Privacy Policy
PRIVACY POLICY
LAST UPDATED: February 10, 2023 Effective: February 10, 2023
HealthJoy, LLC and its subsidiaries, divisions, and affiliates (collectively, “HealthJoy”, “we”, “us”, and “our”) recognize the importance of protecting the privacy of the personal information you provide to us. Accordingly, we have developed this Privacy Policy (the “Policy”) so that you can make educated and informed decisions about the personal information that you entrust to us by engaging our services on the websites, social media, email exchanges, mobile apps, and other online services on which this Policy is posted (the “Service”), and understand how we collect, use, disclose, and otherwise manage this information. Our Policy provides information about:
- Collection of Personal Information
- Non-Personal Information
- Categories of Personal Information and Purpose for Collection
- Disclosure of Personal Information
- Uses and Disclosures of Personal Health Data
- Do Not Track Signals, Cookies, and Other Technologies
- Children's Privacy
- Linked Sites
- User Submissions
- Managing Your Information
- Security of Your information
- Newsletters and Emails
- Research and Measurement Activities
- Consent to Processing and International Transfers
- Special Notice for EEA and UK Residents
- Special Notice for California Residents
- Special Notice for Nevada Residents
- Special Notice for Virginia Residents
- Special Notice for Mexico Residents
- Changes to the Privacy Policy
- Reasonable Fees
- How to Contact Us
Your use of the Service is conditioned upon your agreement with this Policy and our Terms of Use. Before using our Service, please read this Policy carefully as it contains important information on who we are and how and why we collect, store, use, and share your personal information. This Policy also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint. In addition to this Policy, please also read our HIPAA Notice of Privacy Practices, which provides more information specific to your rights under the Health Insurance Portability and Accountability Act (“HIPAA”).
This Policy is written in the English language. We do not guarantee the accuracy of any translated versions of this Policy. To the extent that any translated versions of this Policy conflict with the English language version, the English language version of this Policy shall control.
In addition, please note that access to some HealthJoy interactive tools and the Service may be limited to users who have registered and made an account with us. Some of our tools (such as certain quizzes or calculators) do not retain your personal information, but others store your personal information in accordance with this Policy. When you use certain tools, you may also be asked to provide authorization for uses of personal information that are not covered in this Policy (for example, to provide personal information to a sponsor of the specific tool you are using), but HealthJoy will not use your personal information beyond what is covered in this Policy unless you provide such additional consent.
COLLECTION OF PERSONAL INFORMATION
HealthJoy enables you to securely gather, store, manage, and share your personal information and provides tools and services to help you manage your health and the health of your family. To do this, HealthJoy collects personal information from you in the following ways.
Information you provide to us
HealthJoy will collect personal data from you directly when you interact with our Service, contact us, use our services, create an account, participate in an online survey, sign up to receive offers or emails from us, or purchase our products.
Information we obtain indirectly
We may receive personal data about you from our third-party affiliates or partners and from marketing companies that provide us with such information as a part of their relationship with us.
We may combine this with data that we already have collected about you. Such collected data could include contact details (such as email address) and previous purchase history or interests.
Information collected automatically
When you use our Service, we collect certain information about you automatically through our use of cookies and similar technologies such as web beacons and pixels.
NON-PERSONAL INFORMATION
Even if you do not register with or provide any personal information to HealthJoy, we collect non-personal information about your use of HealthJoy. “Non-personal information” means information that we cannot use to identify or contact you, such as aggregate statistics. We may also acquire non-personal Information about our users from external sources. If you do not want us to collect such information, please do not use the Service.
CATEGORIES OF PERSONAL INFORMATION AND PURPOSE FOR COLLECTION
HealthJoy collects the following categories of personal information: (1) contact information including your name, email address, telephone number, company affiliation, and mailing address; (2) authentication information, including the user name and password that you use to register an account on the Service; (3) financial information for payment processing purposes; (4) insurance policy information, including carrier information, plan details, coverage, and copays and deductibles; (5) user content, including survey responses, comments, reviews, and suggestions; (6) personal characteristics including age, date of birth, gender, and marital status; (7) online behavior information including online activity, product and online preferences, interests, demographic and geographic information, and time spent viewing features; and (8) information about the browser and hardware you use as you access and use our website, https://www.healthjoy.com/ (the “Site”), including IP address, network information, device characteristics, browser type, cookie information, referring and exit pages, sites visited, and timestamps; and (9) if you opt-in to provide such information, information collected through our mobile device applications and mobile optimized websites (collectively, the “HealthJoy App”), including motion data (e.g., proximity sensor on both ios and android for video calls to adjust audio output and enable/disable video, and other information), gyroscope data, and accelerometer data (tracking movement).
Where we have your explicit consent (and if legally required, written consent) to do so, we may also collect certain sensitive personal information. Specifically, with such consent, we may collect (1) personal health data, which includes information about your physical or mental health or condition or diagnosis, information related to the provision of healthcare services to you, information about payments you make to obtain healthcare services, and common identifiers associated with health data such as name, age, gender, date of birth, Social Security Number, marital status, and racial or ethnic origin; (2) genetic data; (3) data concerning your sex life or sexual orientation; and (4) precise geolocation information, if you opt-in to provide such information on the HealthJoy App or Site.
The personal information we collect is required to provide the Service to you. If you do not provide the personal information we ask for, it may delay or prevent us from providing the Service to you.
