Privacy Policy

[Política de privacidad >](https://www.well.co/spanish-privacypolicy) This privacy policy (this “**Policy**”) was last updated on July 18, 2023\. Well Dot, Inc. (“Well” or “Us” or “our”) takes your privacy seriously, and we want you to know how we collect, use, share and protect the personally identifiable information (“Personal Information”) that we collect on our website located at www.well.co and mobile iOS and Android applications (collectively, the “Applications”) in order to facilitate Your access to health and wellness information through Well (the “Service"). It also describes the choices available to You regarding Well’s use of Your Personal Information and how You can access and update Your Personal Information. “You” and “Your” means the registered users of Well who have accessed the Applications in order to use the Services. **By using or accessing the Service in any manner (which, for clarity, requires using the Applications), You acknowledge that You accept the practices and policies outlined in this Privacy Policy, and You hereby consent that Well will collect, use, and share Your Personal Information in the ways set forth below.** Your use of Well’s Service is at all times subject to the Terms of Service, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Service. Well’s Terms of Service is available at [www.well.co/terms](http://www.well.co/terms). ## 1. Your Personal Information Well gathers various types of Personal Information from You, as explained in more detail below, and we use this Personal Information internally in connection with our Service, including to personalize, provide, and improve our services, to allow You to set up an account and profile, to contact you, to fulfill Your requests for certain products and services, and to analyze how You use the Service. In certain cases, we may also share some Personal Information with third parties, but only as described below. ## 2. Children As mentioned in Well’s Terms of Service, Well does not knowingly collect or solicit Personal Information from anyone under the age of 18\. If You are under 18, please do not attempt to register for the Service or send any Personal Information about Yourself to us. If we learn that we have collected Personal Information from a child under the age of 18, we will delete that information as quickly as possible. If You believe that a child under 18 may have provided us Personal Information, please contact us by: (a) sending an email to: legal@well.co, or (b) sending a letter via US Mail to: Well Dot, Inc., 419 W Franklin Street, Chapel Hill NC 27516\. ## 3. Health Insurance Portability and Accountability Act Under a federal law called the Health Insurance Portability and Accountability Act of 1996 and related implementing regulations, all as amended from time to time (collectively “HIPAA”), most of the demographic, health and/or health-related information that Well collects as part of providing the Service is considered “protected health information” or “PHI.” For example, some of the identifiable information Well receives about You from or on behalf of Your employer, or employer sponsored health plan, healthcare specialists, professionals, providers (including, without limitation, Your health insurance provider), or organizations (“Providers”) may be PHI. HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. We may only use and disclose Your PHI in compliance with HIPAA and as permitted pursuant to the agreements between us and the Providers. ## 4. Dependents As noted in Well’s Terms of Service, if You meet the eligibility requirements as established by Well, You may sign up to become a registered user of the Service. If you are a registered user of the Services, You may invite a legal dependent over the age of 18 to create an account (such as a parent, spouse, family member or other legal dependent). By inviting this person to create an account, You confirm that this person meets the eligibility requirements to create an account. If your employer or a third party is providing Well to you, you may invite such a dependent to create an account only if permitted by Your employer or the third party. If Well creates any reports for such dependents who You invite to create an account, those reports are only accessible to the dependent who created the account. For the avoidance of doubt, Well does not knowingly permit children under 18 to set up an account or add information to an account. ## 5. How Well Collects Personal Information *Personal Information that You Provide to Us* Well may collect the following Personal Information about You when You provide such information directly to Us. For example, through the registration process and/or through Your account settings, Well may collect Personal Information such as the following: * Contact Information (first and last name, email address, mailing address, phone number) * Social security number (if provided by your employer or health provider) or employee identification number * Demographic information (such as age, education, gender) * Biometric information such as your blood pressure or weight * Health or medical Information * Anything You upload or choose to share, which can include Personal Information if You include Personal Information in such content Please note that certain information may be required to register with us or to take advantage of some of our features. *Information Collected Automatically* Whenever You interact with our Service, we automatically receive and record information on our server logs from Your browser or device, which may include the following: * Information about your use of the Applications and/or challenges * IP address * Device identifiers and information * Web browser information * Page view statistics * Browsing history * Usage information * Transaction information (e.g. transaction amount, date and time such transaction occurred) * Cookies and certain other tracking technologies * Location information (e.g. IP address, zip code) * Log data (e.g. access times, hardware and software information) Cookies: We use cookies and similar technologies and JavaScript (collectively, “Cookies”) to enable our servers to recognize Your web browser and tell us how and when You visit and use our Service, to analyze trends, learn about our user base and operate and improve our Service. Cookies are small files – usually consisting of letters and numbers – placed on Your computer, tablet, phone, or