Privacy Policy

Last updated November 4, 2021

Wellthy.com Privacy Policy

Your privacy is important to us. This privacy policy (the "Privacy Policy") describes how Wellthy, Inc. ("Wellthy," "we," "our," or "us") collects, uses and shares personal information and other information (collectively, the "Information") obtained through our website at www.wellthy.com (the "Site").

This Privacy Policy provides transparency about the privacy practices of Wellthy, Inc. (“Wellthy,” “we,” “our,” or “us”), including how we collect, process, and disclose personal information, and how you can control and manage your privacy choices. Please take time to review this policy prior to providing Wellthy your information.

Who is Wellthy?

Wellthy is a Care Concierge Service providing both human and technology support to families and individuals. Through our Care Coordinators, Wellthy helps plan and accomplish important care related tasks within a modern online experience. Scheduling appointments, refilling prescriptions, handling prior authorizations, sourcing and vetting the right in-home aide, handling a move into a care facility, and contesting insurance bills are just a few of the services Wellthy provides to its customers.

1. Scope and Applicability

The scope of this Privacy Policy includes Wellthy and any of our affiliates with whom we may share personal information, and encompasses all of our services and includes the services made available through Wellthy.com and other Wellthy websites and applications.

This Privacy Policy applies to individuals in the United States, Canada, and the United Kingdom. Our relationship with you will determine how this Privacy Policy applies to you and your information. In general, if you engage with us directly and independently of a third party, this Privacy Policy most likely applies. However, if we are processing your information as a service provider to a third party, that third party is most likely responsible for your privacy. If you have any doubt as to who is responsible for your information, please contact privacy@wellthy.com.

Where applicable, this Privacy Policy is presented to you at or before the time your information is collected to provide you with advanced notice of our practices.

2. Information We Collect and Receive

Wellthy may collect personal data directly from you; however, we sometimes receive your information from loved ones (“Care Team Members”) helping to facilitate and coordinate care services on behalf of others. We collect and process data when you use the site, including when you sign up to create an account. Information is collected from the following categories of individuals:

Employers – Employers are persons responsible for administering their organization’s subscription to Wellthy’s Care Concierge Service on behalf of their organization. We collect the following personal information from Sponsor Administrators:

  • Business Contact Information – First and last name, employer, title, business phone number, business email address, business address

Enrollee – An Enrollee is a person enrolled in Wellthy’s Care Concierge Service. We collect the following personal information from Enrollees who are enrolled in our service:

  • Contact Information – First and last name, email address, job title/position, employer name
  • Payment Information (for private pay Enrollees only) – First and last name, email address, payment card number, billing address, payment amount

Care Recipient – A Care Recipient is a person receiving care coordination services and who may or may not also be an Enrollee. In cases where a Care Recipient is someone other than the Enrollee, we may receive Care Recipient information directly from the Care Recipient’s Enrollee. If you are an Enrollee sharing a Care Recipient’s information with Wellthy on the Care Recipient’s behalf, you must be legally authorized to share such information (e.g. Power of Attorney). We collect the following information about Care Recipients:

  • Contact and Identification Information – First and last name, phone number, physical address, email address, date of birth
  • Medical and Health Information – Diagnosis information, medical records, medical record number, social security number, health insurance information, health insurance claims information

Care Team Members – Care Team Members are additional individuals, other than those described above, who wish to remain informed about and assist with a Care Recipient’s journey. We collect the following information about Care Team Members:

  • Contact Information – First and last name, phone number, email address, physical address, date of birth
  • Medical and Health Information – Diagnosis information, medical records, medical record number, social security number, health insurance information, health insurance claims information

Sales Prospect – A sales prospect is a prospective interested party or candidate for Wellthy’s Care Concierge Service. Wellthy may collect or receive the following information about Sales Prospects:

  • Business and/or Personal Contact Information – First and last name, employer, title, phone number, email address, physical address

Website User – A Website User is a person who accesses or interacts with our website. Wellthy may collect or receive the following information about Website Users:

  • Log Data – Information collected by our servers when you access our website, including IP addresses, referral URLs, browser type and settings, date and time of usage, language preferences, and cookie data
  • Device Data – Information about your device, including type of device, operating system, application IDs, unique device identifiers, and crash data
  • Analytics Data – Approximate geolocation based on your IP address and other information from your browser and device
  • Contact Information – Your name, phone number, email address, and mailing address, etc. if you engage with us through our webforms, live chat, or other contact methods

