USER PRIVACY STATEMENT
Effective from 25 May 2018.
Capitalized terms not defined in this policy will have the meanings set forth in the Terms & Conditions.
Scope and Application
9zest is committed to protecting your personal information, Protected Health Information (“PHI”) and privacy. This policy describes the information we collect from you and how we use and secure it. We are required by law to maintain the privacy of your PHI and to provide you with notice of its legal duties and privacy practices with respect to your PHI. Please review our detailed HIPAA Notice here.
This Privacy Statement (“Statement”) applies to persons (“Users”) anywhere in the world who use our Services. If you use the Services as both a User and a Coach, the respective privacy statements apply to your different interactions.
Consent to Service Emails
By agreeing to this Privacy Statement within the Terms & Conditions, you agree to receive communication from 9zest via email to better serve you as a User (Service Emails). These emails include Weekly Reports, 9zest Blogs and Articles, Clinical Trials, Online Group Sessions, Progress Meter Reminders, Assessment Reminders, and Missed Workout Reminders.
You can manage what kind of emails you want you receive here, though Service Emails will be turned on by default.
Your Rights and Access to Your PII and PHI
Under certain circumstances, you have rights under data protection laws in relation to your PII and PHI (Personal Data). You have the right to:
Request access to your Personal Data (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. For example: under HIPAA we are required to store your PHI for 7 years. Some Personal Data may remain in backup copies as legitimate interest.
Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent
If you wish to exercise any of the rights set out above, please contact us.
Collection of Information
Information You Provide to Us
You may browse the Website without providing any personal information that may be used to identify you personally (“Personally Identifiable Information” or “PII”) or PHI. If you do not provide PII, you cannot enjoy Services. If you choose to provide us with your PII, you are agreeing to the processing and storage of your information in the United States and other countries in compliance with the United States Privacy Act and the European Union GDPR.
We collect information you provide directly to us, such as when you create or modify your account, request on-demand services, contact customer support, or otherwise communicate with us. This information may include name, gender, date of birth, email, subscription preference (newsletter), profile image, username, password, deviceID, platform, model, manufacturer, serial number, weight, height, level of activity, conditions, condition questionnaire responses, and exercise logs.
We collect PHI such as, but not limited to, the fitness level and specific medical condition including injury history, gender, preferences, session summary, name and sequence of your exercise programs, your 9zest statistics and history, including the number of sessions you have done per month and in total, details such as per exercise performance, heart rate profile (if a monitor was used), calories burned, difficulty level, Coach’s notes, etc.
We collect the following information about your goals and medical condition: fitness goals and time period in which you intend to achieve it, medical condition, any related information that you may want to share. Such information may include the biometric and other relevant information. Examples of such information are the UPDRS score, BMR, fasting and random sugar level, etc.
We may use and disclose your PHI in connection with our operations, such as providing customer services and conducting quality review assessments. We may engage third parties to provide various services to us. If any such third party must have access to your PHI in order to perform its services, we will require that third party to enter an agreement that binds the third party to the use and disclosure restrictions outlined in this Notice.
We are permitted to disclose your PHI upon your written authorization, to the extent such use or disclosure is consistent with your authorization. You may revoke any such authorization at any time.
PHI will be shared with the Coaches assigned to help achieve your goals. Additionally the information may be shared with our support staff as well as used to improve our system, for statistical purpose and for efficiency reports to measure performances of our programs.
We may use and disclose your PHI as required by law.
We collect any information provided during the course of your interactions with us or with the 9zest Coaches (i.e., content of emails, “Contact Us” form, etc.) and other information you choose to provide.
We collect personal information directly when you provide it to us, automatically as you navigate through the Websites, or through other people when you use services associated with the Websites.
We collect your personal information when you provide it to us when you complete membership registration and buy or provide items or services on our Websites, subscribe to a newsletter, email list, submit feedback, enter a contest, fill out a survey, or send us a communication.
