Privacy Policy

UNITED STATES
EUROPEAN UNION AND THE UNITED KINGDOM
EUROPEAN UNION (DEUTSCH)
EUROPEAN UNION (ESPAÑA)
EUROPEAN UNION (FRANCAIS)
ARGENTINA (ENGLISH)
ARGENTINA (ESPAÑOL)
AUSTRALIA
BRAZIL (ENGLISH)
BRAZIL (PORTUGUÊS)
CANADA (ENGLISH)
CANADA (FRANÇAIS)
CHILE (ENGLISH)
CHILE (ESPAÑOL)
COLOMBIA (ENGLISH)
COLOMBIA (ESPAÑOL)
COSTA RICA (ENGLISH)
COSTA RICA (ESPAÑOL)
INDIA
MEXICO (ENGLISH)
NEW ZEALAND

Last Updated: February 27, 2024

Privacy Policy

Spring Care, Inc. takes your privacy seriously and wants you to be familiar with ‎how we collect, use and disclose information and do so in accordance with laws applicable to our business. This Privacy Policy describes our practices in connection ‎with any information that we collect, including through websites operated by us from which you are ‎accessing this Privacy Policy (the “Website”), through the software applications made ‎available by us for use on or through computers and mobile devices (the “Apps”), and ‎through our social media pages that we control from which you are accessing this ‎Privacy Policy, as well as through HTML-formatted email messages that we may send to ‎you that link to this Privacy Policy (all of the foregoing, collectively, the “Services”).‎

Personal Information

Personal Information We May Collect

“Personal Information” is information that identifies you as an individual or relates to ‎an identifiable person, including: Name, Email address, Health Information in ‎connection with the quizzes, tests, and questionnaires we make available through the ‎Services (the “Questionnaires”). If you submit any Personal Information relating to ‎other people to us or to our service providers in connection with the Services, you ‎represent that you have the authority to do so and to permit us to use the information in ‎accordance with this Privacy Policy.

How We May Collect Personal Information

We and our service providers may collect Personal Information in a variety of ‎ways, including:‎

  • Through the Services: We may collect Personal Information directly from you through the ‎Services, e.g., when you answer a Questionnaire or register for an account.
  • From Other Sources: We may receive your Personal Information from other sources with your ‎consent or as permitted by applicable law, such as from your insurance or healthcare ‎provider, public databases, joint marketing partners and other third parties.

How We May Use and Disclose Your Personal Information

Spring may have an arrangement with your insurance or healthcare provider and ‎under that arrangement may be permitted to use and disclose your Personal ‎Information as directed by them, consistent with applicable law. Spring also uses and discloses Personal Information to provide ‎the Services as described below.‎ Please note that any use of artificial intelligence or machine learning on the data we collect will only include non-personally identifiable information for these purposes.

We May Use Personal Information:‎

  • To respond to your inquiries, fulfill your requests, and send you communications that you ‎request, such as the results of any Questionnaire that you have taken. To send administrative ‎information to you, for example, information regarding the Services and changes to our terms, ‎conditions and policies.‎
  • To personalize your experience on the Services, for example, by presenting ‎Questionnaires and similar products to you.‎
  • For our internal management and business purposes, such as data analysis, developing new ‎services, enhancing, improving or modifying the Services, audits, fraud monitoring and ‎prevention, identifying usage trends, but, in some cases that will be only to the extent such use ‎of Personal Information is permitted or required by your insurance or healthcare provider and applicable law.
  • As we believe to be necessary or appropriate, and only as permitted under the Health Insurance ‎Portability & Accountability Act and amendments thereto (HIPAA) or other applicable law: (a) to ‎comply with legal process; (b) to respond to requests from public and government authorities, ‎including public and government authorities outside your country of residence; (c) to protect our ‎operations or those of any of our affiliates, including in connection with investigating security ‎incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you ‎or others.‎
  • For such other purposes as you may consent or as may be authorized or required by applicable law.

Your Personal Information may be transferred or disclosed:‎

  • To our third party service providers who assist us to provide the Services (such as website ‎hosting, data analysis, information technology and related infrastructure provision, email ‎delivery, auditing and other services), and with whom we have a contract that includes ‎appropriate privacy obligations.‎
  • To third parties, such as your insurance or healthcare provider, consistent with your ‎instructions. For example, you may opt in to allow us to share your responses to and results of ‎any Questionnaires.‎
  • As we believe to be necessary or appropriate, and only as permitted under HIPAA or other ‎applicable law: (a) to comply with legal process; (b) to respond to requests from public and ‎government authorities, including public and government authorities outside your country of ‎residence; (c) to protect our operations or those of any of our affiliates, including in connection ‎with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or ‎that of our affiliates, you or others.‎
  • To such third parties and for such purposes to which you consent or which may be authorized or required by law.‎

Other Information

Other Information We May Collect

‎“Other Information” is any information that does not reveal your specific identity or ‎does not directly relate to an individual, such as:‎

  • Browser and device information
  • App usage data
  • Information collected through cookies, pixel tags and other technologies
  • General demographic information
  • Aggregated information

If we are required to treat Other Information as Personal Information under applicable law, then we may use it for the purposes for which we use and disclose ‎Personal Information as detailed in this Policy.‎

How We May Collect Other Information

We and our third party service providers may collect Other Information in a variety of ‎ways, including:‎

  • Through your browser or device: Certain information is collected by most browsers or ‎automatically through your device, such as your Media Access Control (MAC) address, ‎computer type (Windows or Macintosh), screen resolution, operating system name and version, ‎device manufacturer and model, language, Internet browser type and version and the name ‎and version of the Services (such as the App) you are using. We use this information to ensure ‎that the Services function properly.‎
  • Through your use of the Apps: When you download and use the Apps, we and our service ‎providers may track and collect usage data, such as the date and time the App on your device ‎accesses our servers and what information and files have been downloaded to the App based ‎on your device number.‎
  • Using pixel tags and other similar technologies: Pixel tags (also known as web beacons and ‎clear GIFs) may be used in connection with some Services to, among other things, track the ‎actions of users of the Services (including email recipients), and compile statistics about usage ‎of the Services and response rates.‎
  • Analytics: We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. This service ‎may also collect information regarding the use of other websites, apps and online resources. ‎You can learn about Google’s practices by going to https://www.google.com/policies/privacy, ‎and opt out of them by downloading the Google Analytics opt-out browser add-on, available at ‎https://tools.google.com/dlpage/gaoptout.‎
  • IP Address: Your IP address is a number that is automatically assigned to the computer that you ‎are using by your Internet Service Provider (ISP). An IP address may be identified and logged ‎automatically in our server log files whenever a user accesses the Services, along with the time ‎of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is ‎done automatically by many websites, applications and other services. We use IP addresses for ‎purposes such as calculating usage levels, diagnosing server problems and administering the ‎Services. We may also derive your approximate location from your IP address.
  • Physical ‎Location: We may collect the physical location of your device by, for example, using satellite, ‎cell phone tower or WiFi signals. We may use your device’s physical location to provide you ‎with personalized location-based services and content. You may be permitted to allow or deny ‎such use, but, if you do, we may not be able to provide you with the applicable personalized ‎services and content.
  • From you: Information such as your preferred means of communication is collected when you ‎voluntarily provide it.‎

How We May Use and Disclose Other Information

We may use and disclose Other Information for any purpose, except where we are ‎required to do otherwise under applicable law. In some instances, we may ‎combine Other Information with Personal Information. If we do, we will treat the ‎combined information as Personal Information as long as it is combined.‎  

Third Party Services

This Privacy Policy does not address, and we are not responsible for, the privacy, ‎information or other practices of any third parties, including any third party operating ‎any site or service to which the Services link. The inclusion of a link on the Services ‎does not imply endorsement of the linked site or service by us or by our affiliates. In ‎addition, we are not responsible for the information collection, use, disclosure or ‎security policies or practices of other organizations, such as Facebook, Apple, Google, ‎Microsoft, RIM or any other app developer, app provider, social media platform provider, ‎operating system provider, wireless service provider or device manufacturer, including ‎with respect to any Personal Information you disclose to other organizations through or ‎in connection with the Services.‎

Security and Retention


We seek to use administrative, physical, and technical safeguards that are reasonable ‎and appropriate for the protection of the Personal Information in our custody or control. ‎Unfortunately, no data transmission or storage system can be guaranteed to be 100% ‎secure. If you have reason to believe that your interaction with us is no longer secure ‎‎(for example, if you feel that the security of your account has been compromised), ‎please immediately notify us in accordance with the “Contacting Us” section below. We ‎will retain your Personal Information in a file specific to you at our offices in 60 Madison Ave., 2nd floor, New York, NY 10010 and the data centers of our service ‎providers. We will retain your Personal Information for the period necessary to fulfill the ‎purposes outlined in this Privacy Policy unless a longer retention period is required or ‎permitted by law.‎ As our operations are conducted from the US, all Personal Information that we collect is ‎used and stored in the US, is subject to US laws, and may be subject to disclosure to US ‎governments, courts or law enforcement or regulatory agencies pursuant to those laws.‎

Individual Rights


The following six rights are collectively referred to as the “Individual Rights.”‎

  1. The right to access – You have the right to request copies of your personal data that Spring Care, Inc. possesses. We may charge you a small fee for this service;
  2. The right to rectification – You have the right to request that Spring Care, Inc, correct any information you believe is inaccurate. You also have the right to request that Spring
    Care, Inc. complete information you believe is incomplete;
  3. The right to erasure — You have the right to request that Spring Care, Inc. erase your personal data, under certain conditions;
  4. The right to restrict processing – You have the right to request that Spring Care, Inc, restrict the processing of your personal data, under certain conditions;
  5. The right to object to processing – You have the right to object to Spring Care, Inc.’s processing of your personal data, under certain conditions; and
  6. The right to data portability – You have the right to request that Spring Care, Inc. transfer
    the data that we have collected to another organization, or directly to you, under certain conditions.

If you would like to exercise any of your Individual Rights regarding Personal ‎Information that you have previously provided to us, you may do so by logging into your ‎account within the Services or by contacting us in accordance with the “Contacting Us” ‎section below. In your request, please make clear what Individual Right you are ‎exercising. For your protection, we may only implement requests with respect to the ‎Personal Information associated with the particular email address that you use to send ‎us your request, and we may need to verify your identity before implementing your ‎request. We will try to comply with your request as soon as reasonably practicable and ‎in compliance with applicable law. Where appropriate, we will transmit the amended ‎information to third parties having access to your Personal Information. We may be ‎prevented from complying with a request to exercise an Individual Right. In such ‎circumstances, we will respond to your request to exercise your Individual Right with a ‎response stating that we cannot comply with such a request and, if legally allowed, why.‎‎

Use of Services by Minors Under Age 13

We are committed to protecting the privacy of children in connection with the use of our Services. This section explains our online information collection, disclosure, and parental consent practices with respect to information collected from children under the age of 13 (“child” or “children”) in accordance with the U.S. Children’s Online Privacy Protection Act and its rules (collectively, “COPPA”). For purposes of this section, any references to a parent also encompasses legal guardians. This section only applies to children under the age of 13 and supplements the other provisions of this Privacy Policy.‎

Our Services include online services that may be used to facilitate mental health care for a child. Children under the age of 13 cannot directly register for Spring Health services; we require that all child accounts be created by a parent or legal guardian, and associated with the parent’s or legal guardian’s account, in order to ensure that we can comply with our notice and consent obligations under COPPA. Please note that certain state privacy laws may permit a child to directly obtain certain types of health care services independent of their parent or legal guardian, which is a right separate from registering for an account with Spring Health.‎

During the account registration process, the parent or legal guardian can create a child’s account by following our instructions for doing so and providing certain information about the child, such as name, date of birth, email address, and/or mailing address. Please do not provide account credentials to your child. If your child directly uses your Spring Health account, either with or without your permission, we may collect information directly from your child.

