Privacy Policy

Introduction

We recognize that the privacy of your personal information is important to you. The purpose of this Privacy Policy (this “Policy”) is to let you know how we handle the information we receive from you on or through this health and wellness platform (the “Platform”). Portions of the Platform may describe additional privacy practices applicable to specific types of information or to information provided through specific features of the Platform.

This Policy applies to all information gathered through the Platform. As used in this Policy, terms such as “we” or “our” refer to Novu, Inc. a Delaware corporation and its subsidiaries and affiliates (collectively, the “Company”), and terms such as “you,” “your” and “users” refer to users or other visitors to the Platform. The term “Sponsor” refers to the organization that obtains and extends to you a license for use of the Platform.

The Platform is intended for a United States audience. Any information you provide, including any personal information, will be transferred to and processed by a computer server located within the United States. The English-language version of this Policy is the official version and shall control. This Policy shall be governed by and construed in accordance with the laws of the State of Minnesota and the federal laws of the United States.

This Privacy Policy applies to information collected through the Platform and information collected through third party health, fitness, productivity or other applications (including from wearable devices), and from or through your sponsor and its contractors, and covers the following areas:

No Transfer of Personal Information for Direct Marketing

The Company will not sell, rent, transfer, disclose or otherwise permit the use of your personal information by advertisers or other third parties for direct marketing purposes. From time to time, the Company itself or your Sponsor may send you information about opportunities, products or services provided by the Company, your Sponsor or other businesses, or similar promotional information.

Cookies and Non-Personal Information

“Non-personal information” means information that does not permit us to specifically identify you by your full name or similar unique identifying information such as a social security number, member identification number, address or telephone number. We may from time to time engage one or more third parties to help us collect and aggregate non-personal information. The Company uses various technologies, including “cookie” technology, to gather non-personal information from Platform visitors to enable certain features on the Platform. The Company uses Google Analytics Demographics Reporting to track visitors by age ranges and by gender.

“Cookies” are small text files that may be placed on your computer when you visit a website. Cookies may include “single-session cookies” which generally record information during only a single visit to a website and then are erased, and “persistent” cookies which are generally stored on a computer unless or until they are deleted or are set to expire. From time to time, we may also engage one or more third party service providers who assign cookies to conduct Platform tracking for us. These service providers use cookies solely to provide us with aggregate data about traffic on the Platform.

Although most web browsers automatically accept cookies, you have the ability to change your browser to prevent cookies from attaching or to notify you whenever you are sent a cookie. The “Help” portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.

Without accepting cookies, however, you may not be able to access the Platform or any of its features. Because cookies allow you to take advantage of some the Platform’s essential benefits, we recommend that you leave cookies turned on. You may have the ability to prevent your age and gender data from being collected by Google Analytics by downloading and installing the Google Analytics opt-out Browser add-on, available for certain web browsers from Google.

You may also manage the use of “flash” technologies, with the Flash management tools available at Adobe’s website. Note that we do not currently respond to web browser “Do Not Track” signals that provide a method to opt out of the collection of information about online activities over time and across third-party websites or online services because, among other reasons, there is no common definition of such signals and no industry-accepted standards for how such signals should be interpreted.

We may also collect other forms of non-personal information such as what web browsers are used to read the Platform and what websites are referring traffic or linking to the Platform. Aggregate and de-identified data regarding Platform users and their participation in the Platform is also considered non-personal information.

We may use and disclose non-personal information unless restricted by this Policy or by law. Some examples of the ways we use non-personal information include:

Sharing Non-Personal Information

Because non-personal information does not identify who you are, we do not limit the ways we may use or share non-personal information. We may share non-personal information, for example, with your Sponsor and with our employees, affiliates, suppliers, agents, other businesses and the government, and we expressly reserve the right to share non-personal information without limitation.