3. Our Uses of Personal Information

Our use of your personal information is limited to the purposes disclosed to you in this Privacy Policy, or by other means, as required by law. In general, we use your personal information to operate our care concierge services business, including care coordination, assisting with providers, and appointment scheduling. We also use your personal information to protect the security of our platform and to better understand how our services are used to improve our services. Specifically, Wellthy uses personal information in the following ways:

We use Enrollee Information to:

  • Verify your identity in connection with account creation
  • Provide you with requested services
  • Communicate with you about the website and respond to your questions or requests
  • Send you marketing communications and/or contact you about special events, programs, surveys, contest, sweepstakes, and other offers or promotions
  • Generate and analyze usage statistics to improve and customize your experiences
  • Process payments via a third-party payment processor connected to the website

We use Care Recipient Information to:

  • Provide requested services
  • Respond to your questions and inquiries

We use Care Team Member Information to:

  • Provide requested services
  • Help coordinate communications and requests among Care Team Members

We use Sales Prospect Information to:

  • Identify sales opportunities
  • Communicate with you about Wellthy’s services

We use Website User Information to:

  • Ensure the functionality and availability of the website
  • Ensure the security and authorized use of the website and Wellthy’s platform
  • Generate and analyze usage statistics to improve and customize your experience with the website
  • Identify opportunities to improve our services and platform

Our use of personal information also includes any other purpose that you may intend or direct us to perform through your use of our services. If your personal information is de-identified or anonymized through aggregation or by other means to the extent that it can no longer identify you, then this information will no longer be considered “personal information” under this Privacy Policy.

4. How We Share Information

Wellthy shares and discloses personal information to third parties as needed to provide our services and operate our business. The categories of third parties with whom we may share information includes:

Care Team Members

We may share Care Recipient information with Care Team Members (typically, a family member or loved one) who are involved in coordinating care for the Care Recipient.

IT Service Providers

We may share any category of personal information with our IT Service Providers as needed to operate our services, including with our virtual computing, web services, payment processors, and storage service providers. A list of our subprocessors is available upon request to privacy@wellthy.com.

Care Associated Organizations

At your direction and only upon signing an authorization form, we may share your information with doctors, health insurance companies, care facilities and treatment centers, and other medical and related services providers associated with your care plan or the care plan of a loved one.

Business Services Providers

We may share any category of personal information with our business services providers as needed in the operation of our business, including security vendors, third party developers, external auditors, analytics providers, and professional advisers.

Corporate Activities

We may share any category of personal information with potential investors or lenders and as part of a transaction involving a merger, acquisition, divestiture, public offering, or similar transaction involving our business.

Government and Legal

We may share any category of personal information with third parties as may be required by applicable law, regulation, or legal process.

Sale of Personal Information. Wellthy does not “sell” personal information as defined by the California Consumer Privacy Act (CCPA) of 2018, Vermont’s protection of personal information law (9 V.S.A. § 2430), or Nevada’s 2019 privacy amendment, and have not sold personal information within the previous 12-month period from the date of this policy. If we decide to sell your personal information, we will provide you with an opportunity to opt-out as the law may require.

Wellthy may share de-identified or anonymized data with third parties, such as Sponsoring Organizations (e.g. employers who offer Wellthy as an employee benefit) for statistical and reporting purposes. This may include aggregated data and not individual-specific information. Some employers may ask us to share their employees' personal information with them for tax reasons. If this applies to your employer, this will be communicated to you in relevant materials.

5. Communications and Marketing

In compliance with local rules, Wellthy may periodically send you newsletters that include information about our services, partners, and enhancements. If you no longer wish to receive e-mail marketing communications, you may unsubscribe/opt out by contacting privacy@wellthy.com.

Online Advertising. Wellthy may also use third-party retargeting technology, to advertise Wellthy to organizations interested in providing our services as a benefit to employees. This means we may show ads to you on LinkedIn.com, Facebook, and Google if you visit certain pages on the site that highlight our Employer offering. We will not use this technology on pages that you visit when you are logged in as a user of the site after creating an account. Control of LinkedIn advertising is available through your account settings and you may completely opt out of LinkedIn retargeting here. You can also update your Google ad preferences and Facebook ad preferences.

6. Data Retention and Disposal

Wellthy retains and disposes of personal information in accordance with our data retention schedules. Generally, this means:

  • Personal data collected on the basis of legitimate interest, including Website User Information and Sales Prospect Information, is reviewed for deletion periodically to assess the necessity and proportionality of the processing.
  • Certain personal data associated with the provision of our services is retained for a standard period of seven years unless extensions are necessary in order to comply with legal rights and obligations.