When creating an account for a child, parents and legal guardians are asked to review and consent to our COPPA Notice, which provides parents and guardians with direct notice of our information practices before we collect any Personal Information about their child. Parents and guardians give their consent by checking the appropriate boxes on the account registration page. If a parent or legal guardian chooses not to consent to the collection and use of their child’s Personal Information, they may not create an online account for the child. At any time, a parent or legal guardian may revoke their consent. Once consent is revoked, a child may not use any Services online, unless a new consent is obtained.

The above sections of this Privacy Policy contains details about the information we collect, which extend to information we collect about children. The information we collect will be used and disclosed for the purposes described above. We will not require a child to disclose more information than is reasonably necessary to participate in an activity.

No Personal Information about a child will be made available to the public or sold. We may engage employees and third-party services providers to work with us to administer and provide the Services or to promote our Services. These employees and third-party services providers have access to your Personal Information only for the purpose of performing services on our behalf, always in accordance with all applicable laws, including HIPAA, and are expressly obligated not to disclose or use your Personal Information for any other purpose. You have the right to agree for us to collect and use your child’s Personal Information but still not allow disclosure to third parties unless such disclosure is part of our Services.

In addition to your right to revoke your consent for the collection of your child’s Personal Information, you may request to review the Personal Information we have collected from your child or ask to delete the information we have collected from your child unless we are required by law to maintain that information. Please submit your request or any questions to us at careteam@springhealth.com.‎

California Residents

If you are a resident of California the following information and rights are provided to ‎you as required by the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020 (“CPRA), and all implementing regulations, as may be further amended from time to time (collectively, the “CCPA”). Any terms ‎defined in the CCPA have the same meaning when used in this notice. Personal ‎information under CCPA does not include:‎

  • Publicly available information from government records.‎
  • De-identified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, such as:‎
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.‎
  • Financial Information covered by the Gramm-Leach-Bliley Act, and implementing regulations.‎

In the preceding twelve (12) months, we have disclosed the following categories ‎of Personal Information for a business purpose:‎

  • Identifiers: Name, residential address, Internet Protocol (IP) address, ‎email address, or other similar identifiers‎
  • Customer records information: Name, address, telephone number, ‎medical information, health insurance information‎
  • Characteristics of protected classifications under California or federal law: ‎Race, gender identity, age‎
  • Internet or other similar network activity: Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement‎
  • Geolocation data: physical location or movement‎
  • Professional or employment-related information‎
  • Education information‎

We may also collect the following Sensitive Personal Information:

  • Social security, driver’s license, state identification card, or passport number‎
  • Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account‎
  • Precise geolocation‎
  • Racial or ethnic origin, religious or philosophical beliefs, or union membership‎
  • Health information‎
  • Information concerning a consumer’s sex life or sexual orientation‎

This information is collected as noted in the Sections above entitled How We May Collect Personal Information and How We May Collection Other Information. The business purposes for which we collect and disclose this information are:

  • Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards‎
  • Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business‎
  • Helping to ensure security and integrity‎
  • Debugging to identify and repair errors that impair existing intended functionality‎
  • Short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of a consumer’s current interaction with the business, provided that the consumer’s personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business
  • Providing advertising and marketing services, except for cross-context behavioral advertising, to consumers
  • Undertaking internal research for technological development and demonstration‎
  • Undertaking activities to verify or maintain the quality or safety of our services, and to improve, upgrade, or enhance the services‎

In the past 12 months, we have disclosed your Personal Information for a business purpose to the following ‎categories of third parties:‎

  • Service Providers: Cloud hosting, email delivery, medical record ‎management, telehealth video platform, service desk management, platform ‎usage analytics, business analytics, SMS delivery, log aggregation, ‎geolocation‎

In addition to the above, we may disclose any or all categories of Personal Information to any third-party (including government entities and/or law enforcement entities) as necessary to

  • comply with federal, state, or local laws, cooperate with law enforcement agencies, or to comply with a court order or subpoena to provide information
  • cooperate with law enforcement agencies concerning conduct or activities that we (or one of our service providers’) believe may violate federal, state, or local law‎
  • comply with certain government agency requests for emergency access to your Personal Information if you are at risk or danger of death or serious physical injury‎
  • exercise or defend legal claims‎

“Sale” or “Sharing” of Personal Information

The categories of sources that we collect Personal Information and Sensitive Personal Information and our business and commercial purposes for using this information are set forth above. We do not sell your Personal Information as the term “sell” is commonly understood to require an exchange for money. However, as described above, under CCPA’s broad definitions, we may “sell” or “share” Personal Information through the use of advertising and analytics cookies and pixels on our website and their use in understanding how people use and interact with our Services. You may remove or adjust your cookie preferences on your device or browser as they permit, and you may contact us to opt-out at any time (see “Contacting Us” below). We do not otherwise “sell” or “share” your Personal Information. We also do not “sell” or “share” Personal Information of minors under the age of 16 without affirmative authorization

Your Rights and Choices ‎

The CCPA provides consumers (California residents) with specific rights regarding ‎their Personal Information, including:

  • Access – The right to request access to certain information about our collection and use of your Personal Information over the past 12 months;
  • Data Portability – The right to request a copy of the specific Personal Information that we have collected about you or to transmit such Personal Information to another entity;
  • Deletion – The right to request deletion of Personal Information that we have collected and retained (subject to certain exceptions);
  • Correct – The right to correct Personal Information that we have collected to ensure that it is complete, accurate, and as current as possible;
  • Opt-out – The right to opt-out of selling and sharing the information we collect (see above).

You may submit a verifiable consumer request to us to exercise any of these rights by contacting us as indicated below. We will process such requests in accordance with applicable laws.

Response Timing and Format

We will respond to a verifiable consumer request within 10 days of its receipt. We will generally process these requests within 45 days of its receipt. If ‎we require more time (up to an additional 45 days), we will inform you of the reason and extension ‎period in writing. If you have an account with us, we will deliver our written response to ‎that account. If you do not have an account with us, we will deliver our written response ‎by mail or electronically, at your option. Any disclosures we provide will only cover the ‎‎12-month period preceding the verifiable consumer request’s receipt. The response we ‎provide will also explain the reasons we cannot comply with a request, if applicable.‎

Verification

Only you or a person registered with the California Secretary of State that you ‎authorize to act on your behalf, may make a verifiable consumer request related to ‎your Personal Information. For privacy protection, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. ‎Unless permitted by the CCPA, we will not:‎

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through
  • Granting discounts or other benefits, or imposing penalties.‎
  • Provide you a different level or quality of goods or services.‎
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.‎

Updates to This Privacy Policy

We may change this Privacy Policy. The “Last Updated” legend at the top of this page ‎indicates when this Privacy Policy was last revised. Any changes will become ‎effective when we post the revised Privacy Policy on the Services. Your use of the ‎Services following these changes means that you accept the revised Privacy Policy.

Contacting Us


If you have any questions about this Privacy Policy, please contact us at ‎careteam@springhealth.com or the Privacy Office at compliance@springhealth.com, or by calling 1-855-629-0554. ‎Because email communications are not always secure, please do not include credit ‎card or other sensitive information in your emails to us.‎

Last Updated: December 7, 2021

SPRING CARE, INC. PRIVACY POLICY (EUROPE)

Spring Care, Inc. is responsible for your personal information.

Spring Care, Inc. and its affiliates (collectively referred to as “Spring Health”, “we“, “us“) takes its data protection and privacy responsibilities seriously. This privacy policy describes our practices in connection with information that we collect through (including any access to) (1) the Spring Health website currently located at https://benefits.springhealth.com, materials and services available therein, and successor website(s) thereto, together with any Content: meaning text, data, graphics, images, photographs, video, audio, information, suggestions, guidance, content and other materials provided, made available or otherwise found on the website (“Website”), (2) the software applications we may make available for use on or through computers and mobile devices (“Apps”), (3) the quizzes, tests, and questionnaires (and results thereof) we make available on or through the Website or Apps (“Questionnaires”), (4) the booking system should you avail of additional professional services through our contractors, counselors, therapists or other service providers (“Providers”), and (5) call recordings when you call our call center phone numbers (all of the foregoing, collectively, “Services”). We follow this privacy policy in accordance with applicable laws in the places where we operate.

This privacy policy also explains how we collect, use and share personal information if you are or represent one of our Providers, including if you go through the application process to become one of our Providers.

Specifically, this privacy policy describes:

  • What personal information we collect and when and why we use
  • How we share personal information within Spring Health and with our service providers, regulators and other third parties
  • How we use your information to provide Service updates to you and how you can manage your marketing preferences
  • Transferring personal information globally
  • How we protect and store personal information
  • Legal rights available to help manage your privacy
  • How you can contact us for more support

1.      UPDATES TO THIS PRIVACY POLICY

We may amend this privacy policy from time to time to keep it up to date with legal requirements and the way we operate our business. We will post those changes prominently, so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. Please regularly check these pages for the latest version of this privacy policy.

You might find external links to third party websites on our Website. This privacy policy does not apply to your use of a third party site.

2.    WHAT PERSONAL INFORMATION WE COLLECT AND WHEN AND WHY WE USE IT

A.     When we collect personal information

We collect information about you if you:

  • register with, use our Services or engage with our Website, or
  • work with us as a Provider, collectively (“you“).

B.     Personal information we collect and use if you register with or use our Services or if you engage with our Website:

1.             Personal information collected if you use our Website or Services includes:

  • Personal details: first name and surname, date of birth, email address, country of residence, username and
  • Sensitive information about you: racial origin and health information i.e. general information about your health and wellbeing, including indications about your overall mood and daily habits, information on your mental wellbeing, daily habits, activity levels, daily nutrition and eating habits as well as information about your personal, family and social life which is entered by you when registering for an account or in any Questionnaires we make available through the

2.             Other information when you use our Services or engage with our Website

Other information collected if you use our Services or engage with our Website includes:

  • Browser and device information: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are
  • App usage data: When you use the Apps, we and our service providers may track and collect usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device

  • Information gathered through use of cookies, pixel tags or other technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of users of the Services (including email recipients), and compile statistics about usage of the Services and response rates as well as general demographic information and aggregated information.
  • Other personal information: IP address, location data and information around your preferred means of

If you submit any personal information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this privacy policy.

3.             We may use personal data collected if you use our Websites or Services or if you consent or as permitted by applicable law in the following ways:

  • To provide you with the Services you request, which may be combination of the use or engagement with our Website, App, Questionnaires and/or
  • To respond to your inquiries, fulfil your requests, and send you communications that you request, such as the results of any Questionnaire that you have
  • To send administrative information to you, for example, information regarding the Services and changes to our terms, conditions and
  • To market our Services to you. This includes sending communications about our Services, features, studies, surveys, news, updates, and events. We may do so through various methods, including email, in app communications and ads, and ads on third party
  • For our internal management and business purposes, such as data analysis, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage
  • We may use personal information, including sensitive information, from many Services users to create non-identifiable “aggregate data” (for example, reports that calculate the percentage of users who have a particular response to or result from the Questionnaires) that may be disclosed to third
  • If you provide to us any ideas, proposals, suggestions, recommendations or other materials (“Feedback”), whether related to the Services or
  • As we believe to be necessary or appropriate, and only as permitted under applicable law (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or
  • To personalize your experience on the Services, for example, by presenting Questionnaires and similar services to

4.             The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • you have provided your consent to us using the personal information, for example by opting in to receiving the Service, by registering for an account or by voluntarily inputting your personal information g., when you answer a Questionnaire;
  • our use of your personal information is in our legitimate interest as a commercial organisation (for example for our internal management and business purposes, such as data analysis, to ensure that the Services function properly, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage trends). In these cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the section below LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY;
  • our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you for example where you have opted to receive the Services it is mandatory to provide your name and email address to register your account in order to receive the Services. For further information please see our Terms of Service (https://care.springhealth.com/terms_of_service); and/or
  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example, to comply with legal process, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
  • If you would like to find out more about the legal basis for which we process personal information, please contact us at compliance@springhealth.com.