Additionally, if you are a job applicant, employee, owner, director, officer, or contractor of HealthJoy (individually referenced in this Policy as “employee” and collectively referenced as “employees”), we may also collect educational, professional, and employment-related information, which may include certain sensitive personal information. Specifically, if provided to us, we may collect information such as your Social Security Number, driver’s license number or state ID card number, passport number, and other unique personal identifiers associated with you or other beneficiaries such as your spouse or child; employment and education history, professional licenses, marital or domestic partner status, date of birth, age, gender, classifications protected under state or federal Equal Employment Opportunity laws (such as race or national origin), medical condition or information, and health insurance information and policy number; precise geolocation history, including badge access and telematics data; and financial Information, which may include bank account and billing address.
Unless you are an employee, or as otherwise stated in this Policy or a separate agreement, HealthJoy does not collect the following types of sensitive personal information: your driver’s license, state identification card, or passport number; your account log-in, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; your religious or philosophical beliefs or associations, political opinions or membership; the contents of your mail, email and text messages, unless we are the intended recipient of the communication; your criminal background; your citizenship or citizenship status; or any personal information about a known child. We ask that you not send nor disclose any sensitive personal information that we do not explicitly collect for the purposes outlined in this Policy or to provide our Service to you.
HealthJoy only collects and processes the minimum amount of personal information from you that is necessary to the purposes of our information processing activities and retains such information only if required to fulfill such purposes. We will only keep your personal information for as long as we need it, as permitted by the agreement for the Service, or as permitted or required by applicable law.
Although HealthJoy may provide its third-party partners with your personal information for the third-party partner to provide the Service to you, HealthJoy does not trade, rent, or sell your personal information to third parties, share your personal information with third parties for cross-context behavioral advertising, or process it for targeted advertising or consumer profiling.
Our information processing activities include conducting our business, customer communications and support, user verification, payment processing, shipping, quality management services, Service maintenance and improvements, and complying with legal requirements. We conduct such processing operations to perform the contract that you have with us, or to take steps at your request before entering into a contract, and for our legitimate interests or those of a third-party. A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
We also ask for your consent (express & written if required by applicable law) to use your information for certain specific reasons, such as when we provide healthcare-related services to you. Certain personal information, such as personal health data, implicates legal requirements, including those that arise under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Accordingly, HealthJoy works with its staff and outside consultants on implementing measures to comply with HIPAA and other applicable laws, and we closely monitor consent documents, which you will be asked to submit to enable us to access your personal health data and insurance information so that we can use the information in the way you have requested.
You may withdraw your consent at any time by contacting us at support@healthjoy.com or at the mailing address listed below.
Where applicable, if HealthJoy intends to further process your personal information for a purpose other than that for which the personal information was initially collected, HealthJoy shall, prior to such processing, provide you with any relevant information on such additional purpose, and, to the extent required by applicable law, obtain your consent for this.
The table below describes the relevant categories of personal information that we process and explains why we use this information, how we process the information, and our lawful bases for processing the information:
Why we process your information |
How we process your information |
Our lawful bases |
Relevant categories of personal information |
---|---|---|---|
To conduct our business, such as by providing features through the Service. |
Provide healthcare-related services, including certain diagnoses and prescriptions, virtual urgent care, virtual musculoskeletal care, and mental healthcare, when you choose to participate in virtual consults or otherwise interact with HealthJoy healthcare providers or our interactive tools and services; Manage, organize, and interpret employee insurance plans and assist with medical billing; Refer you to healthcare providers within your insurance network |
You have consented to our processing of your personal information, i.e., to help you find providers within your insurance network when you request for such assistance; For the performance of our contract with you or to take steps at your request before entering into a contract; For our legitimate interests or those of a third-party, i.e., to promote employee physical wellness and mental health |
Personal health data; genetic data; data concerning your sex life or sexual orientation; financial information; insurance policy information; contact data associated with personal health data and insurance policy information, such as name, age, gender, date of birth, Social Security Number, marital status, and racial or ethnic origin; and precise geolocation information |
To help you achieve your health-related goals for physical and mental wellbeing, happiness, and productivity |
Track your steps, speed, and movement to allow you to monitor your daily activity on the HealthJoy App |
You have consented to our processing of your personal information, i.e., to help you manage your fitness; For the performance of our contract with you or to take steps at your request before entering into a contract |
Motion data (e.g., recording elevation, steps, and other information), gyroscope data, and accelerometer data (tracking movement) |
To send marketing and advertising materials and deliver relevant content to existing and former customers. |
Send informational and promotional newsletters (such as a newsletter relating to a specific health condition), personalized emails, and secure electronic messages about your health interests, including news, announcements, reminders, and opportunities, when you opt-in to receive such communications |
You have consented to our processing of your personal information, i.e., to provide you with informational or promotional material that you are interested in; For our legitimate interests or those of a third-party, i.e., to promote our business to existing and former customers |
Contact information, including name, email, address, telephone number, and company affiliation |
To communicate with you and provide customer support. |
Address and send communications to you as required by data protection laws, i.e., the U.K. GDPR and E.U. GDPR; Address and send communications to you about changes to our terms or policies or changes to the Service |
For our legitimate interests or those of a third-party, i.e., to address your questions and concerns about the Service; For the performance of our contract with you or to take steps at your request before entering into a contract To comply with our legal and regulatory obligations (e.g., Article 6(1)(b), U.K. GDPR and E.U. GDPR) |
Contact information, including name, email, address, telephone number, and company affiliation, and authentication information, including the username and password that you use to register an account on the Service |
User verification |
Require you to log in to our HealthJoy App or Site in order to use or access certain features of the Service |
To comply with our legal and regulatory obligations (e.g., Recital 64, U.K. GDPR and E.U. GDPR) |
Authentication information, including the user name and password that you use to register an account on the Service |
