This Policy applies to all information gathered through the Platform. As used in this Policy, terms such as “we” or “our” refer to Novu, Inc. a Delaware corporation and its subsidiaries and affiliates (collectively, the “Company”), and terms such as “you,” “your” and “users” refer to users or other visitors to the Platform. The term “Sponsor” refers to the organization that obtains and extends to you a license for use of the Platform.
The Platform is intended for a United States audience. Any information you provide, including any personal information, will be transferred to and processed by a computer server located within the United States. The English-language version of this Policy is the official version and shall control. This Policy shall be governed by and construed in accordance with the laws of the State of Minnesota and the federal laws of the United States.
- What personally identifiable information the Company, or a third party acting on the Company’s behalf, collects through our Platform and how we use it;
- With whom the Company may disclose this information;
- What choices are available to you with respect to collection, use and distribution of your information;
- What types of security procedures are in place to protect the confidentiality and integrity of information under our control; and
- How you can request access to, or correct inaccuracies of, your information.
No Transfer of Personal Information for Direct Marketing
The Company will not sell, rent, transfer, disclose or otherwise permit the use of your personal information by advertisers or other third parties for direct marketing purposes. From time to time, the Company itself or your Sponsor may send you information about opportunities, products or services provided by the Company, your Sponsor or other businesses, or similar promotional information.
Cookies and Non-Personal Information
“Non-personal information” means information that does not permit us to specifically identify you by your full name or similar unique identifying information such as a social security number, member identification number, address or telephone number. We may from time to time engage one or more third parties to help us collect and aggregate non-personal information. The Company uses various technologies, including “cookie” technology, to gather non-personal information from Platform visitors to enable certain features on the Platform. The Company uses Google Analytics Demographics Reporting to track visitors by age ranges and by gender.
Although most web browsers automatically accept cookies, you have the ability to change your browser to prevent cookies from attaching or to notify you whenever you are sent a cookie. The “Help” portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.
You may also manage the use of “flash” technologies, with the Flash management tools available at Adobe’s website. Note that we do not currently respond to web browser “Do Not Track” signals that provide a method to opt out of the collection of information about online activities over time and across third-party websites or online services because, among other reasons, there is no common definition of such signals and no industry-accepted standards for how such signals should be interpreted.
We may also collect other forms of non-personal information such as what web browsers are used to read the Platform and what websites are referring traffic or linking to the Platform. Aggregate and de-identified data regarding Platform users and their participation in the Platform is also considered non-personal information.
We may use and disclose non-personal information unless restricted by this Policy or by law. Some examples of the ways we use non-personal information include:
- Customizing your experience on the Platform, including managing and recording your preferences.
- Enabling certain functions and tools on the Platform.
- Product development, research and promotional purposes.
- Tracking paths of visitors to the Platform and within the Platform.
- Tracking resources and data accessed on the Platform.
- Developing reports regarding Platform usage, demographics, activity, outcomes and other statistics.
- Assisting users experiencing problems with the Platform.
Sharing Non-Personal Information
Because non-personal information does not identify who you are, we do not limit the ways we may use or share non-personal information. We may share non-personal information, for example, with your Sponsor and with our employees, affiliates, suppliers, agents, other businesses and the government, and we expressly reserve the right to share non-personal information without limitation.
Your Personal Information
“Personal Information” refers to information that specifically identifies you as an individual, such as your full name, telephone number, e-mail address, postal address, or certain account numbers. As used in this Policy, “Personal Information” does not include information protected under HIPAA, which would be protected as described in the HIPAA notices of privacy practices of your health plans or physicians and other health care professionals.
The Platform may offer the opportunity for you to sign up to receive email messages, newsletters or other communications from the Platform in connection with one or more features or programs within the Platform. In order for you to sign up for these communications, we may ask for contact information, such as name, mailing address and email address. We may also offer you the opportunity to sign up to receive email messages or mailings from companies with which the Company is affiliated or does business that we think may be of interest to you. If you decide to sign up for these communications, we may ask for your contact information for that purpose.
If you choose to participate in the Platform, you may disclose certain health and health-related information to us for purposes of your participation in the Platform. Such information may include relevant health history on topics such as height, weight, physical measurements, blood pressure, mental health, and behaviors such as smoking and exercise. Except to the extent that such information is protected under HIPAA, any such health information you disclose to us that is linked with an identifier, such as your name, is part of your personal information.
