Effective May 1, 2020 Version 1.6
Effective: 10 October 2020
Under some data protection laws, the person or entity that controls the purposes and means of processing personal data is known as a “data controller” and a person or entity that processes data on behalf of the data controller is known as a “data processor” or a “service provider.”
When you use Wellbeats Services made available to you by your employer (or health benefits provider), Wellbeats is providing a service to, or on behalf of, your employer and your employer is a data controller. If you have questions about the processing of your personal data through the Wellbeats Platform, you should direct inquiries to your employer (or health benefits provider).
Where Wellbeats collects personal data outside of the Wellbeats Platform (such as when you visit a Wellbeats Website), Wellbeats, Inc. is the data controller. If you have a question about how your data is used when Wellbeats is the data controller, please contact Wellbeats using the contact details below.
What Information is collected about me?
Wellbeats will collect certain information from you on our Site, Kiosk, Applications, or through any other digital or personal communication with you to provide customized content and services. Wellbeats will collect information on your use of content services, your preferences and activities and will log any additional information you input.
The following table lists the categories of personal information and specific pieces of information we may collect about our customers and customer’s employees. The table also describes the reason we collect the information (purpose of processing); the legal basis for processing (where appropriate); the categories of third parties with whom we may share the information and use about you:
- Your contact information, including your name and last name, personal and or business email addresses, your phone number, and a unique identifier provided by the company you subscribe through;
- History of e-mail interactions with Wellbeats.
- The email address or username you use to sign-in;
- Password of your choice
- Your gender, date of birth and age;
- Your profile picture if provided.
- Fitness profile consisting of:
- Fitness level
- Fitness priorities
- Type of class preference
- Time commitment goal
- Duration of workout preference
- Equipment access
- Preferred workout location
- Information about your fitness and related wellness activities offered within the platform or mobile applications;
- Class play logs
- Login times and device category used.
- We may temporarily store Internet Protocol (IP) address information for diagnostic purposes.
- Information about your participation and performance in challenges;
- The comments and contributions you may make on the web-based platform or mobile applications;
- Additional information you may provide as you submit queries and requests to us;
- Computer data files, often called “web beacons” that are collected from emails or links on third-party sites that allow our server to evaluate the popularity of those links or the information contained in emails or on third-party sites; and
- Information you voluntarily provide while “Requesting More Information” through our Site;
- We also collect and use aggregate data that may be derived from your personal information but is not considered personal information since it does not reveal your identity.
The extent of the personal information we have depends on what you may enter into the system, as well as your level of interaction with our platform. You are under no obligation to provide any additional personal information to us at any time. However, if you choose to withhold some personal information, portions of your experience may be affected.
How is User Information Used and Shared?
We collect information about you in order to provide you with personalized Wellbeats services and products and also collect information that is necessary for our Site, Kiosks or Applications to work properly. We use personal information about our users for a variety of purposes related to our business, including but not limited to:
- Allowing you to create and maintain your user account and profile;
- Providing information regarding your exercise preferences;
- Tracking information about your visits to our Site, Kiosks or use of Applications to allow us to personalize your Wellbeats experience;
- Using demographic and certain exercise preferences in the aggregate across all Wellbeats users to evaluate our services and develop additional products and services to offer through our Wellbeats system;
- Sending or initiating direct marketing programs, such as newsletters or information about new products or services we are offering;
- Contacting you regarding an inquiry on our Site, Kiosks or through an Application that you have initiated;
- Providing information about your usage or preferences to the facility hosting the Kiosk;
- Providing you with information regarding your exercise goals or results;
- Providing customer service and support.
Reuse of personal information for new purposes:
We will not reuse personal information for a new purpose other than the original one(s) for which it was collected, unless one or more of the following apply:
- the new use is compatible with the original one, meaning you should reasonably expect a similar use;
- we have notified you of the new use and given you an opportunity to object to it; or
- the new use is otherwise permitted or required by law.
We may provide user information to third party service providers or vendors for purposes of, including without limitation, data tracking, operation and support, maintenance or development of our System, development of online products and services or customer service or new product development, initiating direct marketing programs, or other contracted promotional opportunities provided to our users.
We may share this information with any subsidiaries, licensees, affiliates, assigns, successors, or other related entities and their respective owners.
If you are accessing our System through a third party or employer that contracts with us to provide services to you, we may also share your information with that third party or employer.
Finally, we may also share your personal information in connection with law enforcement requests or in response to investigations, subpoenas, court orders, or other legal process to establish or exercise our legal rights or defend against legal claims.
Information for Residents of California
Information for Residents of Nevada
Wellbeats will never sell your information. The following is included to comply with Nevada law. Under Nevada law, Nevada residents may opt out of the “sale” of certain “covered information” (as defined under Nevada law) collected by operators of websites or online services. We currently do not sell covered information, as “sale” is defined by Nevada law, and we do not have plans to sell this information.
Information for Residents of Canada
Information for Residents of EEA and International Data Processing
Wellbeats is located in the United States and all data related to the System (as defined below) is collected and processed by Wellbeats in the United States. If you are not located in the United States, your personal data will therefore be transferred to, processed, and stored in a country (the United States) outside of the country where you live. By submitting your personal information to us, you are consenting to the processing of your personal information in the United States. To the extent some of our customers and distributors, such as workout facilities, hotels, and companies, need to collect and share or permit us to facilitate collection and sharing of personal data to enable our services, it is the responsibility of those customers and distributors to provide necessary privacy notices and obtain required consents.