To process payment. |
Document the services and supplies you receive when we are providing care to you so that you, your insurance company or another third-party can pay us |
You have consented to our processing of your personal information; For the performance of our contract with you or to take steps at your request before entering into a contract |
Contact information including your name, email address, telephone number, company affiliation, and mailing address; financial information for payment processing purposes; and Insurance policy information, including carrier information, plan details, coverage, and copays and deductibles |
Quality management services to operate, manage, develop, administer, and improve the Service and your experience on the Service. |
Conduct online research surveys, which you may receive via email invitations, pop-up surveys, and online focus groups, for market research and measurement purposes, including to measure the effectiveness of content, advertising, or programs by obtaining your feedback on the same, requesting that you enter certain personal information in response to the survey, and combining your personal information with other information we receive from third parties |
For our legitimate interests or those of a third-party, i.e., to be as efficient as we can so we can deliver the best service for you; For the performance of our contract with you or to take steps at your request before entering into a contract |
Contact information including your name, email address, telephone number, company affiliation, and mailing address; user content, including survey responses, comments, reviews, and suggestions; online behavior information including online activity, product and online preferences, interests, demographic and geographic information, and time spent viewing features |
To prevent and investigate fraud and other misuses of the Service. |
Maintain logs of disclosures of your information. |
For our legitimate interests or those of a third-party, i.e., to minimize fraud that could be damaging for us and for you |
Information about the browser and hardware you use as you access and use the Site, including IP address, network information, device characteristics, browser type, cookie information, referring and exit pages, sites visited, and timestamps |
To ensure the technical functionality and security of the Service. |
To provide you the Service |
For our legitimate interests or those of a third-party, i.e., to preserve the integrity of our confidential or proprietary information; For the performance of our contract with you or to take steps at your request before entering into a contract To comply with our legal and regulatory obligations (e.g., under Article 32, U.K. GDPR and E.U. GDPR) |
Information about the browser and hardware you use as you access and use the Site, including IP address, network information, device characteristics, browser type, cookie information, referring and exit pages, sites visited, and timestamps |
To analyze trends and gather broad aggregate demographic information, statistically monitor how many people are using the Service or opening our emails, and research our audience. |
De-identified aggregate data may be used for these analyses. |
For our legitimate interests or those of a third-party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price |
Online behavior information including online activity, product and online preferences, and time spent viewing features, and information about the browser and hardware you use as you access and use the Site, including IP address, network information, device characteristics, browser type, cookie information, referring and exit pages, sites visited, and timestamps |
To audit and analyze the Service. |
De-identified data may be in such audits or analyses. |
For our legitimate interests or those of a third-party, i.e., to demonstrate we operate at certain standards, to comply with our legal and regulatory obligations (e.g., Article 28, U.K. GDPR and E.U. GDPR). |
Online behavior information including online activity, product and online preferences, and time spent viewing features, and information about the browser and hardware you use as you access and use the Site, including IP address, network information, device characteristics, browser type, cookie information, referring and exit pages, sites visited, and timestamps. |
We or our Service Providers (defined below) may also use certain information, including log-in credentials, IP addresses, hashed email addresses, and unique mobile device identifiers, to locate or try to locate the same unique users across multiple browsers or devices, such as smartphones, tablets, or computers, to better tailor content, features, and advertising, and to provide you with a seamless experience across the devices you use to access the Service.
DISCLOSURE OF PERSONAL INFORMATION
HealthJoy does not trade, rent, or sell your personal information to third parties, share your personal information with third parties for cross-context behavioral advertising, or process it for targeted advertising or consumer profiling. We may share or disclose your personal information for the following limited purposes:
- Third Parties Providing Services on Our Behalf. We may share information with vendors and suppliers (collectively, “Service Providers”) who perform services and functions on our behalf to support our interactions with you. These Service Providers may assist with technical operation of our Service, provide analytics, process orders, transactions and payments, or provide customer service. These Service Providers do not have the right to use personal information we share with them beyond what is necessary to assist us. Additionally, these Service Providers must adhere to confidentiality, security, and legal obligations in a way that is consistent with this Policy and any applicable law. Specifically, we contractually require that our Service Providers (1) protect the privacy of your personal and non-personal information consistent with this Policy and
(2) not use or disclose your personal or non-personal information for any purpose other than to provide the limited service or function for HealthJoy. - Aggregate Information. We may also share non-identifying information, such as aggregate statistics or usage information, with third parties in order to demonstrate how HealthJoy is used, spot industry trends, or provide marketing materials for
HealthJoy. Any aggregated information shared in this way will not contain any personal information, and HealthJoy is not limited in its use of aggregate information that does not permit direct association with any specific individual, such as the
number of users of our services and the geographic distribution of our users. - Your Consent to Have Your Personal Information Shared. HealthJoy may share personal information with third parties when we have your consent to do so. Specifically, in connection with your use of the Service, you may be asked to
opt-in to receive informational or marketing offers, or to otherwise consent to the sharing of your information with a third party, including social networking sites such as Facebook, Instagram, or Twitter. If you agree to have your personal information shared with a third party, your personal information will be disclosed to the third party and will be subject to the privacy policy and business practices of that third party. - Legal Disclosure. We may transfer and disclose information, including your personal information, usage information and device identifier, (including IP address), to third parties to comply with a legal obligation; when we believe in good faith that the law requires it; at the request of governmental authorities conducting an investigation; to verify or enforce ouragreements, terms of use, or other applicable policies; to respond to an emergency; or otherwise to protect the rights, property, safety, or security of third parties, visitors to our Service, or the public.
- Transfer in the Event of Sale or Change of Control. If the ownership of all or substantially all of our business changes, or we otherwise transfer assets relating to our business or the Site, HealthJoy App, or Service to a third party, such as by merger, acquisition, bankruptcy proceeding or otherwise, we may transfer personal information to the new owner. In such a case, unless prohibited by applicable law, your information would remain subject to the privacy policy applicable at the time of such transfer, unless you discontinue use of our Service.
