Effective Date: May 12, 2021
Last Updated: July 5, 2023
A Note About Protected Health Information
When you use the Services (i) as a participant in a group health or welfare plan sponsored or administrated by a Wondr Health client, (ii) to receive nutrition services from Wondr Health that are reimbursable by your health insurance or other benefit plan, or (iii) use the Services to access healthcare services from independent third-party healthcare providers, we may collect protected health information (“PHI”) about you that is governed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
Please review the Notice of Privacy Practices applicable to your relationship with Wondr Health to understand how your PHI can be used and disclosed.
Processing of Personal Information
1. Sources of Personal Information
We collect Personal Information about you from the following sources:
- Directly from You
We collect Personal Information you provide directly to us. For example, we collect Personal Information when you: interact with Wondr Health in person, by phone or through mail, register for an account, participate in any interactive features of the Services, subscribe to a newsletter or email list, participate in a survey, contest, promotion or event, request customer support or otherwise communicate with us.
- Information We Collect Automatically and through Tracking Technologies.
When you access or use the Services, we may automatically collect Personal Information or inferences about you, such as through cookies and other tracking technologies. This may include information about how you use and interact with our Services, information about your device, and internet usage information. See the “Cookies and Other Tracking Technologies” section below for more information.
- Information We Collect From Third Parties
We may collect Personal Information that third parties provide us. For example, we may collect information about you when you use third party fitness devices that integrate with the Services. We may also receive information from your employer or insurance plan. Additionally, we may collect information about you when you post content to our pages or feeds on third party social media sites.
- From publicly available sources.
We may collect Personal Information about you from publicly available sources, such as public profiles and websites.
We may combine information we collect through each channel of collection together to create your profile.
2. Types of Personal Information we collect
We may collect the following types of Personal Information:
- Identifiers, such as your name, email address, physical address, telephone number, business contact information, and device identifiers (e.g., cookie IDs and IP address).
- Records about you, such as the content, timing and method of communications you have with us, including in online chats, calls, and emails; and information you share with or upload to our Services, such as reviews and comments.
- Demographic information, such as age (including birthdates) and gender.
- Commercial information, such as information related to your transactions; products or services purchased, obtained, or considered; subscription information; or other purchasing or consuming histories or tendencies.
- Internet or other electronic network activity information, such as your browsing history, search history, preference information (including marketing and purchasing preferences), account settings (including any default preferences), and other information regarding your interactions with and use of the Services. For more information about cookies and other device data, please see Section 5 (Cookies and Other Tracking Technologies).
- Non-precise geolocation data, such as your location as derived from your IP address.
- Audio, electronic, visual, or other sensory information, such as photographs and audio/video recordings.
- Professional or employment-related information, such as job title; organization; professional licenses, credentials, or affiliations; and other professional information.
- Education information.
- Inferences drawn from any of the information we collect about your preferences or behavior, including to assess the level of interest in our products and services based on frequency of visits and contact and determine your preferred frequency for receiving offers.
- Sensitive Personal Data, including the following:
- Racial or ethnic origin
- Content of mail, email, and text messages where we are not the intended recipient (such as messages that we host but are not sent to us).
- Information about your health.
3. Use of Information
We may use your information for various purposes related to our operations and your use of the Services. For example, we may use your information to:
- To provide you products and services, such as making our Services, products and services available to you; registering, verifying, and maintaining your account with us; providing and delivering you the goods and services you request, providing customer service; processing or fulfilling orders and transactions (including processing payments); verifying customer information and eligibility for certain programs or benefits; communicating with you (including soliciting feedback or responding to requests, complaints, and inquiries); hosting informational webinars; and providing similar services or otherwise facilitating your relationship with us.
- For our internal business purposes, such as day-to-day operation of our business; maintaining internal business records, such as accounting, document management and similar activities; enforcing our policies and rules; management reporting; auditing; and IT security and administration.
- For our internal research and product improvement purposes, such as verifying or maintaining the quality or safety of our products or services; improving our products or services; designing new products and services; evaluating the effectiveness of our advertising or marketing efforts; and debugging and repairing errors with our systems, networks, and equipment.
- For legal, safety or security reasons, such as complying with legal, reporting, and similar requirements; investigating and responding to claims against us, our personnel, and our customers; for the establishment, exercise or defense of legal claims; protecting our, your, our customers’, and other third parties’ safety, property or rights; detecting, preventing, and responding to security incidents and health and safety issues (including managing spread of communicable diseases); and protecting against malicious, deceptive, fraudulent, or illegal activity.