Information We Collect Through The Use Of Our Services
When you use our Services, we collect information about you in the following general categories:
Location Information: We request permission for our Application collection of precise location from your device per the permission system used by your mobile operating system. If you initially permit the collection of this information, you can later disable it by changing the location settings on your mobile device. However, this will limit your ability to use certain features of our Services. Additionally, disabling our Application’s collection of location from your device will limit our ability to engage appropriate coach for you as our ability to derive approximate location from your IP address may not be precise.
Contacts Information: If you permit our Application to access the address book on your device through the permission system used by your mobile platform, we may access and store names and contact information from your address book to facilitate social interactions through our Services and for other purposes described in this Statement or at the time of consent or collection.
Transaction Information: We collect transaction details related to your use of our Services, including the type of service requested, date and time the service was provided, amount charged, advice given, medical history and progress, and other related transaction details. Additionally, if someone uses your promo code, we may associate your name with that person.
Device Information: We may collect information about your mobile device, including, for example, the hardware model, operating system and version, software and file names and versions, preferred language, unique device identifier, advertising identifiers, serial number, device motion information, and mobile network information.
Skype, WhatsApp, phone call and SMS Data : Our Services facilitate communications between Users and Coaches. In connection with facilitating this service, we may use applications and communication mechanism such as Skype, WhatsApp, email, Phone Call and SMS Data, and also may collect information including date and time of interaction and content of the message. You should maintain the confidentiality of your data while using such applications and communication mechanism. 9zest shall not be held responsible for any liabilities that arise due to your negligence to hold confidentiality of your data.
Log Information: When you interact with the Services, we collect server logs, which may include information like device IP address, access dates and time, app features or pages viewed, app crashes and other system activity, type of browser, and the third-party site or service you were using before interacting with our Services.
The most common types of information we collect include things like usernames, member names, email addresses, IP addresses, other contact details, survey responses, blogs, photos, payment information such as payment agent details, transactional details, support queries, forum comments, content you direct us to make available on our Websites (such as item descriptions) and web analytics data (Google Analytics, CleverTap, Apps Flyer, Facebook, UX Cam, Bing Webmasters).
Important Information About Platform Permissions
Most mobile platforms (iOS, Android, etc.) have defined certain types of device data that apps cannot access without your consent. And these platforms have different permission systems for obtaining your consent. The iOS platform will alert you the first time the 9zest app wants permission to access certain types of data and will let you consent (or not consent) to that request. Android devices will notify you of the permissions that the 9zest app seeks before you first use the app, and your use of the app constitutes your consent.
Information We Collect From Other Sources
We may also receive information from other sources and combine that with information we collect through our Services. For example:
If you choose to link, create, or log in to your 9zest account with social media service (e.g., Facebook or Google+), or if you engage with an app or website whose API we use, we may receive information about you or your connections from that site or app.
If your employer uses one of our solutions, we may receive information about you from your employer.
When you request coaching services, our coaches may provide us with a User rating after providing services to you.
If you also interact with our Services in another capacity, for instance as a coach or user of other Applications we provide, we may combine or associate that information with information we have collected from you in your capacity as a User.
Use of Information
We may use the information we collect about you to:
Provide, maintain, and improve our Services, including, for example, to facilitate payments, send receipts, provide products and services you request (and send related information), develop new features, improve existing features, develop safety features, provide customer support to Users and Coaches, authenticate users, and send product updates and administrative messages;
Perform internal operations, including, for example, to prevent fraud and abuse of our Services; to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; and to monitor and analyze usage and activity trends;
Send or facilitate communications (i) between you and a Coach, such as estimated number of session engagements, or (ii) between you and a contact of yours at your direction in connection with your use of certain features, such as referrals, invites, split charge requests, or session sharing;
Send you communications we think will be of interest to you, including information about products, services, promotions, news, and events of 9zest and other companies, where permissible and according to local applicable laws; and to process contests, sweepstakes, or other promotion entries and fulfill any related awards;
Personalize and improve the Services, including to provide or recommend features, content, social connections, referrals, and advertisements.
We may transfer the information described in this Statement to, and process and store it in, the United States and other countries, some of which may have less protective data protection laws than the region in which you reside.
