KudosHealth Privacy Policy - Health Engagement Platform

Introduction

We recognise that the privacy of your personal information is important to you. The purpose of this Privacy Policy (the “Policy”) is to let you know how KudosHealth handles the information we receive from you on or through our services including: KudosHealth.com, app.kudoshealth.com other web sites, networks, embeddable widgets, downloadable software, or mobile or tablet computer applications, features, or services, whether on-line or off-line, owned or operated by us and on which a link to this policy is displayed (collectively the “Service” or “Services”). Portions of the Service may describe additional privacy practices applicable to specific types of information or to information provided through specific features of the Service. Please read the Privacy Policy carefully. BY USING THE KUDOSHEALTH SITES OR THE SERVICES, YOU AGREE TO THIS PRIVACY POLICY. IF YOU DO NOT AGREE, DO NOT VISIT THIS WEBSITE, SET UP AN ACCOUNT OR USE THE KUDOSHEALTH SITES OR THE SERVICES.

This Policy applies to all information gathered through the Service. As used in this Policy, terms such as “we” or “our” KudosHealth and its subsidiaries and affiliates (collectively, “KudosHealth” or the “Company”), and terms such as “you,” “your” and “users” refer to users or other visitors to the Service. The term “Sponsor” refers to the organisation that compensates KudosHealth for providing the Service to you.

KudosHealth complies with the requirements of the General Data Protection Regulation 2018 (GDPR) and the Irish Data Protection Act 2018.

When you register with KudosHealth we may ask for information such as your name, company name and email address, we will also require some basic health/personal information such as sex, age, height & weight. We will also ask you to create a username and a password. We will store all of this information. We will not collect your (client/company administrators) credit card information (but our payment processor will collect your credit card information and that information is subject to our payment processor’s terms, conditions and privacy policies). We use collected information for the following general purposes: products and services provision, billing, identification and authentication, services improvement, contact and research. We do not share your personal information with unrelated third parties unless explicitly approved by you. We reserve the right to aggregate and redistribute data entered on the Website in accordance with our Terms of Service located at kudoshealth.com The aggregated data we redistribute will never contain or be attached to personal consumer information of any kind.

The Service is intended for an international audience. Any information you provide, including any personal information, will be transferred to and processed by a computer server located within Ireland. The English-language version of this Policy is the official version and shall control. This Policy shall be governed by and construed in accordance with the laws of Ireland.

This Privacy Policy applies to information collected through the Service and information collected through third party health, fitness, productivity or other applications (including from wearable devices), and from or through the Sponsor and its contractors, and covers the following areas:

What personally identifiable information the Company, or a third party acting on the Company’s behalf, collects through our Service and how we use it;
With whom the Company may disclose this information;
What choices are available to you with respect to collection, use and distribution of your information;
What types of security procedures are in place to protect the confidentiality and integrity of information under our control; and
How you can request access to, or correct inaccuracies of, your information.

User Account and Data Privacy

Each organisation subscribing for the KudosHealth Sites and the Services will have access to an “Moderator/Admin Account” through which a person designated by the organisation may monitor aggregated data produced by the collective usage of those within the organisation. Only certain types of data are presented to the Admin Account such as a user’s KudosPoints, KudosCoins, username, departments, locations, rewards redeemed & challenges which they are participating in. Data which is not presented on the admin/moderator account is an individual users activity data collected from tracking apps & devices, their sex, height, weight & date of birth, or any personal health information. It is the responsibility of each individual user to protect the privacy of all personal information entered on the KudosHealth Sites by never sharing individual account information, usernames, or passwords with other individuals.

Data collected from synced devices can include, but not limited to data such as calories burned, active calories, steps, activities completed, type of activity, duration of activity, height, weight, sex & date of birth. All data collected form synced devices are for the purpose of providing the service & the awarding of KudosPoints & KudosCoins.