- In connection with a corporate transaction, such as if we acquire assets of another business, or sell or transfer all or a portion of our business or assets including through a sale in connection with bankruptcy and other forms of corporate change.
- For marketing and targeted advertising, such as marketing our products or services or those of our affiliates, business partners, or other third parties. For example, we may use Personal Information we collect to personalize advertising to you (including by developing product, brand, or services audiences and identifying you across devices/sites); to analyze interactions with us or our Services; or to send you newsletters, surveys, questionnaires, promotions, or information about events or webinars. You can unsubscribe to our email marketing via the link in the email or by contacting us using the information in Section 9 (Contact Information) below.
When you submit content (such as a post or comment or public chat) to the Services, any visitors to and users of our Services will be able to see that content, the username associated with the content, and the date and time you originally submitted the content. Although some parts of the Services may be private, other parts of the Services are public and you should take that into consideration before posting to the Services.
4. Sharing of Information
We may share Personal Information with third parties, including the categories of recipients described below:
- Affiliates and subsidiaries, including parent entities, corporate affiliates, subsidiaries, business units, and other companies that share common ownership.
- Service providers that work on our behalf to provide the products and services you request or support our relationship with you, such as IT providers, internet service providers, web hosting providers, data analytics providers, and companies that provide business support services, financial administration, or event organization.
- Professional consultants, such as accountants, lawyers, financial advisors, and audit firms.
- Vendors necessary to complete transactions you request, such as shipping companies and logistics providers.
- Other entities in connection with a corporate transaction, such as if we acquire assets of another entity, or sell or transfer all or a portion of our business or assets including through a sale in connection with bankruptcy and other forms of corporate change.
- Business partners that may use Personal Information for their own purposes, such as:
- Advertisers, ad platforms and networks, and social media platforms;
- Third parties whose cookies and tracking tools we use as described in the Cookies and Other Tracking Technologies section below.
- Commercial data partners to whom we make information available for their own marketing purposes; and
- Partners who work with us on promotional opportunities, including co-branded products and services.
Where required by law, we will obtain your consent prior to disclosing your Personal Information to our business partners. Where recipients use your Personal Information for their own purposes independently from us, we are not responsible for their privacy practices or personal data processing policies. You should consult the privacy notices of those third-party services for details on their practices.
- The public, such as when you have an opportunity to make comments regarding us or our products that we may share with the public, including comments on our blog posts and reviews on our product pages. Any Personal Information in comments, reviews, or other content that you share in public areas of our Services may be read, collected, or used by other users or the public.
- Entities to which you have consented to the disclosure.
Links to Third-Party Websites
Cookies and Other Tracking Technologies
- The types of tracking technologies we use and the purposes for which we use them.
- The types of information we collect using these technologies.
- How we disclose or make information available to others.
- Choices you may have regarding these technologies.
Types of cookies and tracking technologies we use. We and the third parties that we authorize may use the following tracking technologies:
- Cookies, which are a type of technology that install a small amount of information on a user’s computer or other device when they visit a website. Some cookies exist only during a single session and some are persistent over multiple sessions over time.
- Pixels, web beacons, and tags, which are types of code or transparent graphics. In addition to the uses described below, these technologies provide analytical information about the user experience and help us customize our marketing activities. In contrast to cookies, which are stored on a user’s computer hard drive, pixels, web beacons, and tags are embedded invisibly on web pages.
- Session replay tools, which record your interactions with our Services, such as how you move throughout our Services and engage with our webforms. In addition to the uses described below, this information helps us improve our Services and identify and fix technical issues visitors may be having with our Services.
- Embedded scripts and SDKs, which allow us to build and integrate custom apps and experiences on our Services
Purposes for using these technologies. We and authorized third parties use these technologies for purposes including:
- Personalization, such as remembering language preferences and pages and products you have viewed in order to enhance and personalize your experience when you visit our Services.
- Improving performance, such as maintaining and improving the performance of our Services.
- Advertising, such as conducting advertising and content personalization on our Services and those of third parties; tracking activity over time and across properties to develop a profile of your interests and advertise to you based on those interests (“interest-based advertising”); providing you with offers and online content that may be of interest to you; and measuring the effectiveness of advertising campaigns and our communications with you, including identifying how and when you engage with one of our emails.
- Security, such as preventing fraud and malicious behavior.
Information collected. These tracking technologies collect data about you and your device, such as your IP address, location (both approximate and precise) cookie ID, device ID, Ad ID, operating system, browser used, browser history, search history, and information about how you interact with our Services (such as pages on our Services that you have viewed).
