Item 2
Item 2

PRIVACY POLICY

Chippr meets the Physical and Technical safeguards as outlined in the HIPAA Security Rule. Chippr has received SOC 2 Type 1 Certification from IS Partners and is compliant with industry best practices for its data privacy and security. This includes non-financial systems and processes that safeguard the security and confidentiality of Chippr platform and all related data.

As a result of the European Union's General Data Protection Regulation (GDPR) law taking effect, we improved our Terms of Service and Privacy Policy. In particular, we have added more details about how we collect, use, share, and protect your personal data.

By continuing to use our service, you agree to the terms of our updated policy. If you do not agree with the updated policy, you may reach out to our Customer Support team at fitness.support@chippr.net


Chippr is dedicated to protecting your privacy. Accordingly, this Privacy Policy explains the practices of Chippr (“Chippr ” or “we”, “us”, “our”), regarding the collection, use, and disclosure of information that we receive when you use our services (as defined herein). This Privacy Policy (the "Policy"), together with our User Terms of Use, located at Terms & Condition, applies to your use of the Chippr website, chipprfitness.com (the "Site"), web widgets, feeds, mobile device software applications or any other mobile or web services or applications owned, controlled, or offered by Chippr (collectively, including the Site, the "Services"). This Policy applies to all users of the Site and the Services, whether as an Administrator (as defined in the Administrator Addendum) or as a user under your Administrator's Account. If you are a user of the Services under your Administrator's Account, we refer to you in this Policy, as a "User".

By using the Services, you are expressing your agreement to this Policy and the processing of your data in the manner provided in this Policy. If you do not agree to these terms, please do not use the Services.

This Policy applies only to the collection, use and disclosure of information by Chippr, and does not apply to any collection, use, and disclosure of your information and data by your Administrator.

Chippr relies on collecting personal information from you to reward you for engaging in Fitness challenges, On-site Events and Behavior change campaigns. Our primary goals in collecting such information are to provide you with an excellent service and overall user experience.

Information You Give Us.

When you engage in certain actions on the Chippr platform, you may provide us with information that can be used to identify you ("Personally Identifiable Information" or "PII"). This information may include your name, e-mail address, phone number, body measurement (including height, weight), sex, age, birth date, fitness information (general health, physical injuries, fitness level), workout goals (fitness goals, desired intensity, body part focus, fitness milestones), fitness resources, equipment, exercise preferences, workout schedule, and workout history. If you correspond with us by email, we may retain the content of your email messages, your email address, and our responses. We may also retain any messages you send through Chippr Services.

Information Your Administrator May Provide.

Your Administrator may provide us your Personally Identifiable Information or other information about you in order to allow you to register your Account and participate in Chippr Services.

Anonymous and Personal Information

We collect anonymous and Personal Information about you in order to provide you with the Program and Our services. “Personal Information” means any information, including personal and material circumstances, that allows a person to become identifiable. The Personal Information We are able to collect includes, but is not limited to:

  • Your contact information, including your name and last name, home, personal and business email addresses, and your phone number;
  • The email address you use to sign-in;
  • Your profile information, including your profile photo and background photo;
  • Your gender, date of birth and age;
  • Your social security number or employee ID number;
  • Biometric information such as your blood pressure or weight;
  • Information about your health and healthcare outcomes;
  • Insurance claims-related information;
  • Information about your fitness and related wellness activities offered within the Program;
  • Information about your participation and performance in the Program and any challenges;
  • The rewards you may be able to earn through Our Program;
  • The comments and contributions you may make on the web-based platform or mobile application; and
  • Additional information you may provide as you submit queries and requests to Us.

Please keep in mind that the extent of the Personal Information you may be able to share with Us will depend on the Program design and the features made available to you, as well as your level of participation in the Program. You are under no obligation to provide any Personal Information to Us at any time. However, if you choose to withhold some Personal Information, We may be unable to provide you with certain services.