Sharing of Information
We may share the information we collect about you as described in this Statement or as described at the time of collection or sharing, including as follows:
Through Our Services
We may share your information:
With Coaches to enable them to provide the Services you request. For example, we share your name, photo (if you provide one), average User rating given by Coaches, goals, medical condition, change of condition with the sessions and/or with the Coaches;
With other users if you use a sharing service; and with other people, such as when you want to split cost of a session with a friend;
With third parties to provide you a service you requested through a partnership or promotional offering made by a third party or us;
With the general public if you submit content in a public forum, such as blog comments, social media posts, or other features of our Services that are viewable by the general public;
With third parties with whom you choose to let us share information, for example other apps or websites that integrate with our API or Services, or those with an API or Service with which we integrate; and
With your employer (or similar entity) and any necessary third parties engaged by us or your employer (e.g., an expense management service provider), if you participate in any of our enterprise solutions such as 9zest for Business.
Other Important Sharing
We may share your information:
With 9zest subsidiaries and affiliated entities that provide services or conduct data processing on our behalf, or for data centralization and / or logistics purposes;
With vendors, consultants, marketing partners, and other service providers who need access to such information to carry out work on our behalf;
In response to a request for information by a competent authority if we believe disclosure is in accordance with, or is otherwise required by, any applicable law, regulation, or legal process;
With law enforcement officials, government or law enforcement authorities, regulatory agencies or other third parties if we believe your actions are inconsistent with our User agreements, Terms of Service, or policies, or to protect the rights, property, or safety of 9zest or others;
In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company;
If we otherwise notify you and you consent to the sharing; and
In an aggregated and/or anonymized form which cannot reasonably be used to identify you.
Social Sharing Features
The Services may integrate with social sharing features and other related tools which let you share actions you take on our Services with other apps, sites, or media, and vice versa. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the social sharing service. Please refer to the privacy policies of those social sharing services for more information about how they handle the data you provide to or share through them.
Coaches can only share content if you have allowed it through the application. By default, the permission setting is off.
With your permission, third-party applications or services may access your Personal Information. We use standard OAuth (open authorization) to enable you to give permission to share your Personal Information with other websites and services, such as Google, Facebook and Twitter (e.g., when you agree to a pop-up requesting you to allow another application to access your account information). We also use OAuth to allow us to share information about you that is stored by us without sharing your security credentials.
Analytics and Advertising Services Provided by Others
Special circumstances under which we may disclose your PHI:
Apart from the circumstances mentioned in heading Collection of Information, we may use or disclose your PHI in below special circumstances:
- Government Authorities. We may disclose your PHI to public health authorities or other governmental authorities for purposes including preventing and controlling disease, reporting child abuse or neglect, reporting domestic violence and reporting to the Food and Drug Administration regarding the quality, safety and effectiveness of a regulated product or activity. We may, in certain circumstances disclose PHI to persons who have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition.
- Workers’ Compensation. We may disclose your PHI as authorized by, and to the extent necessary to comply with, workers’ compensation programs and other similar programs relating to work related illnesses or injuries.
- Health Oversight Agencies. We may disclose your PHI to a health oversight agency for authorized activities such as investigations, audits, licensing, inspections, and disciplinary actions relating to the healthcare system or government benefit programs.
- Legal Proceedings. We may disclose your PHI, in certain circumstances, as permitted by applicable law, in response to an order from a court or administrative agency, or in response to a subpoena or discovery request.
- Law Enforcement. We may, under certain circumstances, disclose your PHI to a law enforcement official, such as for purposes of identifying or locating a suspect, fugitive, material witness or missing person.
- Research. We may, under certain circumstances, use or disclose PHI that is necessary for research purposes.
- Decedents. We may, under certain circumstances, disclose PHI to coroners, medical examiners and funeral directors for purposes such as identification, determining the cause of death and fulfilling duties relating to decedents.
- Specialized Government Functions. We may in certain situations, use and disclose PHI of persons who are, or were, in the Armed Forces for purposes such as ensuring proper execution of a military mission or determining entitlement to benefits. We may also disclose PHI to federal officials for intelligence and national security Purposes.
- Organ Procurement. We may, under certain circumstances, use or disclose PHI for the purposes of organ donation and transplantation.