C.     Personal information we collect if you work with us as a Provider

1.  Personal information collected if you apply to work with us as a Provider, and continue to work with us as a Provider, includes:

  • Personal details: such as your name, email address, photo, maiden name; alias(es); current and previous addresses; birth date; birth place; ID number (which may include passport, national ID card, driver’s license) and mother/father’s complete
  • Information about your employment status: employer name; employer contact details; manager name; manager contact details; job title; pay rate; dates of employment; reason for leaving
  • Information about your education and qualifications: school name; school contact details; student number; qualification details; field of study; school attendance dates; school graduation
  • Other information: payment information so that we can make payments to you and information contained on our communications systems, these are the Spring Health communications facilities used by you (email, phone, mobile phone and computer communication).

2.  If you are one of our Providers, we may use your personal data in the following ways:

  • To determine, perform and execute the terms on which you, or the organization you represent will be engaged by us and communicate with you;
  • To pay and administer your fees;
  • To administer other requests or services requested by you throughout your engagement with us;
  • To ensure the smooth running of our engagement with you (including all of the activities that need to be undertaken before, during and after such engagement for instance to confirm your eligibility to work with us as a );
  • To monitor against and prevent cyber-security issues and unauthorised use of our information, IT systems and/or equipment;
  • Maintain photo identification of you for your profile; or
  • Where it may be necessary, to file legal proceedings, investigate, establish, exercise or defend a legal claim; and settle legal

3.  The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you, e. the Contractor Agreement;
  • our use of your personal information is in our legitimate interest as a commercial organisation (for example to monitor against and prevent cyber-security issues and unauthorised use of our information, IT systems and/or equipment, or maintain photo identification of you for your profile); and/or
  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example, to comply with legal process, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
  • If you would like to find out more about the legal basis for which we process personal information please contact us at compliance@springhealth.com.

3.     SHARING PERSONAL INFORMATION WITHIN SPRING CARE, WITH OUR SERVICE PROVIDERS, AND OTHER THIRD PARTIES

A.     We may share your information under limited circumstances in the manner and for the purposes described below:

  1. within Spring Health, where such disclosure is necessary to provide you with our Services or to manage our business, including with our Spring-branded Medical Professional Corporation, SH Medical Care of Kansas,
  2. with third parties who help manage our business and deliver Services, for example:
  3. we will provide your personal information to our Providers, as necessary to allow you to avail of that specific element of our Services;
  4. if you are one of our Providers, we will share your information with third parties to confirm your eligibility to carry out the

These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These may also include website hosting, data storage and analysis, scheduling platforms, information technology and related infrastructure provision, email delivery, auditing and other services.

  1. with our regulators, which may include but is not limited to the Information Commissioner’s Office (ICO), Commission Nationale de l’Informatique et des Libertés (CNIL), the German data protection authorities, the Data Protection Commission (DPC), and the Swedish Authority for Privacy Protection (IMY), and the Spanish Data Protection Commissioner (Agencia Española de Protección de Datos, (AEPD)), to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
  2. with our partners or affiliates, in aggregate, statistical form, non-personal information regarding the visitors to our Website, traffic patterns, and Website usage with our partners or affiliates;
  3. if, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or

4.    SERVICE UPDATES AND MARKETING PREFERENCES

A.     How we use personal information to keep you up to date with our Services

To protect privacy rights and to ensure you have control over how we manage marketing with you we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you.

B.     How you can manage your marketing preferences

You can opt out of certain marketing communications and use of your information for marketing at any time by contacting careteam@springhealth.com or by clicking on the “unsubscribe” link you will find on all marketing messages to you and requesting to be removed from future

communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email).

5.    TRANSFERRING PERSONAL INFORMATION GLOBALLY

  1. Spring Health is a US based business. Accordingly, regardless of your location, your personal information will be transferred to and stored in the US, which may be subject to different standards of data protection than your home jurisdiction. Spring Health will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and

To this end:

  1. We ensure transfers within Spring Health entities and affiliates will be covered by an agreement entered into by members of Spring Health (an intercompany agreement) which contractually obliges each entity to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within Spring Health;
  2. Where we transfer your personal information outside Spring Health or to third parties who help provide our Services, we obtain contractual commitments from them to protect your personal Some of these assurances are well recognized requirements like the use of EU Standard Contractual Clauses for the protection of personal information transferred from within the EU to countries outside of the EU; or
  3. Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are
  4. You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned

6.    HOW WE PROTECT AND STORE YOUR INFORMATION

A.     Security

We have implemented and maintain appropriate administrative, physical and technical security measures, policies and procedures that are reasonable and appropriate to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information as reasonable and appropriate to the nature of the information concerned. Measures we take include placing confidentiality requirements on our staff members and service providers and destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected. As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect user IDs and passwords please take appropriate measures to protect this information.

B.     Storing your personal information

  1. We will retain your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy policy. In some circumstances we may store your personal information for longer periods of time as required or permitted by law, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting
  2. In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or
  3. As our operations are conducted from the US, subject to the information set out in Section V TRANSFERRING YOUR INFORMATION GLOBALLY, all personal information that we collect is used and stored in the US, is subject to US laws, and may be subject to disclosure to US governments, courts or law enforcement or regulatory agencies pursuant to those
  4. If you are using our Services and based in Germany, we are subject to various storage and documentation obligations resulting among others from the German Commercial Code (HGB) and the German Fiscal Code (AO). The time limits specified there for storage and documentation are up to ten years. Finally, the storage period is also determined by the statutory limitation periods, which can be up to thirty years, for example, according to §§ 195 et seq. of the German Civil Code (BGB), with the regular limitation period being three
  5. If you are using our Services and based in Spain, you should be aware that it is unusual for Spanish laws to establish specific retention periods linked to certain types of documents or records. Rather, the key is the purpose(s) for which a given document or record shall be used. Once the purpose is determined, the applicable retention period will overlap with the statutory limitation period linked to that specific purpose. Since longer limitation periods absorb shorter ones, at the end of the day, civil law standard limitation period (Article §§ 1964 of the Spanish Civil Code: 5 years) and commercial correspondence and documentation retention period (Article §§ 30 of the Spanish Commercial Code: 6 years) may set the standard, overriding the shorter ones. In some cases, longer periods (10 years) may be chosen in order to handle potential criminal law claims and other exceptional tax/employment claims. Similarly, in some circumstances, some of your data will be kept for much shorter periods, such as call recordings, which will be kept for a maximum of 12 months from the date of the recording. Similarly, if a contract application is not completed, your data may be retained for a reasonable period, estimated at 12 months, in order to avoid duplication of processing in the case of new applications and for as long as necessary to comply with applicable legal
  6. Additionally, if you are using our Services and based in Spain, you should be aware that, once the aforementioned relevant period has elapsed, your data will be stored, duly blocked in a non-accessible file, pursuant to the provisions of article §§ 32 of the new Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (NLOPD), for an additional period of 3 years. Thus, during this blocking period, all the necessary technical and organisational measures will be taken to prevent further processing of the data, including their visualisation, except for making them available to the judges and courts, the Spanish Public Prosecutor’s Office or the competent Public Administrations, in particular the data protection authorities, for the enforcement of possible liabilities arising from the processing. Once this additional period of three years has elapsed, the data will be destroyed.

7.     LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY

  1. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information (as further detailed below), including the right:
  1. To access personal information
  2. To rectify / erase personal information
  3. To restrict the processing of your personal information
  4. To transfer your personal information
  5. To object to the processing of personal information, including that based in our legitimate interests
  6. Withdraw, at any time, consent for processing of personal information, without affecting the lawfulness of processing based on consent before its withdrawal
  7. To object to how we use your personal information for direct marketing purposes, including profiling
  8. To obtain a copy of personal information safeguards used for transfers outside your jurisdiction
  9. To lodge a complaint with your local supervisory authority

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us at careteam@springhealth.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

B.     Right to access personal information

You have a right to request that we provide you with a copy of your personal information that we hold, and you have the right to be informed of; (a) the source of your personal information;

(b) the purposes, legal basis and methods of processing; (c) the controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

C.     Right to rectify or erase personal information

  1. You have a right to request that we rectify inaccurate personal We may seek to verify the accuracy of the personal information before rectifying it.
  2. You can also request that we erase your personal information in limited circumstances where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • following a successful right to object (see right to object). Where your right to object concerns the processing of personal data for direct marketing purposes, we may retain necessary identification data to prevent future processing for these purposes; or
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which Spring Health is
  1. We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
  2. for compliance with a legal obligation; or
  3. for the establishment, exercise or defence of legal claims;

D.     Right to restrict the processing of your personal information

  1. You can ask us to restrict your personal information, but only where:
  2. its accuracy is contested, to allow us to verify its accuracy; or
  3. the processing is unlawful, but you do not want it erased; or
  4. it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  5. you have exercised the right to object, and verification of overriding grounds is pending.
  6. We can continue to use your personal information following a request for restriction, where:
  7. we have your consent; or
  8. to establish, exercise or defend legal claims; or
  9. to protect the rights of another natural or legal
  10. We will clearly state the limitation of the processing of your personal data in our information systems.

E.      Right to transfer your personal information

  1. You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
  2. the processing is based on your consent or on the performance of a contract with you; and
  3. the processing is carried out by automated

F.      Right to object to the processing of your personal information

G.     Right to withdraw consent

Where we have obtained your consent as our legal basis to process your personal data, you have the right to withdraw consent at any time by emailing careteam@springhealth.com. Please note that in some instances, where you withdraw your consent this may negatively impact our ability to provide you with the Services.

H.     Right to object to how we use your personal information for direct marketing purposes

You can opt out of certain marketing communications and use of your information for marketing, including profiling, at any time by contacting careteam@springhealth.com or by clicking on the “unsubscribe” link you will find on all marketing messages to you and requesting to be removed from future communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email).

You can also request that we change the manner in which we contact you for marketing purposes or request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.

I.         Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union and the United Kingdom.

We may redact data transfer agreements to protect commercial terms.

J.       Right to lodge a complaint with your local supervisory authority

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

In addition to the rights mentioned in this Section VII, if you use our Services from France or Spain, you have and additional right in respect of your personal information:

K.                 Post-mortem rights

You have the right to set out instructions (general or specific) about what happens to your personal data after your death.

8.        CONTACT US

If you have any questions about this privacy policy, please contact us at compliance@springhealth.com or our Data Protection Officer (IT Governance Europe Limited) at eurep@itgovernance.eu.

Spring Health has appointed a data protection representative in the United Kingdom IT Governance Europe Limited who can be contacted at: eurep@itgovernance.eu.

Please ensure to include our company name in any correspondence you send.

If you have any questions, concerns or complaints regarding our compliance with this privacy policy and data protection laws, or if you wish to exercise your rights, we encourage you to first contact compliance@springhealth.com. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by data protection laws.

1.      SPRING CARE, INC. DATENSCHUTZERKLÄRUNG (EUROPA)

Spring Care, Inc. ist für Ihre personenbezogenen Daten verantwortlich.

Spring Care, Inc. und seine verbundenen Unternehmen (gemeinsam “Spring Health”, “wir“, “uns“) nimmt seine Verantwortung in Bezug auf Datenschutz und Privatsphäre ernst. Diese Datenschutzerklärung beschreibt unsere Verfahren im Zusammenhang mit der Erhebung von Daten (einschließlich des Zugriffs auf) über (1) die Spring Health-Website, die sich derzeit unter https://benefits.springhealth.com befindet, die dort verfügbaren Materialien und Dienste sowie Nachfolge-Webseiten dazu, zusammen mit jeglichem Inhalt: d.h. Texte, Daten, Grafiken, Bilder, Fotos, Videos, Audiodateien, Informationen, Vorschläge, Anleitungen, Inhalte und andere Materialien, die auf der Website bereitgestellt, verfügbar gemacht oder anderweitig gefunden werden (” Website“), (2) die Softwareanwendungen, die wir zur Verwendung auf oder über Computer und mobile Geräte zur Verfügung stellen (“Apps”), (3) die Quiz, Tests, und Fragebögen (und deren Ergebnisse), die wir auf oder über die Website oder die Apps zur Verfügung stellen (“Fragebögen”), (4) das Buchungssystem, wenn Sie zusätzliche professionelle Dienstleistungen durch unsere Auftragnehmer, Berater, Therapeuten oder andere Dienstleister (“Anbieter“) in Anspruch nehmen und (5) Anrufaufzeichnungen, wenn Sie unsere Call-Center-Telefonnummern anrufen (alle vorgenannten Punkte zusammen “Dienstleistungen“). Wir befolgen diese Datenschutzerklärung in Übereinstimmung mit den geltenden Gesetzen an den Orten, an denen wir tätig sind.

