Last Updated: 10/2022
1. Information We Collect and How We Collect it
When you access our Site or use the Services, we collect and store certain information about you, including “personal information.” Personal information is information that, alone or in combination with other information in our possession, could be used to personally identify you. We collect the following categories of personal information and other information as described below.
A. Information you provide
Information You Provide Directly. We may collect or receive the following categories of personal information when you, your employer, or your employer’s designated administrator or broker or accountant access the Site, request to receive information about GoWell or its Services, create a Customer or User account, set up the User or the beneficiaries of that User, verify the User identity, use any of the Services, or otherwise communicate with us, including through customer support channels. This includes:
B. Information collected automatically
We may automatically collect certain information when you access the Site or use the Services. While we do not do this currently, we may collect information if it helps us protect your privacy and identity or for business purposes in furtherance of providing our services to you.
This information could include:
We use Electronic and On-line Identifiers for the following purposes:
C. Information collected from third parties
2. How We Use Your Information
We use information that we collect about you for the following purposes:
To develop and provide you with the Site and Services, including to:
3. When and with Whom We Share Your Information
We will only share your information with the categories of third parties listed below for the purposes described above in the “Use of Your Information” section, unless otherwise noted at the point of collection.
4. Your Privacy Choices and Rights
Your Privacy Choices. The privacy choices you may have about your personal information are determined by applicable law and are described below.
Email and Text Messages. You can opt out of our promotional emails by using the unsubscribe link located at the bottom of our promotional emails, contacting us as described below, or visiting https://go.GoWell .com/pls-dont-leave-us.html. You can opt out of text messages from us by replying “STOP” or contacting us as described below. If you decide to opt-out, we may still send you non-promotional communications such as your payday emails and messages about your account related to your benefits choices as instructed by our Customers who may be your Employer.
Mobile Notifications. We may send you push notifications through SMS text messages or through our mobile app as instructed by our Customer. You can opt out from receiving push notifications by changing the settings on your mobile device.
“Do Not Track.” Do Not Track (“DNT”) is a privacy setting you can set on some web browsers that signals to websites like ours that you don’t want your online activities to be tracked. At this time, we do not respond to DNT signals sent to us by your web browser.
You may stop us from personalizing our advertisements to you on some mobile applications by following the instructions for Android, iOS, and others. You may also opt out of receiving targeted ads from advertising partners that participate in self-regulatory programs, such as the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.
5. Important Information
Security and Storage of Personal Information
We employ administrative, physical, and technical measures designed to protect your information from unauthorized access and to comply with applicable privacy laws in the states and countries in which we operate. Our data is encrypted at rest and in transit. All data is stored in Microsoft Azure databases, with recommended Microsoft update patches. The system is monitored by Microsoft Defender. Customer data is compartmentalized, and access is restricted to Customer administrators and authorized users, which may include GoWell employees. Your personal information will be kept on our servers or on those of our service providers and only those employees that require it for the purposes of their duties will have access to your personal information. GoWell manages access to data through security groups and permissions. Your personal information will be kept for as long as required by law or regulation and will be deleted by bulk manual deletion from the servers after the time has expired or per agreements with our Customers. We have also implemented controls which require our third-party service providers and partners to have appropriate safeguards to protect your personal information. However, despite these efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed to prevent any interception or other type of misuse. We also depend on you to protect your information. If you become aware of any breach of security or privacy, please notify us immediately. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.
Deletion and Modification of Personal Information
You as a user can request to delete information on the active website, but it may limit your access to healthcare and other benefits. You have the ability to modify your personal information through the GoWell portal using your login credentials.
Users who wish to delete their data should email firstname.lastname@example.org for requests.
Action will be taken within 35 days of such request. GoWell will retain your data for 7 years and will batch delete all such information at the expiration of the retention period. Such information if requested for deletion may be removed from an active website but retained in archive for compliance and regulatory purposes.
The data controller will generally not have the ability to process a user’s personal information. This is limited to authorized users related to those accounts including brokers, administrators, employers and insurance companies. GoWell does not port information technically, however, if a user elects to carry coverage forward with COBRA, or an employer chooses another broker as its authorized user, information may be transferred or exported and imported through a csv file upload
International Data Transfers
All information processed by GoWell, or our service providers may be transferred, processed, or stored anywhere in the world, including in countries that may have data protection laws that are different from the laws where you live. Your information may be accessible to the courts, law enforcement, and national security authorities of the United States. We endeavor to safeguard your information consistent with the requirements of applicable laws.
Links to Other Sites
Our Policy Toward Children
The Service is not directed to children under 13. However, if a child under the age of 13 is a dependent on a benefits plan covered by the Benefits Service, we may collect information about the child (solely as needed to provide the Benefits Service) from the child’s parent or legal guardian, or from insurance carriers and third-party administrators.
Verifiable Consumer Requests
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. In order to verify your request, we will ask you to provide your name, email address, and certain other pieces of identifying information. Once you have submitted this information and any necessary supporting documentation, we will confirm the information by reviewing it against GoWell ’s records. To designate an authorized agent, please contact us as set forth below.
Attn: Privacy Program Director
ADDITIONAL REQUIREMENTS FOR SPECIFIC INDIVIDUAL STATES