WELL 121 PRIVACY POLICY V1

Produced by Mark Holt-Rogers, Director, Wellbeing4business Ltd February 14, 208 Commitment statement                                       Welcome to our privacy policy which outlines our code of practice and terms and conditions. When using the app and accessing our coaching system we need to make you aware that we pride ourselves on making the app as user friendly as possible and ensuring that your personal data is managed and stored in line with GDPR. The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in the last twenty years. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe. WELLBEING4BUSINESS will comply with applicable GDPR regulations as a data processor when they take effect on 25th May 2018. The Privacy Policy is here to do three things:

  1. Explain the way we use information that you share with us in order to build a great product and give you a great experience with it;
  2. Ensure that you understand what information we collect with your permission, and what we do — and do not do — with it;
  3. Hold us accountable for protecting your rights and your privacy under this policy

By using or interacting with the WELL121 Service, you are consenting to:

  • the use of cookies and other technologies;
  • the transfer of your information outside of the country where you live;
  • the collection, use, sharing, and other processing of your information, including for advertising-related purposes (as described in the rest of this Privacy Policy); and
  • the sharing of your information through leader boards and anonymous data reports.

In each case, you consent to the processing of data by the entities described in this Privacy Policy The information we collect Registration data When you sign up for the Service, we ask you for information such as your username, password, email address. We may also collect Health tracking data when you choose to enter it. You may also choose to voluntarily add other information in the chat functions. Your mobile device We may provide features that rely on the use of additional information on your mobile device or require access to certain services on your mobile device that will enhance your experience but are not required to use the Service. For example, we might allow you to upload photos to your profile or synchronisation with other apps and wearables. Granting us access does not mean you are granting us unlimited access to that information or that we will access specific information without your permission. To the contrary, for each type of information listed in this section, before we access this information or these features of your mobile device, we will ask for your permission. If you provide such permission, we will collect the information for the specific purposes explained at the time we ask for your permission. You do not have to give us such permission in order to use WELL121, and acceptance of this Privacy Policy does not mean you have granted us permission to access this information. We will name any organisations and/or coaches who can access your data. In particular:

  • Photos and Camera: We will not access your photos or camera without first getting your explicit permission and we will never scan or import your photo library or camera roll. If you give us permission to access photos or your camera, we will only use images that you specifically choose to share with us. (You may use our application to select the photo or photos you choose to upload, but we will never import the photos you review except those you explicitly share.).
  • Location: We will not gather or use the specific location of your mobile device
  • Contacts: We will not scan or import your contacts stored on your phone
  • Synchronisation data: We will pull information from other wearables/apps that integrate with WELL121. This will only occur if you grant permission to connect.
  • Opting in: We ask you to opt-in to all our processes and systems. We want to ensure that we obtain your informed consent on our management of your personal data when we collect it throughout the app.
  • Data deletion: We delete records after use. If you ask us to delete your data from our systems, we will delete your data from our systems completely and with reasonable expediency.​ You can delete the app at any time from your phone​
  • Consent: You can withdraw your consent at any time. You can refuse to consent to coaching.

