Engage Privacy Statement

Last Update: June 22, 2018



Anthem, Empire, and Blue Cross Blue Shield of Georgia health plan and wellness program members, welcome to the engage.castlighthealth.com (including its subpages and our mobile app (Engage Wellbeing), collectively, "Sites"). The Sites provide a United States based service (the "Service") offered by Castlight Health, Inc., including its subsidiaries Engage Technologies, Inc., and Jiff, Inc. ("Company") in association with your Anthem health plan or wellness program ("Anthem").

Company’s most important asset is our relationship with you. Company respects your privacy and takes Internet privacy very seriously. In this Privacy Statement, we would like to tell you what information we collect, what we use it for and when and to whom it may be disclosed.

By using engage.castlighthealth.com (including its subpages, collectively, "Engage Websites"), you are agreeing to Company’s Terms of Use (which incorporates by reference this Privacy Statement) and to the practices described in this Privacy Statement, including consenting to the use and disclosure of certain information, including "Personal Information" (which means information that may make you personally identifiable) provided to us as outlined in this Privacy Statement. This Privacy Statement only applies to the Engage Websites.

This Privacy Statement describes how Company collects and uses the Personal Information you provide on the Engage Websites or Personal Information we receive about you from third parties. It also describes the choices available to you regarding our use of your Personal Information.

If you have questions or complaints regarding our Privacy Statement or practices, please contact us at Engage Technologies, Inc., 150 Spear Street, Suite 400, San Francisco, CA 94105, Attn: Chief Privacy Officer or privacy@castlighthealth.com or calling us at (888) 722-0483..


COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION:

We will not use your Personal Information that is collected on the Engage Websites in ways different than from what is disclosed in this Privacy Statement. The below language explains (1) how we collect your Personal Information, (2) what types of Personal Information we collect, (3) how we use your Personal Information, and (4) with whom we may share your Personal Information..


1. How we collect your Personal Information:

We will collect your Personal Information in a variety of ways, including but not limited to from: (i) when you provide us with your Personal Information while using the Engage Services, (ii) data that is imported or exported through any third-party applications, devices, services, or programs, including the Anthem Clinical Programs, (iii) information we collect through any service providers, vendors, consultants, your Anthem health plan or wellness program and/or third party administrators of your health plans ("Administrators") or other third parties with which you engage in healthcare transactions, and (iv) information collected through log files (as is true of most websites, Company automatically collects and stores in log files the Internet Protocol (IP) address of the computer you are using; the name of the domain and host from which you access the Internet; the browser software you use and your operating system; the date and time you access the service; and the Internet address of the website from which you directly linked to the Engage Website(s). We may combine this automatically collected log information with other information we collect about you. Company uses this log file information to analyze trends, monitor service traffic and usage patterns for internal marketing and security purposes, and to help make the Engage Websites more useful.


2. What types of Personal Information we collect from you:

Company may collect Personal Information from you directly as well as in connection with: (A) your use of the Engage Services, (B) your use of third-party devices and/or services, (C) your Employer or Anthem.

A. Personal Information we may collect from you directly or via your use of the Engage Services:

  • Demographic and general health information, including date of birth, social security number (or other unique identifier), gender, zip code, height, weight.
  • Unique temporary or persistent device identifiers or certain hardware information about your computer or mobile device, such as internet protocol (IP) address.
  • Data related to activity, sleep and food and other information that you enter or upload into your tracking device, webpage or mobile application.
  • Calendar information through access to your calendar if you authorize such access.
  • Fitness tracker information you provide or authorize to be provided.
  • Financial information, such as credit card information, if you choose to provide such information. (Please note: If you use a credit card in the Engage store, your credit card information will be shared with our credit card processing company, which is only authorized to use your Personal Information to perform the necessary services.)
  • Challenge completion status (i.e., "Started", "In Progress", or "Completed") as well as the steps and actions you have taken to achieve the status.
  • User behavior based upon click stream history or contained in log files (e.g. how you are using Engage applications and which pages you have visited).
  • Additional information that you add manually to the Engage Services, including answers to surveys, questionnaires, as well as behavioral information, goals, and preferences.