similar device when You use that device to visit our Service. We sometimes combine information collected through Cookies that is not Personal Information with Personal Information that we have about you, for example, to tell us who You are or whether You have an account with us. We may also supplement the information we collect from You with information received from third parties. Our service providers, may also transmit cookies to Your browser or device in certain situations, such as when you click on a link to a third party website or service. This Privacy Policy does not cover the use of cookies by any third parties, and we aren’t responsible for their privacy policies and practices. Please be aware that cookies placed by third parties may continue to track Your activities online even after You have left our Services, and those third parties may not honor “Do Not Track” requests You have set using Your browser or device. You can decide not to accept Cookies. One way You can do this is through Your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent Your browser from accepting new Cookies, as well as (depending on the sophistication of Your browser software) allow You to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on Your computer. If You do this, however, You may have to manually adjust some preferences every time You visit a site and some Services and functionalities may not work. To explore what Cookie setting are available to you, look in the “preferences” or “options” section of Your browser’s menu. To find out more information about Cookies, including information about how to manage and delete Cookies, visit [http://www.allaboutcookies.org/](http://www.allaboutcookies.org/). We may collect information stored on your mobile device, including in other applications should you opt in. This may include health, fitness, and wellness information. In particular, if you opt in, we may collect information through your HealthKit and Health Records applications. This data will be used only to provide and improve our services and will not be used or shared with third parties for marketing purposes. We use Google Analytics, a web analysis service provided by Google Inc. ("Google") which is based on cookies technologies. The information generated by the cookie is usually sent to a Google server in the USA, where it is stored. On behalf of Well, Google will use the generated information to evaluate Your use of the Site, to compile reports on Site activities, and to provide the Site operator with additional services connected with Site and Internet use. The IP address transmitted by Your browser in connection with Google Analytics is not collated with other data by Google. To opt out of being tracked by Google Analytics across all websites visit [http://tools.google.com/dlpage/gaoptout](http://tools.google.com/dlpage/gaoptout). *Information We Receive From Third Party Sources* * Information from Providers and Your Employer: We may request from Your employer and Providers, including, without limitation, health plan or provider eligibility, claims information, Your coverage, benefit, and related information on Your behalf in order to provide the Service to you. Such requests do not include reviewing any prior authorization, referral, or medical necessity requirements. ## 6. How Well Uses Your Personal Information Well processes Personal Information for a variety of business purposes, including to operate, improve, understand and personalize our Services. For example, we use Personal Information to: * Provide the Services to you * Improve the Services or add new functionality to the Services * Resolve problems with the Services * Communicate with You about the Service, including Service announcements, updates or offers * Provide support and assistance for the Services * Personalize content and communications based on Your preferences * Send You recommendations * Create, administer and manage Your account * Process and fulfill any orders and send You confirmation of any orders You place * To track incentives or rewards * Respond to user inquiries and customer service requests * Fulfill user requests * Comply with our legal or contractual obligations * Resolve disputes * Protect against or deter fraudulent, illegal or harmful actions * Enforce our Terms of Service As noted above, we may communicate with You if you’ve provided us the means to do so. For example, if you’ve given us Your email address, we may email You about Your use of the Service, but in any event, only to the extent permitted by applicable law. Also, we may receive a confirmation when You open an email from us. This confirmation helps us make our communications with You more interesting and improve our services. If You do not want to receive communications from us, please indicate Your preference by emailing us at unsubscribe@well.co. Additionally, we may use Personal Information and other information about You to create anonymized and aggregated information, such as de-identified health information, de-identified demographic information, de-identified location information, information about the computer or device from which You access our Services, de-identified statistics and other performance information related to the Services or other analyses we create (“Analytics”). Analytics are not Personal Information or PHI, and we may use such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes. We may also share Analytics with third parties for their purposes. ## 7. How Well Shares the Personal Information it Receives ### Employer or Program Sponsor We share only anonymized and aggregated data with your Employer or a third-party who sponsors your access to the Applications, (“Program Sponsor”) Your Employer or Program Sponsor will not be able to use such anonymized or aggregated data to directly identify you. In specific circumstances and only to enable the provision of the Services, such as to support tax compliance or to enable the certain rewards to be afforded, We may share reports containing identifiable information with your Employer or Program Sponsor. In these circumstances, We limit the Personal Information to the least amount necessary to support the specific, necessary purpose. We will only share Your Personal Information with third parties in the ways that are described in this Privacy Policy. We do not sell Your Personal Information to third parties and we never use, disclose or share your