with other data by Google. You can find out more about how Google uses data when You visit Our Applications by visiting “How Google uses information from sites or apps that use Our services”, (located at [https://policies.google.com/technologies/partner-sites](https://policies.google.com/technologies/partner-sites)). To opt out of being tracked by Google Analytics across all websites visit [http://tools.google.com/dlpage/gaoptout](https://tools.google.com/dlpage/gaoptout). ### Information Received From Third Party Sources Well may request Personal Information from Your employer and Providers, including, without limitation, health plan or provider eligibility, claims information, Your coverage, benefits, and related information on Your behalf in order to provide the Service to You. Such requests do not include reviewing any prior authorization, referral, or medical necessity requirements. ## 6. How Well Uses Your Personal Information Well processes Personal Information for a variety of business purposes, including to operate, improve, understand and personalize Our Service. For example, We use Personal Information to: * Provide the Service to You * Improve the Service or add new functionality to the Service * Resolve problems with the Service * Communicate with You about the Service, including Service announcements, updates or offers * Provide support and assistance for the Service * Personalize content and communications based on Your preferences * Send You recommendations * Create, administer and manage Your account * Process and fulfill any orders and send You confirmation of any orders You place * To track incentives or rewards * Respond to user inquiries and customer service requests * Fulfill user requests * Comply with Our legal or contractual obligations * Resolve disputes * Protect against or deter fraudulent, illegal or harmful actions * Enforce Our Terms of Service As noted above, Well may communicate with You if You’ve provided Us the means to do so. For example, if You’ve given Us Your email address, We may email You about Your use of the Service, to the extent permitted by applicable law. Also, We may receive confirmation when You open an email from Us. This confirmation helps Us make Our communications with You more interesting and improve Our Service. Additionally, Well may use Personal Information and other information about You to create anonymized and aggregated information, such as de-identified health information, de-identified demographic information, de-identified location information, information about the computer or device from which You access Our Service, de-identified statistics and other performance information related to the Service or other analyses We create (**“Analytics”**). Analytics generally are not considered Personal Information or PHI as it can no longer reasonably be used to identify You, and We may use such information in a number of ways, including research, internal analysis, analytics, and for any other legally permissible purposes. Well may also share Analytics with third parties for legally permissible purposes. ## 7. How Well Shares the Personal Information it Receives ### Employer or Program Sponsor We generally share only anonymized and aggregated data with Your employer or a third party who sponsors Your access to the Applications (**“Program Sponsor”**). Your employer or Program Sponsor will not be able to use such anonymized or aggregated data to directly identify You. In specific circumstances and only to enable the provision of the Service, such as to support tax compliance or to enable certain incentives to be accurately applied to You, Well may share reports containing Personal Information with Your employer or Program Sponsor. In these circumstances, We limit the Personal Information to the least amount necessary to support the specific purpose. You may have the opportunity to join team or community-based “challenges” with other members of the Service offered by Your Program Sponsor. In so doing, such a person or persons may have access to certain portions of Your profile, including but not limited to activity data, and other data related to Your participation in the Service. Some performance information such as a leaderboard may be shared with Your employer or Program Sponsor, on an individual or team basis. We will only share Your Personal Information with third parties in the ways that are described in this Privacy Policy. We do not sell Your Personal Information to third parties and We never use, disclose, or share Your Personal Information collected through the Applications for third party marketing purposes. ### Service Providers We may provide Your Personal Information to vendors and third party service providers who work on Our behalf and help Us to provide the Service. Some of these service providers may include: * Providers of data and other information * Providers of rewards programs * Fraud prevention service providers * Staff augmentation and contract personnel * Hosting service providers * Telecommunications service providers ### Information Shared at Your Request We also share Personal Information when necessary to complete a transaction initiated or authorized by You or provide You with a product or service You have requested. In addition to those set forth above, these recipients may also include third party business partners who You access through the Service as well as other parties authorized by You or with Your consent, including, for example, the clinician treating You or one of Our business partners