In dieser Datenschutzerklärung wird auch erläutert, wie wir personenbezogene Daten erheben, verwenden und weitergeben, wenn Sie einer unserer Dienstleister sind oder einen solchen vertreten, auch wenn Sie das Bewerbungsverfahren durchlaufen, um einer unserer Dienstleister zu werden.

Diese Datenschutzerklärung beschreibt insbesondere:

  • Welche personenbezogenen Daten wir erheben und wann und warum wir diese verwenden
  • Wie wir personenbezogene Daten innerhalb von Spring Health und an unsere Dienstleister, Aufsichtsbehörden und andere Dritte weitergeben
  • Wie wir Ihre Daten verwenden, um Ihnen Service-Updates zukommen zu lassen, und wie Sie Ihre Marketingpräferenzen verwalten können
  • Die länderübergreifende Übermittlung personenbezogener Daten
  • Wie wir personenbezogene Daten schützen und speichern
  • Gesetzliche Rechte zur Wahrung Ihrer Privatsphäre
  • Wie Sie uns für darüber hinausgehende Unterstützung kontaktieren können

2.    AKTUALISIERUNG DIESER DATENSCHUTZERKLÄRUNG

Wir behalten uns vor, diese Datenschutzerklärung von Zeit zu Zeit zu ändern, um sie an rechtliche Anforderungen und die Art und Weise, wie wir unser Unternehmen betreiben, anpassen zu können. Wir werden diese Änderungen an gut sichtbarer Stelle veröffentlichen, damit Sie immer wissen, welche Daten wir sammeln, wie wir sie verwenden und unter welchen Umständen wir sie gegebenenfalls weitergeben. Bitte informieren Sie sich regelmäßig auf diesen Seiten über die aktuelle Version dieser Datenschutzerklärung.

Möglicherweise finden Sie auf unserer Website externe Links zu Websites von Dritten. Diese Datenschutzerklärung gilt nicht für die Nutzung der Websites von Dritten.

3.   WELCHE PERSONENBEZOGENEN DATEN ERHEBEN WIR UND WANN UND WARUM VERWENDEN WIR SIE

A.     Wann wir personenbezogene Daten erheben

Wir erheben Daten über Sie, wenn Sie:

  • sich registrieren, unsere Dienstleistungen oder unsere Website nutzen, oder
  • mit uns als Dienstleister zusammenarbeiten, gemeinsam (“Sie“).

B.     Personenbezogene Daten, die wir erheben und verwenden, wenn Sie sich registrieren, unsere Dienstleistungen oder unsere Website nutzen

1.             Die personenbezogenen Daten, die erhoben werden, wenn Sie unsere Website oder Dienstleistungen nutzen, beinhalten:

  • Persönliche Angaben: Vor- und Nachname, Geburtsdatum, E-Mail-Adresse, Land ihres Wohnsitzes, Benutzername und
  • Sensible Daten über Sie: Informationen zur rassischen Herkunft und zur Gesundheit, d.h. allgemeine Informationen über Ihre Gesundheit und Ihr Wohlbefinden, einschließlich Angaben zu Ihrer allgemeinen Stimmung und Ihren täglichen Gewohnheiten, Informationen über Ihr geistiges Wohlbefinden, Ihre täglichen Gewohnheiten, Ihr Aktivitätsniveau, Ihre täglichen Ernährungs- und Essgewohnheiten sowie Informationen über Ihr persönliches, familiäres und soziales Leben, die Sie bei der Registrierung für ein Konto oder in Fragebögen, die wir über die Dienstleistungen zur Verfügung stellen,

2.             Sonstige Daten, wenn Sie unsere Dienstleistungen oder unsere Website nutzen

Sonstige Daten, die erhoben werden, wenn Sie unsere Dienstleistungen oder unsere Website nutzen, beinhalten:

  • Browser- und Geräteinformationen: Bestimmte Informationen werden von den meisten Browsern oder automatisch über Ihr Gerät erfasst, z. B. Ihre Media Access Control (MAC)-Adresse, der Computertyp (Windows oder Macintosh), die Bildschirmauflösung, der Name und die Version des Betriebssystems, der Hersteller und das Modell des Geräts, die Sprache, der Typ und die Version des

Internetbrowsers sowie der Name und die Version der von Ihnen verwendeten Dienstleistungen (z. B. der App).

  • Daten zur App-Nutzung: Wenn Sie die Apps nutzen, können wir und unsere Dienstleister Nutzungsdaten verfolgen und sammeln, wie z. B. das Datum und die Uhrzeit, zu der die App auf Ihrem Gerät auf unsere Server zugreift, und welche Informationen und Dateien auf die App heruntergeladen wurden, basierend auf Ihrer Gerätenummer.
  • Informationen, die durch die Verwendung von Cookies, Pixel-Tags oder anderen Technologien gesammelt werden: Pixel-Tags (auch bekannt als Web Beacons und Clear GIFs) können in Verbindung mit einigen Dienstleistungen verwendet werden, um unter anderem die Aktionen der Nutzer der Dienstleistungen (einschließlich der E-Mail-Empfänger) zu verfolgen und Statistiken über die Nutzung der Dienstleistungen und die Antwortquoten sowie allgemeine demografische Informationen und aggregierte Informationen zu
  • Andere personenbezogene Daten: IP-Adresse, Standortdaten und Informationen über Ihre bevorzugten Kommunikationsmittel.

Wenn Sie uns oder unseren Dienstleistern personenbezogene Daten anderer Personen übermitteln, versichern Sie, dass Sie zu dieser Übermittlung sowie dazu befugt sind, uns zu gestatten, die Daten in Übereinstimmung mit dieser Datenschutzerklärung zu verwenden

3.             Wir können personenbezogene Daten, die erhoben werden, wenn Sie unsere Websites oder Dienstleistungen nutzen, wenn Sie darin einwilligen oder wenn dies nach geltendem Recht zulässig ist, auf folgende Weise verwenden:

  • Um Ihnen die von Ihnen angeforderten Dienstleistungen zu erbringen, die eine Kombination aus der Nutzung oder dem Kontakt mit unserer Website, App, Fragebögen und/oder Dienstleistern sein können.
  • Um Ihre Anfragen zu beantworten, Ihre Anträge zu bearbeiten und Ihnen Mitteilungen zu senden, die Sie angefordert haben, wie z. B. die Ergebnisse eines Fragebogens, den Sie ausgefüllt
  • Um Ihnen administrative Informationen zukommen zu lassen, z. B. Informationen über die Dienstleistungen und Änderungen unserer Geschäftsbedingungen und Richtlinien.
  • Um unsere Dienstleistungen an Sie zu Dazu gehört das Versenden von Nachrichten über unsere Dienstleistungen, Funktionen, Studien, Umfragen, Neuigkeiten, Updates und Veranstaltungen. Das kann auf verschiedenen Wegen geschehen, einschließlich E-Mail, In-App-Kommunikation und Werbung sowie Werbung auf Plattformen von Drittanbietern.
  • Für unsere internen Verwaltungs- und Geschäftszwecke, z.B. Datenanalyse, die Entwicklung neuer Dienstleistungen, Erweiterung, Verbesserung oder Änderung von Dienstleistungen, Audits, Betrugsüberwachung und -prävention, Ermittlung von Nutzungstrends.
  • Wir können personenbezogene Daten, einschließlich sensibler Daten, einer großen Zahl von Nutzern der Dienstleistungen verwenden, um nicht identifizierbare “aggregierte Daten” zu erstellen (z.B. Berichte, die den Prozentsatz der Nutzer

berechnen, die eine bestimmte Antwort in den Fragebögen gegeben oder ein bestimmtes Ergebnis erzielt haben), die an Dritte weitergegeben werden können.

  • Wenn Sie uns Ideen, Vorschläge, Anregungen, Empfehlungen oder andere Materialien (“Feedback“) zur Verfügung stellen, sowohl im Zusammenhang mit den Dienstleistungen als auch
  • Soweit wir dies für notwendig oder angemessen halten, und nur soweit dies nach geltendem Recht zulässig ist, (a) zur Einhaltung rechtlicher Verfahren; (b) zur Beantwortung von Anfragen öffentlicher und staatlicher Behörden, einschließlich öffentlicher und staatlicher Behörden außerhalb des Landes, in dem Sie Ihren Wohnsitz haben; (c) zum Schutz unserer Geschäfte oder der Geschäfte eines unserer verbundenen Unternehmen, einschließlich der Untersuchung von Sicherheitsvorfällen; oder (d) um unsere Rechte, unsere Privatsphäre, unsere Sicherheit oder unser Eigentum und/oder das unserer verbundenen Unternehmen, Ihrer Person oder anderer zu schützen.
  • Um Ihre Erfahrungen mit den Dienstleistungen zu personalisieren, indem Ihnen zum Beispiel Fragebögen und ähnliche Dienstleistungen angezeigt

4.             Rechtsgrundlagen für die Verwendung Ihrer personenbezogenen Daten

Wir werden Ihre personenbezogenen Daten nur dann erheben, verwenden und weitergeben, wenn wir sicher sind, dass wir über eine angemessene Rechtsgrundlage dafür verfügen. Das kann der Fall sein, wenn:

  • Sie uns Ihre Einwilligung zur Verwendung Ihrer personenbezogenen Daten erteilt haben, z. B. indem Sie sich für den Erhalt des Dienstleistung entschieden haben, indem Sie sich für ein Benutzerkonto registriert haben oder indem Sie freiwillig Ihre personenbezogenen Daten eingegeben haben, z.B. bei der Beantwortung eines Fragebogens;
  • die Verwendung Ihrer personenbezogenen Daten in unserem berechtigten Interesse als Unternehmen liegt (z.B. für interne Verwaltungs- und Geschäftszwecke, wie Datenanalyse, um sicherzustellen, dass die Dienstleistungen ordnungsgemäß funktionieren, die Entwicklung neuer Dienstleistungen, Erweiterung, Verbesserung oder Änderung von Dienstleistungen, Audits, Betrugsüberwachung und -prävention, Ermittlung von Nutzungstrends). In diesen Fällen werden wir Ihre Daten jederzeit in einer Weise behandeln, die verhältnismäßig ist und Ihre Datenschutzrechte respektiert, und Sie haben das Recht, gegen die Verarbeitung Widerspruch einzulegen, wie im untenstehenden Abschnitt VIII GESETZLICHE RECHTE IN BEZUG AUF IHRE PERSONENBEZOGENEN DATEN erläutert;
  • unsere Verwendung Ihrer personenbezogenen Daten ist notwendig, um einen Vertrag mit Ihnen zu erfüllen oder einen Vertrag mit Ihnen abzuschließen. Wenn Sie sich beispielsweise für den Erhalt von Dienstleistungen entschieden haben, müssen Sie Ihren Namen und Ihre E-Mail-Adresse angeben, um Ihr Benutzerkonto zu registrieren, damit Sie die Dienstleistungen erhalten können. Weitere Informationen finden Sie in unseren Allgemeinen Geschäftsbedingungen (https://care.springhealth.com/terms_of_service); und/oder
  • die Verwendung Ihrer personenbezogenen Daten ist erforderlich, um einer einschlägigen gesetzlichen oder behördlichen Verpflichtung nachzukommen, z.B. zur Einhaltung rechtlicher Verfahren, um auf Anfragen von öffentlichen und staatlichen Behörden zu reagieren, um unseren Geschäftsbetrieb oder den eines

unserer verbundenen Unternehmen zu schützen, auch in Verbindung mit der Untersuchung von Sicherheitsvorfällen, oder um unsere Rechte, unsere Privatsphäre, unsere Sicherheit oder unser Eigentum und/oder das unserer verbundenen Unternehmen, Ihrer Person oder anderer zu schützen.