- Emergencies. We may also disclose personal information about you to the appropriate medical, law enforcement, or other emergency response professionals in response to a physical threat to you or others. Details about the specific third parties with whom we disclose your information, the processing operations related to such disclosure, and the relevant categories of personal information that we disclose may be found at www.healthjoy.com/subprocessors (“Subprocessor List”). This
Subprocessor List may be updated from time to time by HealthJoy in
its sole discretion, and we will notify you of a change we deem materials.
SUBPROCESSORS
We utilize sub-processors (or service providers) in the performance of our services, and you hereby authorize us to engage those sub-processors set out at www.healthjoy.com/subprocessors (“Subprocessor List”). The Subprocessor List may be updated from time to time by HealthJoy in its sole discretion.
USES AND DISCLOSURES OF PERSONAL HEALTH DATA
In accordance with the HIPAA Privacy Rule, HealthJoy follows national standards to protect individuals’ medical records and other personal health information when providing and conducting healthcare-related services and transactions electronically. HealthJoy implements appropriate safeguards to protect the privacy of personal health information and obtains the necessary patient authorization before using and disclosing such information for the purposes of treatment, healthcare operations, and payment. HealthJoy also respects all patient rights, including the rights to examine and obtain a copy of health records and to request corrections. For more information about your rights, please see our
HIPAA Notice of Privacy Practices.
HealthJoy uses and discloses personal health data in the following ways:
- Treatment. HealthJoy may disclose your PHI to another physician or healthcare provider for purposes of consultation or in connection with the provision of follow-up treatment.
- Healthcare Operations. HealthJoy may use and disclose your
PHI in connection with its healthcare operations, such as
providing healthcare consultations, customer service, and
conducting quality review assessments. - Payment. We document the services and supplies you receive
when we are providing care to you so that you, your insurance
company, or another third-party can pay us. We may tell your
health plan about upcoming treatment or services that require
prior approval by your health plan.
While HealthJoy is permitted to use and disclose your PHI for the normal business activities that the law sees as falling into the categories of treatment, healthcare operations, and payment, you may revoke any such authorization at any time by contacting HealthJoy at support@HealthJoy.com.
DO NOT TRACK SIGNALS, COOKIES, AND OTHER TECHNOLOGIES
We may use cookies, web beacons, pixel tags, mobile analytics software, log files, or other technologies to collect certain information about your online activity and interactions with our emails, online and mobile advertisements, and to allow us to keep track of analytics and certain statistical information that enables HealthJoy to improve our services and provide you with more relevant content and advertising offered by HealthJoy or through or
linked from our services. You may, however, disallow receiving cookies at any time through your web browser. It is not our intention to use cookies to retrieve information that is unrelated to our Service or your interaction with our Service.
We require your prior consent prior to utilization of strictly necessary cookies. In the event you do not consent to the use of cookies other than strictly necessary cookies, our website may continue to be accessible to you, but will only utilize strictly necessary cookies associated with the basic functionality of our website.
At this time, we do not respond to browser “do not track” or “DNT” signals.
If you would like more information about who we share our data with and why, please contact us using the information provided below.
CHILDREN'S PRIVACY
We are committed to protecting the privacy of children. Accordingly, HealthJoy is not targeted for use by children, and HealthJoy does not collect personal information from any person we know is under the age of 18.
However, a parent or legal guardian may establish a personal health record and a HealthJoy home page containing a minor’s personal information using the Service. In such event, only a parent or legal guardian may provide such information and use the Service, and HealthJoy reserves the right to verify the parent or legal guardian’s identity to determine whether to keep information about the minor on the Service. By using the Service to store, manage, disclose, or otherwise use the personal information of a minor, parents and legal guardians agree that they are solely responsible for ensuring that the registration information to the account containing their child or children’s information is kept secure and that the information submitted about such child or children is accurate. Parents and legal guardians also assume full responsibility for the interpretation and use of any information or suggestions provided through HealthJoy for their minor(s).
If you are under 18 years old, please do not provide your information on our Service. Upon notification that a child has provided us with personally identifiable information his or herself, we will delete the child’s personally identifiable information from our records. If you believe we might have any information from a child that has not otherwise been provided by and with the consent of a parent or legal guardian, please contact us at support@healthjoy.com.
LINKED SITES
The Service may contain links to third-party owned or operated websites, including, without limitation, social media websites (each a “Linked Sites”), as a convenient method of accessing information that may be useful or of interest to you. This Policy and the practices that we follow under this Policy do not apply to Linked Sites. We are not responsible for the content, accuracy, or opinions expressed on any Linked Site or for the privacy practices or security standards used by third parties on such Linked Sites. These Linked Sites have separate privacy and data collection practices, and we have no responsibility or liability relating to them.
You understand and agree that by clicking on a link to a Linked Site, you have left our Service and this Policy is no longer in effect.
USER SUBMISSIONS
Some features of the Services may now or in the future allow you to provide content, such as written comments or reviews, to be published or displayed on public areas of the Service (“User Submissions”). Be careful about giving out information in public areas of the Service. The information you share in public areas may be viewed by any user of the Service. We cannot control the actions of other users of the Service with whom you may choose to share your User Submission.
MANAGING YOUR INFORMATION
If you do not want your personal information used by HealthJoy as provided in this Policy, you should not use the Service, register as a member of HealthJoy or for any specific tool or application on HealthJoy’s Service that collects personal information, or submit any information in the “Contact Us” form on the Site.
You may correct, update, or review personal information you have submitted through registration, interactive services and tools, and applications by signing into your HealthJoy account and updating your registration information or making the desired changes. If you have registered for a HealthJoy account and no longer want HealthJoy to use your personal information or desire to delete such information from our systems, you should delete your information as described in this Policy or contact HealthJoy to assist you using the information listed below. Upon your request, we will delete your personal information from our active databases and, where feasible, from our back-up media; however, you should be aware that it is not technologically possible to remove every record of the information you have provided to HealthJoy from our servers.