Users of the Services can send friend requests to other users of the Services. If you accept a friend request, the requesting party will be able to see your KudosPoints & Leader-board positions. No other account information or associated data will be shared without prior approval of the user. In addition, you and the requesting party will be able to send private messages to one another. Please be advised that we do not perform any background searches on our users and that you it is your responsibility to carefully select which friend requests to accept.

At no time will KudosHealth or any employee of KudosHealth share, sell or otherwise distribute individual user data or personal information that can be reasonably identified with a specific user account without the prior consent of the individual user. We may choose to aggregate and redistribute data without providing information identifying specific subscribing organisations, companies or individual users without prior consent.

No Transfer of Personal Information for Direct Marketing

The Company will not sell, rent, transfer, disclose or otherwise permit the use of your personal information by advertisers or other third parties for direct marketing purposes. From time to time, the Company itself or your Sponsor may send you information about opportunities, products or services provided by the Company, your Sponsor or other businesses, or similar promotional information.

Use of Contact Information

We may use your email address to send you information about our Services or to market to you. You may unsubscribe from these messages by following the instructions contained within the messages or the instructions on the KudosHealth Sites. If you email us with a request or question or have provided us with your email address, we may keep your message, email address, and contact information to respond to your request or otherwise follow up with you.

No Public Sharing of Your Data.

We do not allow the public to see your personal information.

Sharing Non-Personal Information

Because non-personal information does not identify who you are, we do not limit the ways we may use or share non-personal information. We may share non-personal information, for example, with your Sponsor and with our employees, affiliates, suppliers, agents, other businesses and the government, and we expressly reserve the right to share non-personal information without limitation.

Your Personal Information

“Personal Information” refers to information that specifically identifies you as an individual, such as your full name, telephone number, e-mail address, postal address, or certain account numbers.

The Service may offer the opportunity for you to sign up to receive email messages, newsletters, or other communications from the Service in connection with one or more features or programmes within the Service. In order for you to sign up for these communications, we may ask for contact information, such as name, mailing address and email address. We may also offer you the opportunity to sign up to receive email messages or mailings from companies with which the Company is affiliated or does business that we think may be of interest to you. If you decide to sign up for these communications, we may ask for your contact information for that purpose.

If you choose to participate in the Service, you may disclose certain health and health-related information to us for purposes of your participation in the Service. Such information may include relevant health history on topics such as height, weight, physical measurements, blood pressure, mental health, and behaviour’s such as smoking and exercise.

By completing the questions on a health survey and submitting the answers, you are consenting to allow the use and disclosure of this information in a manner protected by and defined in this Privacy Policy to help identify and provide content, products and resources relevant to you.

The Service may include features that give you the opportunity to provide us with personal information about yourself. You do not have to provide us with personal information if you do not want to; however, that may limit your ability to use the Service or certain functions of the Service or to request certain services or information. Collection by us of personal information is sometimes necessary when you contact us or decide to take advantage of various features of the Service. We may request that you provide us with personal information on a voluntary basis in certain areas of the Service, such as your delivery address for incentives/reward which must be delivered to you directly for either KudosHealth or a reward sponsor/provider.

How We Will Use Your Information

The Company will use your information to customise your experience and provide relevant offers and content, or other services to you. We may combine personal information that you provide us through the Service with other information we have received from you, whether online or offline, or from other sources such as our business partners or your sponsoring organisation. We may use personal information to contact you through any contact information you provide through the Service, including any email address, telephone number, cell phone number, text message number, or fax number. Please see the section below titled “Our Online Communications Practices.”

We may use personal information for a number of purposes, such as:

To provide tailored content and offers for you within the Service.
To respond to an e-mail or request from you.
To administer surveys and promotions.
To enable our Rewards programme fulfilment vendors/sponsors/providers and other third parties that we hire to perform services on our behalf to perform such services.
To provide you with information that we believe may be useful to you, such as information about products or services provided by us or our businesses partners.
To perform analytics and to improve our products and services.
To comply with applicable laws, regulations, and legal process.
To protect someone’s health, safety, or welfare.
To prepare & provide aggregated reports

As otherwise necessary or useful for us to conduct our business, so long as such use is permitted by law.