The Platform may include features that give you the opportunity to provide us with personal information about yourself. You do not have to provide us with personal information if you do not want to; however, that may limit your ability to use the Platform or certain functions of the Platform or to request certain services or information. Collection by us of personal information is sometimes necessary when you contact us or decide to take advantage of various features of the Platform. We may request that you provide us with personal information on a voluntary basis in certain areas of the Platform.
How We Will Use Your Information
The Company will use your information to customize your member experience and provide relevant content, recommendations, coaching, care management, or other services to you.
We may combine personal information that you provide us through the Platform with other information we have received from you, whether online or offline, or from other sources such as our business partners or your sponsoring organization
We may use personal information to contact you through any contact information you provide through the Platform, including any email address, telephone number, cell phone number, text message number, or fax number. Please see the section below titled “Our Online Communications Practices.”
We may use personal information for a number of purposes, such as:
- To provide tailored content for you within the Platform.
- To respond to an e-mail or particular request from you.
- To process an application as requested by you.
- To administer surveys and promotions.
- To enable our Rewards program fulfillment vendors and other third parties that we hire to perform services on our behalf to perform such services.
- To provide you with information that we believe may be useful to you, such as information about products or services provided by us or our businesses partners.
- To perform analytics and to improve our products and services.
- To comply with applicable laws, regulations, and legal process.
- To protect someone’s health, safety, or welfare.
- To protect our rights, the rights of affiliates or related third parties, or to take appropriate legal action, such as to enforce our Terms and Conditions, which are available on the Platform.
- To keep a record of our transactions and communications.
As otherwise necessary or useful for us to conduct our business, so long as such use is permitted by law.
Disclosure of Your Personal Information to Third Parties
Unless we receive your permission, the Company will not sell, rent, or share your Personal Information to or with any third party not affiliated with or owned by the Company.
We may disclose your Personal Information to your health plan, which may be administered by your employer, in order for your employer or health plan to provide you or your spouse/same-sex domestic partner with incentives and rewards for participation in the Platform.
We may disclose your Personal Information to business partners that enable us to provide you with a product or service that you have requested from us. We will disclose Personal information to these third parties as necessary to enable them to provide the product or service.
Third Party Health Providers
We may disclose your relevant Personal Information to third parties who have been engaged on your behalf to provide disease management, health management, behavioral coaching, or similar health-related services (“Third Party Health Providers”), subject to contractual restrictions and conditions between the Company and the Third Party Health Providers that obligate them to safeguard your Personal Information.
These Third Party Health Providers may contact you to offer their services in support of your health management goals. These Third Party Health Providers are separate and distinct entities from the Company. If you agree to accept the services offered by a Third Party Health Provider, such agreement is solely between you and the Third Party Health Provider. In this case, the Company is not responsible for the privacy practices or services of the Third Party Health Providers.
HIPAA Covered Entities
We may disclose your Personal Information to entities subject to HIPAA (called “covered entities”). Covered entities include, for example, health care providers such as doctors and dentists. Covered entities are also health plans, including health plans sponsored by your employer and which may be administered by other employees of your employer. In the United States, these entities are subject to HIPAA and HIPAA requires covered entities to safeguard your Personal Information in accordance with all applicable state and federal laws and regulations.
Aggregated, De-identified Information
We may provide third parties, including to our corporate customers, with information about you and other users from which we have removed all identifiers and that can no longer be used to identify you. We may not limit the third parties’ use of the aggregate information, except that we do require third parties to whom we disclose aggregate information to agree that they will not attempt to make this information personally identifiable, including by combining it with other databases.
Disclosure of Automatically Collected Non-Personal Information
We may provide to third parties, including to our corporate customers, automatically collected information that is combined with the automatically collected information of other users or aggregate information.
We may share personal information in response to a court order, subpoena, search warrant, law or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting activities that are illegal, violate our rules, or may be harmful to other visitors. We also may share personal information if we in good faith believe that doing so is necessary to protect and defend our legal rights and property, to protect against misuse or unauthorized use of the Platform by other parties, or to protect the personal safety or property of users of the Platform or the general public. We may not provide you with notice prior to disclosure in such cases.
The Company reserves the right, at its sole discretion, to use personal information you may provide in your participation in the Platform to document positive health and wellness outcomes and to validate that engagement by users of the Platform is correlated with health improvements. The results of those studies and analyses may be shared by the Company with third parties.