Once the retention period has expired, we will delete your data and/or de-identify your personal information such that it can no longer identify you. With respect to all personal data, where the purpose of the processing is satisfied or where consent to processing has been withdrawn, such data will be deleted unless we need to retain it for legal or compliance purposes.

7. UK General Data Protection Regulation (UK GDPR)

The following applies only to United Kingdom (UK) data subjects:

Controller Relationship. Except to the extent that Wellthy may be a “processor” of personal information received from a third party, Wellthy is a “controller” with respect to your personal information and you may contact us directly to exercise your data protection rights or file a privacy complaint.

Lawful Basis for Processing Personal Information. Our lawful basis for collecting and processing personal information will depend on the circumstances upon which the personal information was collected.

  • In most circumstances related to the provision of our services, our processing of personal information is based on Wellthy’s legitimate interests. For example, onboarding new Enrollees is based on our legitimate interest in providing our services. Wellthy reviews the necessity and proportionality of such processing to assess whether the rights and freedoms of the data subjects is not outweighed by the processing.
  • In special circumstances, you may provide your express consent to Wellthy’s processing of your personal information. For example, where special category data (e.g. health data) is processed under Article 9 UK GDPR. In such cases, Wellthy will take steps to ensure that your consent is informed and freely given.
  • In other circumstances, Wellthy may process your personal information if necessary to perform a contract with you. For example, if you sign up and enroll in Wellthy directly.

Automated Decision-making. Wellthy’s processing of personal information may include automated decision-making, specifically with respect to the assignment of a Care Coordinator to a Care Recipient. This processing is intended to best align a Care Coordinator to your specific needs.

International and Onward Transfers of Personal Information. Wellthy is a US-based company with data centers located in the United States. Your personal information will be transferred across international borders and processed in the US. The US may have different or less protective data protection laws than your own country. International transfers of personal data (including onward transfers) to third countries which have not achieved adequacy under GDPR Article 45 are made pursuant to the EU Commission’s Standard Contractual Clauses (SCCs) and are subject to a transfer impact assessment. Where necessary, supplementary measures are adopted by the data importer and exporter to ensure personal data is afforded an essentially equivalent level of protection in the third country.

Privacy Rights of UK Data Subjects. If you are a located in the UK, subject to certain limitations, you have the following data protection rights:

  • Withdrawal of Consent. If processing is based on your consent, you have the right to withdraw consent to the processing at any time.
  • Right to Object to Processing. If processing is based on legitimate interest, you have the right to object to the processing at any time.
  • Right to Object to Automated Processing. You have the right not to be subject to a decision based solely on automated processing, including profiling.
  • Access and Rectification. You have the right to access, correct, and update your personal information without undue delay.
  • Deletion or Erasure. You have the “right to be forgotten” through the erasure or deletion of your personal information without undue delay.
  • Portability. You have the right to move, copy, or transfer personal data from our service to another service. If requested, we will provide you with a machine-readable file to transfer.
  • Stop Processing. You have the right to object to the processing of your personal information and to ask us to restrict the processing of your personal information, subject to certain limitations.
  • Submit a Complaint. You have the right to submit a complaint to the Information Commissioner’s Office (ICO) about our collection and use of your personal information. Contact details for the ICO is available here.

Exercising Your Rights Under the UK GDPR. You may exercise many of your rights through your account or our self-service portal or by submitting a request to our Data Protection Officer at privacy@wellthy.com or by calling (877) 588-3917.

We respond to and process requests promptly and within the timeframes required by the UK GDPR. Please note that requests that could adversely impact the rights and interests of a data subject are subject to appropriate verification before processing.

Local Representative. Contact information of our UK local representative:

European Data Protection Office UK (EDPO)
Address: 8 Northumberland Avenue London, England WC2N 5BY
Email: info@edpo.com

8. Exercising Control Over Your Privacy

Wellthy provides several ways for you to exercise control over your privacy. For Enrollees, you may access and correct much of the personal information we have collected about you simply by logging into your account.

For other individuals you may make a privacy request by contacting Maria Silverberg at privacy@wellthy.com. In its discretion and without obligation, Wellthy may fulfill privacy requests as a courtesy to other individuals subject to appropriate prior verification.