Use of Personal Information

We will use the Personal Information collected only to provide you with access to Our services, including:

  • To administer and manage the Wellness Program
  • To identify you when you enroll or sign-in;
  • To track your progress in the Wellness Program and the rewards you earn;
  • To provide you with information about the Program and Program features;
  • To monitor suspicious activity and prevent fraud and other incidents from affecting your account; and,
  • To respond to your questions and requests.

Additionally, We may create “Anonymous Data” records by removing any Personal Information (including any contact information) that would allow the remaining data to be linked back to you. We may use Anonymous Data for internal purposes, such as analyzing patterns and Program usage to improve our services. Additionally, We may use Anonymous Data to analyze and understand demographic trends, customer behavior patterns and preferences, and information that can help Us enrich the content and quality of the Wellness Program.

Use of Information

We collect Personal Information you voluntarily provide as you submit it through the web-based platform and the mobile application, by reviewing your use of the web-based platform and mobile application (for example through the completion of a health assessment), your use of a synched tracking device and when you participate in our phone or on-site services and events. We may collect Personal Information through your use of additional services such as on-site services, group exercise classes, flu-shot clinics etc. We may also collect information about you and your participation in the Program through engagement surveys. We may also automatically collect additional information when you visit Our web-based platform or mobile application, including the type of browser used, the internet service provider (ISP), referring and exit pages, date and time stamps of activity on the platform, the accessing IP address (the unique address that identifies your device on the internet) and the operating system your device uses. We use this additional information to derive a broad, non-specific understanding of the locations from which Our Members access Our services, and to enhance the security controls around platform access. We also use it to analyze trends, administer the web-based platform, track Members’ movements on the platform and around the website, and to gather demographic information about Our Member base as a whole.

We will not share your specific Personally Identifiable Information (other than that information which you provided to the Administrator voluntarily), including Activity Data that we collect through the Services, with your Administrator. We do share health information, Activity Data, and other data we may collect through your use of the Services, in each case on an aggregated, anonymized basis, with your Administrator. We also share rewards/earnings, settings, and participation level with your Administrator in order to facilitate the program and deliver your rewards.

Personal Information

We may use your PII to:

  1. operate and improve current and future Services;
  2. understand you and your preferences to enhance your experience and enjoyment using the Services;
  3. respond to your comments and questions and provide customer service
  4. provide and deliver the services you request;
  5. send you related information, technical notices, updates, security alerts, and support and administrative messages;
  6. provide advertisers and other third-parties, including your Administrator, with aggregate information about you and other Users, the Site user base and usage patterns; and
  7. link or combine it with other information we get from third-parties and other Users of the Services to help understand your preferences and provide you with better services.
Non-Personally Identifiable Information

We may use non-Personally Identifiable Information ("Non-Personally Identifiable Information" or "Non-PII") for purposes such as measuring the number of visitors to sections of our Site, making the Site more useful to visitors and delivering targeted advertising and non-advertising content. We use IP addresses to analyze trends, administer the Site, track a visitor's movement, and gather demographic information for aggregate, non-personally identifiable use.

Disclosure of your information

We will not share aggregated health information, Activity Data, health outcomes and other information provided to Chippr Services by our Users with any outside parties on an individual level, unless otherwise necessary to provide you the functionality of the Services. We will also never share your work email without explicit permission from your Administrator, unless required by this Policy. We strive to maintain transparency and aim to give you ultimate control in what information you share and how it is used. Although we will not use or share your information with anyone except as described in this Privacy Policy, here are some limited circumstances where we may need to share your information:

We may share Personally Identifiable Information and non-personally identifiable information with your Administrator in order to offer you the rewards and benefits provided by Chippr Services. We may share Activity Data through a leaderboard with other Users if you are participating in a fitness challenge.

We may share Activity Data through a leaderboard with other Users if you are participating in a fitness challenge.

We may disclose your personal data if we are required to do so by law or subpoena or if we believe that such action is necessary to

(i) conform to the law, comply with legal process served on us or our affiliates, or investigate, prevent, or take action regarding suspected or actual illegal activities;

(ii) to enforce our Terms of Use, take precautions against liability, to investigate and defend ourselves against any third-party claims or allegations, to assist government enforcement agencies, or to protect the security or integrity of our site; and

(iii) to exercise or protect the rights, property, or personal safety of Chippr, our customers, or others.