Your Personal Information

“Personal Information” refers to information that specifically identifies you as an individual, such as your full name, telephone number, e-mail address, postal address, or certain account numbers. As used in this Policy, “Personal Information” does not include information protected under HIPAA, which would be protected as described in the HIPAA notices of privacy practices of your health plans or physicians and other health care professionals.

The Platform may offer the opportunity for you to sign up to receive email messages, newsletters or other communications from the Platform in connection with one or more features or programs within the Platform. In order for you to sign up for these communications, we may ask for contact information, such as name, mailing address and email address. We may also offer you the opportunity to sign up to receive email messages or mailings from companies with which the Company is affiliated or does business that we think may be of interest to you. If you decide to sign up for these communications, we may ask for your contact information for that purpose.

If you choose to participate in the Platform, you may disclose certain health and health-related information to us for purposes of your participation in the Platform. Such information may include relevant health history on topics such as height, weight, physical measurements, blood pressure, mental health, and behaviors such as smoking and exercise. Except to the extent that such information is protected under HIPAA, any such health information you disclose to us that is linked with an identifier, such as your name, is part of your personal information.

By completing the questions on a health appraisal or LifeScore and submitting the answers by clicking the Save and Complete button, you are consenting to allow the use and disclosure of this information in a manner protected by and defined in this Privacy Policy to help identify and provide content, products and resources relevant to you.

The Platform may include features that give you the opportunity to provide us with personal information about yourself. You do not have to provide us with personal information if you do not want to; however, that may limit your ability to use the Platform or certain functions of the Platform or to request certain services or information. Collection by us of personal information is sometimes necessary when you contact us or decide to take advantage of various features of the Platform. We may request that you provide us with personal information on a voluntary basis in certain areas of the Platform.

How We Will Use Your Information

The Company will use your information to customize your member experience and provide relevant content, recommendations, coaching, care management, or other services to you.

We may combine personal information that you provide us through the Platform with other information we have received from you, whether online or offline, or from other sources such as our business partners or your sponsoring organization

We may use personal information to contact you through any contact information you provide through the Platform, including any email address, telephone number, cell phone number, text message number, or fax number. Please see the section below titled “Our Online Communications Practices.”

We may use personal information for a number of purposes, such as:

As otherwise necessary or useful for us to conduct our business, so long as such use is permitted by law.

Disclosure of Your Personal In‹formation to Third Parties

Unless we receive your permission, the Company will not sell, rent, or share your Personal Information to or with any third party not affiliated with or owned by the Company.

Rewarding Participation

We may disclose your Personal Information to your health plan, which may be administered by your employer, in order for your employer or health plan to provide you or your spouse/same-sex domestic partner with incentives and rewards for participation in the Platform.

Providing Services

We may disclose your Personal Information to business partners that enable us to provide you with a product or service that you have requested from us. We will disclose Personal information to these third parties as necessary to enable them to provide the product or service.

Business Partners

In order to provide you with the services on the Platform, we may disclose your Personal Information to our agents, contractors, or other service providers who perform services on our behalf, such as incentive fulfilment, web hosting, translation or data storage. These third parties may also collect Personal Information on our behalf. We will ensure that any agent, contractor, or other service provider to with whom we share Personal Information agrees to safeguard it in substantially the same manner as described in this Privacy Policy, and in accordance with all applicable laws and regulations.

Third Party Health Providers

We may disclose your relevant Personal Information to third parties who have been engaged on your behalf to provide disease management, health management, behavioral coaching, or similar health-related services (“Third Party Health Providers”), subject to contractual restrictions and conditions between the Company and the Third Party Health Providers that obligate them to safeguard your Personal Information.

These Third Party Health Providers may contact you to offer their services in support of your health management goals. These Third Party Health Providers are separate and distinct entities from the Company. If you agree to accept the services offered by a Third Party Health Provider, such agreement is solely between you and the Third Party Health Provider. In this case, the Company is not responsible for the privacy practices or services of the Third Party Health Providers.