9. Cookie Policy and “Do Not Track” Requests

Our use of cookies. Wellthy uses cookies in a range of ways to improve your experience on our website. We may automatically collect certain information when you visit our Site, including through cookies, web beacons and other technologies. Such cookies include strictly necessary cookies, performance cookies, functional cookies, and targeting cookies. For example, we may use analytics cookies to generate and analyze statistics about your use of the Site and functional cookies to improve and customize your experience with the Site. We may also use marketing cookies to collect aggregate information about Site users. The information collected for these purposes (including your IP address and other information collected by automated means) may be disclosed to or collected directly by our third-party web analytics service providers, such as Google Analytics. To learn more about how Google uses your information, please, click here.

To adjust your cookie settings, you may do so when you initially access our website. Users in the UK will be presented with an opportunity to consent to non-essential cookies by opting in to cookies when they first visit our Site.

Do Not Track signals. In accordance with the California Online Privacy Protection Act (CalOPPA), we want to inform you about our “Do Not Track” (“DNT”) request policy. DNT is a feature that some web browsers offer to allow users to send signals to websites so that no information about their browser session will be shared. You may enable your web browser to send our website a DNT request, but your browsing and user experience may be degraded. Sometimes, DNT does not work even when enabled. You can learn more about DNT here: https://www.eff.org/issues/do-not-track

10. Children’s Data

Children’s Data in the United States and Canada. In accordance with the Children's Online Privacy Protection Act ("COPPA"), Personal Information Protection and Electronic Documents Act (“PIPEDA”), and other US state and Canadian provincial laws, this website and Wellthy’s services are not marketed to children under thirteen (13) years of age and you may not sign up for Wellthy if you are under 13 years of age. If you learn that a United States or Canadian-based child under the age of 13 has created an account with Wellthy, please contact us at privacy@wellthy.com.

Children’s Data in the UK. Wellthy recognizes that children’s information is more sensitive than that of adults and that children’s information often requires greater protection. While different UK jurisdictions set different ages of majority, Wellthy takes steps to prevent children under the age of majority from signing up for its services in each jurisdiction.

Children as Care Recipients or Care Team Members. Notwithstanding the foregoing, a parent or legal guardian of a child may share the child’s information with Wellthy to provide them with care coordination services. We ask that information about children under the age of majority not be provided to Wellthy without the prior consent of the child’s parent or legal guardian. By providing the information of a child under the age of 13 in the US and Canada, or 12 in the UK, you are affirming that you are legally authorized to provide such information.

11. Information Security

Through our information security program, Wellthy has implemented technical and organizational measures to ensure the protection of personal information. Our efforts include:

  • Risk assessments
  • Access controls
  • Encryption of personal data
  • Vulnerability and penetration testing
  • Monitoring
  • Incident response
  • Backup and recovery
  • Vendor management
  • Security awareness and training

When interacting with Wellthy, we recommend that you create a unique and difficult password, that you not share your account credentials with others or allow your credentials to be easily accessed by others, that you connect to our website over secure networks, that you log out after using our service, and that you stay alert to unusual or suspicious activities.

12. Breach Notification

US Breach Notification. If any personal information we possess is the subject of a data breach and your personal information is implicated according to any US state or federal law that may apply, Wellthy will take appropriate action, including providing you with notice, as such law or laws may require.

Canadian Breach Notification. If a breach occurs that impacts Canadian data subjects, Wellthy will notify the Commissioner pursuant to PIPEDA and, when relevant, the correct authority under provincial laws.

UK Breach Notification. In the event of a data breach impacting UK data subjects, Wellthy will first notify the ICO of the breach within 72 hours of becoming aware of the breach and notify affected data subjects as soon as is feasible and without undue delay if the breach is likely to result in a high risk to the rights and freedoms of such data subjects.

13. General Inquiries and Updates

For inquiries about this Privacy Policy or to make a request or file a privacy complaint, please contact Maria Silverberg at privacy@wellthy.com or call (877) 588-3917.

This Privacy Policy may be updated from time-to-time, so please check back regularly for updates.

Wellthy Community Privacy Policy

Last Revised October 19, 2021, Effective October 19, 2021

Your privacy is important to us. This privacy policy (the "Privacy Policy") describes how Wellthy, Inc. ("Wellthy," "we," "our," or "us") collects, uses and shares personal information and other information (collectively, the "Information") obtained through our website at community.wellthy.com (the "Website").

This Privacy Policy provides transparency about the privacy practices of Wellthy, Inc. (“Wellthy,” “we,” “our,” or “us”), including how we collect, process, and disclose personal information, and how you can control and manage your privacy choices. Please take time to review this policy prior to providing Wellthy your information.

What is Wellthy Community?