in connection with rewards services. Well may also disclose Your Personal Information: * As required by law such as to comply with a subpoena or similar legal process, and with respect to PHI, as required by HIPAA. For more information on required and permitted disclosures under HIPAA, please visit HHS’s Summary of the HIPAA Privacy Rule, available [here](https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html). * As necessary to enable any of Our HIPAA Business Associates to perform certain functions for Us pursuant to a Business Associate Agreement or as necessary for Well to perform its functions for a Covered Entity pursuant to a Business Associate Agreement. * When, as permitted by law, We believe in good faith that disclosure is necessary to protect Our rights, protect Your safety or the safety of others, investigate fraud, or respond to a government request. * If Well is involved in a merger, acquisition, or sale of all or a portion of its assets, You will be notified via email and/or a prominent notice on Our website of any change in ownership or use of Your Personal Information and/or PHI, as well as any choices You may have regarding Your Personal Information and/or PHI. ## 8. Third Party Websites and Applications Our Applications may include links to other websites whose privacy practices may differ from those of Well. If You submit Personal Information or PHI to any of those sites, Your information is governed by their privacy policies. We encourage You to carefully read the privacy policy of any website You visit. ## 9. Security Well takes commercially reasonable measures to protect Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and ensure the appropriate use of Personal Information. When We collect Personal Information directly from You and when You enter sensitive information on Our forms, We encrypt the transmission of that information using transport layer security technology (TLS) to encrypt the transfer of data. We follow generally accepted industry standards to protect the Personal Information submitted to Us, both during transmission and once We receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. If You have any questions about the security of Our Applications, You can contact Us at privacy@well.co. ### Access to Your Personal Information We rely on role-based access for Our employees, contractors and agents who are involved with delivering the Services to You. Our offices are all located in the United States, and Your data, once located with Well, will not leave the United States. Our employees are obligated to respect the confidentiality of Your Personal Information and/or PHI and are only authorized to access Your Personal Information and/or PHI as necessary to provide You with Services. ## 10. Access to Personal Information and Data Retention In some cases, if You have an account with Us, You will be able to change Your password and update the Personal Information and/or PHI that You provide to Us, such as address, contact information, and health information by going to the settings page of Your account. We will retain Your Personal Information for the duration of Your membership, during which time You are afforded the rights outlined below. Your Personal Information will be deleted not more than thirty (30) days after (i) Your Program Sponsor terminates its agreement with Us; or (ii) You terminate Your membership. Well will retain fully deidentified and anonymized data as is permissible under the law. At Well, We strive to provide robust data protection rights to all members, regardless of where they live, while also acknowledging that some protections are governed by local laws. For all members, We offer the following: ### The right to access, amend or change Your Personal Information You can review and change Your Personal Information by accessing the Applications. You have a right to access and correct or update the Personal Information We have collected about You. You can also request a copy of the Personal Information We hold related to You. We will provide a copy of such Personal Information in a standard format (such as Excel) through a secure channel. You can contact Us to request a copy of all of Your Personal Information or to request a change to Your Personal Information by contacting [privacy@well.co](mailto:privacy@well.co). Please bear in mind that We may not be able to accommodate all requests if We reasonably believe the change would violate any law(s). Additionally, We may not be able to fulfill Your request if We reasonably believe that such request would affect another individual’s right to privacy. If We are unable to fulfill a request, We will provide You with the reasons why We are unable to comply. The Personal Information You can view, update, and delete may change as the Service changes. If You have any questions about viewing or updating such information We have on file about You, please contact Us at [privacy@well.co](mailto:privacy@well.co). Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask Us for a notice identifying the categories of Personal Information which We share with Our affiliates and/or third parties for their own direct marketing purposes. If applicable, this information would include the categories of Personal Information and the names and addresses of those businesses with which We shared Your Personal Information for the immediately prior calendar year (e.g. requests made in 2025 will receive information regarding such activities in 2024). You may request this information once per calendar year. If You are a California resident and would like to make such a request, please submit a written request to: privacy@well.co. ### The right to transfer Your data to another provider. You can request that Your Personal Information be transferred to another services provider. To complete the transfer, We will require additional information about the new vendor to ensure a secure channel is used, so that Your Personal Information and other data remain protected. Depending on the circumstances, We may be unable to support such a transfer. However, We will be able to provide You with Your Personal Information which You will be able to disclose to anyone You choose. To request such transfer, please contact [privacy@well.co](mailto:privacy@well.co). ### The right to transfer to deletion/to be "forgotten" You can request that We delete Your Personal Information. You may terminate Your membership at any time by contacting help@well.co, using the delete button contained on the membership page of the Application, or contacting a Well guide. Your membership will terminate thirty (30) days after We receive Your request. We will begin the process to delete Your Personal Information collected from Your participation in the Service permanently and irreversibly at the end of an additional thirty (30) day grace period. Following Your deletion request, We may still receive some information about You in the information provided by Your employer or Program Sponsor and/or its affiliates, including insurance carriers and/or third party administrators. To remove Your information from these sources, You will need to speak directly with Your Program Sponsor. Your Personal Information will also be permanently and irreversibly deidentified or anonymized, in accordance with the timelines above, in the event that Your account is terminated, for any reason. You will not be able to claim any rewards following such termination. Notwithstanding the above, please note that some Personal Information may remain in Our records after deletion of such information from Your account based upon legal requirements or obligations, such as to enforce Our agreements and to resolve disputes. Additionally, please note that We may use any anonymized and aggregated data derived from or incorporating Your Personal Information after You update or delete the Personal Information, but not in a manner that would identify You personally. ### The right to restrict processing activities Beyond the information necessary for enrollment, You are not required to share any additional information with Us, however, choosing not to share information may limit Your ability to earn rewards if they are made available to You by Your Program Sponsor. You can choose to limit the data You share with Us; however, once You have shared Personal Information, We may be unable to accommodate requests to restrict the processing of certain sets of Personal Information. If You wish for Us to stop processing Your Personal Information, You can request that all Personal Information be deleted by cancelling Your account. ### The right to object to processing activities You can object to the processing of Your Personal Information by contacting Well’s Privacy Officer and notifying Us that You wish for Your account to be suspended while Your concerns about the processing of Your Personal Information are resolved. Once You feel comfortable resuming use of the Service, You can contact Us to unlock Your account. If You realize during the time Your account is suspended that You do not feel comfortable resuming use of the Service, You can cancel Your account. Your Personal Information will be deleted in accordance with Our standard process, except that You will not be able to access Your account while the cancellation process takes place unless You first request for the suspension to be lifted. ## 11. Changes to Our Privacy Policy We reserve the right to change the Privacy Policy at any time, but if we do, we will bring it to Your attention by sending you a notification through the Applications, placing a notice on the [www.well.co ](https://www.well.co)website, by sending You an email, and/or by some other means. Please note that if you’ve opted not to receive notifications or legal notice emails from us (or You haven’t provided us with Your email address), those legal notices will still govern Your use of the Service, and You are still responsible for reading and understanding them. If You don’t agree with the new Privacy Policy, You are free to reject them; unfortunately, that means You will no longer be able to use the Service or access the Applications. If You use the Service or Applications in any way after a change to the Privacy Policy is effective, that means You agree to all of the changes. ## 12. Notification: Email and Text Messages #### Email and Text Messaging Services You may choose to provide Your email address and phone number when creating an account so that Well can notify You when one of Our member services representatives in Our contact center (referred to as a “Well Guide”) has responded. By maintaining an account and/or not opting out of receiving information from Well, You acknowledge and agree that You may receive email and/or SMS text messages on Your phone or mobile device from Us and/or Our agents and other individuals or companies. For more information about the way Well may use SMS text messages, please review Our Terms of Service. If You no longer want to receive these communications, please contact Us at [privacy@well.co](mailto:privacy@well.co). ## 13. Users of the Service in Europe, the United Kingdom, or Switzerland This Section 13 supplements the information contained in this Privacy Policy and applies solely to users of the Service located in the European Economic Area (“EEA”), the United Kingdom, or Switzerland. We include this section to comply with the European Union’s General Data Protection Regulation, and any laws implementing the foregoing by any member states of the EEA, the United Kingdom (including the UK Data Protection Act and the UK-GDPR), and or Switzerland (collectively, the “**GDPR**”). ### Data Controller, Data Protection Officer, and Representative Your employer is the data controller of Your Personal Information, also referred to hereinafter as “Personal Data.” Well is a data processor contracted by Your employer to provide the Service. Well’s Privacy Officer may be contacted in any manner set forth below in Section 14 (“Privacy Officer/Data Protection Officer Contact Information”) . ### Information Well Collects About You and How Well Collects It The Personal Information We collect and the ways in which We collect it is described above in Our Privacy Policy, including Section 5 (“How Well Collects Personal Information”). The Personal Information We process on behalf of Your employer and collect from You is required to enter into a contract with Well, for Well to perform under the contract, and to provide You with the Service. If You refuse to provide such Personal Information or withdraw Your consent to Our processing of Personal Information (when appropriate), then in some cases We may not be able to enter into the contract or fulfill Our obligations to You under it. ### Lawful Basis for Processing Your Personal Information The processing of Your Personal Information is lawful only if it is permitted under the GDPR. We have a lawful basis for each of Our processing activities (except when an exception applies as described below): * **Consent**. By using the Service, You consent to Our collection, use, and sharing of Your Personal Information as described above in Section 5 (“How Well Collects Personal Information”), Section 6 (“How Well Uses Your Personal Information”), and Section 7 (“How Well Shares the Personal Information It Receives”); * **Legitimate Interests.** We will process Your Personal Information as necessary for Our legitimate interests. Our legitimate interests are balanced against Your interests and rights and freedoms and We do not process Your Personal Information if Your interests or rights and freedoms outweigh Our legitimate interests. Our legitimate interests are to: facilitate communication between us and You; detect and correct bugs and to improve Our Applications and Service; safeguard Our IT infrastructure and intellectual property; detect and prevent fraud and other crime; promote and market Our business; and develop Our Applications and Service; * **To Fulfill Our Obligations to You under Our Contract.** We process Your Personal Information in order to fulfill Our obligations to You pursuant to Our contract with You to deliver the Service; and * **As Required by Law.** We may also process Your Personal Information when We are required or permitted to by law; to comply with government inspections, audits, and other valid requests from government or other public authorities; to respond to legal process such as subpoenas; or as necessary for Us to protect Our interests or otherwise pursue Our legal rights and remedies (for instance, when necessary to prevent or detect fraud, attacks against Our network, or other criminal and tortious activities), defend litigation, and manage complaints or claims. ### Special Categories of Information Some Personal Information processed by Well may be considered sensitive, including Personal Information concerning Your health. Well processes this information only for the purposes set forth in this Privacy Policy, including Section 6 (“How Well Uses Your Personal Information”). Well processes this information only with Your consent or as otherwise permitted by the GDPR, including when Our processing of such sensitive Personal Information is necessary for the purposes of preventative medicine, for the provision of health or social care or treatment or the management of health or social care systems and services. ### How Well Uses Your Personal Information We use Your Personal Information as described in Our Privacy Policy, including Section 6 (“How Well Uses Your Personal Information”) above. We will only use Your Personal Information to contact You as set forth in Section 12 (“Notification: Email and Text Messages”) with Your consent. If You wish to change Your willingness to receive such outreach, You may do so at any time by logging into the Service and adjusting the user preferences in Your account profile by checking or unchecking the relevant boxes or by sending Us an email stating Your request at privacy@well.co. ### Disclosure of Your Personal Information We do not share or otherwise disclose Your Personal Information for purposes other than to the entities and for the purposes described in this Privacy Policy, including Section 7 (“How Well Shares the Personal Information It Receives”). ### Your Rights Regarding Your Personal Information The GDPR provides You with certain rights with regards to Our processing of Your Personal Information. Your right to access and update Personal Information and restrict Our processing of Your Personal Information are addressed above in Section 10 (“Data Protection Rights”). The rights below replace the similar rights provided above in Section 10 (“Data Protection Rights”) or are supplemental to such rights. * **Portability.