Effective Date: February 1, 2023
DISCLOSING YOUR INFORMATION TO THIRD PARTIES. We may share your personal information with the following categories of third parties.
- PERSONAL INFORMATION WE COLLECT. The categories of personal information we collect and our privacy practices depend on whether you are a customer, user, or visitor and the requirements of applicable laws. The following is information which you may provide to us.
- Account Creation. When you create a user account, we collect your name, e-mail and password.
- All information collected and stored by us or which you provide when creating a Brightside account is considered protected health information (“PHI”) and is governed by applicable state and federal laws, most notably the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). We will not use or disclose this information for advertising, marketing, or other use-based data mining purposes except as otherwise permitted by HIPAA and/or other applicable law. We will never sell PHI or any other potentially identifying information.
- We may contact you to participate in surveys about our services. If you decide to participate, you may be asked to provide certain information, which may include personal information. Under no circumstances are your responses to these surveys mandatory, and refusing to reply to them shall have no bearing on the quality of Services afforded to you.
- Communications with Us. We may collect personal information from you such as your email address, phone number, or mailing address when you request information about our Services, register for our newsletter, request customer or technical support, or otherwise communicate with us.
- INFORMATION AUTOMATICALLY COLLECTED BY US OR OTHERS.
- Automatic Data Collection. We may collect certain information automatically when you use the Site or Services. This information may include your Internet protocol (IP) address, user settings, IMEI, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, details about your browser, operating system or device, location information, Internet service provider, pages that you visit before, during and after using the Site or Services, information about the links you click, and other information about how you use the Site or Services. Information we collect may be associated with accounts and other devices.
- Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based Advertising.
- Cookies. Cookies are small text files placed in visitors’ device browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Site or Services may not work properly.
- Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded on the Site that collects information about users’ engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement.
- These Technologies may be employed for the following purposes:
- Operational Necessity. This includes Technologies that allow you access to our Site, Services, applications, and tools that are required to identify irregular Site behavior, prevent fraudulent activity and improve security or that allow you to make use of our functions such as saved searches.
- Performance Assessments. We may use Technologies to assess the performance of our Site and Services, including as part of our analytic practices to help us understand how our visitors use the Site and Services.
- Functionality. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Site and Services. This may include identifying you when you sign into our Site or Services, or keeping track of your specific preferences, interests, or past items viewed.
- Advertising or Targeting Related. We may use first-party or third-party Technologies to deliver content, including ads relevant to your interests, on our Site and Services or on third-party sites.
- Analytics. We may use Google Analytics or similar analytics software, generally powered by your web browser, to collect information regarding visitor behavior and demographics on our Site and Services. For more information about this software, please view the analytics policy associated with your web browser (e.g. Chrome, Safari, Firefox, etc.). You can opt out of these browsers collecting and processing of data generated by your use of the Site and Services by visiting the browser’s “Settings” page.
- Information from Other Sources. We may obtain information about you from other sources, including through third-party services and organizations to supplement information provided by you. This supplemental information allows us to verify information that you have provided to us and enhances our ability to provide you with information about our business, products, and Services.
- How We Use Your Information. We use your information for a variety of purposes to fulfill our contract with you and provide you with our Services, such as:
- Managing your information and accounts.
- Responding to your questions, comments, and other requests.
Providing access to certain areas, functionalities, and features of our Site and Services.
- Communicating with you about your account, activities provided through our Site and Services, and policy changes.
- Processing your financial information and other payment methods for Services purchased.
- Processing your applications and transactions.
- Answering your requests for customer or technical support.
- Analyzing and improving our Site and Services pursuant to our legitimate interests, such as:
- Measuring interest and engagement;
- Developing new Site features and Services;
- Ensuring internal quality control;
- Verifying your identity and preventing fraud;
- Detecting bugs or other software issues;
- Preventing potentially prohibited or illegal activities;
- Enforcing our Terms; and
- Complying with our legal obligations, protecting your vital interest, or protecting the public good at large.
- For other purposes you consent to, are notified of, or are informed about when you provide personal information.
- We may use personal information and other information about you to create de-identified and aggregated information, such as deidentified demographic information and de-identified location information. Deidentified information is not afforded the protections set forth by HIPAA or other state privacy legislation, since the information cannot be tied-back to a specific individual after being deidentified.