The Wellthy Community is a private community website for caregivers to collaborate and connect with each other on various caregiving topics. Wellthy employees will participate in the Community to help moderate and support the Community participants and also to learn more about our customers’ needs. Services provided in the Wellthy Community include Groups, Discussion Boards, Events Calendar, and Member Directory. Wellthy Community can be accessed via community.wellthy.com.

1. Scope and Applicability

The scope of this Privacy Policy includes Wellthy and any of our affiliates with whom we may share personal information, and encompasses all of our services made available through community.wellthy.com, and other Wellthy websites and applications.

This Privacy Policy applies to individuals in the United States, Canada, and the United Kingdom. Our relationship with you will determine how this Privacy Policy applies to you and your information. In general, if you engage with us directly and independently of a third party, this Privacy Policy most likely applies. However, if we are processing your information as a service provider to a third party, that third party is most likely responsible for your privacy. If you have any doubt as to who is responsible for your information, please contact privacy@wellthy.com.

Where applicable, this Privacy Policy is presented to you at or before the time your information is collected to provide you with advanced notice of our practices. Your agreement to aspects of this privacy policy as it applies to Wellthy or Wellthy Community depends on the service(s) you sign up for. For example, if you sign up for Wellthy Community and not Wellthy, your agreement to this privacy policy only applies to your use of Wellthy Community (and vice versa). If you sign up for Wellthy and Wellthy Community, this Privacy Policy in its entirety will apply to you.

2. Information We Collect and Receive

Our use of your personal information for Wellthy Community is limited to the purposes disclosed to you in this Privacy Policy, or by other means, as required by law. In general, we use your personal information to operate our Community services, which includes connecting you to a supportive group of members within the Community to provide you with informational and emotional support during you or your loved ones care journey. We also use your personal information to protect the security of our platform and to better understand how our services are used to improve our services.

Community Member – A Community Member is an individual who has signed up specifically to utilize the Wellthy Community. A Community Member may also be an Enrollee (see this section in "Who is Wellthy" above for more information on an Enrollee). A Community Member may or may not be an Enrollee We collect the following personal information from Community Members in our service:

  • Contact Information – First and last name, email address, employer name

We also collect and process other data when you use the Website, including when you sign up to create an account. Information is collected from the following categories of individuals:

Employers – Employers are persons responsible for administering their organization’s subscription to Wellthy’s Care Concierge Service on behalf of their organization. We collect the following personal information from Sponsor Administrators:

  • Business Contact Information – First and last name, employer, title, business phone number, business email address, business address

Enrollee – An Enrollee is a person enrolled in Wellthy’s Care Concierge Service. We collect the following personal information from Enrollees who are enrolled in our service:

  • Contact Information – First and last name, email address, job title/position, employer name

Website User – A Website User is a person who accesses or interacts with our website. Wellthy may collect or receive the following information about Website Users:

  • Log Data – Information collected by our servers when you access our website, including IP addresses, referral URLs, browser type and settings, date and time of usage, language preferences, and cookie data
  • Device Data – Information about your device, including type of device, operating system, application IDs, unique device identifiers, and crash data
  • Analytics Data – Approximate geolocation based on your IP address and other information from your browser and device
  • Contact Information – Your name, phone number, email address, and mailing address, etc. if you engage with us through our webforms, live chat, or other contact methods

3. Our Uses of Personal Information

Our use of your personal information is limited to the purposes disclosed to you in this Privacy Policy, or by other means, as required by law. In general, we use your personal information to operate our care concierge services business, including care coordination, assisting with providers, and appointment scheduling. We also use your personal information to protect the security of our platform and to better understand how our services are used to improve our services. Specifically, Wellthy uses personal information in the following ways:

We use Community Member Information to:

  • Verify your identity in connection with account creation
  • Provide you with requested services
  • Communicate with you about the website and respond to your questions or requests
  • Send you marketing communications and/or contact you about special events, programs, surveys, contest, sweepstakes, and other offers or promotions
  • Link you to Groups and Events that support you or your loved ones needs
  • Suggest or subscribe you to Groups and Events that support the participation in Group Discussions
  • Update a Member directory so that you may connect with others like you, which you can easily opt out of
  • Generate and analyze usage statistics to improve and customize your experiences

We use Enrollee Information to:

  • Verify your identity in connection with account creation
  • Provide you with requested services
  • Communicate with you about the website and respond to your questions or requests
  • Send you marketing communications and/or contact you about special events, programs, surveys, contest, sweepstakes, and other offers or promotions
  • Generate and analyze usage statistics to improve and customize your experiences
  • Process payments via a third-party payment processor connected to the website

We use Website User Information to:

  • Ensure the functionality and availability of the website
  • Ensure the security and authorized use of the website and Wellthy’s platform
  • Generate and analyze usage statistics to improve and customize your experience with the website
  • Identify opportunities to improve our services and platform

For Wellthy and Wellthy Community, our use of personal information also includes any other purpose that you may intend or direct us to perform through your use of our services. If your personal information is de-identified or anonymized through aggregation or by other means to the extent that it can no longer identify you, then this information will no longer be considered “personal information” under this Privacy Policy.