  • Wenn Sie mehr über die Rechtsgrundlagen erfahren möchten, aufgrund derer wir personenbezogene Daten verarbeiten, kontaktieren Sie uns unter compliance@springhealth.com.

C.     Personenbezogene Daten, die wir erheben, wenn Sie mit uns als Dienstleister zusammenarbeiten

1.              Die personenbezogenen Daten, die wir erheben, wenn Sie sich bei uns als Dienstleister bewerben und darüber hinaus mit uns als Dienstleister zusammenarbeiten, beinhalten:

  • Persönliche Informationen: B. Ihren Namen, Ihre E-Mail-Adresse, Ihr Foto, Mädchennamen, Aliasnamen, aktuelle und frühere Adressen, Geburtsdatum, Geburtsort, Ausweisnummer (z. B. Reisepass, Personalausweis, Führerschein) und den vollständigen Namen Ihrer Mutter/Ihres Vaters.
  • Informationen über Ihren Beschäftigungsstatus: Name und Kontaktdaten des Arbeitgebers; Name und Kontaktdaten der/des Vorgesetzten; Berufsbezeichnung; Gehalt; Beschäftigungszeiten; Grund für das Ausscheiden aus einem Arbeitsverhältnis.
  • Informationen über Ihre Ausbildung und Qualifikationen: Name und Kontaktdaten der Schule; Schülernummer; Angaben zur Qualifikation; Studienrichtung; Daten zum Schulbesuch; Daten zum
  • Andere Informationen: Zahlungsinformationen, damit wir Zahlungen an Sie leisten können, und Informationen, die in unseren Kommunikationssystemen enthalten sind,

d.h. in den von Ihnen genutzten Spring Health-Kommunikationseinrichtungen (E- Mail, Telefon, Mobiltelefon und Computer).

2.              Wenn Sie einer unserer Dienstleister sind, können wir Ihre personenbezogenen Daten wie folgt verwenden:

  • Zur Festlegung und Erfüllung der Bedingungen, zu denen Sie oder die Organisation, die Sie vertreten, von uns beauftragt werden, sowie zur Kommunikation mit Ihnen;
  • Zur Zahlung und Verwaltung Ihrer Gebühren;
  • Zur Bearbeitung anderer Anfragen oder Dienstleistungen, die Sie während Ihrer Zusammenarbeit mit uns anfordern;
  • Um einen reibungslosen Ablauf unseres Engagements mit Ihnen zu gewährleisten (einschließlich aller Aktivitäten, die vor, während und nach einem solchen Engagement durchgeführt werden müssen, B. um Ihre Berechtigung zur Zusammenarbeit mit uns als Anbieter zu überprüfen);
  • Zur Überwachung    und    Verhinderung    von    Cybersicherheitsproblemen    und unbefugter Nutzung unserer Informationen, IT-Systeme und/oder Ausrüstung;
  • Zur Aufbewahrung eines Identifikationsfotos für Ihr Profil; oder
  • Soweit dies erforderlich ist, um rechtliche Schritte einzuleiten, einen Rechtsanspruch zu untersuchen, zu begründen, geltend zu machen oder zu verteidigen, sowie Rechtsansprüche zu begleichen.

3.              Die Rechtsgrundlagen für die Verwendung Ihrer personenbezogenen Daten

Wir werden Ihre personenbezogenen Daten nur dann erheben, verwenden und weitergeben, wenn wir sicher sind, dass wir über eine angemessene Rechtsgrundlage dafür verfügen. Das kann der Fall sein, wenn:

  • unsere Verwendung Ihrer personenbezogenen Daten notwendig ist , um einen Vertrag mit Ihnen zu erfüllen oder einen Vertrag mit Ihnen abzuschließen, h. der Dienstleister Vertrag;
  • die Verwendung Ihrer personenbezogenen Daten in unserem berechtigten Interesse als Unternehmen liegt (z. B. zur Überwachung und Verhinderung von Cybersicherheitsproblemen und der unbefugten Nutzung unserer Informationen, IT- Systeme und/oder Geräte oder zur Aufbewahrung eines Identifikationsfotos für Ihr Profil); und/oder
  • die Verwendung Ihrer personenbezogenen Daten erforderlich ist, um einer einschlägigen gesetzlichen oder behördlichen Verpflichtung nachzukommen, z.B. zur Einhaltung rechtlicher Verfahren, um auf Anfragen von öffentlichen und staatlichen Behörden zu reagieren, um unseren Geschäftsbetrieb oder den eines unserer verbundenen Unternehmen zu schützen, auch in Verbindung mit der Untersuchung von Sicherheitsvorfällen, oder um unsere Rechte, unsere Privatsphäre, unsere Sicherheit oder unser Eigentum und/oder das unserer verbundenen Unternehmen, Ihrer Person oder anderer zu schützen.
  • Wenn Sie mehr über die Rechtsgrundlagen erfahren möchten, aufgrund derer wir personenbezogene Daten verarbeiten, kontaktieren Sie uns unter compliance@springhealth.com.

4.      WEITERGABE PERSONENBEZOGENER DATEN INNERHALB VON SPRING CARE, AN UNSERE DIENSTLEISTER UND ANDERE DRITTE

A.     Wir   können    Ihre    Daten   unter   bestimmten   Umständen    in   der nachstehend beschriebenen Weise und zu den nachstehend beschriebenen Zwecken weitergeben:

  1. innerhalb von Spring Health, sofern eine Offenlegung notwendig ist, um Ihnen unsere Dienstleistungen zu erbringen oder unser Unternehmen zu verwalten, einschließlich unseres medizinischen Fachunternehmens der Spring-Marke, SH Medical Care of Kansas,
  2. an Dritte, die uns bei der Verwaltung unseres Unternehmens und der Erbringung von Dienstleistungen helfen, B.:
  3. Wir werden Ihre personenbezogenen Daten unseren Dienstleistern zur Verfügung stellen,     soweit     dies     erforderlich    ist,     um    Ihnen     die

Inanspruchnahme des jeweiligen Elements unserer Dienstleistungen zu ermöglichen;

  1. Wenn Sie einer unserer Dienstleister sind, werden wir Ihre Daten an Dritte weitergeben, um Ihre Berechtigung zur Erbringung der Dienstleistungen zu überprüfen.

Diese Dritten haben sich zu Vertraulichkeitsauflagen verpflichtet und verwenden alle personenbezogenen Daten, die wir ihnen mitteilen oder die sie in unserem Namen erheben, ausschließlich zum Zweck der Erbringung der vertraglich vereinbarten Dienstleistung für uns. Dazu können auch Website-Hosting, Datenspeicherung und – analyse, Planungsplattformen, Informationstechnologie und die damit verbundene Bereitstellung von Infrastruktur, E-Mail-Zustellung, Rechnungsprüfung und andere Dienstleistungen gehören.

  1. an Aufsichtsbehörden, zu denen unter anderem das Information Commissioner’s Office (ICO), die Commission Nationale de l’Informatique et des Libertés (CNIL), die deutschen Datenschutzaufsichtsbehörden, die Data Protection Commission (DPC), und die Swedish Authority for Privacy Protection (IMY) gehören können, um alle geltenden Gesetze, Verordnungen und Vorschriften sowie Anfragen von Strafverfolgungs-, Regulierungs- und anderen Regierungsbehörden zu befolgen;
  2. an unsere Partner oder verbundenen Unternehmen in aggregierter, statistischer Form nicht-personenbezogene Informationen über die Besucher unserer Website, Traffic- Muster und die Nutzung der Website;
  3. falls wir in Zukunft einen Teil oder unser gesamtes Geschäft oder Vermögenswerte an einen Dritten verkaufen oder übertragen, an einen potenziellen oder tatsächlichen Drittkäufer unseres Geschäfts oder unserer Vermögenswerte.

5.      DIENSTLEISTUNGS-UPDATES UND MARKETINGPRÄFERENZEN

A.     Wie wir personenbezogene Daten verwenden, um Sie über unsere Dienstleistungen auf dem neuesten Stand zu halten

Um die Rechte der Privatsphäre zu schützen und sicherzustellen, dass Sie die Kontrolle darüber haben, wie wir mit Ihnen Marketing betreiben, werden wir Maßnahmen ergreifen, um das Direktmarketing auf ein angemessenes und verhältnismäßiges Maß zu beschränken und Ihnen nur Mitteilungen zukommen zu lassen, von denen wir glauben, dass sie für Sie von Interesse oder Relevanz sein könnten.

B.     Wie Sie Ihre Marketingpräferenzen verwalten können

Sie können jederzeit gegen bestimmte Marketingmitteilungen und die Verwendung Ihrer Daten für Marketingzwecke widersprechen, indem Sie careteam@springhealth.com kontaktieren oder auf den Link “Abmelden” klicken, den Sie in allen an Sie gerichteten Marketingmitteilungen finden, und beantragen, von künftigen Mitteilungen abgemeldet zu werden. Bitte geben Sie an,

ob Sie möchten, dass wir alle Formen von Marketing oder nur eine bestimmte Art (z. B. E-Mail) einstellen.

6.  LÄNDERÜBERGREIFENDE ÜBERMITTLUNG PERSONENBEZOGENER DATEN

  1. Spring Health ist ein Unternehmen mit Sitz in den USA. Dementsprechend werden Ihre personenbezogenen Daten unabhängig von Ihrem Standort in die USA übertragen und dort gespeichert, wo möglicherweise andere Datenschutzstandards gelten als in Ihrem Heimatland. Spring Health ergreift geeignete Maßnahmen, um sicherzustellen, dass die Übermittlung personenbezogener Daten im Einklang mit geltendem Recht erfolgt und sorgfältig gehandhabt wird, um Ihre Datenschutzrechte und -interessen zu schützen.

Zu diesem Zweck:

  1. stellen wir sicher, dass Übermittlungen innerhalb von Spring Health-Unternehmen und verbundenen Unternehmen durch eine Vereinbarung zwischen den Mitgliedern von Spring Health (eine Unternehmensvereinbarung) abgedeckt werden, die jedes Unternehmen vertraglich dazu verpflichtet, sicherzustellen, dass personenbezogene Daten überall dort, wo sie innerhalb von Spring Health übermittelt werden, ein angemessenes und einheitliches Schutzniveau erhalten;
  2. lassen wir uns in Fällen, in denen wir Ihre personenbezogenen Daten außerhalb von Spring Health oder an Dritte übermitteln, die uns bei der Erbringung unserer Dienstleistungen unterstützen, vertraglich zusichern, dass diese Ihre personenbezogenen Daten schützen. Bei einigen dieser Zusicherungen handelt es sich um anerkannte Vorgaben wie die Verwendung von EU-Standardvertragsklauseln für den Schutz personenbezogener Daten, die von der EU in Länder außerhalb der EU übermittelt werden; oder
  3. wenn wir Anfragen von Strafverfolgungs- oder Aufsichtsbehörden erhalten, prüfen wir diese Anfragen sorgfältig, bevor wir personenbezogene Daten
  1. Sie haben das Recht, sich an uns zu wenden, um weitere Informationen über die geeigneten Garantien zu erhalten, die wir vorgesehen haben (einschließlich einer Kopie der einschlägigen vertraglichen Verpflichtungen), um einen angemessenen Schutz Ihrer personenbezogenen Daten zu gewährleisten, wenn diese wie oben beschrieben übermittelt werden.

7.     WIE WIR IHRE PERSONENBEZOGENEN DATEN SCHÜTZEN UND SPEICHERN

A.     Sicherheit

Wir haben angemessene administrative, physische und technische Sicherheitsmaßnahmen, Richtlinien und Verfahren eingeführt und unterhalten diese, die angemessen und geeignet sind, das Risiko der versehentlichen Zerstörung oder des Verlusts oder der unbefugten Offenlegung oder des Zugriffs auf solche Informationen zu verringern, soweit dies angesichts der Art der betreffenden Informationen angemessen und geeignet ist. Zu den Maßnahmen, die wir ergreifen, gehören die Verpflichtung unserer Mitarbeiter und Dienstleister zur Vertraulichkeit und die Vernichtung oder dauerhafte Anonymisierung

personenbezogener Daten, wenn sie für die Zwecke, für die sie erhoben wurden, nicht mehr benötigt werden. Da die Sicherheit von Informationen zum Teil von der Sicherheit des Computers abhängt, den Sie für die Kommunikation mit uns verwenden, und von der Sicherheit, die Sie zum Schutz von Benutzernamen und Passwörtern verwenden, bitten wir Sie, geeignete Maßnahmen zum Schutz dieser Informationen zu ergreifen.