How Long Do We Hold Your Personal Information?

We keep and use your personal information for as long as you have a relationship with us. We also hold it after this where we need to for complaints handling, for system back-ups needed for disaster recovery and for as long as we have to under regulations.

Disclosure of Your Personal Information to Third Parties

Unless we receive your permission, the Company will not sell, rent, or share your Personal Information to or with any third party not affiliated with or owned by the Company.

Third Party Services

We may use a variety of services offered by third parties to help maintain and improve our Website, to help us understand the use of our Website and Services, or simply to provide the Services. These services may store both personally identifiable information about you which we collect, and the information sent by your browser as part of a web page request, such as cookies or your IP address. If any third parties are given access to your personally identifiable information, we will limit the use of such personally identifiable information only to provide the services to us which we have requested.

Rewarding Participation

We may disclose your Personal Information to your health insurer, which may be administered by your employer, in order for your employer or health insurer to provide you or your spouse/same-sex domestic partner with incentives and rewards for participation in the Service.

Providing Services

We may disclose your Personal Information to business partners that enable us to provide you with a product or service that you have requested from us. We will disclose Personal information to these third parties as necessary to enable them to provide the product or service.

Business Partners

In order to provide you with the services on the Service, we may disclose your Personal Information to our agents, contractors, or other service providers who perform services on our behalf, such as incentive fulfilment, web hosting, translation, or data storage. These third parties may also collect Personal Information on our behalf. We will ensure that any agent,contractor, or other service provider to with whom we share Personal Information agrees to safeguard it in substantially the same manner as described in this Privacy Policy, and in accordance with all applicable laws and regulations.

Aggregated, De-identified Information

We may provide third parties, including to our corporate customers, with information about you and other users from which we have removed all identifiers and that can no longer be used to identify you. We may not limit the third parties’ use of the aggregate information, except that we do require third parties to whom we disclose aggregate information to agree that they will not attempt to make this information personally identifiable, including by combining it with other databases.

Disclosure of Automatically Collected Non-Personal Information

We may provide to third parties, including to our corporate customers, automatically collected information that is combined with the automatically collected information of other users or aggregate information.

Business Events

In the event the Company goes (or proposes to go) through a business event, such as a merger, acquisition by another company, reorganisation, or sale of a portion of its assets, your Personal Information may be shared with parties connected with the proposed transaction as part of the due diligence process and may be part of the assets acquired by and transferred to a new party taking over the business. The information transferred or shared remains subject to the promises made in our then-current Privacy Policy unless you agree to new terms.

Legal Compliance

We may share personal information in response to a court order, subpoena, search warrant, law or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting activities that are illegal, violate our rules, or may be harmful to other visitors. We also may share personal information if we in good faith believe that doing so is necessary to protect and defend our legal rights and property, to protect against misuse or unauthorised use of the Service by other parties, or to protect the personal safety or property of users of the Service or the general public. We may not provide you with notice prior to disclosure in such cases.

Health & Wellness Research

The Company reserves the right, at its sole discretion, to use personal information you may provide in your participation in the Service to document positive health and wellness outcomes and to validate that engagement by users of the Service is correlated with health improvements. The results of those studies and analyses may be shared by the Company with third parties.

Except in those instances described in the preceding, however, the information we use for such purposes will consist of aggregate or non-personally identified data and will accordingly not constitute personal information under this Policy.

Our Right to Verify Information

As a user of the Service, you may participate in activities to earn Points and to receive Rewards and other benefits, which participation may require your reporting of certain information to us such as whether you have completed a step or activity or satisfied a programme requirement. We reserve the right to confirm or verify the accuracy of any such information by contacting third parties. The third parties we contact for verification may include your Sponsor.

Misuse of the service can result in your being removed from the system, with the loss of all points collected and loss of any entitlement to any reward provided by the system or third parties.