4. How We Share Information

Wellthy shares and discloses personal information to third parties as needed to provide our services and operate our business. Wellthy shares and discloses personal information to Higher Logic whereby, upon sign-up, your username and password are shared with Higher Logic to authenticate you into the Wellthy Community. The categories of third parties with whom we may share information includes:

Care Team Members

We may share Care Recipient information with Care Team Members (typically, a family member or loved one) who are involved in coordinating care for the Care Recipient.

IT Service Providers

We may share any category of personal information with our IT Service Providers as needed to operate our services, including with our virtual computing, web services, payment processors, and storage service providers. A list of our subprocessors is available upon request to privacy@wellthy.com.

Business Services Providers

We may share any category of personal information with our business services providers as needed in the operation of our business, including security vendors, third party developers, external auditors, analytics providers, and professional advisers.

Corporate Activities

We may share any category of personal information with potential investors or lenders and as part of a transaction involving a merger, acquisition, divestiture, public offering, or similar transaction involving our business.

Government and Legal

We may share any category of personal information with third parties as may be required by applicable law, regulation, or legal process.

Sale of Personal Information. Wellthy does not “sell” personal information as defined by the California Consumer Privacy Act (CCPA) of 2018, Vermont’s protection of personal information law (9 V.S.A. § 2430), or Nevada’s 2019 privacy amendment, and have not sold personal information within the previous 12-month period from the date of this policy. If we decide to sell your personal information, we will provide you with an opportunity to opt-out as the law may require.

Wellthy may share de-identified or anonymized data with third parties, such as Sponsoring Organizations (e.g. employers who offer Wellthy as an employee benefit) for statistical and reporting purposes. This may include aggregated data and not individual-specific information. Some employers may ask us to share their employees' personal information with them for tax reasons. If this applies to your employer, this will be communicated to you in relevant materials.

5. Communications and Marketing

In compliance with local rules, Wellthy may periodically send you newsletters that include information about our services, partners, and enhancements. If you no longer wish to receive e-mail marketing communications, you may unsubscribe/opt out by contacting privacy@wellthy.com.

Online Advertising. Wellthy may also use third-party retargeting technology, to advertise Wellthy to organizations interested in providing our services as a benefit to employees. This means we may show ads to you on LinkedIn.com, Facebook, and Google if you visit certain pages on the Website that highlight our Employer offering. We will not use this technology on pages that you visit when you are logged in as a user of the Website after creating an account. Control of LinkedIn advertising is available through your account settings and you may completely opt out of LinkedIn retargeting here. You can also update your Google ad preferences and Facebook ad preferences.

6. Data Retention and Disposal

Wellthy retains and disposes of personal information in accordance with our data retention schedules. Generally, this means:

  • Personal data collected on the basis of legitimate interest, including Website User Information and Sales Prospect Information, is reviewed for deletion periodically to assess the necessity and proportionality of the processing.
  • Certain personal data associated with the provision of our services is retained for a standard period of seven years unless extensions are necessary in order to comply with legal rights and obligations.

Once the retention period has expired, we will delete your data and/or de-identify your personal information such that it can no longer identify you. With respect to all personal data, where the purpose of the processing is satisfied or where consent to processing has been withdrawn, such data will be deleted unless we need to retain it for legal or compliance purposes.

When using Wellthy Community, as described in Higher Logic's Privacy Policy, Higher Logic retains Personal Data for as long as your account is active on the Wellthy Community website, or as needed to provide you services, comply with its legal obligations, resolve disputes and enforce our agreements. Higher Logic also retains Personal Data collected through the Platforms it processes on behalf of its Subscribers (i.e., Wellthy) for as long as needed to provide services to our Subscriber and pursuant to our contract with that Subscriber.