B.                                 Speicherung Ihrer personenbezogenen Daten

  1. Wir werden Ihre personenbezogenen Daten so lange speichern, wie es für die Zwecke, für die sie erhoben wurden, erforderlich ist, wie in dieser Datenschutzrichtlinie erläutert. Unter bestimmten Umständen können wir Ihre personenbezogenen Daten für längere Zeiträume speichern, wenn dies gesetzlich vorgeschrieben oder erlaubt ist, z.B. wenn wir dazu in Übereinstimmung mit gesetzlichen, regulatorischen, steuerlichen oder buchhalterischen Bestimmungen verpflichtet
  2. Unter bestimmten Umständen können wir Ihre personenbezogenen Daten über einen längeren Zeitraum speichern, damit wir im Falle von Beschwerden oder Anfechtungen eine genaue Aufzeichnung Ihrer Geschäfte mit uns haben, oder wenn wir vernünftigerweise davon ausgehen, dass ein Rechtsstreit im Zusammenhang mit Ihren personenbezogenen Daten oder Ihren Geschäften
  3. Da wir unsere Geschäfte von den USA aus betreiben, werden, vorbehaltlich der Informationen in Abschnitt VI LÄNDERÜBERGREIFENDE ÜBERMITTLUNG PERSONENBEZOGENER DATEN, alle von uns erhobenen personenbezogenen Daten in den USA verwendet und gespeichert, unterliegen den US-Gesetzen und können gemäß diesen Gesetzen an US-Regierungen, Gerichte oder Strafverfolgungs- oder Aufsichtsbehörden weitergegeben
  4. Wenn Sie unsere Dienstleistungen in Anspruch nehmen und Ihren Sitz in Deutschland haben, unterliegen wir verschiedenen Aufbewahrungs- und Dokumentationspflichten, die sich unter anderem aus dem Handelsgesetzbuch (HGB) und der Abgabenordnung (AO) ergeben. Die dort genannten Fristen für die Speicherung und Dokumentation betragen bis zu zehn Jahre. Schließlich wird die Aufbewahrungsfrist auch durch die gesetzlichen Verjährungsfristen bestimmt, die B. nach den §§ 195 ff. des Bürgerlichen Gesetzbuches (BGB) bis zu dreißig Jahre betragen können, wobei die regelmäßige Verjährungsfrist drei Jahre beträgt.

8.    GESETZLICHE RECHTE IN BEZUG AUF IHRE PERSONENBEZOGENEN DATEN

  1. Vorbehaltlich bestimmter Ausnahmen und in einigen Fällen abhängig von der Verarbeitungstätigkeit, die wir durchführen, haben Sie bestimmte Rechte in Bezug auf Ihre personenbezogenen Daten (wie unten weiter ausgeführt), einschließlich des Rechts:
  2. auf Auskunft über personenbezogene Daten
  3. auf Berichtigung / Löschung personenbezogener Daten
  4. auf Einschränkung der Verarbeitung Ihrer personenbezogenen Daten
  5. auf Datenübertragbarkeit
  6. Widerspruch gegen die Verarbeitung personenbezogener Daten einzulegen
  7. ihre Einwilligung in die Verarbeitung personenbezogener Daten zu widerrufen
  8. der Verwendung personenbezogener Daten für Zwecke der Direktwerbung zu widersprechen

  1. eine Kopie der geeigneten Garantien zu erhalten, die für eine Übermittlung personenbezogener Daten außerhalb Ihrer der Europäischen Union eingesetzt werden
  2. Beschwerde bei Ihrer örtlichen Aufsichtsbehörde einzulegen

Wir können Sie um zusätzliche Informationen bitten, um Ihre Identität zu bestätigen und aus Sicherheitsgründen, bevor wir Ihnen die angeforderten personenbezogenen Daten offenlegen. Wir behalten uns das Recht vor, eine Gebühr zu erheben, sofern dies gesetzlich zulässig ist, z.B. wenn Ihr Antrag offenkundig unbegründet oder exzessiv ist.

Sie können Ihre Rechte geltend machen, indem Sie uns unter careteam@springhealth.com kontaktieren. Vorbehaltlich rechtlicher und sonstiger zulässiger Erwägungen werden wir alle angemessenen Anstrengungen unternehmen, um Ihrem Antrag unverzüglich nachzukommen oder Sie zu informieren, wenn wir weitere Informationen benötigen, um Ihren Antrag zu erfüllen.

Es kann sein, dass wir nicht immer in der Lage sind, Ihren Antrag in vollem Umfang zu bearbeiten, z.B. wenn dies eine Vertraulichkeitsverpflichtung, die wir anderen schulden, beeinträchtigen würde, oder wenn wir gesetzlich berechtigt sind, den Antrag auf andere Weise zu bearbeiten.

B.      Recht auf Auskunft über personenbezogene Daten

Sie haben das Recht, von uns eine Kopie Ihrer personenbezogenen Daten, die wir gespeichert haben, zu verlangen, und Sie haben das Recht, über, (a) die Herkunft Ihrer personenbezogenen Daten; (b) die Zwecke, Rechtsgrundlagen und Methoden der Verarbeitung; (c) den Namen des Verantwortlichen; und (d) die Einrichtungen oder Kategorien von Einrichtungen, an die Ihre personenbezogenen Daten übermittelt werden können, informiert zu werden.

C.      Recht auf Berichtigung oder Löschung personenbezogener Daten

  1. Sie haben das Recht zu verlangen, dass wir unrichtige personenbezogene Daten berichtigen. Wir können versuchen, die Richtigkeit der personenbezogenen Daten zu überprüfen, bevor wir sie
  2. Sie können auch verlangen, dass wir Ihre personenbezogenen Daten unter bestimmten Umständen löschen:
  3. wenn sie nicht länger für die Zwecke gebraucht werden, zu denen sie erhoben wurden; oder
  4. wenn Sie ihre Einwilligung widerrufen haben (soweit die Rechtsgrundlage der Verarbeitung Ihre Einwilligung war); oder
  5. wenn Sie erfolgreich Widerspruch eingelegt haben (siehe Widerspruchsrecht); oder
  6. wenn Sie unrechtmäßig verarbeitet wurden; oder
  7. zur Erfüllung einer rechtlichen Verpflichtung, der Spring Health
  8. Wir sind nicht verpflichtet, Ihrem Antrag auf Löschung personenbezogener Daten nachzukommen, wenn die Verarbeitung Ihrer personenbezogenen Daten erforderlich ist:
  9. zur Erfüllung einer rechtlichen Verpflichtung; oder
  10. zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen.

D.      Recht auf Einschränkung der Verarbeitung Ihrer personenbezogenen Daten

  1. Sie können verlangen, die Verarbeitung Ihrer personenbezogenen Daten einzuschränken, aber nur, wenn:
  • ihre Richtigkeit bestritten wird, um uns zu ermöglichen, die Richtigkeit zu überprüfen; oder
  • ihre Verarbeitung unrechtmäßig ist, Sie jedoch nicht wollen, dass sie gelöscht werden; oder
  • sie nicht mehr für die Zwecke benötigt werden, zu denen sie erhoben wurden, wir sie jedoch zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen benötigen; oder
  • Sie ihr Widerspruchsrecht ausgeübt haben, und die Überprüfung überwiegender berechtigter Gründe noch
  1. Wir können Ihre personenbezogenen Daten nach einem Antrag auf Einschränkung der Verarbeitung weiter verwenden,
  2. wenn wir Ihre Einwilligung dazu haben; oder
  3. zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen; oder
  4. zum Schutz der Rechte einer anderen natürlichen oder juristischen

E.      Recht auf Datenübertragbarkeit

  1. Sie können verlangen, dass wir Ihnen die sie betreffenden personenbezogenen Daten in einem strukturierten, gängigen und maschinenlesbaren Format bereitstellen, oder Sie können verlangen, dass diese an einen anderen Verantwortlichen übermittelt werden, aber jeweils nur, wenn:
  2. die Verarbeitung auf Ihrer Einwilligung oder auf der Erfüllung eines Vertrages mit Ihnen beruht; und
  3. die Verarbeitung mithilfe automatisierter Verfahren

F.      Widerspruchsrecht gegen die Verarbeitung Ihrer personenbezogenen Daten

G.     Recht auf Widerruf der Einwilligung

Wenn wir Ihre Einwilligung als Rechtsgrundlage für die Verarbeitung Ihrer personenbezogenen Daten eingeholt haben, haben Sie das Recht, Ihre Einwilligung jederzeit zu widerrufen, indem Sie eine E-Mail an careteam@springhealth.com richten. Bitte beachten Sie, dass der Widerruf Ihrer Einwilligung in einigen Fällen negative Auswirkungen auf unsere Möglichkeit haben kann, Ihnen Dienstleistungen bereitzustellen.

H.      Das Recht, der Verwendung personenbezogener Daten für Zwecke der Direktwerbung zu widersprechen

Sie können jederzeit gegen bestimmte Marketingmitteilungen und die Verwendung Ihrer Daten für Marketingzwecke widersprechen, indem Sie careteam@springhealth.com kontaktieren oder auf den Link “Abmelden” klicken, den Sie in allen an Sie gerichteten Marketingmitteilungen finden, und beantragen, von künftigen Mitteilungen abgemeldet zu werden. Bitte geben Sie an, ob Sie möchten, dass wir alle Formen von Marketing oder nur eine bestimmte Art (z. B. E-Mail) einstellen.

Sie können auch verlangen, dass wir die Art und Weise ändern, in der wir Sie zu Marketingzwecken kontaktieren, oder verlangen, dass wir Ihre persönlichen Daten nicht an unabhängige Dritte zum Zwecke des Direktmarketings oder zu anderen Zwecken weitergeben.

I.         Recht auf Erhalt einer Kopie der geeigneten Garantien für die Übermittlung personenbezogener Daten außerhalb der Europäischen Union

Sie können verlangen, eine Kopie oder einen Verweis auf die geeigneten Garantien zu erhalten, unter denen Ihre persönlichen Daten außerhalb der Europäischen Union und des Vereinigten Königreichs übermittelt werden.

Wir können Datenübertragungsvereinbarungen schwärzen, um geschäftliche Vereinbarungen zu schützen.

J.       Das Recht, Beschwerde bei Ihrer örtlichen Aufsichtsbehörde einzulegen

Sie haben das Recht, eine Beschwerde bei Ihrer örtlichen Aufsichtsbehörde einzulegen, wenn Sie Bedenken darüber haben, wie wir Ihre personenbezogenen Daten verarbeiten.

Wir bitten Sie, zunächst zu versuchen, alle Probleme mit uns zu klären, obwohl Sie das Recht haben, sich jederzeit an Ihre Aufsichtsbehörde zu wenden.

Wenn Sie unsere Dienstleistungen aus Frankreich in Anspruch nehmen, haben Sie zusätzlich zu den in diesem Abschnitt VIII genannten Rechten ein weiteres Recht in Bezug auf Ihre personenbezogenen Daten:

K.                  Rechte nach dem Tod

Sie haben das Recht, (allgemeine oder spezifische) Anweisungen darüber zu erteilen, was mit Ihren persönlichen Daten nach Ihrem Tod geschehen soll.

9.          KONTAKT

Wenn Sie Fragen zu dieser Datenschutzerklärung haben, wenden Sie sich an uns unter compliance@springhealth.com oder an unseren Datenschutzbeauftragten (IT Governance Europe Limited) unter eurep@itgovernance.eu.

Spring Health hat einen Datenschutz-Vertreter im Vereinigten Königreich benannt, IT Governance Europe Limited, der unter eurep@itgovernance.eu kontaktiert werden kann.