We also reserve the right to change, adjust & edits the systems & scoring methods of our points & coins and other back-end features & client facing interface with any prior notice or consent.

Information Security, Retention, and Data Integrity

We use a number of methods of physical security (such as locks and alarm systems), electronic security (such as passwords and encryption methods), and procedural security (such as rules regarding the handling and use of information), designed to protect the security and integrity of information submitted through the Service. Due to the nature of the Internet and online communications, however, we cannot guarantee that any information transmitted online will remain absolutely confidential, and we are not liable for the illegal acts of third parties such as criminal hackers.

Maintaining the security of information transmitted to us or by us through the Service is of utmost concern to the Company. No data transmissions over the Internet can be guaranteed to be 100% secure, however, and it is possible that email messages you send through the Service, like nearly all non-encrypted Internet communications, may be accessed and viewed by other Internet users, without your knowledge and permission, while in transit to us.

We take reasonable security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data. These include firewalls and encryption, internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorised access to systems. In addition, our software code resides on one set of servers and all data and information reside on a separate set of servers. We restrict access to personal information to our employees, contractors and agents who need to know that information in order to operate, develop or improve our Services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination, if they fail to meet these obligations. However, we are unable to guarantee that the security measures we take will not be penetrated or compromised or that your information will remain secure under all circumstances.

Secure Information Storage

The Company maintains administrative, physical, and technical safeguards to reasonably and appropriately protect the confidentiality, availability, and integrity of your Personal Information. For example, the file containing your Personal Information will be maintained in secure locations at our offices or on our servers (or those maintained by our service providers) with access limited to authorised employees, representatives, and agents. Our employees receive training on our security practices and obligations.

Compliance with our security policies is periodically audited by our Chief Technology Officer and we continually assess the adequacy of, and where appropriate improve, our security controls and procedures. The Company’s employees and our third-party service providers must abide by this policy and those who violate it are subject to corrective action, up to and including termination of employment or other legal action as permitted by law.

International Users

The Website and Services are hosted in Europe. If you access the KudosHealth Sites or Services from the US, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure that differ from Irish law, please be advised that through your continued use of the KudosHealth Sites or Services, you are transferring your personal information to Europe and you consent to that transfer. Additionally, you understand that your personal information may be processed in countries (including the Ireland) where laws regarding processing personal information may be less stringent than in your country.

Password Security

You must be registered to use the Service. For most members, registration includes creation of a password. For these members, once you are registered, you will use a unique user ID and password to enter the Service. Your password is not accessible by the Company or its employees. If you lose your password, it cannot be retrieved. At your request, we will assist you in resetting your password.

In some cases, your password and username will be managed and administered by your Sponsor, as you will be required to first log onto their site, which will then provide access to the Service.

For your security, it is important for you to protect against unauthorised access to your password and your computer. If using a shared computer to access the Service, be sure to sign out when you are finished.

Email

While we encrypt sensitive data, such as Personal Information, using SSL or VPN when it is transmitted over the Internet, we cannot completely ensure the privacy of email communications to and from our Site because they are not encrypted.

For that reason, to protect your privacy, we ask that you do not use email messages to communicate information to us that you consider sensitive or confidential. The Company strives to protect the privacy of your personal information, but we cannot ensure or warrant the absolute security of any information you transmit to us electronically through the Service. When we receive an email transmission from you, we will use reasonable efforts to maintain the security of such information within our internal data systems.

Depending on the nature of your inquiry or message, upon completion of the exchange with you, your message may be archived in our records or it may be deleted and discarded. If you have any concerns about the security of confidential or sensitive information, however, do not send such information to us by email or by telephone. We do not recommend that any health information or other confidential information be sent to us by email or telephone.

E-mail services, including the e-mail functions within the Service, do not provide a completely secure and confidential means of communication. Even though it is unlikely, it is possible that your e-mail communication within the Service may be accessed or viewed inappropriately by another internet user while in transit to us. If you desire to ensure that your information is completely private, you should not communicate with us by e-mail.