Except in those instances described in the preceding, however, the information we use for such purposes will consist of aggregate or non-personally identified data and will accordingly not constitute personal information under this Policy.
Your Privacy Settings
The Platform allows you to choose one of three privacy settings in your profile – “Open,” “Limited” or “Private.” If you do not choose a privacy setting, your setting will automatically be “Open.” If you do not want all users to view your personal information or the content you post, you should select either the “Limited” or “Private” setting in your profile.
In the Open setting, all members can view information on your profile and view any information you post to the Community within the Platform and your name will appear when searched for on the Platform and in Community suggestions.
In the Limited setting, only the “Buddies” you accept can view your full profile and posts, and your name will still appear when searched for and in Community suggestions. A limited profile view is available to all members and includes your name, About Me, Lifetime High 5 count, and, only if you both provide this information and choose to share it, also your city and state.
In the Private setting, only your Buddies can view your profile and non-public posts and your name will not appear in any searches nor in Community suggestions.
If you voluntarily submit personal information on a post to the Community feature of the, the information you share, together with your name and other profile information, will be available and visible to other users, and such users may choose to share this information with other persons or with the general public. Therefore, please be thoughtful in what you write and understand that personal information you post may become public, regardless of what privacy setting you choose.
Reviewing Your Information
Portions of the Platform permit you to submit personal information and to answer questions about yourself for purposes of compiling your profile, obtaining assessments, and participating in Platform programs and features. You may review some of this information and make corrections or updates at any time by following instructions within the Platform.
You have certain rights to know about the personal information that the Company collects and maintains about you through the Platform, including the right to correct or update the information that the Company has on record if any such information is incorrect, incomplete or out of date. We may reject requests for access or correction, however, that are unreasonably repetitive, risk the privacy of others, or would require a disproportionate or impractical effort.
Special Notice to California Residents
Under the California Civil Code, California residents who provide to the Company through the Platform any personal information (as such term is defined under California law) have the right to request from us once each calendar year a list of all third parties to which we have disclosed personal information (as so defined) during the preceding calendar year for such third parties’ own direct marketing purposes. If you are a California resident and wish to obtain this information, please send an email request to us at email@example.com with a statement of your preference on how you wish to receive our response to your request. Please note that not all information sharing is covered by the California Civil Code requirements and that only covered information, if any, will be included in our response.
Under the California Business and Professions Code, the Company is required to disclose how it responds to web browser “Do Not Track” signals or other mechanisms that provide consumers with the ability to exercise choice regarding the collection of personally identifiable information (as such term is defined under California law) about a consumer’s online activities. The Company does not currently respond to or otherwise take any action with regard to “Do Not Track” requests.
Our Right to Verify Information
As a user of the Platform, you may participate in activities to earn Points and to receive Rewards and other benefits, which participation may require your reporting of certain information to us such as whether you have completed a step or activity or satisfied a program requirement. We reserve the right to confirm or verify the accuracy of any such information by contacting third parties. The third parties we contact for verification may include your Sponsor.
We use a number of methods of physical security (such as locks and alarm systems), electronic security (such as passwords and encryption methods), and procedural security (such as rules regarding the handling and use of information), designed to protect the security and integrity of information submitted through the Platform. Due to the nature of the Internet and online communications, however, we cannot guarantee that any information transmitted online will remain absolutely confidential, and we are not liable for the illegal acts of third parties such as criminal hackers.
Maintaining the security of information transmitted to us or by us through the Platform is of utmost concern to the Company. No data transmissions over the Internet can be guaranteed to be 100% secure, however, and it is possible that email messages you send through the Platform, like nearly all non-encrypted Internet communications, may be accessed and viewed by other Internet users, without your knowledge and permission, while in transit to us.
While we encrypt sensitive data, such as Personal Information, using SSL or VPN when it is transmitted over the Internet, we cannot completely ensure the privacy of email communications to and from our Site because they are not encrypted.
Depending on the nature of your inquiry or message, upon completion of the exchange with you, your message may be archived in our records or it may be deleted and discarded. If you have any concerns about the security of confidential or sensitive information, however, do not send such information to us by email or by telephone. We do not recommend that any health information or other confidential information be sent to us by email or telephone.
Secure Information Storage
The Company maintains administrative, physical, and technical safeguards to reasonably and appropriately protect the confidentiality, availability, and integrity of your Personal Information. For example, the file containing your Personal Information will be maintained in secure locations at our offices or on our servers (or those maintained by our service providers) with access limited to authorized employees, representatives and agents. Our employees receive training on our security practices and obligations.