As we develop our business, we may transfer or assign assets in the course of corporate transactions, mergers, or dissolution or sale of assets or business offerings. Data and information held by Chippr (including PII) may be transferred in connection with such business transactions.

From time to time We may need to disclose limited amounts of your Personal Information. We will only disclose your Personal Information for the following limited purposes:

  • To administer the Program, and services;
  • To coordinate enrollment in additional services made available to you;
  • To enhance your Program experience;
  • To provide you with information about the services available to you through the Program and platform, or provided to you by a Program Partner or a Third Party Provider;
  • To ensure that you receive appropriate rewards for participation in our services and other similar services provided by your Program Sponsor or Third Party Providers;
  • To evaluate the overall quality and effectiveness of the program(s) you may participate in;
  • To conduct in depth analytics about the Program;
  • To assess your eligibility for other programs that your Program Sponsor or Third Party Providers may offer;
  • To comply with applicable laws;

We may share non-personally identifiable information (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third-parties to help them understand the usage patterns for certain Chippr services.

Personal Information and other stored data

All your data, including any Personal Information We collect about you, is stored at Amazon Web Services data centers located in the United States of America (USA). Because your data is stored on USA soil, it may be subject to USA laws, including the “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001” (USA PATRIOT Act), as well as the jurisdiction of the USA government, tribunals, law enforcement and regulatory agencies, which may require Us to grant them access to your data.

Beyond the information necessary for enrollment you are not required to share any additional information with Us, however, choosing not to share information may limit your ability to earn Rewards if they are made available to you by your Administrator. You can choose to limit the data you share with Us by not inputting or not using certain features. However, once you have shared information, We are unable to accommodate requests to restrict the processing of certain sets of data. If you wish for Us to stop processing parts of your data, you can request that all data be deleted by cancelling your account.

Data Security

The security of your personal information is important to us. When you enter sensitive information (such as login, lifestyle information or, checking account number) on our forms, we encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and while in storage. No method of transmission over the Internet or method of electronic storage is 100% secure, however. Therefore, we cannot guarantee its absolute security. In the event that personal information is compromised as a result of a breach of security, Chippr will promptly notify those persons whose personal information has been compromised, via email or otherwise in accordance with the notification procedures set forth in this Policy, or as otherwise required by applicable law.

We are committed to protecting your data and your privacy. To ensure data security, We follow reasonable physical, electronic and managerial procedures designed to safeguard and secure your data and Personal Information. However, no company can fully eliminate security risks associated with the provision of online services.

Among the security features We use to protect your Personal Information and other data, We require that you create and use a username and unique password to access the web-based platform and mobile application. We use multiple layers of security to protect your Personal Information and data, including firewalls, intrusion detection tools and antivirus software.

Deletion of Data

If you want us to delete your data, you must contact your Administrator. If we receive a request from your administrator to delete your data, we will honor it. Even if we delete your data, your Administrator may continue to send information about you (including in some cases PII), to us. We are not responsible for your Administrator's actions or omissions with respect to terminating your participation or deletion of your data in Chippr Services.

You can object to Our processing of your data by contacting the Privacy Officer and notifying Us that you wish for your account to be suspended while your concerns about the processing of your data are resolved. Once you feel comfortable resuming use of the Program, you can contact your Administrator to unlock your account. If you realize during the time your account is suspended that you do not feel comfortable resuming use of the Program, you can cancel your account. Your data will be deleted in accordance with our standard process, except that you will not be able to access your account while the cancellation process takes place, unless you first request for the suspension to be lifted.

Information for California Residents

California privacy laws require that we provide California residents information about how we use their personal information, whether collected online or offline. Under the CCPA, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular resident or household. Chippr does not sell personal information of California residents to other entities. However, if California residents receive access to Chippr services through their employer, we may share personalized information about their usage of Chippr services with their employer. If they choose to opt-out of this they may do so by emailing us at fitness.support@chippr.net. Chippr will comply with the California Consumer Privacy Act (CCPA) effective January 1, 2020.