You may reject and opt-out of cookies and other parts of the Service. Additionally, if you decide that you would prefer not to receive personalized emails, secure electronic messages, or other communications from HealthJoy, you may also opt-out of these services by clicking on the settings tab on the home page of your HealthJoy App and changing your email preference or following the unsubscribe instructions included in each promotional email.
SECURITY OF YOUR INFORMATION
If you choose to provide us with your personal information, you understand that we are transferring it to our locations and systems in the United States or to the locations and systems of our service providers around the world. We have safeguards and security controls in place to protect your personal information. This includes reasonable technical and organizational measures, such as encryption and Secure Socket Layers (SSL) technology, that protect the personal information (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorized disclosure of, or access to the data. Please be advised, however, that while we take reasonable security measures to protect your personal information, such measures cannot be guaranteed to be secure. We cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your personal information.
The security of your account relies on your protection of your user profile information. You are responsible for maintaining the security of your user profile information, including your password and for all activities that occur under your account. You may not share your password with anyone. We will never ask you to send your password or other sensitive information to us in an email. Any email or other communication purporting to be from one of our websites requesting your password or asking you to provide sensitive account information via email, should be treated as unauthorized and suspicious and should be reported to us immediately. If you believe someone else has obtained access to your password, please change it immediately by logging in to your account and report it immediately by contacting us via email at support@healthjoy.com.
NEWSLETTERS AND EMAILS
At registration and at various times during your use of the Service, you will be given the option of opting in to recurring informational or promotional newsletters via email from HealthJoy or directly from third parties. From time to time, HealthJoy also makes subscriptions to our newsletters available on third-party websites. If you sign up for one of our newsletters on a third-party website, you acknowledge and agree that the website may provide us with your personal information, such as your email address, and we may use that information as described in this Policy as though you had provided it directly to us.
When you sign up for our email newsletters on HealthJoy, you may at any time choose to opt out of receiving additional informational or promotional newsletters from HealthJoy. You can unsubscribe from a newsletter by following the directions included at the bottom of the newsletter.
Note that this Policy does not apply to information, content, ideas, concepts, or inventions that you send to HealthJoy by email. If you want to keep such information, content, ideas, concepts, or inventions private or proprietary, do not send them in an email or any other correspondence to HealthJoy.
RESEARCH AND MEASUREMENT ACTIVITIES
From time to time, HealthJoy may conduct online research surveys, ask you to enter personal information, and combine your personal information with other information available to HealthJoy through third parties for research and measurement purposes (as further described in the table under “Categories of Personal Information and Purpose for Collection”). We do not knowingly accept participants under the age of 18 when we partake in such research and measurement activities. If you are under the age of 18, please do not respond to any HealthJoy online research survey. Online research surveys conducted by or on behalf of HealthJoy will contain a link to this Policy.
CONSENT TO PROCESSING AND INTERNATIONAL TRANSFERS
HealthJoy is a U.S.-based business and may process, transfer, and store personal information on servers located in a number of countries, including the United States. As a result, your data may be subject to data protection and other laws that may differ from your country of residence. Your data may be disclosed in response to inquiries or requests from government authorities or to respond to judicial process in the countries in which we operate. By using the Service, or by providing us with any personal information, you consent to the collection, processing, maintenance, and transfer of such data in and to the United States where the privacy laws may not be as comprehensive as, or equivalent to, those in the country where you reside or are a citizen.
Your personal data may be stored or transferred to countries outside of the U.K. and E.U. that may not offer an adequate level of protection, such as the United States. When we store or transfer your personal data outside of the U.K. or E.U., we will do so in accordance with applicable law, and we will ensure a similar degree of protection is afforded to it by implementing appropriate safeguards. Transfers of personal data are made either to countries recognized as providing an adequate level of protection or, if the country does not offer adequate protection, such transfers are subject to standard data protection clauses adopted by the EU Commission or UK Information Commissioner to guarantee that your personal data is adequately protected in any cross-border transfer. To obtain any relevant information regarding any transfers of your personal data to third countries (including the relevant transfer mechanisms), please contact us.
We transfer personal information to the recipients and for the processing operations listed in the section of this Policy titled “Disclosure of Personal Information” The table below lists the specific third countries in which those recipients are located and where personal data is transferred as well as the lawful safeguards in place for each third country to effectuate such transfer:
Third country where personal data is transferred |
Lawful safeguard |
---|---|
United States |
Since there is no adequacy regulation or adequacy decision for the United States, our practice is to use legally-approved standard data protection clauses for transfers from a controller to a processor recognized or issued pursuant to Article 46(2) of the EU GDPR. |
SPECIAL NOTICE FOR EEA AND UK RESIDENTS
If you would like to submit a Data Subject Request, you can contact us at privacy@healthjoy.com. If you choose to submit a Data Subject Request, you must provide us with enough information to identify you and enough specificity on the requested data. We will only use the information we receive to respond to your request. We will not be able to disclose information if it cannot verify that the person making the Data Subject Request is the person about whom we collected information, or someone authorized to act on such person’s behalf. Please specify clearly which information you would like us to provide you with, review, amend, stop processing, or delete.
“Personal data” means any information relating to an identified or identifiable natural person.
- Request to Access and Data Portability. You may request a copy of your personal data shared with us in an eligibility file by your employer (note we do not have a way for exporting chats or calls) as well as confirmation as to whether or not personal data concerning you is being processed, access to your personal data, and information on the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, and the period of time the data will be stored. We may charge a reasonable fee to cover the administrative costs of providing you with a copy of your personal data.