HIPAA Covered Entities

We may disclose your Personal Information to entities subject to HIPAA (called “covered entities”). Covered entities include, for example, health care providers such as doctors and dentists. Covered entities are also health plans, including health plans sponsored by your employer and which may be administered by other employees of your employer. In the United States, these entities are subject to HIPAA and HIPAA requires covered entities to safeguard your Personal Information in accordance with all applicable state and federal laws and regulations.

Aggregated, De-identified Information

We may provide third parties, including to our corporate customers, with information about you and other users from which we have removed all identifiers and that can no longer be used to identify you. We may not limit the third parties’ use of the aggregate information, except that we do require third parties to whom we disclose aggregate information to agree that they will not attempt to make this information personally identifiable, including by combining it with other databases.

Disclosure of Automatically Collected Non-Personal Information

We may provide to third parties, including to our corporate customers, automatically collected information that is combined with the automatically collected information of other users or aggregate information.

Business Events

In the event the Company goes (or proposes to go) through a business event, such as a merger, acquisition by another company, reorganization, or sale of a portion of its assets, your Personal Information may be shared with parties connected with the proposed transaction as part of the due diligence process, and may be part of the assets acquired by and transferred to a new party taking over the business. The information transferred or shared remains subject to the promises made in our then-current Privacy Policy, unless you agree to new terms.

Legal Compliance

We may share personal information in response to a court order, subpoena, search warrant, law or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting activities that are illegal, violate our rules, or may be harmful to other visitors. We also may share personal information if we in good faith believe that doing so is necessary to protect and defend our legal rights and property, to protect against misuse or unauthorized use of the Platform by other parties, or to protect the personal safety or property of users of the Platform or the general public. We may not provide you with notice prior to disclosure in such cases.

Wellness Research

The Company reserves the right, at its sole discretion, to use personal information you may provide in your participation in the Platform to document positive health and wellness outcomes and to validate that engagement by users of the Platform is correlated with health improvements. The results of those studies and analyses may be shared by the Company with third parties.

Except in those instances described in the preceding, however, the information we use for such purposes will consist of aggregate or non-personally identified data and will accordingly not constitute personal information under this Policy.

Your Privacy Settings

The Platform allows you to choose one of three privacy settings in your profile – “Open,” “Limited” or “Private.” If you do not choose a privacy setting, your setting will automatically be “Open.” If you do not want all users to view your personal information or the content you post, you should select either the “Limited” or “Private” setting in your profile.

Open Setting

In the Open setting, all members can view information on your profile and view any information you post to the Community within the Platform and your name will appear when searched for on the Platform and in Community suggestions.

Limited Setting

In the Limited setting, only the “Buddies” you accept can view your full profile and posts, and your name will still appear when searched for and in Community suggestions. A limited profile view is available to all members and includes your name, About Me, Lifetime High 5 count, and, only if you both provide this information and choose to share it, also your city and state.

Private Setting

In the Private setting, only your Buddies can view your profile and non-public posts and your name will not appear in any searches nor in Community suggestions.

If you voluntarily submit personal information on a post to the Community feature of the, the information you share, together with your name and other profile information, will be available and visible to other users, and such users may choose to share this information with other persons or with the general public. Therefore, please be thoughtful in what you write and understand that personal information you post may become public, regardless of what privacy setting you choose.

Reviewing Your Information

Portions of the Platform permit you to submit personal information and to answer questions about yourself for purposes of compiling your profile, obtaining assessments, and participating in Platform programs and features. You may review some of this information and make corrections or updates at any time by following instructions within the Platform.

You have certain rights to know about the personal information that the Company collects and maintains about you through the Platform, including the right to correct or update the information that the Company has on record if any such information is incorrect, incomplete or out of date. We may reject requests for access or correction, however, that are unreasonably repetitive, risk the privacy of others, or would require a disproportionate or impractical effort.