** To the extent the Personal Information You provide Well is processed based on Your consent, and Well is processing such information through automated means (i.e. the Applications), You have the right to request that We provide You a copy of, or access to, all or part of such Personal Information in a structured, commonly used and machine-readable format (such as Excel) through a secure channel. You also have the right to request that We transmit this Personal Data to another controller, when technically feasible. You can contact Us to request a copy of Your Personal Information by contacting privacy@well.co. * **Withdrawal of Consent.** To the extent that Our processing of Your Personal Data is based on Your consent, You may withdraw Your consent at any time by closing Your account. Withdrawing Your consent will not, however, affect the lawfulness of the processing based on Your consent before its withdrawal, and will not affect the lawfulness of Our continued processing that is based on any other lawful basis for processing Your Personal Information. * **Complaints.** You have the right to lodge a complaint with the applicable supervisory authority in the country You live in, the country You work in, or the country where You believe Your rights under applicable data protection laws have been violated. However, before doing so, We request that You contact Us directly in order to give Us an opportunity to work directly with You to resolve any concerns about Your privacy. * **How You May Exercise Your Rights.** You may exercise any of the above rights by contacting Us through any of the methods listed in Section 14 (“Privacy Officer Contact Information”) below. If You contact Us to exercise any of the foregoing rights, We may ask You for additional information to verify Your identity. We reserve the right to limit or deny Your request if You have failed to provide sufficient information to verify Your identity or to satisfy Our legal and business requirements. Please note that if You make unfounded, repetitive, or excessive requests (as determined in Our reasonable discretion) to access Your Personal Information, You may be charged a fee subject to a maximum set by applicable law. ### Consent to Processing of Personal Information In Other Countries Outside the EEA or the United Kingdom In order to provide Our Service, Well may send and store Your Personal Information outside of the EEA or the United Kingdom, including to the United States. Accordingly, Your Personal Information may be transferred outside the country where You reside or are located, including to countries that may not or do not provide an equivalent level of protection for Your Personal Information. Your information may be processed and stored in the United States and United States federal, state, and local governments, courts, or law enforcement or regulatory agencies may be able to obtain disclosure of Your information through the laws of the United States. By using Our Service, You represent that You have read and understood the above and hereby consent to the storage and processing of Personal Information outside the country where You reside or are located, including in the United States. Your Personal Information is transferred by Well to another country only if it is required or permitted under the GDPR and provided that there are appropriate safeguards in place to protect Your Personal Information. To ensure Your Personal Information is treated in accordance with Our Privacy Policy when We transfer it to a third party, Well uses Data Protection Agreements between Well and all other recipients of Your Personal Information that include, where applicable, the standard contractual clauses adopted by the European Commission and/or the Information Commissioner’s Office in the United Kingdom (collectively, the “**Standard Contractual Clauses**”). The European Commission and the Information Commissioner’s Office in the United Kingdom have determined that the transfer of Personal Information pursuant to the Standard Contractual Clauses provides for an adequate level of protection of Your Personal Information, however, the Standard Contractual Clauses may need to be supplemented in some cases with additional measures on a case-by-case basis after an analysis that such supplemental measures can provide You with an essentially equivalent level of protection as afforded in the EEA and/or the UK. When, as a result of this analysis, We believe this to be appropriate and necessary, the Standard Contractual Clauses have been supplemented in this way. Under these Standard Contractual Clauses, You have the same rights as if Your Personal Information was not transferred to such a third country. You may request a copy of the Data Protection Agreement by contacting Us through the Contact Information described in Section 14 below. ### Data Retention Periods Well will retain Your personal Information as set forth in Section 10 (“Data Retention and Data Protection Rights”). ## 14. Privacy Officer Contact Information If You have general questions about Our Service, please contact help@well.co or reach out to a Well Guide in chat. For matters related to privacy and data protection, You can contact Us by mail at: Well Dot, Inc. **ATTN**: Privacy Officer 501 W Franklin Street Chapel Hill, NC 27516 Alternatively, You may email Us at: [privacy@well.co](mailto:privacy@well.co).