B. Personal Information we may collect from your use of third-party devices and/or services:

  • Personal Information submitted by your Administrators and/or service providers (such as imaging facilities and labs).
  • Personal Information collected through your tracking device or tracking application, unless you turn off the tracking feature.
  • Geolocation information that may be automatically transmitted by certain tracking devices and applications you may elect to use.
  • Data concerning health status such as Health Risk Assessments (HRA) and biometric data (such as body mass index, blood pressure, cholesterol).
  • Data concerning managed health including disease and care management for chronic conditions such as diabetes, asthma, autism.
  • Data concerning Employee Assistance Programs (EAP).
  • Data concerning access to care including virtual care services such as second opinion and telemedicine.
  • Data concerning finance and wealth management including retirement services such as your 401(k) and tax-advantaged savings services such as Health Savings Accounts (HSA), Flexible Spending Accounts (FSA).

C. Personal Information we may collect from your Employer or Anthem:

  • Your last name, email address, and employee ID, date of birth, mailing address, user photo, and any additional information as required to provide the Engage Services.

3. How we and/or your Anthem health plan or wellness program use the Personal Information we collect from you:

  1. To administer, monitor and moderate the Engage Services.
  2. To direct you to programs, actions, content, and events that are most relevant and helpful to you.
  3. To implement and provide you with Engage Services customized to your needs.
  4. To send notices or other communications to you from time to time.
  5. To update terms, conditions, and policies.
  6. For internal purposes such as auditing, data analysis and research, and improvement of content and performance.
  7. To promote the Engage Services.
  8. To administer any sweepstakes or promotions, purchases, donations or other. activities that you are involved in using the Engage Services or related third-party services.
  9. To support incentives that encourage you to use programs that can help you achieve your goals.
  10. To create aggregated anonymous analytical data.
  11. Company and/or Anthem may, to the extent permitted under applicable laws including HIPAA (Health Insurance Portability and Accountability Act of 1996), provide your Employer on an ongoing basis with data necessary to enable Your Employer to manage incentive, reward, and wellness programs, including providing points earned to administrate subsidies and other benefits related accounting processes. This may include aggregated and anonymized data related to program performance and population health to employers for the ongoing administration and evaluation of the programs. Unless permitted under HIPAA, Company and/or Anthem will not disclose Protected Health Information ("PHI") (as defined in HIPAA) to Your Employer.


4. With whom we share your Personal Information:

Company will not disclose Personal Information to third parties other than as provided for in this Privacy Statement, except when required to do so by law such as to comply with a subpoena or similar legal process, or when you have otherwise consented to additional use or disclosure of the information. We may also disclose your Personal Information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request, and if Company is involved in a merger, acquisition, or sale of all or a portion of its assets. You will be notified via email and/or a prominent notice on the Engage Websites of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.

If you use the Engage Services to link to another website, you may decide to disclose Personal Information at that website. For example, you might provide your contact information to obtain an information packet from an organization. Please be aware that in contacting that website, or in providing information on that website, that third party may obtain Personal Information about you. This Privacy Statement does not apply when you leave the Engage Website and go to a third party website. We encourage you to be aware when you leave our service and to read the privacy Statement of each and every website that collects Personal Information.

We may provide your Personal Information to companies that provide services to help us with our business activities. These companies are authorized to use your Personal Information only as necessary to provide these services to us. Our policy is to require companies with whom we do business to support the same privacy policies as we do. These parties are not allowed to use Personal Information except for the purpose of providing these services. Note that any disclosures to your health plan will be in strict compliance with the limitations imposed on disclosures of PHI to a group health plan under the HIPAA Privacy Rule.


De-Identified Information

On occasion, Company may make arrangements with certain customers or business partners to share certain de-identified aggregate information in order to assist such customers or business partners improve their service (such as evaluating patterns, utilization, usage and trends). Company may also share such information with you or other users of our service. This type of information may be based in part on information related to you, but does not allow for the personal identification of any individual (in other words, it is "patient de-identified"). This information will not be used by the customer or business partner for marketing and/or any purpose other than as set forth above.

  • Company removes your identity from your personal information (contact, health and/or financial) and may work with it as anonymous ("de-identified") information.
  • De-identified individual information is information about a user presented in a form where information about one anonymous user would be indistinguishable from information relating to other anonymous users. De-identified individual information is not in a form that allows anyone studying the information to personally identify any user.
  • Aggregate information is information that describes the habits, usage patterns and/or demographics of users as a group but does not reveal the identity of particular users. Your anonymous data is combined with the anonymous data of other Company users and becomes statistics. We may use aggregate information within Company to understand the needs of the Engage user community and determine what kinds of programs and services we can offer you. Company could use this anonymous information to give potential users or business partners a picture of the Company community and services. Aggregate information may be provided to third parties. Absolutely no personal identifying information is included in the aggregate reports; each individual remains anonymous.