Chippr communication

If you have opted to receive push notifications on your mobile device, We may, from time to time, send you push notifications to provide you with reminders and notices. If you no longer wish to receive such communications, you may turn them off at the device level.

From time to time, We may send you e-mails or newsletters with information about your Program, any available features, and services. Depending on your country of residence, you may be given the opportunity to opt-in to receive our communications as you enroll in the platform. Regardless of your initial selection, you may opt-out of our communications, free of charge, at any time, by updating your preferences in your account profile information, or by contacting Us directly.

You may share your phone number with us or We may receive it from your Administrator or third party. If you are a US resident, by accepting this Agreement, you expressly consent and give your permission for Us to contact you directly, including, but not limited to, via phone, the use of an Automated Telephone Dialing System, prerecorded and/or artificial voice, SMS, MMS, text, fax or other similar means, at any phone number whether such information is provided by you, your Administrator or another third party.

Chippr Surveys

We may be able to create and submit customized Chippr Surveys for its Members to complete. We do not contribute to the creation of the questions in these surveys and do not review the questions in these surveys. If you decide to take part in a Chippr Survey the results will be shared with your Administrator in aggregated reports. Your Administrator will not be able to identify you from these reports. However, if the survey offered gives you the ability to respond to a question by writing in a response, the response will be shared with the Administrator. If you include identifiable Personal Information in these open-ended responses, your Administrator may be able to identify you.

Health Assessment Information

Depending on your Program design, you may have access to a health assessment questionnaire. Health assessments can be customized by Administrators and may be used to assess your overall health, your lifestyle across multiple areas of wellbeing or both. You do not have to complete the health assessment if you do not want to share this type of information with Us.

Activity Trackers

You will be able to connect activity trackers, such as smart watches, and other Apps, to your account. If you choose to synchronize an activity tracker with the Fitness Challenges, We will receive limited information about your activity to populate your account. Activity tracking devices can track a wide number of different aspects of your daily activities, including, among others, your daily steps and fitness activity, your heartbeat, RHR and sleep pattern. From this information, We are able to determine your total active fitness minutes and calories consumed.

Depending on the brand and model of activity tracker you use, the data collected may vary. In general, companies selling activity tracking devices have specific privacy policies available, which outline what data the specific activity tracking device collects. We strongly suggest you review the right privacy notice to know what specific data points your activity tracking device collects about you. Additionally, if you wear the tracker to sleep, it can recognize the length of your sleep from how long you lie still.

Information from other sources

We may receive information about you from various sources to support the Program and services included in it. The sources may include:

Your Administrator

Depending on your plan, your Administrator may provide us your Personal Information to identify you as an individual who is able to join the Health & Wellness Program and become a Member. We call this an “Eligibility File”. Please contact your HR directly if you wish for your Employer to stop sending Us information about you. Keep in mind that if you are removed from the Eligibility File you will no longer have access to the Program and will not be able to enroll in the Wellness Program.

Our Program Partners

With your prior approval, and depending on your plan, you may have access to organizations that provide biometric or lab testing services or companies that provide you with additional services (Our Program Partners). If you use these services, Our Program Partners may share activity information and results with Us.

Your health insurance provider

With your prior approval, We may receive healthcare-related information from your healthcare provider and any clinics or organized care facilities with which your provider is associated. At the direction of your Administrator, your health insurance provider may share claims-related information with Us.

Publicly available databases

We may receive information about you from other sources including publicly available databases or third parties from whom we have purchased data. We combine this data with information We already have about you. This can help Us analyze Our records to better evaluate the effectiveness of Our services.

Examples of the types of Personal Information that We may obtain from public databases include:

  • The U.S. Federal Do Not Call registry, to verify do not call preferences recorded there;
  • Census and other aggregate data sources containing statistical information about people who share some of your traits or demographic markers.
Tools

Chippr, its Program Partners and vendors use tools such as Cookies, tags, scripts and other similar technologies to enhance and support your experience on the platform. These technologies help Us administer the web-based platform and mobile application, measure traffic patterns and the total number of users, as well as to personalize and customize the platform’s content, so that your settings are “remembered” when you login.