Achten Sie bitte darauf, dass unser Firmenname in jeder Korrespondenz, die Sie versenden, angegeben wird.

Wenn Sie Fragen, Bedenken oder Beschwerden bezüglich der Einhaltung dieser Datenschutzerklärung und der Datenschutzgesetze durch uns haben oder wenn Sie Ihre Rechte ausüben möchten, bitten wir Sie, sich zunächst an compliance@springhealth.com zu wenden. Wir werden Beschwerden und Streitigkeiten untersuchen und versuchen, sie zu lösen, und wir werden alle angemessenen Anstrengungen unternehmen, um Ihrem Wunsch, Ihre Rechte auszuüben, so schnell wie möglich u nd in jedem Fall innerhalb der von den Datenschutzgesetzen vorgesehenen Fristen nachzukommen.

Última actualización: 7 de febrero de 2022

SPRING CARE, INC. POLÍTICA DE PRIVACIDAD (ESPAÑA)

Spring Care, Inc. es responsable del tratamiento de sus datos personales.

Spring Care, Inc. y sus empresas afiliadas (conjuntamente, “Spring Health”, “nosotros”) se toma muy en serio sus obligaciones en materia de protección de datos y privacidad. Esta política de privacidad describe nuestras prácticas en relación con los datos que recogemos a través de (incluyendo cualquier acceso a) (1) El sitio web de Spring Health, actualmente accesible a través de https://benefits.springhealth.com, los materiales y servicios disponibles en el mismo, cualquier sitio web que pudiera sustituirlo en el futuro, así como cualquier Contenido entendido como texto, datos, gráficos, imágenes, fotografías, video, audio, datos, sugerencias, instrucciones, contenido y cualquier otro material facilitado, disponible o que usted pueda encontrar en el sitio web (“Sitio Web”), (2) las aplicaciones de software que podamos poner a su disposición para su utilización en o a través de cualquier ordenador o dispositivo móvil (“Aplicaciones”), (3) los test y cuestionarios (y los resultados de los mismos) que ponemos a su disposición en o a través del Sitio Web o de las Aplicaciones (“Cuestionarios”), (4) el sistema de reservas en el caso de que usted recurra a cualquier servicio profesional complementario prestado por nuestros subcontratistas, orientadores, terapeutas o cualquier otro proveedor de servicios (“Proveedores”) y (5) las grabaciones de llamadas cuando usted llame a los número de teléfono de nuestro centro de llamadas (todos los anteriores, conjuntamente, “Servicios”). Aplicamos esta política de privacidad de conformidad con lo previsto en la ley aplicable en aquellos lugares en los que desarrollamos nuestra actividad.

Esta política de privacidad también detalla como recogemos, utilizamos y comunicamos sus datos personales en el caso de que usted sea uno de nuestros Proveedores o representante del mismo, incluyendo también todos los casos en los que usted participe en un proceso de selección para convertirse en uno de nuestros Proveedores.

En particular, esta política de privacidad describe:

  • Los datos personales que recogemos y cuándo y por qué efectuamos su
  • Cómo comunicamos los datos personales dentro del Grupo Spring Health y a nuestros proveedores de servicios, reguladores y a otros
  • Cómo utilizamos de sus datos para facilitarle actualizaciones del Servicio y cómo puede usted configurar sus preferencias de
  • Transferencias internacionales de
  • Cómo protegemos y almacenamos los datos
  • Los derechos legales que le asisten para controlar su
  • Cómo puede ponerse en contacto con nosotros para obtener más

1.      ACTUALICACIONES DE ESTA POLÍTICA DE PRIVACIDAD

Estamos facultados para modificar esta política de privacidad en cualquier momento incorporando nuevos requisitos legales o cualquier otro elemento que afecte al funcionamiento de nuestro negocio. Publicaremos los cambios de manera visible para que pueda saber en todo momento qué datos recogemos, cómo los utilizamos y en qué circunstancias, en su caso, los comunicamos a terceros. Revise periódicamente estas páginas para asegurarse de que está al tanto de la última versión de esta política de privacidad.

En nuestro Sitio Web, encontrará enlaces externos a sitios web de terceros. Esta política de privacidad no es aplicable al uso que usted haga de los sitios de terceros.

2.    CUÁLES SON LOS DATOS PERSONALES QUE RECOGEMOS Y CUÁNDO Y POR QUÉ EFECTUAMOS SU TRATAMIENTO

A.      Cuando recogemos datos personales

Recogemos sus datos personales si usted:

  • se registra en nuestro Sitio Web, utiliza nuestros servicios o interactúa con nuestro Sitio Web, o
  • trabaja con nosotros como Proveedor, conjuntamente (“usted”).

B.      Datos personales que recogemos y tratamos cuando usted se registra en o interactúa con nuestro Sitio Web o utiliza nuestros Servicios:

1.              Los datos personales que recogemos si usted utiliza nuestro Sitio Web o nuestros servicios incluyen:

  • Datos identificativos: nombre y apellido, fecha de nacimiento, dirección de correo electrónico, país de residencia, nombre de usuario y contraseña.
  • Datos especialmente protegidos: información que nos proporcione acerca de su estado general y hábitos cotidianos, información sobre su salud mental, hábitos cotidianos, nivel de actividad, alimentación diaria y hábitos de alimentación así como la información acerca de su vida personal, familiar y social que usted nos proporcione al darse de alta y crear una cuenta o a través de cualquiera de los Cuestionarios que le facilitamos como parte de nuestros

2.              Otros datos que recopilamos cuando usted utiliza nuestros Servicios o interactúa con nuestro Sitio Web

Cuando usted utiliza nuestros Servicios o interactúa con nuestro Sitio Web recopilamos otros datos que incluyen:

  • Información sobre su navegador y dispositivo: La mayoría de los navegadores o su dispositivo, automáticamente, recogen determinados datos, tales como los siguientes: dirección MAC (Control de Acceso a los Medios), tipo de ordenador (Windows o Macintosh), resolución de pantalla, nombre y versión de su sistema operativo, fabricante y modelo de su dispositivo, idioma, tipo de navegador de internet y versión y nombre y versión de los Servicios (como la Aplicación) que esté usted
  • Datos de uso de la Aplicación: Cuando usted utiliza las Aplicaciones, nosotros o nuestros proveedores hacemos seguimiento y recopilamos determinados datos de uso, tales como la fecha y hora en la que la Aplicación instalada en su dispositivo accede a nuestros servidores y qué información y archivos se descargan en la Aplicación sobre la base del número de su dispositivo.
  • Datos obtenidos a través del uso de cookies, píxeles de seguimiento (pixel tags) u otras tecnologías: Utilizamos píxeles de seguimiento (también conocidos como balizas web y GIFs transparentes) en relación con algunos Servicios para, entre otras cosas, hacer seguimiento de las actividades de los usuarios de los Servicios (incluyendo la de los destinatarios de correo electrónico) y elaborar estadísticas sobre el uso de los Servicios y los índices de respuesta así como datos demográficos de carácter general y datos
  • Otros datos personales: dirección IP, datos de ubicación y datos sobre sus medios de comunicación

Si, en el marco de los Servicios nos enviara, a nosotros o a nuestros proveedores de servicios, cualquier dato personal relativo a otra persona, usted manifiesta que tiene la capacidad necesaria para comunicarnos dichos datos y para permitirnos utilizar los datos de conformidad con esta política de privacidad.

3.              Podemos utilizar los datos personales recogidos cuando usted utiliza nuestros Sitios Web o Servicios así como los recogidos con su consentimiento o de cualquier otra manera permitida por la ley aplicable, para cualquiera de las siguientes finalidades:

  • Proporcionarle los Servicios que nos solicite, que pueden consistir en una combinación de uso e interacción con nuestro Sitio Web, Aplicaciones, Cuestionarios y/o
  • Responder a sus consultas, satisfacer sus peticiones y enviarle las comunicaciones que nos haya solicitado, tales como los resultados de cualquier Cuestionario que usted hubiera podido
  • Enviarle información administrativa, por ejemplo, información relativa a los Servicios y a las modificaciones de nuestras condiciones generales y políticas.
  • Comercializar nuestros Servicios. Esto incluye el envío de comunicaciones acerca de nuestros Servicios, características, estudios, encuestas, novedades, actualizaciones y eventos. Podemos enviar dichas comunicaciones a través de distintos medios incluyendo el correo electrónico, notificaciones y anuncios de la Aplicación así como a través de anuncios publicados en plataformas de
  • Para nuestra gestión interna, incluyendo el análisis de datos, desarrollo de nuevos servicios, optimización, mejora o modificación de los Servicios, auditorías, control y prevención del fraude e identificación de tendencias de

  • Utilizamos los datos personales, incluyendo los datos especialmente protegidos, de numerosos usuarios de los Servicios para crear “datos agrupados” no identificables (tales como informes en los que se incluye el porcentaje de usuarios que han dado una determinada respuesta u obtenido un resultado concreto al realizar un Cuestionario) que podrán comunicarse a
  • Si usted nos remite ideas, propuestas, sugerencias, recomendaciones o cualquier otro material (“Comentarios”), relacionados o no con los
  • Tal y como consideremos necesario o apropiado y únicamente en la forma permitida por la ley aplicable, para (a) ejercitar cualquier acción legal; (b) responder a cualquier requerimiento de cualquier autoridad pública o administrativa, incluyendo autoridades públicas o administrativas fuera de su país de residencia; (c) proteger nuestro negocio y el de cualquiera de nuestras empresas afiliadas, incluyendo en todos aquellos casos en los que el tratamiento resulte necesario para investigar un incidente de seguridad; o para (d) proteger nuestros derechos, privacidad, seguridad o propiedad privada y/o los de nuestras empresas afiliadas, los suyos o los de cualquier
  • Para personalizar su experiencia al utilizar los Servicios, por ejemplo, para ofrecerle Cuestionarios y servicios

4.              Bases legales que justifican el tratamiento de sus datos personales

Solo recogemos, tratamos y comunicamos sus datos personales cuando tenemos el convencimiento de que existe una base legal adecuada que justifica el tratamiento. Dicha base legal puede ser cualquiera de las siguientes:

  • usted nos ha dado su consentimiento para el tratamiento de sus datos personales, por ejemplo, al acceder a recibir el Servicio, al dar de alta una cuenta o al facilitar voluntariamente sus datos personales, por ejemplo, al contestar a un Cuestionario;
  • el tratamiento de sus datos personales se efectúa como consecuencia de nuestro interés legítimo como organización empresarial (por ejemplo, para finalidades empresariales o de gestión interna, como análisis de datos, garantizar que los Servicios funcionan correctamente, desarrollar nuevos servicios, optimizar, mejorar o modificar los Servicios, auditorías, control y prevención del fraude, identificación de tendencias de uso). En estos casos, protegeremos sus datos en todo momento, de forma proporcional y respetando sus derechos de privacidad. Usted tiene el derecho, entre otros, a oponerse al tratamiento tal y como se detalla en el apartado DERECHOS LEGALES QUE LE ASISTEN PARA CONTROLAR SU PRIVACIDAD que se incluye a continuación;
  • el tratamiento de sus datos personales resulta necesario para cumplir con un contrato o para realizar las actuaciones necesarias para formalizar un contrato con usted; por ejemplo, en los casos en los que usted opta por recibir los Servicios, es obligatorio que nos proporcione su nombre y dirección de correo electrónico para dar de alta una cuenta con el fin de recibir los Servicios. Si desea más información, consulte nuestras                                     Condiciones                  Generales (https://care.springhealth.com/terms_of_service); y/o
  • el tratamiento de sus datos personales resulta necesario para cumplir con una obligación legal o regulatoria, por ejemplo, para el ejercicio de una acción legal, responder a los requerimientos efectuados por cualquier autoridad pública o administrativa, proteger nuestro negocio o el de cualquiera de nuestras empresas

afiliadas incluyendo todos aquellos casos en los que el tratamiento resulte necesario para investigar un incidente de seguridad; o para proteger nuestros derechos, privacidad, seguridad o propiedad privada y/o los de nuestras empresas afiliadas, los suyos o los de cualquier tercero.