Special Notice to California Residents

Under the California Civil Code, California residents who provide to the Company through the Platform any personal information (as such term is defined under California law) have the right to request from us once each calendar year a list of all third parties to which we have disclosed personal information (as so defined) during the preceding calendar year for such third parties’ own direct marketing purposes. If you are a California resident and wish to obtain this information, please send an email request to us at privacy@novu.com with a statement of your preference on how you wish to receive our response to your request. Please note that not all information sharing is covered by the California Civil Code requirements and that only covered information, if any, will be included in our response.

Under the California Business and Professions Code, the Company is required to disclose how it responds to web browser “Do Not Track” signals or other mechanisms that provide consumers with the ability to exercise choice regarding the collection of personally identifiable information (as such term is defined under California law) about a consumer’s online activities. The Company does not currently respond to or otherwise take any action with regard to “Do Not Track” requests.

Our Right to Verify Information

As a user of the Platform, you may participate in activities to earn Points and to receive Rewards and other benefits, which participation may require your reporting of certain information to us such as whether you have completed a step or activity or satisfied a program requirement. We reserve the right to confirm or verify the accuracy of any such information by contacting third parties. The third parties we contact for verification may include your Sponsor.

Information Security

We use a number of methods of physical security (such as locks and alarm systems), electronic security (such as passwords and encryption methods), and procedural security (such as rules regarding the handling and use of information), designed to protect the security and integrity of information submitted through the Platform. Due to the nature of the Internet and online communications, however, we cannot guarantee that any information transmitted online will remain absolutely confidential, and we are not liable for the illegal acts of third parties such as criminal hackers.

Maintaining the security of information transmitted to us or by us through the Platform is of utmost concern to the Company. No data transmissions over the Internet can be guaranteed to be 100% secure, however, and it is possible that email messages you send through the Platform, like nearly all non-encrypted Internet communications, may be accessed and viewed by other Internet users, without your knowledge and permission, while in transit to us.

Email

While we encrypt sensitive data, such as Personal Information, using SSL or VPN when it is transmitted over the Internet, we cannot completely ensure the privacy of email communications to and from our Site because they are not encrypted.

For that reason, to protect your privacy, we ask that you do not use email messages to communicate information to us that you consider sensitive or confidential. The Company strives to protect the privacy of your personal information, but we cannot ensure or warrant the absolute security of any information you transmit to us electronically through the Platform. When we receive an email transmission from you, we will use reasonable efforts to maintain the security of such information within our internal data systems.

Depending on the nature of your inquiry or message, upon completion of the exchange with you, your message may be archived in our records or it may be deleted and discarded. If you have any concerns about the security of confidential or sensitive information, however, do not send such information to us by email or by telephone. We do not recommend that any health information or other confidential information be sent to us by email or telephone.

Secure Information Storage

The Company maintains administrative, physical, and technical safeguards to reasonably and appropriately protect the confidentiality, availability, and integrity of your Personal Information. For example, the file containing your Personal Information will be maintained in secure locations at our offices or on our servers (or those maintained by our service providers) with access limited to authorized employees, representatives and agents. Our employees receive training on our security practices and obligations.

Compliance with our security policies is periodically audited by our Chief Technology Officer and we continually assess the adequacy of, and where appropriate improve, our security controls and procedures. The Company’s employees and our third party service providers must abide by this policy and those who violate it are subject to corrective action, up to and including termination of employment or other legal action as permitted by law.

Password Security

You must be registered to use the Platform. For most members, registration includes creation of a password. For these members, once you are registered, you will use a unique user ID and password to enter the Platform. Your password is not accessible by the Company or its employees. If you lose your password, it cannot be retrieved. At your request, we will assist you in resetting your password.

In some cases, your password and username will be managed and administered by your Sponsor, as you will be required to first log onto their site, which will then provide access to the Platform.

For your security, it is important for you to protect against unauthorized access to your password and your computer. If using a shared computer to access the Platform, be sure to sign out when you are finished.