- Threat to Health or Safety. We may, under certain circumstances, use or disclose PHI if necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
You may correct your account information at any time by logging into your online or in-app account. If you wish to cancel your account, please email us at [email protected] Please note that in some cases we may retain certain information about you as required by law, or for legitimate business purposes to the extent permitted by law. For instance, if you have a standing credit or debt on your account, or if we believe you have committed fraud or violated our Terms, we may seek to resolve the issue before deleting your information.
We may also seek permission for our app’s collection and syncing of contact information from your device per the permission system used by your mobile operating system. If you initially permit the collection of this information, iOS users can later disable it by changing the contacts settings on your mobile device. The Android platform does not provide such a setting.
You may opt out of receiving promotional messages from us by following the instructions in those messages. If you opt out, we may still send you non-promotional communications, such as those about your account, about Services you have requested, or our ongoing business relations.
We may suggest you to invite your friends to a free 9zest session or to save on future sessions. In such cases, it is your responsibility to ensure that these individuals are people with whom you have a personal relationship (frequent communications, shared affinities, opinions, etc.). We ask you to only invite people who are part of your close circle and who are likely to be interested in the 9zest Service.
We have implemented several security measures to help protect your personal information (for example, regular scanning of the Website and Applications in order to assess vulnerabilities, sensitive information encrypted via Secure Socket Layer (SSL) technology, etc.).
However, please note that no computer system is perfectly secure and our security measures can only serve to help minimize the risk of security issues.
As a registered user of the Services, you are entirely responsible for maintaining the confidentiality of your user account information. You may not use the account or user name of any other member at any time. You must notify us immediately in the event of any known or suspected unauthorized use of your user account, or any known or suspected breach of security, including loss, theft, or unauthorized disclosure of your or anyone else’s user account information.
You are also entirely responsible for any and all activities which occur under your user account. We will not be liable for any loss that you might incur as a result of someone else using your account, either with or without your knowledge. You may also be held liable for any losses incurred by 9zest, its affiliates, officers, directors, employees, consultants, agents and representatives due to someone else’s use of your account.
One Account Per User. You agree not to register or subscribe for more than one account, create an account on behalf of someone else, or create a false or misleading identity on our Website or Applications. If your registration or subscription is revoked for any reason, you agree not to register or subscribe again with our Services using another username or through any other means. If we have reason to suspect, in our sole discretion, that your account has previously been terminated, we reserve the right to terminate any new accounts you have registered without any notice to you, or to exercise any other remedies available to us under these Terms & Conditions or by law.
- A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
- Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
- Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
- The type of cookies used by Google Analytics and their purpose is detailed here.
Most browsers allow you to refuse to accept cookies; for example:
- in Internet Explorer (version 11) you can block cookies using the cookie handling override settings available by clicking "Tools", "Internet Options", "Privacy" and then "Advanced";
- in Firefox (version 44) you can block all cookies by clicking "Tools", "Options", "Privacy", selecting "Use custom settings for history" from the drop-down menu, and unticking "Accept cookies from sites"; and
- in Chrome (version 48), you can block all cookies by accessing the "Customise and control" menu, and clicking "Settings", "Show advanced settings" and "Content settings", and then selecting "Block sites from setting any data" under the "Cookies" heading.
- Blocking all cookies will have a negative impact upon the usability of many websites.
- If you block cookies, you will not be able to use all the features on our website.
You can delete cookies already stored on your computer; for example:
- in Internet Explorer (version 11), you must manually delete cookie files (you can find instructions for doing so at http://windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies#ie=ie-11);
- in Firefox (version 44), you can delete cookies by clicking "Tools", "Options" and "Privacy", then selecting "Use custom settings for history" from the drop-down menu, clicking "Show Cookies", and then clicking "Remove All Cookies"; and
- in Chrome (version 48), you can delete all cookies by accessing the "Customise and control" menu, and clicking "Settings", "Show advanced settings" and "Clear browsing data", and then selecting "Cookies and other site and plug-in data" before clicking "Clear browsing data".
- cookies are used as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally
ATTN: Chief Privacy Officer
8 The Green, Suite #5910
Dover, DE 19901