We may send you on a periodic basis electronic newsletter, notification of account status, and other communications, such as engagement or reminder communications. We may also send e-mail communications regarding Service updates and information on general health, fitness, and wellness topics. We will offer you appropriate consent mechanisms, such as opt-out, with respect to most of these online communications from us.

For your protection, we will not send you an e-mail that includes your personal health information.

External Links on the Service

The Service may provide links to various external websites that the Company does not control. When you click on one of these links, you will be automatically transferred away from the Service and connected to the linked websites of the organisation or company that you selected. We cannot be responsible for the content or information on such websites, nor for the accuracy of information or nature of opinions expressed on such websites. We do not conduct investigations of linked websites nor attempt to monitor them for content, quality, or accuracy. Inclusion of linked websites on the Service is strictly for the convenience of users and does not imply or express an approval or endorsement of the linked website by the Company. We do not express approval or endorsement of any products or services offered on or made available through such websites. In some cases, the Company may have an affiliation or business relationship with the operator of a linked website, but even in that situation, we exercise no control over the linked website.

Each website linked to the Service maintains its own independent data collection procedure and privacy policy. The Company expects that all affiliated and unaffiliated third parties with which it has a business relationship, including the operators of linked websites, to respect the privacy of our users, but we are not responsible for the actions of such third parties. If you visit a website through a link in the Service, we encourage you to first review the written privacy policy posted on that website before furnishing any information or otherwise interacting with that website.

Forums for Disputes

Any claim or dispute related to privacy is subject to this Policy and to our Terms and Conditions.

Any claim or dispute relating to this Policy shall be submitted to arbitration or commenced in an Irish Court (as applicable under the Terms and Conditions) within one year after the claim or dispute arises. Users of the Service consent to the arbitration provisions and the exclusive jurisdiction and venue provisions set forth in the Terms and Conditions as the most convenient and appropriate means for the resolution of claims or disputes concerning the Service and this Policy. This Policy and the notices and statements included are not intended to and do not create any contractual or other legal rights in or on behalf of any third party.

Consent to Policy

By using the Service, you signify your agreement with and consent to the terms of this Policy and to our Terms and Conditions. If you do not agree with any provisions of this Policy, please do not disclose any personal information through the Service.

You may also tell us you do not want your data shared with us or our partners, and we will honour any such request, but if you choose this option we will not be able to provide you with any of our services.

Sponsors’ Privacy Policies

In some instances, portions of the Service may be branded or co-branded by a Sponsor or made available via a Sponsor’s website or landing page. If you visit or use the Service under such circumstances, you consent to both the Company’s and the Sponsor’s collection and use of your personal information and non-personal information through the Service and you understand that the Sponsor’s use of such information may be subject to the Sponsor’s separate privacy policy.

Contact Us

If you have any questions or comments regarding anything in this Policy or with respect to our related privacy practices, please contact us at: info@kudoshealth.com If you believe we or any company associated with us has misused any of your information, please contact us immediately and report such misuse.

Changes to this Policy

We reserve the right to change this Privacy Policy from time to time at our sole discretion. Any such change, update or modification will be effective immediately upon posting the revised Privacy Policy on the KudosHealth Sites. We will provide no other notice to you. It is your responsibility to review this page from time to time to ensure that you continue to agree with all of its terms. If you no longer agree to this Privacy Policy after a change, you must cease using the KudosHealth Sites and the Services.

Our failure to exercise or enforce any right or provision of this Privacy Policy shall not constitute a waiver of such right or provision. This Privacy Policy is hereby incorporated into the Terms of Service. You may not assign this Privacy Policy to any party. If any provision of this Privacy Policy is deemed invalid, then that provision will be limited or eliminated to the minimum extent necessary, and the remaining provisions of this Privacy Policy will remain in full force and effect.

Effective Date