- Request to Rectify or Complete. If you notify us, or we otherwise become aware, that the personal data we hold is inaccurate, we will not use it, and will not allow others to use it, until it is corrected. You can ask us to correct or complete our record of your personal data by contacting us at any time. To the extent possible, we will inform anyone who has received your personal data of any corrections.
- Request for Erasure. You may, in certain limited circumstances where the processing is not necessary in the context of the services we provide to you, ask to have the personal data we directly or indirectly process deleted or removed. If the request is founded, we will try to do so promptly, and, to the extent possible, will inform anyone who has received your personal data of your request.
- Request for Restriction of Processing. You may request that we limit the way in which we process your personal data where (i) you contest the accuracy of the personal data we have for you, (ii) you believe our processing of your personal data is unlawful (but you oppose the erasure of your personal data and prefer that our processing be restricted instead), (iii) we no longer need your personal data but you require such personal data for the establishment, exercise or defense of legal claims or (iv) you have objected to our processing pending the verification of our legitimate grounds for processing. If the request is founded, we will try to do so promptly, and, to the extent possible, will inform anyone who has received your personal data of your request.
- Request for Data Portability and Transfer. You may request to receive a copy of your personal data, and have it transferred to another controller, where technically feasible, in certain limited circumstances, where a) you provided the data to us, b) our processing is based on your consent or is necessary to fulfill a contract with you, and c) our processing is automated. We may refuse your request if these criteria are not met.
- Objection to Processing. You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data. If we have sufficiently compelling legitimate grounds for processing your personal data, or we need your data to establish, exercise or defend legal claims, we may continue to process it. Otherwise, we will stop using your personal data. You may also object at any time to your personal data being processed for direct marketing, and we will stop processing the data for such purposes.
- Withdrawal of Consent to Processing. Where we have relied on your consent as the legal grounds for processing, you may withdraw your consent at any time. Withdrawal does not invalidate the consent-based processing that occurred prior to withdrawal.
- Automated Individual Decision-making. We do not currently engage in automated individual decision-making. However, in the event we ever do so, we will inform you of such change and you may request not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects that concern you or that similarly significantly affect you, except were the automated individual decision-making is necessary for entering into, or the performance of, a contract between you and us; is authorized by law; or is based on the your explicit consent.
You may contact us at any time where you believe that we are in breach of data protection laws or where you wish to make a complaint about our data processing. Furthermore, if you believe that our processing of your personal data is in breach of data protection laws, you have the right to lodge a complaint with the relevant data protection supervisory authority (i.e., in the U.K. or Member State of your habitual residence, place of work or place of the alleged infringement), if you are of the opinion that any of your personal data is processed in a manner constituting an infringement of the U.K. or E.U. GDPR or where you believe that we have not resolved an issue you have raised with us.
SPECIAL NOTICE FOR CALIFORNIA RESIDENTS
If you would like to submit a Consumer Request, you can contact us at privacy@healthjoy.com. If you choose to submit a Consumer Request, you must provide us with enough information to identify you (e.g., your first and last name, email address, and telephone number) and enough specificity on the requested data. We will only use the information we receive to respond to your request. We will not be able to disclose information if we cannot verify that the person making the Consumer Request is the person about whom we collected information, or someone authorized to act on such person’s behalf. We will verify your request by comparing the information you provide with the information we have on you and, if your request is submitted by an authorized agent, we will require you to provide signed, written permission for such agent to act on your behalf.
“Personal information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. “Personal information” does not include publicly available information.
- Request to Correct. You may correct or update your personal information at any time by logging into your account or by contacting us.
- Request to Access. You may submit a Consumer Request to obtain a copy of or access to the personal information that we have collected on you.
- Request to Know. You may submit a Consumer Request to receive information about our data collection practices.
- Right to Know what Personal Information is being Collected. You may request information on the categories of personal information we have collected about you; the categories of sources from which the personal information is collected; our business or commercial purpose for collecting, selling, or sharing personal information; the categories of third parties to whom we have disclosed personal information, if any; and the specific pieces of personal information it has collected about you.
- Right to Know what Personal Information is Sold or Shared and to Whom. You may also request the categories of personal information that we have collected about you; the categories of personal information that we have sold or shared about you and the categories of third parties to whom the personal information was sold or shared, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared, and the categories of personal information that we have disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.
Please note that the categories of personal information, sources, and disclosure will not exceed what is contained in this Notice. Additionally, we are not required to retain any information about you if it is only used for a one-time transaction and would not be maintained in the ordinary course of business. We are also not required to re-identify personal information if it is not stored in that manner already, nor is it required to provide the personal information to you more than twice in a twelve-month period.
- Request to Limit the Use of Your Sensitive Personal Information. HealthJoy only uses sensitive personal information to provide the Service to you as you would reasonably expect when you request for such Service or otherwise consent to the collection, use, and disclosure of your personal information. However, you may request that we limit the use or disclosure of your sensitive personal information, provided we may not be able to provide the Service (or part of it) if you do request such limit.
- Request to Delete. You may request that we delete personal information it has collected from you. Subject to certain exceptions set out below we will, on receipt of a verifiable Consumer Request, delete your personal information from our records, direct any service providers to do the same, and notify all third parties to whom we have shared your personal information to delete it unless this proves impossible or involves disproportionate effort.
Please note that we may not delete your personal information if it is necessary to:
- Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by the consumer, or reasonably anticipated by the consumer within the context of a business’ ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer.
- Help to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes.
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
- Engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when the business’ deletion of the information is likely to render impossible or seriously impair the ability to complete such research, if the consumer has provided informed consent.
- To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business and compatible with the context in which the consumer provided the information.