Disclosures of your information. We may disclose information to third parties or allow third parties to directly collect information using these technologies on our Services, such as social media companies, advertising networks, companies that provide analytics including ad tracking and reporting, security providers, and others that help us operate our business and Services.
Your choices. Some of the third parties we work with participate with the Digital Advertising Alliance (“DAA”) and Network Advertising Initiative (“NAI”). The DAA and NAI provide mechanisms for you to opt out of interest-based advertising performed by participating members at http://www.aboutads.info/choices/ and https://optout.networkadvertising.org/. We adhere to the DAA’s Self-Regulatory Principles for Online Behavioral Advertising. You may also click on the AboutAds icon on a Company advertisement and follow the instructions on how to opt out.
You can also refuse or delete cookies using your browser settings. If you refuse or delete cookies, some of our Services’ functionality may be impaired. Please refer to your browser’s Help instructions to learn more about how to manage cookies and the use of other tracking technologies. If you change computers, devices, or browsers; use multiple computers, devices, or browsers; or delete your cookies, you may need to repeat this process for each computer, device, or browser. Opting out of interest-based advertising will not opt you out of all advertising, but rather only interest-based advertising from us or our agents or representatives.
Do Not Track. Some browsers have incorporated Do Not Track (“DNT”) preferences. At this time, we do not honor Do Not Track signals.
We use reasonable administrative, technical, and physical safeguards designed to protect the Personal Information under our control from unauthorized access, use, and disclosure, in accordance with applicable law. Despite these measures, the confidentiality of any communication or material transmitted to or from us via the Services by Internet or email cannot be guaranteed. Your use of the Services and provision of information constitutes your willingness to assume this risk.
The safety and security of your information also depend on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We encourage you to learn as much as you can about your privacy on the Internet.
Notice to International Users
The Services are hosted in the United States and are subject to U.S. law, and are intended for users located only in the U.S. If you are accessing the Services from outside the United States, please be advised that U.S. law may not offer the same privacy protections as the laws of your jurisdiction. By accessing and using the Services, you agree that you are providing freely-given, specific, informed, and unambiguous consent to the transfer to and processing of your Personal Information in the U.S.
You may stop the collection of this information at any time by changing the settings on your mobile device, but note that some features of our mobile applications may no longer function if you do so.
Native Applications on Mobile Device
Some features of our mobile applications may require access to certain native applications on your mobile device, such as the camera, photo album and the address book applications. If you decide to use these features, we will ask you for your permission prior to accessing the applications and collecting associated information. Note that you can revoke your consent at any time by changing the settings on your device.
We may send promotional and non-promotional push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device or within our mobile applications.
Opting out of Marketing Emails
You may opt out of marketing or promotional emails by following the unsubscribe instructions in any marketing email we send you. However, do note that you will be automatically opted in to receive marketing and promotional emails upon registration or reregistration with the Site or our services; enrollment or reenrollment with the Site or our services; or the creation or reinstatement of an account. This automatic opt in will occur even if you have previously deregistered from the Site or our services, disenrolled from the Site or our services, deleted your account, requested deletion of your personal data, or otherwise performed any action or inaction that resulted in the deletion, deregistration, or disenrollment of your account from the Site or our services. If you wish to opt out of marketing or promotional emails following reregistration, reenrollment, or reinstatement, please follow the unsubscribe instructions in any marketing email we send you.
We will maintain your information, including any sensitive personal information, for only as long as reasonably necessary to fulfill the purpose for which it was collected, and as long as legally necessary, in accordance with applicable law. In some circumstances we may retain your personal data for extended periods of time, for instance, where we are required to do so in accordance with legal, regulator, tax or accounting requirements.
In specific circumstances we may also retain your personal data for extended periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required, we will undertake reasonable efforts ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.
Supplemental US State Privacy Disclosures
If you are a California resident, you may have the following rights regarding Personal Information. Please note that certain information, such as PHI and medical information (as defined under the Confidentiality of Medical Information Act (“CMIA”)), is exempted from the California Consumer Privacy Act. This means that we and certain service providers or other recipients may not be required to honor the rights described in this section. Instead, we comply with our obligations under other laws, such as HIPAA and CMIA.
The Colorado Data Protection Act, Connecticut Data Privacy Act, and Virginia Consumer Data Privacy Act do not currently apply to us.