- Our Site may contain links to other websites, and other websites may reference or link to our website. These other websites are not controlled by us. We encourage our users to read the privacy policies of each website and application with which the user interacts. We do not endorse, screen or approve and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is performed at your own risk.
- Healthcare Purposes. To other covered entities involved in your treatment, payment and/or healthcare operational services.
- Business Associates. We may provide personal information or PHI to business associates with whom we contract to help facilitate healthcare operations or to jointly offer products or services. In such cases, these business associates are bound to the privacy and security rules mandated by HIPAA.
- Advertising Partners. On our Site, we may allow third-party advertising partners to set Technologies and other tracking tools to collect information regarding your activities and your device (e.g., your IP address, mobile identifiers, page(s) visited, location, time of day) in order to improve advertising. This practice is commonly referred to as “interest-based advertising” or “online behavioral advertising.” We may allow access to certain other data collected through these Technologies to share information that may be useful, relevant, valuable or otherwise of interest to you. If you prefer not to share your personal information with third-party advertising partners, you may make such a request by contacting us as set forth in Section 12 (below) of this Policy.
- Disclosures to Protect You, Us, or Others. We may access, preserve, and disclose any information we store associated with you to external parties if we or our providers, in good faith, believe doing so is required or appropriate to comply with law enforcement or national security requests; aspects of the legal process such as a court order or subpoena; to protect your, our or others’ rights, property, or safety; to enforce our policies or contracts; to collect amounts owed to us; or to assist with an investigation or prosecution of suspected or actual illegal activity. This list is not intended to be exhaustive and other circumstances may arise during which time such disclosures will be made.
- Disclosure in the Event of Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.
- International Data Transfers. You agree that all information processed by us may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We have taken appropriate safeguards to require that your personal information will remain protected and require our third-party service providers and partners to have appropriate safeguards as well. Further details can be provided upon request.
- General. You have certain choices about your personal information. Where you have consented to the processing of your personal information, you may withdraw that consent at any time and prevent further processing by contacting us as described in Section 12 (below). Even if you withdraw consent, we may still collect and use non-personal information regarding your activities on our Site and Services, and for other legal purposes as described above.
- Mobile and Other Devices. If you download the Brightside mobile application (“app”), or have provided access to your device’s health app (e.g. Apple Health or Google Fit) to collect your fitness activity data, we may collect data about you from your use of such apps. You can withdraw your consent and/or disable access by changing the app settings on your device. We may send you push notifications through our mobile application. You may at any time opt-out from receiving these types of communications by changing the settings on your mobile device. We may also collect location-based information if you use our mobile applications. You may opt-out of this collection by changing the settings on your mobile device.
- Do Not Track Adherence. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
- Cookies and Interest-Based Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy at:
- AppChoices. To separately make choices for mobile apps on a mobile device, you can download the AppChoices application from your device’s app store. Alternatively, for some devices you may use your device’s platform controls in your settings to exercise privacy settings. Please note you must separately opt out in each browser and on each device. Advertisements on third-party websites that contain the AdChoices link may have been directed to you based on information collected by advertising partners over time and across websites. These advertisements provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes.
- Your Privacy Rights. In accordance with applicable law, you may have the right to:
- request confirmation of whether we are processing your personal information;
- receive an electronic copy of your medical record or ask us to send that information to another company;
- seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed personal information; and
- request erasure of personal information held about you, subject to certain exceptions prescribed by law.
- If you would like to exercise any of these rights, please log into your account or contact us as set forth in Section 12 (below). We will process such requests in accordance with applicable laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.
- The right to request personal information stored by Brightside to be deleted;
- The right to correct an inaccurate data about your personal information;
- The right to know the specific types of personal information Brightside has collected about you.
- The right to opt-out of the sharing of personal information.
- The right to not be retaliated against for making requests related to the handling of your personal information.
- The right to opt-out of automated decision making technology (which Brightside currently does not use).
- Please note that certain laws, such as federal healthcare laws, may conflict with or modify the way in which Brightside responds to requests about your personal information.
- We encourage you to view your state’s applicable privacy laws for more details:
- California Consumer Privacy Act
- California Privacy Rights Act (Proposition 24)
- Colorado Privacy Act
- Connecticut Data Privacy Act
- Utah Consumer Privacy Act
- Virginia Consumer Protection Privacy Act