- Comply with a legal obligation.
- Right to Access Information About Automatic Decision-Making. As discussed above, we do not currently engage in automated individual decision-making. However, in the event we ever do so, we will inform you of such change and you may request information about and opt out of such automated decision-making.
We may not, and will not, treat you differently because of your Consumer Request activity. As a result of your Consumer Request activity, we may not and will not deny goods or services to you; charge different rates for goods or services; provide a different level quality of goods or services; or suggest any of the preceding will occur. However, we can and may charge you a different rate, or provide a different level of quality, if the difference is reasonably related to the value provided by your personal information.
SPECIAL NOTICE FOR NEVADA RESIDENTS
We do not sell, rent, or lease your personally identifiable information to third parties. However, if you are a resident of Nevada and would like to submit a request not to sell your personally identifiable information, you may do so by emailing us at privacy@healthjoy.com.
SPECIAL NOTICE FOR VIRGINIA RESIDENTS
Personal information or “personal data” means “any information that is linked or reasonably linkable to an identified or identifiable natural person.” “Personal data” does not include de-identified data or publicly available information.
- Request to Access. You may submit a request to confirm or to obtain a copy of or access to the personal data that we have collected on you including what the data is, how it’s been used, and who it’s been disclosed to. Your personal data may no longer be available because it has been destroyed, erased, or made anonymous in accordance with our data retention policies in which case we will provide you with the reasons why the personal data no longer exists where possible.
- Request to Correct. You may correct or update your personal data at any time by logging into your account or by contacting us.
- Request to Delete. You may request that we delete the personal data provided by or obtained about you. We will delete your personal data from our records and direct any service providers to do the same unless retention is required by law.
- Request to Opt-Out. You may submit a request to opt out of the sale of your personal data as well as its processing for targeted advertising or consumer profiling. We do not sell, rent, or lease your personal data to third parties and do not process your personal data for targeted advertising or consumer profiling.
- Appeal. If we notify you that no action is to be taken in response to your request to access, correct, delete, or opt-out, you may appeal this decision by contacting us within 30 days with the reason why you believe further action should be taken. If you are not satisfied with the result of the appeal, you may contact the Virginia Attorney General or submit a complaint online at https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint.
- Withdraw Consent for Your Sensitive Personal Information. You may withdraw your consent to any use or disclosure of your personal sensitive information.
If you’d like to make any of the above requests, you can contact us at privacy@healthjoy.com. If you choose to submit a request, you must provide us with enough information to identify you (e.g., your first and last name, email address, and telephone number) and enough specificity on the requested data. We will only use the information we receive to respond to your request. We will not be able to disclose information or comply with your request if we cannot verify that the person making the request is the person about whom we collected information, or someone authorized to act on such person’s behalf. We will verify your request by comparing the information you provide with the information we have on you and, if your request is submitted by an authorized agent, we will require you to provide signed, written permission for such agent to act on your behalf.
SPECIAL NOTICE FOR COLORADO RESIDENTS
Personal information or “personal data” means “information that is linked or reasonably linkable to an identified or identifiable individual.” “Personal data” does not include de-identified or publicly available information.
- Request to Access. You may submit a request to confirm or to obtain a copy of or access to the personal data that we have collected on you including what the data is, how it’s been used, and who it’s been disclosed to. Your personal data may no longer be available because it has been destroyed, erased, or made anonymous in accordance with our data retention policies in which case we will provide you with the reasons why the personal data no longer exists where possible.
- Request to Correct. You may correct or update your personal data at any time by logging into your account or by contacting us.
- Request to Delete. You may request that we delete the personal data it has collected on you. We will delete your personal data from our records and direct any service providers to do the same unless retention is required by law.
- Request to Opt-Out. You may submit a request to opt out of the sale of your personal data as well as its processing for targeted advertising or consumer profiling. We do not sell, rent, or lease your personal data to third parties and do not process your personal data for targeted advertising or consumer profiling.
- Right to Data Portability. You may also request that we transfer your personal information to you or another entity, to the extent such transfer is technically feasible.
- Appeal. If we notify you that no action is to be taken in response to your request to access, correct, delete, or opt-out, you may appeal this decision by contacting us within 30 days with the reason why you believe further action should be taken. If you are not satisfied with the result of the appeal, you may contact the Colorado Attorney General.
- Withdraw Consent for Your Sensitive Personal Information. You may withdraw your consent to any use or disclosure of your personal sensitive information.
If you’d like to make any of the above requests, you can contact us at privacy@healthjoy.com. If you choose to submit a request, you must provide us with enough information to identify you (e.g., your first and last name, email address, and telephone number) and enough specificity on the requested data. We will only use the information we receive to respond to your request. We will not be able to disclose information or comply with your request if we cannot verify that the person making the request is the person about whom we collected information, or someone authorized to act on such person’s behalf. We will verify your request by comparing the information you provide with the information we have on you and, if your request is submitted by an authorized agent, we will require you to provide signed, written permission for such agent to act on your behalf.
SPECIAL NOTICE FOR CONNECTICUT RESIDENTS
Personal information or “personal data” means “information that is linked or reasonably linkable to an identified or identifiable individual.” “Personal data” does not include de-identified or publicly available information.
- Request to Access. You may submit a request to confirm or to obtain a copy of or access to the personal data that we have collected on you including what the data is, how it’s been used, and who it’s been disclosed to. Your personal data may no longer be available because it has been destroyed, erased, or made anonymous in accordance with our data retention policies in which case we will provide you with the reasons why the personal data no longer exists where possible.
- Request to Correct. You may correct or update your personal data at any time by logging into your account or by contacting us.
- Request to Delete. You may request that we delete the personal data it has collected on you. We will delete your personal data from our records and direct any service providers to do the same unless retention is required by law.