- The right to know and access. You may have the right to request a copy of the Personal Information we collected or maintained about you. You may also request information about (i) the categories of Personal Information that we collected about you; (ii) the purposes for which such Personal Information was collected, disclosed, or sold, and to whom we have disclosed your Personal Information and why; (iv) the categories of sources from which such Personal Information was collected.
- The right to deletion. You may have the right to request that Wondr Health delete the Personal Information that we or our vendors collected about you. There may be circumstances under which we will be unable to delete your personal information, such as if we need to comply with our legal obligations, complete a transaction for which your personal information was collected, or if such deletion would be impossible or require a disproportionate effort. If we are unable to comply with your request for deletion, we will let you know the reason why.
- The right to correct inaccurate Personal Information. You may have the right to request that we correct any of your inaccurate Personal Information that we maintain about you.
- The right to not be subject to certain profiling. You may have the right to opt-out of processing of your information which constitutes profiling in furtherance of decisions that produce legal effects or similarly significant effects concerning you.
- Right to Opt Out of Sales and Sharing for Targeted Advertising. You may have the right to opt out of the sale or sharing of your Personal Information for targeted advertising.
- The right to appeal. If you submit a request to exercise one of the above rights and we deny such request, you may have the right to appeal our decision.
- The right to file a complaint. You may have the right to file a complaint with a relevant supervisory authority or your state’s Attorney General. You may contact us, the relevant supervisory authority, or your state’s Attorney General for more information.
Wondr Health will not discriminate against you in any way for exercising your privacy rights. However, if you exercise certain rights, the exercising of such rights may inherently cause you to be unable to use or access certain features of the Services.
To exercise any of these rights, contact us at 855-999-7549 or complete the form available at NS_CCPA_consumer_request_form.pdf and send it to firstname.lastname@example.org. In connection with submitting a request, you must provide the following information: name, email, phone number, address and state of residence, and employer or insurance carrier associated with (if applicable) and you must state what type of request you are making.
Only you, or someone legally authorized to act on such your behalf, may make a request related to his or her personal information. Wondr Health will take steps to verify your identify prior to processing your request, and we may ask for additional information from you that helps us with this verification. We will inform you if we need such information.
In general, Wondr Health has the right to require you to provide written permission granting authority to your representative and for your agent to verify its identity directly with us, and we may deny a request from your representative who does not submit proof of authorization as we request.
Wondr Health cannot respond to a request or provide personal information if we cannot verify the identity or authority to make the request.
Making a verifiable consumer request does not require you to create an account with us. We may deliver our written response by mail or electronically, at your option.
If we deny a request, we will provide a response explaining the reasons we cannot comply with a request, if applicable.
You may only make a verifiable consumer request to know or access twice within a 12-month period.
In addition to the disclosures above, this section provides supplemental information about how we process Personal Data.
The chart below details the categories of Personal Information Wondr Health collected and disclosed for a business purpose in the preceding 12 months:
Categories of Personal Data We Collect
Categories of Third Parties With Whom We Disclose Personal Data for a Business Purpose
Categories of Third Parties to Whom Personal Data is Sold or Shared for Targeted Advertising
Identifiers (Section 2.A)
Records about you (Section 2.B)
Demographic information (Section 2.C)
Commercial information (Section 2.D)
Internet or other electronic network activity (Section 2.E)
Geolocation data (Section 2.F)
Audio, electronic, visual, or other sensory information (Section 2.G)
Professional or employment-related information (Section 2.H)
Inferences (Section 2.I)
Sensitive personal information (Section 2.J)
Sale and Sharing of Personal Information
Wondr Health has not, in the preceding 12 months, and does not currently, sell or share personal information for money or other valuable consideration or cross-context behavioral advertising.
Use of Sensitive Personal Information
Wondr Health only uses and discloses Sensitive Personal Information for the following purposes: (i) performing services or providing goods reasonably expected by an average consumer; (ii) detecting security incidents; (iii) resisting malicious, deceptive, or illegal actions; (iv) ensuring the physical safety of individuals; (v) for short-term, transient use, including non-personalized advertising; (vi) performing or providing internal business services; (vii) verifying or maintaining the quality or safety of a service or device; or (viii) for purposes that do not infer characteristics about you.
California “Shine the Light” Law
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Site that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to email@example.com.
Nevada Resident Privacy Rights
Nevada residents may have certain rights to opt-out of sales of their personal information under Nevada Revised Statutes Chapter 603A. However, please note that Wondr Health does not currently sell data triggering this Nevada statute’s opt-out requirements. If you have questions with respect to this right, please contact firstname.lastname@example.org.