Cookies are small pieces of text sent to your browser by a website you visit. Cookies help our web-based platform to remember information about your visit, like your preferred settings. Cookies play an important role, they can make your next visit easier and the web-based platform more useful to you. Depending on your location, additional information about Cookies may be presented to you when you visit the web-based platform, and you are given the opportunity to object to the use of Cookies. However, please be aware that by blocking or deleting Cookies you may not be able to take full advantage of the web-based platform or mobile application.

Our web-based platform uses Cookies to collect information about Member usage of the Program. Additionally, some Cookies on our web-based platform are set by third parties who are delivering services on our behalf. Within the mobile application, webpages are sometimes displayed. Cookies allow you to avoid having to re-enter your login credentials when accessing web pages.

We use Cookies:

  • To remember that you have used the website before, allowing Us to identify you, as well as the number of unique visitors We receive and manage capacity;
  • To allow you to navigate the website more quickly and easily;
  • To remember your log-in session as you move from one page to the next within the platform;
  • To store your settings and preferences;
  • To customize some aspects of the platform to reflect your interests and preferences; and
  • To collect statistical information about how you use the website, allowing Us to improve our services over time.
Mobile Analytics

We use mobile analytics software to allow Us to review the functionality of Our mobile software on your phone, and how to improve its quality and Our services. The mobile analytics software may record information such as how often you use the mobile application, the events that occur within the mobile application, crash reports and performance data, where the application was downloaded from and other metrics, such as aggregated usage. The information collected by the mobile analytics software is managed separately from other Personal Information you submit within the mobile application.

Links to third party websites and mobile applications

Our web-based platform and mobile application may contain links to other websites that We do not own or control. We provide these links and connections for your convenience. We have no control over these third parties, their privacy policies, and the content they display on their websites or mobile applications. If you choose to submit Personal Information while visiting these websites or using these mobile applications, please be aware your rights will be governed by the third parties’ privacy policies. We strongly encourage you to carefully read the privacy notice of any website or mobile application you visit or use.

We have offices and subsidiaries in the USA and India. Our employees at these locations may be required to access your Personal Information to allow Us to provide you with quality services. Our employees are obligated to respect the confidentiality of your Personal Information and are only authorized to access your Personal Information as necessary to provide you with services or support.

If you participate in Fitness challenges, the other members participating in the fitness challenges will have access to (a) certain portions of your profile, (b) the number of steps you have taken in challenges you choose to participate in, and (c) other activity data related to your participation in the Fitness challenges.

To the extent that you participate in any wellness challenges or competitions as part of the Services, please be aware that your name and performance information will be available to other Members participating in the challenge or behavior campaign or events, and to your Administrator. Additionally, the Program may make message boards and messaging forums available to you. Please be aware that any information disclosed in these settings may become public information. You should exercise caution if disclosing Personal Information while using these features.

Third Party Providers

We may, from time to time, share your Personal Information with third parties to allow Us to provide you with our Services. If We need to share your Personal Information with third parties, We will limit the information disclosed to the minimum amount necessary to ensure the provision and quality of the services We offer you. We never use, disclose, or share your Personal Information for marketing purposes, and We never sell, rent or lease your Personal Information. Subject to any limitations imposed by applicable laws, we reserve the right to disclose Anonymous Data at our discretion.

In the event that We (a) undergo reorganization or liquidation under bankruptcy, or (b) are sold to a third party, any Personal Information We hold about you may be transferred to the reorganized entity or third party, in accordance with applicable laws. In any such event, the new entity will continue to use your Personal Information in accordance with and within the limits of this Notice to ensure continuation of service.

We may use or disclose your Personal Information to allow your participation in additional third-party provided wellness services or to support the administration of the Program. These third parties may be Our partners (“Program Partners”), your Program Sponsor, or other entities your Program Sponsor contracts with directly (“Third Party Providers”). We may provide information in an anonymous and aggregated format or provide your Personal Information in a group format to third parties that process that Personal Information (“Analytics Processors”) to generate Anonymous Information and derive analytical information. The Analytics Processors do not have any independent right to use your Personal Information, except to provide the aggregation and analysis services.