7. UK General Data Protection Regulation (UK GDPR)

The following applies only to United Kingdom (UK) data subjects:

Controller Relationship. Except to the extent that Wellthy may be a “processor” of personal information received from a third party, Wellthy is a “controller” with respect to your personal information and you may contact us directly to exercise your data protection rights or file a privacy complaint.

Lawful Basis for Processing Personal Information. Our lawful basis for collecting and processing personal information will depend on the circumstances upon which the personal information was collected.

  • In most circumstances related to the provision of our services, our processing of personal information is based on Wellthy’s legitimate interests. For example, onboarding new Enrollees is based on our legitimate interest in providing our services. Wellthy reviews the necessity and proportionality of such processing to assess whether the rights and freedoms of the data subjects is not outweighed by the processing.
  • In special circumstances, you may provide your express consent to Wellthy’s processing of your personal information. For example, where special category data (e.g. health data) is processed under Article 9 UK GDPR. In such cases, Wellthy will take steps to ensure that your consent is informed and freely given.
  • In other circumstances, Wellthy may process your personal information if necessary to perform a contract with you. For example, if you sign up and enroll in Wellthy directly.

Automated Decision-making. Wellthy’s processing of personal information may include automated decision-making, specifically with respect to the assignment of a Care Coordinator to a Care Recipient. This processing is intended to best align a Care Coordinator to your specific needs.

International and Onward Transfers of Personal Information. Wellthy is a US-based company with data centers located in the United States. Your personal information will be transferred across international borders and processed in the US. The US may have different or less protective data protection laws than your own country. International transfers of personal data (including onward transfers) to third countries which have not achieved adequacy under GDPR Article 45 are made pursuant to the EU Commission’s Standard Contractual Clauses (SCCs) and are subject to a transfer impact assessment. Where necessary, supplementary measures are adopted by the data importer and exporter to ensure personal data is afforded an essentially equivalent level of protection in the third country.

Privacy Rights of UK Data Subjects. If you are a located in the UK, subject to certain limitations, you have the following data protection rights:

  • Withdrawal of Consent. If processing is based on your consent, you have the right to withdraw consent to the processing at any time.
  • Right to Object to Processing. If processing is based on legitimate interest, you have the right to object to the processing at any time.
  • Right to Object to Automated Processing. You have the right not to be subject to a decision based solely on automated processing, including profiling.
  • Access and Rectification. You have the right to access, correct, and update your personal information without undue delay.
  • Deletion or Erasure. You have the “right to be forgotten” through the erasure or deletion of your personal information without undue delay.
  • Portability. You have the right to move, copy, or transfer personal data from our service to another service. If requested, we will provide you with a machine-readable file to transfer.
  • Stop Processing. You have the right to object to the processing of your personal information and to ask us to restrict the processing of your personal information, subject to certain limitations.
  • Submit a Complaint. You have the right to submit a complaint to the Information Commissioner’s Office (ICO) about our collection and use of your personal information. Contact details for the ICO is available here.

Exercising Your Rights Under the UK GDPR. You may exercise many of your rights through your account or our self-service portal or by submitting a request to our Data Protection Officer at privacy@wellthy.com or by calling (877) 588-3917.

We respond to and process requests promptly and within the timeframes required by the UK GDPR. Please note that requests that could adversely impact the rights and interests of a data subject are subject to appropriate verification before processing.

Local Representative. Contact information of our UK local representative:

European Data Protection Office UK (EDPO)
Address: 8 Northumberland Avenue London, England WC2N 5BY
Email: info@edpo.com

8. Exercising Control Over Your Privacy

Wellthy provides several ways for you to exercise control over your privacy. For Enrollees, you may access and correct much of the personal information we have collected about you simply by logging into your account.

For other individuals you may make a privacy request by contacting Maria Silverberg at privacy@wellthy.com. In its discretion and without obligation, Wellthy may fulfill privacy requests as a courtesy to other individuals subject to appropriate prior verification.

Higher Logic has no direct relationship with the individuals whose personal data it processes on behalf of Subscribers. An individual who seeks to access, correct, amend, or delete inaccurate data should direct their query to Wellthy directly. If requested to remove data, Wellthy will work with Higher Logic to respond within a reasonable timeframe.

9. Cookie Policy and “Do Not Track” Requests

Our use of cookies. Wellthy uses cookies in a range of ways to improve your experience on our Website. We may automatically collect certain information when you visit our Website, including through cookies, web beacons and other technologies. Such cookies include strictly necessary cookies, performance cookies, functional cookies, and targeting cookies. For example, we may use analytics cookies to generate and analyze statistics about your use of the Website and functional cookies to improve and customize your experience with the Website. We may also use marketing cookies to collect aggregate information about Website users. The information collected for these purposes (including your IP address and other information collected by automated means) may be disclosed to or collected directly by our third-party web analytics service providers, such as Google Analytics. To learn more about how Google uses your information, please, click here.