Opting-Out or Opting-In to Specific Uses of Information

If your Personal Information changes, or if you no longer desire information regarding our service, you may correct, update, amend, or ask to have the information removed by emailing privacy@castlighthealth.com or Customer Support at support@castlighthealth.com, or by postal mail at Engage Technologies, Inc., 150 Spear Street, Suite 400, San Francisco, CA 94105, Attn: Chief Privacy Officer. We will respond to your request within thirty (30) days.

Company may provide service updates, tips or education, or may market the Engage Services to you as a potential user or if applicable to provide information about available benefits. Out of respect for your privacy, you will be able to opt-out of any such communications at any time. You can expect to receive one to two emails per month from Company. To opt-out of Company email, please click the "unsubscribe" link at the bottom of any email or send an email with the subject line "Unsubscribe" to support@castlighthealth.com.

Company may also send you marketing related SMS or other text or native mobile messages. To opt-out of these messages text "STOP" to 27978 or reply "STOP" to a text message received from Company. For additional information, text HELP to 27978. You may also call (888) 722-0483 or email support@castlighthealth.com.

If you are not signed up to receive SMS but would like to opt-in, text “SIGNUP” to 27978. You can expect to receive up to four (4) messages per month from Castlight. Message and data rates may apply from your mobile carrier.

Supported carriers are: AT&T, T-Mobile® (T-Mobile® is not liable for delayed or undelivered messages.), Verizon Wireless, Sprint, Boost, U.S. Cellular, Cellular One, MetroPCS


Storage and Maintenance of Information

Company will store and maintain your Personal Information in accordance with this Privacy Statement and based on information we receive from your Employer or Administrator. We will also retain your information as needed to provide you services and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.


Security

We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any questions about security on the Engage Websites, you can contact us at privacy@castlighthealth.com or (888) 722-0483.


Tracking Technologies

Technologies such as: cookies, beacons, tags and scripts and other storage technologies to collect or receive information are used by Company and our partners (including digital advertising partners such as Facebook and Google), affiliates, or analytics or service providers (such as webinar providers). These technologies (such as Google Analytics) are used in analyzing trends, providing measurement services, administering the Engage Websites, tracking users’ movements around the Engage Websites and elsewhere on the internet, marketing our service (including via targeted remarketing ads), and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis. More specifically, Company uses Crazy Egg’s Analysis Service for the Engage Websites to learn more about how visitors are interacting with publicly available content. You can visit Crazy Egg’s privacy policy here and their opt-out feature at here.

Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use the Engage Websites, but your ability to use some features or areas of such Engage Websites may be limited. You may opt-out of our partners’ use of cookies by exercising your choice here and here. Additionally, you can find out more about how Google uses data here.

We use Local Storage Objects (LSOs) such as HTML5 to store content information and preferences. Third parties with whom we partner to provide certain features on the Engage Websites or to display advertising based upon your web browsing activity use LSOs such as HTML 5 to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs.

We partner with a third party to manage our advertising on other websites. Our third party partner may use technologies such as cookies to gather information about your activities on these other websites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here. Please note this does not opt you out of being served ads. You will continue to receive generic ads.

The Engage Websites may include social media features, such as the Facebook Like button and widgets, such as the share this button or interactive mini-programs that run on such Websites. These social media features may collect your IP address, which page you are visiting on the Engage Websites, and may set a cookie to enable such features to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Engage Websites. Your interactions with such features are governed by the privacy Statement of the company providing it.

Questions. If you have any questions about this Privacy Statement or the use of your information via Company, please contact us at privacy@castlighthealth.com.


Miscellaneous

Protection of Privacy: In order to protect your privacy, never share your sign-in name or password and always log out of the Engage Website or mobile app when you are finished using the service.


Changes to the Privacy Statement

Company will only use your Personal Information in the manner described in the Privacy Statement in effect when we collected the information from you. However, we reserve the right to change the terms of this Privacy Statement at any time by posting those changes on our service so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point, we decide to use personally identifiable information in a manner different from that stated at the time it was collected or if we make any material changes, we will document such change on the Engage Websites. We urge you to check here for any updates to this Privacy Statement from time to time.