Our Online Communication Practices

E-mail services, including the e-mail functions within the Platform, do not provide a completely secure and confidential means of communication. Even though it is unlikely, it is possible that your e-mail communication within the Platform may be accessed or viewed inappropriately by another internet user while in transit to us. If you desire to insure that your information is completely private, you should not communicate with us by e-mail.

We may send you on a periodic basis electronic newsletters, notification of account status, and other communications, such as engagement or reminder communications. We may also send e-mail communications regarding Platform updates and information on general health, fitness and wellness topics. We will offer you appropriate consent mechanisms, such as opt-out, with respect to most of these online communications from us.

For your protection, we will not send you an e-mail that includes your personal health information.

External Links on the Platform

The Platform may provide links to various external websites that the Company does not control. When you click on one of these links, you will be automatically transferred away from the Platform and connected to the linked websites of the organization or company that you selected. We cannot be responsible for the content or information on such websites, nor for the accuracy of information or nature of opinions expressed on such websites. We do not conduct investigations of linked websites nor attempt to monitor them for content, quality or accuracy. Inclusion of linked websites on the Platform is strictly for the convenience of users and does not imply or express an approval or endorsement of the linked website by the Company. We do not express approval or endorsement of any products or services offered on or made available through such websites. In some cases, the Company may have an affiliation or business relationship with the operator of a linked website, but even in that situation, we exercise no control over the linked website.

Each website linked to the Platform maintains its own independent data collection procedure and privacy policy. The Company expects that all affiliated and unaffiliated third parties with which it has a business relationship, including the operators of linked websites, to respect the privacy of our users, but we are not responsible for the actions of such third parties. If you visit a website through a link in the Platform, we encourage you to first review the written privacy policy posted on that website before furnishing any information or otherwise interacting with that website.

Information for Children Under 13

We will not intentionally collect any personal information from children under the age of 13 through the Platform without receiving verifiable parental consent. If you think that we have collected personal information from a child under the age of 13 through the Platform, please contact us.

To enforce this policy, the member must be 13 years of age or older in order to use the Platform.

Forums for Disputes

Any claim or dispute related to privacy is subject to this Policy and to our Terms and Conditions.

Any claim or dispute relating to this Policy shall be submitted to arbitration or commenced in a federal or state court in Minneapolis, Minnesota (as applicable under the Terms and Conditions) within one year after the claim or dispute arises. Users of the Platform consent to the arbitration provisions and the exclusive jurisdiction and venue provisions set forth in the Terms and Conditions as the most convenient and appropriate means for the resolution of claims or disputes concerning the Platform and this Policy. This Policy and the notices and statements included are not intended to and do not create any contractual or other legal rights in or on behalf of any third party.

Consent to Policy

By using the Platform, you signify your agreement with and consent to the terms of this Policy and to our Terms and Conditions. If you do not agree with any provisions of this Policy, please do not disclose any personal information through the Platform.

You may also tell us you do not want your data shared with us or our partners, and we will honor any such request, but if you choose this option we will not be able to provide you with any of our services.

Sponsors’ Privacy Policies

In some instances, portions of the Platform may be branded or co-branded by a Sponsor or made available via a Sponsor’s website or landing page. If you visit or use the Platform under such circumstances, you consent to both the Company’s and the Sponsor’s collection and use of your personal information and non-personal information through the Platform and you understand that the Sponsor’s use of such information may be subject to the Sponsor’s separate privacy policy.

Contact Us

If you have any questions or comments regarding anything in this Policy or with respect to our related privacy practices, please contact us at: privacy@novu.com. If you believe we or any company associated with us has misused any of your information, please contact us immediately and report such misuse.

Changes to this Policy

We may change this Privacy Policy at any time. If we do so, such change will appear on this page of the Platform or in another location, as indicated by us. Please review this Policy regularly to learn of any updates or changes.

Effective Date

The Effective Date of this Privacy Policy is March 25, 2015.

©2016 Novu Inc. All rights reserved.