To adjust your cookie settings, you may do so when you initially access our website and Wellthy Community. Users in the UK will be presented with an opportunity to consent to non-essential cookies by opting in to cookies when they first visit our Website.

Do Not Track signals. In accordance with the California Online Privacy Protection Act (CalOPPA), we want to inform you about our “Do Not Track” (“DNT”) request policy. DNT is a feature that some web browsers offer to allow users to send signals to websites so that no information about their browser session will be shared. You may enable your web browser to send our website a DNT request, but your browsing and user experience may be degraded. Sometimes, DNT does not work even when enabled. You can learn more about DNT here.

10. Children’s Data

Children’s Data in the United States and Canada. In accordance with the Children's Online Privacy Protection Act ("COPPA"), Personal Information Protection and Electronic Documents Act (“PIPEDA”), and other US state and Canadian provincial laws, this website and Wellthy’s services are not marketed to children under thirteen (13) years of age and you may not sign up for Wellthy or Wellthy Community if you are under 13 years of age. If you learn that a United States or Canadian-based child under the age of 13 has created an account with Wellthy, please contact us at privacy@wellthy.com.

Children’s Data in the UK. Wellthy recognizes that children’s information is more sensitive than that of adults and that children’s information often requires greater protection. While different UK jurisdictions set different ages of majority, Wellthy takes steps to prevent children under the age of majority from signing up for its services (including Wellthy Community) in each jurisdiction.

Children as Care Recipients or Care Team Members. Notwithstanding the foregoing, a parent or legal guardian of a child may share the child’s information with Wellthy to provide them with care coordination services. We ask that information about children under the age of majority not be provided to Wellthy without the prior consent of the child’s parent or legal guardian. By providing the information of a child under the age of 13 in the US and Canada, or 12 in the UK, you are affirming that you are legally authorized to provide such information.

11. Information Security

Through our information security program, Wellthy has implemented technical and organizational measures to ensure the protection of personal information. Our efforts include:

  • Risk assessments
  • Access controls
  • Encryption of personal data
  • Vulnerability and penetration testing
  • Monitoring
  • Incident response
  • Backup and recovery
  • Vendor management
  • Security awareness and training

When interacting with Wellthy Community, we recommend that you create a unique and difficult password, that you not share your account credentials with others or allow your credentials to be easily accessed by others, that you connect to our Website over secure networks, that you log out after using our service, and that you stay alert to unusual or suspicious activities.

Wellthy has taken the necessary steps to review the information security practices in place at Higher Logic to make sure they are aligned with Wellthy's security measures. Please reach out to privacy@wellthy.com for additional information.

12. Breach Notification

US Breach Notification. If any personal information we possess is the subject of a data breach and your personal information is implicated according to any US state or federal law that may apply, Wellthy will take appropriate action, including providing you with notice, as such law or laws may require. Wellthy has taken the necessary steps to ensure the breach notification procedures in place for Higher Logic meet those set forth by Wellthy. Please reach out to privacy@wellthy.com for additional information.

Canadian Breach Notification. If a breach occurs that impacts Canadian data subjects, Wellthy will notify the Commissioner pursuant to PIPEDA and, when relevant, the correct authority under provincial laws. Wellthy has taken the necessary steps to ensure the breach notification procedures in place for Higher Logic meet those set forth by Wellthy. Please reach out to privacy@wellthy.com for additional information.

UK Breach Notification. In the event of a data breach impacting UK data subjects, Wellthy will first notify the ICO of the breach within 72 hours of becoming aware of the breach and notify affected data subjects as soon as is feasible and without undue delay if the breach is likely to result in a high risk to the rights and freedoms of such data subjects. Wellthy has taken the necessary steps to ensure the breach notification procedures in place for Higher Logic meet those set forth by Wellthy. Please reach out to privacy@wellthy.com for additional information.

13. General Inquiries and Updates

For inquiries about this Privacy Policy or to make a request or file a privacy complaint, please contact Maria Silverberg at privacy@wellthy.com or call (877) 588-3917.

This Privacy Policy may be updated from time-to-time, so please check back regularly for updates.

Sorry, but your browser is not supported. Please email support@wellthy.com if you have questions about how you can access Wellthy.