Cookies A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a web site’s computers and stored on your computer’s hard drive. Cookies are required in order for you to use many of the www.WELL121.com products or services. We use cookies to record current session information, but do not require permanent cookies. Accessing a Well 1-2-1 Online Personal Coach If you access our coaching; coaches will forward a consent statement to you explaining how and why we share your data.If you accept an invitation from a Well 1-2-1 Coach, the Coach will be able access to all data and information that exists under your account. The Coach will also be able to send private messages to you. The Coach has agreed to keep your data and information confidential and not use it for any purpose other than to provide you individualized advice and services, but we cannot provide any assurances that any Well 1-2-1 Coach will in fact do so. We are not required to litigate or otherwise pursue any wrongful disclosure of you data and information. To the extent that any of your data or information contains protected health information, you hereby expressly consent to the disclosure of such protected health information when you accept an invitation from a Coach. Data Storage Creating a HIPAA-compliant digital coaching platform begins with where all the data lives, and for us, that begins with our first key partner in HIPAA-compliance and security, and that’s leading cloud-based secure hosting provider, Armor. Third Party Services We may use a variety of services offered by third parties to help maintain and improve our app to help us understand the use of our services, or simply to provide the services. These services may store both personally identifiable information about you which we collect and the information sent by your browser as part of a web page request, such as cookies or your IP address. If any third parties are given access to your personally identifiable information, we will limit the use of such personally identifiable information only to provide the services to us which we have requested. Policy towards Children Neither the Well 1-2-1 sites nor the services are directed to people under the age of 13. If you become aware that your child has provided personally identifiable information, please contact us at info@wellbeing4business.co.uk. We do not knowingly permit children under 13 to use our Website or Services or collect personally identifiable information from children under 13. If we become aware that a child under 13 has provided us with personally identifiable information, we will take steps to remove such information and terminate the child’s account. Information Security, Retention, and Data Integrity We take reasonable security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include firewalls and encryption, internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems. Our software code and all data and information reside on servers that comply with the requirements of the Health Insurance Portability and Accountability Act of 1996. In addition, our software code resides on one set of servers and all data and information reside on a separate set of servers. We restrict access to personal information to our employees, contractors and agents who need to know that information in order to operate, develop or improve our Services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination, if they fail to meet these obligations. However, we are unable to guarantee that the security measures we take will not be penetrated or compromised or that your information will remain secure under all circumstances. Transfer of Information on Sale and for Legal Compliance Well 1-2-1 uses a platform developed and owned by NudgeCoach. Notwithstanding anything to the contrary in this Privacy Policy: (a) upon a sale of Nudge or all or substantially all of its assets, we reserve the right to transfer to the purchaser of Nudge all data it has, including without limitation all Log Data and all personally identifiable data concerning you and any user of the Nudge Sites and the Services and (b) we will share your personal information if we have a good faith belief that: (i) access, use, preservation or disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, legal process, such as a court order or subpoena, or a request by law enforcement or governmental authorities, (ii) such action is appropriate (A) to enforce the Terms of Service, including any investigation of potential violations thereof, or (B) to detect, prevent, or otherwise address fraud, security or technical issues associated with the Nudge Sites and the Services, or (iii) such action is appropriate to protect the rights, property or safety of Nudge, its employees, users of the Nudge Sites and the Services. Users The app and coaching system is hosted on a high security cloud based server in the United States. If you access the App from the European Union, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure that differ from United States laws, please be advised that through your continued use of the app you are transferring your personal information to the United States and you consent to that transfer. Additionally, you understand that your personal information may be processed in countries (including the United States) where laws regarding processing personal information may be less stringent than in your country. Access You retain the right to access, amend, correct or delete your personal information where it is inaccurate at any time. To do so, please contact info@wellbeing4business.co.uk. While we would be sorry to see you go, you can delete your account at any time. Keep in mind, however, that even if you delete your account, we may retain your personal information in conformance with our data retention policy, under which we may retain such information to comply with laws, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigations, enforce our Terms of Service, and take other actions otherwise permitted by law. There may be residual personal information that remains within our databases, access logs, and other records. In addition, we are not responsible for updating or removing your personal information already disclosed to third parties who have been provided information as permitted by this Privacy Policy. General Terms We reserve the right to change this Privacy Policy from time to time at our sole discretion. Any such change, update or modification will be effective immediately upon posting the revised Privacy Policy. We will provide no other notice to you. It is your responsibility to review this page from time to time to ensure that you continue to agree with all of its terms. If you no longer agree to this Privacy Policy after a change, you must cease using the WELL121 Sites and the Services. Our failure to exercise or enforce any right or provision of this Privacy Policy shall not constitute a waiver of such right or provision. This Privacy Policy is hereby incorporated into the Terms of Service. You may not assign this Privacy Policy to any party. If any provision of this Privacy Policy is deemed invalid, then that provision will be limited or eliminated to the minimum extent necessary, and the remaining provisions of this Privacy Policy will remain in full force and effect If you have any questions regarding this policy please contact info@wellbeing4busines.co.uk