- Request to Opt-Out. You may submit a request to opt out of the sale of your personal data as well as its processing for targeted advertising or consumer profiling. We do not sell, rent, or lease your personal data to third parties and do not process your personal data for targeted advertising or consumer profiling.
- Appeal. If we notify you that no action is to be taken in response to your request to access, correct, delete, or opt-out, you may appeal this decision by contacting us within 30 days with the reason why you believe further action should be taken. If you are not satisfied with the result of the appeal, you may contact the Connecticut Attorney General or submit a complaint online at https://portal.ct.gov/AG/Common/Complaint-Form-Landing-page.
- Withdraw Consent for Your Sensitive Personal Information. You may withdraw your consent to any use or disclosure of your personal sensitive information.
If you’d like to make any of the above requests, you can contact us at privacy@healthjoy.com. If you choose to submit a request, you must provide us with enough information to identify you (e.g., your first and last name, email address, and telephone number) and enough specificity on the requested data. We will only use the information we receive to respond to your request. We will not be able to disclose information or comply with your request if we cannot verify that the person making the request is the person about whom we collected information, or someone authorized to act on such person’s behalf. We will verify your request by comparing the information you provide with the information we have on you and, if your request is submitted by an authorized agent, we will require you to provide signed, written permission for such agent to act on your behalf.
SPECIAL NOTICE FOR UTAH RESIDENTS
Personal information or “personal data” means “information that is linked or reasonably linkable to an identified individual or an identifiable individual.” “Personal data” does not include deidentified data, aggregated data, or publicly available information.
- Request to Access. You may submit a request to confirm or to obtain a copy of or access to the personal data that we have collected on you including what the data is, how it’s been used, and who it’s been disclosed to. Your personal data may no longer be available because it has been destroyed, erased, or made anonymous in accordance with our data retention policies in which case we will provide you with the reasons why the personal data no longer exists where possible.
- Request to Correct. You may correct or update your personal data at any time by logging into your account or by contacting us.
- Request to Delete. You may request that we delete the personal data that you have provided to us. We will delete your personal data from our records and direct any service providers to do the same unless retention is required by law.
- Request to Opt-Out. You may submit a request to opt out of the sale of your personal data as well as its processing for targeted advertising. We do not sell, rent, or lease your personal data to third parties and do not process your personal data for targeted advertising.
- Withdraw Consent for Your Sensitive Personal Information. You may withdraw your consent to any use or disclosure of your personal sensitive information.
If you’d like to make any of the above requests, you can contact us at privacy@healthjoy.com. If you choose to submit a request, you must provide us with enough information to identify you (e.g., your first and last name, email address, and telephone number) and enough specificity on the requested data. We will only use the information we receive to respond to your request. We will not be able to disclose information or comply with your request if we cannot verify that the person making the request is the person about whom we collected information, or someone authorized to act on such person’s behalf. We will verify your request by comparing the information you provide with the information we have on you and, if your request is submitted by an authorized agent, we will require you to provide signed, written permission for such agent to act on your behalf.
SPECIAL NOTICE FOR MEXICO RESIDENTS
Personal information or “personal data” means “any information concerning an identified or identifiable individual.”
- Request to Access. You may submit a request to confirm or to obtain a copy of or access to the personal data that we have collected on you including what the data is, how it’s been used, and who it’s been disclosed to. Your personal data may no longer be available because it has been destroyed, erased, or made anonymous in accordance with our data retention policies in which case we will provide you with the reasons why the personal data no longer exists where possible.
- Request to Rectify. You may rectify or correct your personal data at any time by logging into your account or by contacting us.
- Request to Cancel. You may request that we cancel the personal data provided by or obtained about you.
- Objection to Processing. You may object to the processing of your personal data, and we will stop using your personal data unless otherwise required or permitted by applicable law.
If you’d like to make any of the above requests, you can contact us at privacy@healthjoy.com. If you choose to submit a request, you must provide us with enough information to identify you (e.g., your first and last name, email address, and telephone number) and enough specificity on the requested data. We will only use the information we receive to respond to your request. We will not be able to disclose information or comply with your request if we cannot verify that the person making the request is the person about whom we collected information, or someone authorized to act on such person’s behalf. We will verify your request by comparing the information you provide with the information we have on you and, if your request is submitted by an authorized agent, we will require you to provide signed, written permission for such agent to act on your behalf.
CHANGES TO THE PRIVACY POLICY
We reserve the right to change or modify this Policy or any of our tools or services at any time, and any changes are effective upon being posted unless we advise otherwise. If we make any material changes to this Policy, we will notify you by email or post notice on this website before the change becomes effective.
We encourage you to frequently review this website for the latest information on our privacy practices. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. You are bound by any changes to our Privacy Policy when you use the Service after such changes have been first posted. If you do not accept the terms of our Privacy Policy, we ask that you do not register with us and that you do not use HealthJoy. Please exit HealthJoy immediately if you do not agree to the terms of this Privacy Policy.
REASONABLE FEES
Subject to applicable law, HealthJoy may charge a reasonable fee for the administrative costs of any request that is manifestly unfounded or excessive.
HOW TO CONTACT US
If you have any questions about this Policy, you may contact us by using the “Contact” link (under Learn More) at the bottom of every page of our Site, by email at privacy@HealthJoy.com, or by mail at:
HealthJoy, LLC
Attn: Privacy Officer
215 West Superior St., 5th Floor
Chicago, IL 60654
Our Data Protection Officer may be contacted at:
HealthJoy Data Protection Officer
You may also contact our U.K. and E.U. representatives at:
HealthJoy U.K. Representative
HealthJoy Data Protection Officer
HealthJoy E.U. Representative
HealthJoy Data Protection Officer