HealthyWage Privacy & Data Security Policy
current as of: 4/9/2013
Privacy and data security are top priorities at HealthyWage. This document (the "Privacy & Data Security Policy" or "Policy") presents a summary of the measures we take to ensure that we capture no more customer data than is absolutely necessary to effectively run our programs; that the data we collect is secured in a manner that exceeds industry and regulatory standards; and that we have processes in place to detect and properly handle any security breach, should one ever occur. The Policy applies to websites owned and operated by HealthyWage LLC, including www.healthywage.com.
HealthyWage uses incentives, including financial incentives, to empower you to live a better life. In particular, we run healthy weight loss contests, and programs that allow you to get paid to lose weight and even bet on your weight loss. Our programs require only minimal information from participants, as described below, and we safeguard that information very carefully.
II. User Registration
Participants access our system and register for our programs by visiting our website at www.healthywage.com. The first time you sign in to HealthyWage, you will be asked to create an account; whether you do so is your choice. To create an account, you must provide personal information, including: first name, last name, email address, gender, date of birth, phone number (optional), zip code, weight and height.
III. Security of Your Personal Information
We are committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, and disclosure. For example, all participant data is collected on pages secured by a 128-bit encryption key, and stored in a single MYSQL database that is protected by two layers of authentication, both requiring a case-sensitive, alphanumeric password. The first layer is http authentication. The second layer is http form-based authentication with automatic lockout after five invalid login attempts. The database is also secured by a firewall and an intrusion detection system. The database port on the server is always kept closed (we do not use it). The database resides on a server, with a back-up copy on another server, which are both stored under lock and key in secure, security-patrolled facilities at Rackspace (Rackspace is a high-end, industry-leading server hosting, maintenance and security firm).
All HealthyWage employees and contractors, regardless of their level of access to participant data, must complete our comprehensive training on security awareness, privacy, HIPPA compliance, general legal compliance and the HealthyWage Privacy & Data Security Policy and procedures. Each employee and contractor must review and sign the HealthyWage Participant Data Privacy Statement and a non-disclosure agreement before commencing work. Employees and contractors also receive ongoing training.
In order to foster an environment where participant privacy is taken very seriously, HealthyWage is clear about its policy that any employee or contractor who behaves in contravention of this Policy is subject to severe sanctions, including termination.
IV. Data Access
Access to the participant information is on an “only as necessary” basis. Persons who require access to such information in the performance of their duties are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to honor these obligations.
Please note that if you are participating through your company, then your information may be further segregated, per the terms of our agreement with your company, and may not be accessible to anyone except for designated employees and contractors as required by our agreement with your company.
V. How We Use Your Personal Information
We use personal information collected through HealthyWage, including health and wellness information, to enable the services provided through HealthyWage and as described in this privacy statement. We do not use or disclose your information except as described in this privacy statement. In support of these uses, we may use personal information to: (i) provide you with important information about HealthyWage, including critical updates and notifications; (ii) send you email and/or mobile alerts and/or reminders; (iii) modify your HealthyWage plan to better address your health needs and progress; and (iv) determine appropriate services relevant to you, your lifestyle and your geographic location.
We may access and/or disclose your personal information if we believe such action is necessary to: (a) comply with the law or legal process served on us; (b) protect and defend our rights or property (including the enforcement of our agreements); or (c) act in urgent circumstances to protect the personal safety and welfare of HealthyWage users or members of the public. If you are participating through a company, then HealthyWage may, at the request of such company, to the extent permitted by federal and state privacy laws and regulations, share participant information with the company.
Personal information collected on HealthyWage is currently stored and processed in the United States.
VI. How We Use De-identified and Aggregated Information and Statistics
We may use de-identified and or aggregated information gathered from HealthyWage and related statistics to improve the services provided through HealthyWage, and for certain research and analysis including clinical medical research. We may also provide this information to our partners for such purposes. De-identified information does not include personally identifiable information such as name, email address, or address, but may include gender, height, weight, postal code, and medical information. Aggregated information is information from multiple users that is not associated with any individual user account. Please note that, if you are participating in HealthyWage through a company, the use of your data, even on a de-identified or aggregated basis, may be further restricted or not allowed at all, depending upon our agreement with your company.
VII. Deleting Records; Record Destruction
All waste copies of participant data generated in the course of copying, printing, or otherwise handling participant information are destroyed.
You can delete your account by sending an email to email@example.com using the account your used to create the account. Please put CANCEL in the subject line.
VIII. Email and Mobile Alerts
To comply with your reminder requests and to keep you informed of the latest improvements and alerts relating to your HealthyWage program, HealthyWage will send you emails, reminders and/or mobile alerts. You have the ability to opt out of receiving emails and/or reminders and/or mobile alerts.
IX. Review and Enforcement of This Policy
The HealthyWage Security and Privacy Committee (the “Committee”) is charged with developing, implementing, reviewing, assessing and enforcing HealthyWage’s privacy and data security policies and procedures. The Committee is comprised of members of HealthyWage’s senior management, and is chaired by Jimmy Fleming, Esq., HealthyWage’s Chief Operating Officer and General Counsel. Mr. Fleming serves as the contact person responsible for receiving complaints and providing individuals with information on HealthyWage’s privacy and data security practices. Mr. Fleming supervises the HealthyWage Information Security Manager.
If you have questions regarding this statement, you should contact us at legal@HealthyWage.com.
One of the primary purposes of cookies is to provide a convenience feature to save you time. For example, if you personalize a web page, or navigate within a site, a cookie helps the site to recall your specific information on subsequent visits. Using cookies simplifies the process of delivering relevant content and eases site navigation. When you return to the web site, you can retrieve the information you previously provided, so you can easily use the site's features that you customized.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline some or all cookies if you prefer. If you choose to decline all cookies, you may not be able to use interactive features of this or other web sites that depend on cookies.
XI. Changes to this Privacy Statement
We may occasionally update this privacy statement. When we do, we will also revise the "current as of" date at the top of the privacy statement. For material changes to this privacy statement, we will notify you either by placing a prominent notice on the home page of HealthyWage or by sending you a notification directly. We encourage you to review this privacy statement periodically to stay informed about how we are helping to protect the personal information we collect. Your continued use of HealthyWage constitutes your agreement to this privacy statement and any updates. Please be aware that this privacy statement and any choices you make on HealthyWage do not necessarily apply to personal information you may have provided to us in the context of other of our separately operated products or services.
XII. Contact Information
We welcome your comments regarding this privacy statement. If you have questions about this statement or believe that there is an issue, please contact us by email by following this link: privacy@HealthyWage.com.
Our address is:
24 West 55th Street, 5th Fl
New York, NY 10019