Personal Information collected through the Applications for third-party marketing purposes. ### Service Providers We may provide Your Personal Information to vendors and third party service providers who work on our behalf and help Us to provide the Services. Some of these service providers may include: * Providers of data and other information * Providers of rewards programs * Fraud prevention service providers * Staff augmentation and contract personnel * Hosting service providers * Telecommunications service providers ### Information Shared at Your Request We also share Personal Information when necessary to complete a transaction initiated or authorized by You or provide You with a product or service You have requested. In addition to those set forth above, these parties also include: * Third party business partners who You access through the Service. Other parties authorized by You or with Your consent, including, for example, the clinician treating You or one of our business partners in connection with rewards services. We may also disclose Your Personal Information: * As required by law such as to comply with a subpoena or similar legal process. * As necessary to enable any of our Business Associates to perform certain functions for us pursuant to a Business Associate Agreement or as necessary for Well to perform its functions for a Covered Entity pursuant to a Business Associate Agreement. * When we believe in good faith that disclosure is necessary to protect Our rights, protect Your safety or the safety of others, investigate fraud, or respond to a government request. * If Well is involved in a merger, acquisition, or sale of all or a portion of its assets, You will be notified via email and/or a prominent notice on our Web site of any change in ownership or use of Your personal information, as well as any choices You may have regarding Your personal information. ## 8. Third Party Websites and Applications Our Applications may include links to other websites whose privacy practices may differ from those of Well. If You submit Personal Information to any of those sites, Your information is governed by their privacy policies. We encourage You to carefully read the privacy policy of any website You visit. ## 9. Security Well takes commercially reasonable measures to protect personal information from unauthorized access, alteration, or destruction; maintain data accuracy; and ensure the appropriate use of personal information. When we collect personal information directly from You and when You enter sensitive information on our forms, we encrypt the transmission of that information using transport layer security technology (TLS) to encrypt the transfer of data. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. If You have any questions about security on our Site, You can contact us at privacy@well.co. ## 10. Access to Personal Information and Data Retention In some cases, if You have an account with us, You will be able to change Your password and update the Personal Information that You provide to us, such as address, contact information, and health information by going to the settings page of Your account. The Personal Information You can view, update, and delete may change as the Services change. If You have any questions about viewing or updating such information we have on file about you, please contact us at [help@well.co](mailto:help@well.co). Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If You are a California resident and would like a copy of this notice, please submit a written request to: privacy@well.co. Your account will remain active as needed to provide You services. If You wish to delete Your account, please contact [help@well.co](mailto:help@well.co), chat with a Well Guide through the App, or use the delete button contained on the membership page of the App. If You wish to retain your account but delete or update certain Personal Information we maintain about You, please contact [help@well.co](mailto:help@well.co). We may not accommodate a request to delete information if we believe the deletion would violate any law or legal requirement or cause the information to be incorrect. Some Personal Information may remain in our records after Your deletion of such information from Your account. We will retain and use such Personal Information in compliance with our legal obligations, as well as to resolve disputes and enforce our agreements. For clarity, we may use any anonymized and aggregated data derived from or incorporating Your Personal Information after You update or delete the Personal Information, but not in a manner that would identify You personally. ## 11. Changes to Our Privacy Policy We reserve the right to change the Privacy Policy at any time, but if we do, we will bring it to Your attention by sending you a notification through the Applications, placing a notice on the www.well.co website, by sending You an email, and/or by some other means. Please note that if you’ve opted not to receive notifications or legal notice emails from us (or You haven’t provided us with Your email address), those legal notices will still govern Your use of the Service, and You are still responsible for reading and understanding them. If You don’t agree with the new Privacy Policy, You are free to reject them; unfortunately, that means You will no longer be able to use the Service or access the Applications. If You use the Service or Applications in any way after a change to the Privacy Policy is effective, that means You agree to all of the changes. ## 12. Notification: Email and Text Messages ### Email and Text Messaging Services You may choose to provide Your email address and phone number when creating an account so that we can notify You when one of our member services representatives in our contact center (referred to as a “Health Guide”) has responded. By maintaining an account and/or not opting out of receiving information from Well, You acknowledge and agree that You may receive email or SMS text messages on Your phone or mobile device from us and/or our agents and other individuals or companies. If You no longer want to receive these communications, please contact us at privacy@well.co. ## 13. Contact Information You can contact us by mail about any privacy-related issues or questions at this address: Well Dot, Inc., 419 W Franklin Street, Chapel Hill, NC 27516 You may email us about any privacy-related issues or questions at: privacy@well.co