Compliance with our security policies is periodically audited by our Chief Technology Officer and we continually assess the adequacy of, and where appropriate improve, our security controls and procedures. The Company’s employees and our third party service providers must abide by this policy and those who violate it are subject to corrective action, up to and including termination of employment or other legal action as permitted by law.
You must be registered to use the Platform. For most members, registration includes creation of a password. For these members, once you are registered, you will use a unique user ID and password to enter the Platform. Your password is not accessible by the Company or its employees. If you lose your password, it cannot be retrieved. At your request, we will assist you in resetting your password.
In some cases, your password and username will be managed and administered by your Sponsor, as you will be required to first log onto their site, which will then provide access to the Platform.
For your security, it is important for you to protect against unauthorized access to your password and your computer. If using a shared computer to access the Platform, be sure to sign out when you are finished.
Our Online Communication Practices
E-mail services, including the e-mail functions within the Platform, do not provide a completely secure and confidential means of communication. Even though it is unlikely, it is possible that your e-mail communication within the Platform may be accessed or viewed inappropriately by another internet user while in transit to us. If you desire to insure that your information is completely private, you should not communicate with us by e-mail.
We may send you on a periodic basis electronic newsletters, notification of account status, and other communications, such as engagement or reminder communications. We may also send e-mail communications regarding Platform updates and information on general health, fitness and wellness topics. We will offer you appropriate consent mechanisms, such as opt-out, with respect to most of these online communications from us.
For your protection, we will not send you an e-mail that includes your personal health information.
External Links on the Platform
The Platform may provide links to various external websites that the Company does not control. When you click on one of these links, you will be automatically transferred away from the Platform and connected to the linked websites of the organization or company that you selected. We cannot be responsible for the content or information on such websites, nor for the accuracy of information or nature of opinions expressed on such websites. We do not conduct investigations of linked websites nor attempt to monitor them for content, quality or accuracy. Inclusion of linked websites on the Platform is strictly for the convenience of users and does not imply or express an approval or endorsement of the linked website by the Company. We do not express approval or endorsement of any products or services offered on or made available through such websites. In some cases, the Company may have an affiliation or business relationship with the operator of a linked website, but even in that situation, we exercise no control over the linked website.
Information for Children Under 13
We will not intentionally collect any personal information from children under the age of 13 through the Platform without receiving verifiable parental consent. If you think that we have collected personal information from a child under the age of 13 through the Platform, please contact us.
To enforce this policy, the member must be 13 years of age or older in order to use the Platform.
Forums for Disputes
Any claim or dispute related to privacy is subject to this Policy and to our Terms and Conditions.
Any claim or dispute relating to this Policy shall be submitted to arbitration or commenced in a federal or state court in Minneapolis, Minnesota (as applicable under the Terms and Conditions) within one year after the claim or dispute arises. Users of the Platform consent to the arbitration provisions and the exclusive jurisdiction and venue provisions set forth in the Terms and Conditions as the most convenient and appropriate means for the resolution of claims or disputes concerning the Platform and this Policy. This Policy and the notices and statements included are not intended to and do not create any contractual or other legal rights in or on behalf of any third party.
Consent to Policy
By using the Platform, you signify your agreement with and consent to the terms of this Policy and to our Terms and Conditions. If you do not agree with any provisions of this Policy, please do not disclose any personal information through the Platform.
You may also tell us you do not want your data shared with us or our partners, and we will honor any such request, but if you choose this option we will not be able to provide you with any of our services.
Sponsors’ Privacy Policies
If you have any questions or comments regarding anything in this Policy or with respect to our related privacy practices, please contact us at: firstname.lastname@example.org. If you believe we or any company associated with us has misused any of your information, please contact us immediately and report such misuse.
Changes to this Policy
Last Review Date
This policy was last reviewed and approved December 3, 2018.
Novuhealth is the leading healthcare consumer engagement company, driven to improve consumer health and health plan performance. NovuHealth motivates consumers to complete high-value healthcare activities by leveraging its sophisticated engagement platform, proven loyalty and behavioral science strategies, and deep industry and regulatory expertise. Headquartered in Minneapolis, NovuHealth has worked with nearly 40 health plans and served nearly 15 million consumers across all 50 states.
© 2010-2019 NovuHealth. All rights reserved.