Last Updated November 10, 2017
1. Collection of Information
2. Information Collection, Use and Disclosure
- Information Requests. If you wish to request more information about Castlight, you are required to provide contact information such as your name and email address. This information will be used by Castlight to contact you about our services.
- Log Files. As with of most websites, Castlight automatically collects and stores in log files the Internet Protocol (IP) address of the computer you are using; the name of the domain and host from which you access the Internet; the browser software you use and your operating system; the date and time you access the service; and the Internet address of the website from which you directly linked to Castlight. We may combine this automatically collected log information with other information we collect about you. Castlight uses this log file information to analyze trends, monitor service traffic and usage patterns for internal marketing and security purposes, and to help make the Castlight Health Corporate Websites more useful.
- Information from Third Parties. We may receive information about you from third parties. For example, we may supplement the information we collect with outside records or third parties may provide information in connection with a business relationship. If others give us your information, we will only use that information for the specific reason, if any, for which it was provided to us.
- Information about Third Parties. We may also collect from your information about your contacts. Your disclosure of such information is completely voluntary. For example, we may collect names and email addresses in order to forward job postings. When you provide us with information about your contacts, we will only use this information for the specific reason for which it was provided.
Additionally, your information may also be used and disclosed as follows:
- Survey you to evaluate and improve the Castlight service. If you choose to participate, we will request certain personal information from you. Participation in these surveys is completely voluntary. The requested information typically includes contact information (such as name and business address). We use this information to improve the service accuracy and develop new products. We may use a third party service provider to conduct these surveys or fulfill any prizes associated with campaigns. We will not share the personal information you provide through a contest or survey with other third parties for a reason unrelated to the contest or survey unless we give you prior notice and choice.
- Locator information, which may include your name, email address, physical address, and/or other data that enables someone to personally identify you. Castlight and your Internet Access Provider may use locator information as is necessary to enforce any of the terms of the Castlight Terms of Service.
- Provide access to gated areas of the Castlight Health Corporate Websites such as for webinars.
- Operate the Castlight service.
- Provide information as required by law.
- Update you on the Castlight service and its benefits.
3. Disclosure of Information
- Service Providers. We may provide your personal information to companies that provide services to help us with our business activities (e.g. marketing). We may also provide personal information you choose to share with us on our recruiting webpage with third parties who provide recruiting related services to us. These companies are authorized to use your personal information only as necessary to provide these services to us.
4. Opting Out or Opting In to Specific Uses of Information
- If your personal information changes or if you no longer desire information regarding our service, you may correct, update, amend, or ask to have the information removed by emailing email@example.com or Customer Support at firstname.lastname@example.org, or by postal mail at Castlight Health, Inc., 150 Spear Street, Suite 400, San Francisco, CA 94105, Attn: Chief Privacy Officer. We will respond to your request within thirty (30) days.
- In certain situations, Castlight has no direct relationship with the individuals whose personal information it processes (e.g. if someone submits your name and email address to refer you for a job posting). An individual who seeks access, or who seeks to correct, update, amend, or delete inaccurate data should direct their query to Castlight. We will respond to requests within thirty (30) days.
- Updates and Castlight Service Marketing. Castlight may provide service updates, tips or education, or may promote the Castlight service to you as a potential user or if applicable, to provide information about available benefits. You can expect to receive one to two emails per month from Castlight. You will be able to opt-out of any such email communications at any time. To opt-out of Castlight email, please click the “unsubscribe” link at the bottom of any email or send an email with the subject line “Unsubscribe” to email@example.com. To opt-out of any text messages from Castlight, please reply with “unsubscribe” in your message.
5. Storage and Maintenance of Information
We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure and we cannot guarantee its absolute security. If you have any questions about security on the Castlight Health Corporate Websites, you can contact us at firstname.lastname@example.org.
We may use Local Storage Objects (LSOs) such as HTML5 to store content information and preferences. Third parties with whom we partner to provide certain features on the Corporate Health Corporate Websites or to display advertising based upon your web browsing activity use LSOs such as HTML 5 to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs. To manage LSO storage, please click here.
We partner with a third party to manage our advertising on other websites. Our third party partner may use technologies such as cookies to gather information about your activities on these other websites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here [or if located in the European Union click here]. Please note this does not opt you out of being served ads. You will continue to receive generic ads.
9. EU-U.S./EU-Swiss Privacy Shield
Castlight participates in and has certified its compliance with the EU-U.S. and Swiss-US Privacy Shield Framework. Castlight is committed to subjecting all personal data received from European Union (EU) member countries or Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.
Castlight is responsible for the processing of personal data it receives under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Castlight complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Castlight is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Castlight may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) here.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.