European Union (EU) data protection law regulates the transfer of EU resident’s personal data to countries outside the European Economic Area (EEA), which includes all EU countries and Iceland, Liechtenstein, and Norway. The EU Standard Contractual Clauses are standardized contractual clauses used in agreements between service providers (such as Wellbeats) and their customers to ensure that any personal data leaving the EEA will be transferred in compliance with EU data-protection law and meet the requirements of the EU Data Protection Directive 95/46/EC. Wellbeats includes Standard Contractual Clauses in agreements with customers and distributors and abides by and process European Data in compliance with the Standard Contractual Clauses.
If you are not located in the United States, your local privacy laws may give you certain rights to access information held about you and you may have the right to ask us not to process your personal data. At any time, you can request access to your personal information, request that any inaccuracies be corrected, and request that comments or explanations be added to records about you.
You can also ask about:
- whether and why we have your personal information;
- how we got your personal information;
- what we have done with your personal information;
- to whom we have communicated your personal information;
- where your personal information has been stored, processed or transferred;
- how long we will retain your personal information, or how that retention period will be determined; and
- the safeguards in place to protect your information when it is transferred to third parties or third countries.
Finally, you can ask us not to collect or use your personal information for certain purposes, you can ask us to delete your personal information, or you can ask us to provide your personal information to a third party.
We may refer any of these requests to our client (if they are the data controller) if your personal information was collected on behalf of that client.
Depending on which laws apply to your personal information, we or our client (if data controller) may only be able to do some of these things for you. If you request one of these things and we refuse to do it, we will explain your legal rights, the reason for our refusal and any recourse you may have.
We will respond to your request without undue delay within 30 days. Wellbeats reserves the right to take reasonable steps to verify customer identity prior to granting access or processing changes or corrections.
If you are a European Data Subject, you may request access, rectification and correction, erasure and to object to our processing of your information by contacting us at firstname.lastname@example.org or by this Data Subject Request Form. Further, if you are a European Data Subject and we are processing your personal data on the basis of your consent, you may revoke your consent at any time by emailing us at: email@example.com or by using this Data Subject Request Form. Such withdrawal does not affect the lawfulness of processing prior to the withdrawal of consent. Further, withdrawal of consent does not affect processing of information based on other lawful bases of processing other than consent.
Profiling: We will not use your personal data for decisions based solely on automated processing if the decision produces legal effects concerning you or significantly affects you, unless you gave your explicit consent for this processing.
Our Procedure for Handling Complaints, and exercising data subject rights.
European Union data subjects may file a complaint with a data protection authority regarding our processing of your personal data. For more information, please contact your local data protection authority. Contact information of European supervisory authorities is available here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
Cookies and Related Technologies
We also use third-party vendors, such as Google Analytics, Facebook Pixel, and Act-On, to advertise to our users online. These third-party vendors may display our advertisements on other websites based on your internet usage or may display advertising on our website based on your browser history. More specifically, these vendors use first-party cookies (such as the Google Analytic cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize, and serve ads based on your past visits to the Site or another site affiliated with us. You can opt-out of Google Analytics for Display Advertising by using Google’s Ads Settings.
You can easily accept or reject the cookies on this site by using the Privacy & Cookies Policy tool at the bottom of the web page.
How is User Information Protected?
Wellbeats maintains administrative, physical and technical safeguards for all user information collected in our System. We utilize a Transport Layer Security (TLS 1.2) technology that protects all the information using both server authentication and data encryption, ensuring that your data is safe, secure, and available only to you.
You are responsible for maintaining the secrecy of your unique System username and password and other account information, and for controlling access to your email communication from Wellbeats. You must log off of sessions at Kiosk sites to ensure protection of your user account.
We will retain your information for as long as your account is active or as needed to provide you services and to fulfill the purposes for which the data was collected. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
In most circumstances the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) will not apply to your personal information that is shared with Wellbeats. However, if Wellbeats is providing services to you pursuant to an agreement with a Covered Entity, HIPAA may apply. In the event that HIPAA applies, Wellbeats will be bound by the provisions set forth in its Business Associate Agreement with the Covered Entity and your personal information will be used in accordance with the privacy policies of that Covered Entity subject to HIPAA requirements. If you have questions about whether HIPAA applies to the information that you share with Wellbeats, please contact us at firstname.lastname@example.org.
We may also disclose your information to a third party as part of reorganization or a sale of the assets of Wellbeats, or its subsidiaries or divisions. Any third party to which Wellbeats transfers or sells the System or related assets will have the right to continue to use the personal and other information that you provide to us.
How Can Users Limit Information Collected?
While we work hard to ensure we use and disclose our users’ personal information only for the purposes identified above, you can choose not to provide personal information or limit the personal information obtained by us as follows:
- You may have your contact information removed from our marketing lists that are used to inform users of new or relevant products, services and special offers that may benefit them by clicking on the Unsubscribe link in any communication received from us or by emailing us at email@example.com, or by using this Data Subject Request Form.
- You may limit, change or delete information in your user profile or refuse to provide personal information to us at any time by logging into your account and changing your user preferences. This refusal may limit our ability to provide you with the highest quality service possible and may limit your ability to use the Wellbeats system.
- You may limit the collection of “cookies” from your Site usage through your browser settings. This may limit our ability to offer certain products or features to you.
If you become a registered user of our System, there are certain communications, such as account information and user agreement updates, that you may not be able to “opt out” of. To no longer receive these communications, you must cancel your Wellbeats account.
How To Contact Wellbeats
Attention: Data Privacy Officer
1660 South Hwy 100
St Louis Park, MN 55416