Our Program Partners are industry leading health, wellness and wellbeing providers We select to enhance your experience. In certain instances, the use of such Program Partners may require you to provide additional Personal Information and data to these Program Partners. If you choose to use Program Partner services or you provide additional Personal Information and data to these Program Partners, you will be subject to the Program Partner’s privacy notice and terms of use.

You can request the names of Our Program Partners, Third Party Providers and partnering organizations by contacting Us or your Administrator.

Anonymization of Personal Information

In some instances, We may disclose your Personal Information to agents or contractors that work on Our behalf and assist Us in providing and supporting the services We offer. This may include analyzing your data, or helping Us to communicate important information about the Wellness Program.

We may share anonymized and aggregated data with your Administrator. Your Administrator will not be able to use such anonymized information or aggregated reports to directly identify you. Your Administrator may use the anonymized information in its discretion, including to evaluate the overall program, as well as to provide additional benefits, programs and services. In specific circumstances and for limited purposes aimed at supporting proper Program administration, for example to ensure you are rewarded for your participation in the Fitness challenges, Behavior Campaign and Events or to support tax compliance, We may share reports containing identifiable information with your Administrator or third parties selected by your Administrator.

If your activity information indicates there may be an abnormality or Program abuse, We may share your activity information with your Administrator and make adjustments, suspend or terminate your account, in accordance with your Administrator’s instructions.

If your Administrator is your Health Plan provider, We may share additional information about you and your participation in the Program, to ensure you are provided access to any additional services, engagement opportunities, rewards and benefits that may be offered through your Health Plan.

Government entities

Chippr may be required to disclose your Personal Information if:

  • Legally required to do so by governments, tribunals, law enforcement and regulatory agencies (for example as part of an ongoing investigation, subpoena, similar legal process or proceeding);
  • As otherwise required under any applicable law, regulation, or rule; and
  • If We believe, in good faith, that such disclosure is necessary to protect or defend our rights or the rights of others, to assist in an investigation or to prevent illegal activity.
Review and Change of Personal Information

You can review and change your Personal Information by logging into the mobile application. All our Members, regardless of residency, except in specific circumstances identified by local laws, have a legal right to access and correct or update the information We have collected about you. You can also request a copy of all the Personal Information and data We hold about you. We will provide you with a copy of all the data We have collected about you in a standard format (such as Excel) through a secure channel. You can contact Us to request a copy of all your Personal Information or to request a change in your Personal Information through the “Data Requests” option in the mobile application. We will respond to your request within a reasonable timeframe.

Please keep in mind that We may not be able to accommodate your request if We reasonably believe the change would violate any laws or cause the information to be inaccurate or incorrect. Additionally, We may not be able to fulfill a request where it would impose a burden on Us that is disproportionate to the risk to your privacy, or where your request may affect another individual’s rights to privacy. If We are unable to fulfill a request We will provide you with the reasons why we are unable to comply.

Changes in Privacy Notice

We may update this Notice from time to time to reflect changes in Our information practice and services offered. If We make any material changes to this Notice, you will be notified via an update notification, and you will be given the opportunity to review and accept the new Notice prior to being able to access the platform or continue to use the Program. The date indicating the last update can be found at the top of the Notice. If there are typographical mistakes, like grammar or spelling errors, in the Notice we may correct them without notifying you.

Please note that any translation of this Notice is intended solely to facilitate your access to this information. The English version is the only official version of this Notice and any translation inaccuracies or discrepancies are not binding and have no legal effect for compliance or enforcement purposes.

Complaint against Chippr and its data privacy practices

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Data Protection Officer (DPO)

If you have any questions, comments or concerns, about this Notice, or your rights and obligations under this Notice, you may contact Us via email at mukundu@chippr.net or via the “Contact Us” section of the Chippr web-based platform and mobile application.

Changes to Privacy Policy

We may update this Policy to reflect changes to our information practices. If we make any material changes to this Policy, we'll notify you of such changes by posting them on the Services or by sending you an email or other notification, and we'll indicate when such changes will become effective.