  • Si desea obtener más información acerca de las bases legales que justifican el tratamiento de sus datos personales, póngase en contacto con nosotros a través de la siguiente dirección compliance@springhealth.com.

C.      Datos personales que recopilamos si trabaja con nosotros como Proveedor

1.              Los datos personales que recopilamos a partir del momento en el que nos solicita trabajar con nosotros como Proveedor y mientras continúe trabajando con nosotros en tal condición, incluyen:

  • Datos identificativos: como su nombre, dirección de correo electrónico, fotografía, nombre de soltera; seudónimo(s); dirección actual y direcciones anteriores; fecha de nacimiento; lugar de nacimiento; número de Identificación (que puede incluir su número de pasaporte, documento nacional de Identidad, carnet de conducir) y nombre completo de sus progenitores.
  • Datos sobre su situación laboral: nombre de su empleador; datos de su contrato de trabajo; nombre y datos de contacto de la persona responsable sobre usted; puesto de trabajo; franja salarial; fecha de inicio y extinción de su relación laboral; razones de extinción de su relación
  • Datos acerca de su formación y cualificación: nombre del centro educativo; datos de contacto del centro educativo; número de estudiante; datos de cualificación; área de estudio; fechas de asistencia; fechas de graduación.
  • Otros datos: Datos de pago para poder efectuar los pagos correspondientes a su favor y datos que deban incluirse en nuestros sistemas de comunicación, esto es, los medios de comunicación pertenecientes a Spring Health que usted utilizará (correo electrónico, teléfono y comunicaciones electrónicas).

2.              Si usted es uno de nuestros Proveedores, utilizaremos sus datos personales de la siguiente forma:

  • Para establecer, cumplir y llevar a efecto las condiciones bajo las que usted o la organización a la que usted representa contratará con nosotros y para comunicarnos con usted;
  • Para pagar y gestionar sus honorarios;
  • Para gestionar cualquier otra solicitud o servicio solicitado por usted durante la vigencia de su relación con nosotros;
  • Para garantizar el buen funcionamiento de nuestra relación con usted (incluyendo el de todas las actividades que deben llevarse a cabo antes, durante y tras la finalización de dicha relación, tales como por ejemplo, poder confirmar su idoneidad para trabajar con nosotros como Proveedor);
  • Controlar y prevenir problemas de ciberseguridad y el uso no autorizado de nuestros datos, sistemas informáticos y/o equipos;
  • Incluir en su perfil su identificación fotográfica; o

  • En los casos en los que resulte necesario, entablar procedimientos legales, investigar, plantear, ejercitar o defender una reclamación judicial; y llegar a un acuerdo transaccional en relación con cualquier reclamación

3.              Bases legales que justifican el tratamiento de sus datos personales

Solo recogemos, tratamos y comunicamos sus datos personales cuando tenemos el convencimiento de que existe una base legal adecuada que justifica el tratamiento. Dicha base legal puede ser cualquiera de las siguientes:

  • el tratamiento de sus datos personales es necesario para cumplir con lo previsto en un contrato o para realizar las actuaciones necesarias para poder formalizar un contrato con usted, i.e. el Acuerdo de Subcontratación;
  • tenemos un interés legítimo, como organización empresarial, en el tratamiento de sus datos personales (por ejemplo, para controlar y prevenir problemas de ciberseguridad y el uso no autorizado de nuestros datos, sistemas informáticos y/o equipos, o para incluir una identificación fotográfica suya en su perfil); y/o
  • el tratamiento de sus datos personales resulta necesario para cumplir con cualquier obligación legal o regulatoria, por ejemplo, para el ejercicio de una acción legal, responder a los requerimientos efectuados por cualquier autoridad pública o administrativa, proteger nuestro negocio o el de cualquiera de nuestras empresas afiliadas incluyendo todos aquellos casos en los que el tratamiento resulte necesario para investigar un incidente de seguridad; o para proteger nuestros derechos, privacidad, seguridad o propiedad privada y/o los de nuestras empresas afiliadas, los suyos y los de cualquier
  • Si desea obtener más información acerca de las bases legales que justifican el tratamiento de sus datos personales, póngase en contacto con nosotros a través de la siguiente dirección compliance@springhealth.com.

3.       COMUNICACIÓN DE DATOS PERSONALES DENTRO DEL GRUPO SPRING CARE, A NUESTROS PROVEEDORES DE SERVICIOS Y A OTROS TERCEROS

A.      En determinadas circunstancias, muy concretas, comunicaremos sus datos en la forma y para los fines que se describen a continuación:

  1. dentro del Spring Health, cuando dicha comunicación resulte necesaria para proporcionarle nuestros Servicios o gestionar nuestro negocio, incluyendo la comunicación a nuestra Sociedad Médica Profesional gestionada bajo la marca Spring, SH Medical Care of Kansas,
  2. a terceros que nos prestan servicios relativos a la gestión de nuestro negocio y a la prestación de los Servicios, por ejemplo:

  1. facilitaremos sus datos personales a nuestros Proveedores cuando resulte necesario para permitirle disponer de cualquier prestación específica de nuestros Servicios;
  2. si es usted un Proveedor, comunicaremos sus datos a terceros para comprobar su idoneidad como proveedor de los

Todos estos terceros han formalizado los correspondientes acuerdos de confidencialidad y utilizarán los datos personales que les comuniquemos o que recopilen en nuestro nombre únicamente para prestar el servicio para el que han sido contratados. Lo anterior incluye también servicios de alojamiento de sitios web, almacenamiento y análisis de datos, plataformas de organización y planificación, tecnologías informáticas y suministro de infraestructuras relacionada con lo anterior, entrega de correo electrónico, auditoría y otros servicios.

  1. con los reguladores a cuya jurisdicción estemos sujetos, incluyendo, sin limitación la Agencia de Inspección de Información (Information Commissioner’s Office) (ICO), la Comisión Nacional de Informática y Libertades (Commission Nationale de l’Informatique et des Libertés) (CNIL), las autoridades de protección de datos alemanas, la Comisión de Protección de Datos (DPC), la autoridad sueca para la Protección de la Privacidad (IMY) y la Agencia Española de Protección de Datos (AEPD), para cumplir con las leyes, reglamentos y normas aplicables así como con cualquier requerimiento de un órgano judicial, de cualquier regulador o de otro organismo administrativo;
  2. con nuestros socios o empresas afiliadas, datos agregados, estadísticos, que no pueden considerarse como datos personales, relativos a las visitas a nuestro Sitio Web, patrones de tráfico y uso del Sitio Web;
  3. En el caso de que, en el futuro, vendiéramos o transmitiéramos parte o la totalidad de nuestro negocio o activos a cualquier tercero, estaremos facultados para facilitar información a cualquier comprador potencial o real de nuestro negocio o

4.    ACTUALIZACIONES DE SERVICIO Y OPCIONES DE MARKETING

A.      Cómo tratamos sus datos personales para mantenerle actualizado acerca de nuestros Servicios

Para proteger sus derechos de privacidad y garantizarle el control sobre cómo gestionamos el marketing de nuestros Servicios, adoptaremos las medidas necesarias para limitar el marketing directo a un nivel razonable y proporcionado y únicamente le enviaremos comunicaciones que consideremos que pueden resultarle interesantes o que son apropiadas para usted.

B.      Cómo puede gestionar sus opciones de marketing

Usted puede optar por no recibir determinadas comunicaciones de marketing y oponerse a que sus datos personales se utilicen para fines de marketing en cualquier momento poniéndose en contacto con careteam@springhealth.com o haciendo clic en el enlace “darse de baja” que encontrará en cualquier comunicación de marketing que haya podido recibir, debiendo solicitar que se le excluya de cualquier comunicación futura. Le pediremos que determine si desea ser

excluido de todo tipo de comunicaciones de marketing o únicamente de un tipo concreto (v.g. correo electrónico).

5.    TRANSFERENCIA INTERNACIONAL DE SUS DATOS PERSONALES

  1. Spring Health es una empresa con sede en los Estados Unidos. En consecuencia y con independencia de su ubicación, sus datos personales se transmitirán y almacenarán en los Estados Unidos. La normativa de este país establece unos niveles de protección de los datos personales que podrían ser distintos a los aplicables por las leyes vigentes en su país de origen. Spring Health adoptará las medidas necesarias para garantizar que las transferencias de datos personales se realizan de conformidad con la ley aplicable y son gestionadas cuidadosamente para proteger sus derechos de privacidad y sus

A tal efecto:

  1. Nos aseguramos que las transferencias entre las entidades del Grupo Spring Health y sus empresas afiliadas quedan cubiertas por un acuerdo formalizado entre las empresas del Grupo Spring Health de que se trate (un contrato entre empresas) en virtud del cual cada una de dichas entidades quedará contractualmente obligada a garantizar que los datos personales reciben un nivel de protección adecuado y uniforme, con independencia de cuál sea la entidad del Grupo Spring Health a la que se transfieran;
  2. En los casos en los que los datos personales se transfieran fuera del Grupo Spring Health o a terceros con los que contratamos para poder prestar nuestros Servicios, el contrato formalizado con estos establecerá la obligación de proteger sus datos personales. Algunas de estas garantías son requisitos ampliamente reconocidos como el uso de las Cláusulas Contractuales Tipo de la UE para la protección de los datos personales transferidos desde la UE a países fuera de la misma; o
  3. Al recibir cualquier requerimiento de información de un órgano judicial o regulador, comprobamos cuidadosamente la solicitud antes de remitir ningún tipo de dato
  4. Tiene derecho a ponerse en contacto con nosotros para solicitarnos más información acerca de las garantías que hemos establecido (incluyendo copia de las obligaciones contractuales correspondientes) para garantizar una adecuada protección de sus datos personales cuando estos se transfieren de la forma indicada arriba.

6.      CÓMO PROTEGEMOS Y ALMACENAMOS SUS DATOS PERSONALES

A.      Seguridad

Hemos establecido y mantenemos medidas, políticas y procedimientos de seguridad tanto de carácter administrativo, como físico y técnico, para reducir el riesgo de destrucción, pérdida accidental, revelación o acceso no autorizados a dicha información razonables y apropiadas en función de la naturaleza de los datos de que se trate.

Las medidas que hemos adoptado incluyen la imposición a nuestros empleados y proveedores de servicios, de confidencialidad así como la destrucción o anonimización

permanente de los datos personales que ya no resultan necesarios para la finalidad para la que se recogieron. Como la seguridad de sus datos personales depende, en parte, de la seguridad del ordenador que usted utilice para comunicarse con nosotros y de la seguridad que usted aplique para proteger sus identificadores y contraseñas, deberá usted adoptar las medidas apropiadas para proteger esta información.

B.      Conservación de sus datos personales

  1. Conservaremos sus datos personales durante el plazo razonablemente necesario para cumplir con los fines para los que fueron recogidos, tal y como se detalla en esta política de privacidad. En determinadas circunstancias, conservaremos sus datos personales durante un período más largo, según lo permitido o exigido legalmente, por ejemplo, en aquellos casos en los que debamos conservar esos datos en cumplimiento de una obligación legal, regulatoria, fiscal o
  2. En determinados casos, conservaremos sus datos personales durante un período de tiempo más largo para disponer de registros precisos de su relación con nosotros en caso de reclamaciones o disputas o cuando consideremos razonablemente que existe la posibilidad de que se plantee cualquier litigio sobre sus datos personales o la relación mantenida con
  3. Dado que nuestro negocio se gestiona desde los Estados Unidos, y con sujeción a lo previsto en el Apartado VII TRANSFERENCIA INTERNACIONAL DE SUS DATOS PERSONALES, todos los datos personales que recogemos se tratan y almacenan en los Estados Unidos, según lo previsto en las leyes de este país y podrán ser facilitados a los órganos administrativos, tribunales, reguladores o cualquier otro organismo competente de conformidad con dichas
  4. Si usted utiliza nuestros Servicios y reside en Alemania, debe saber que estamos sujetos a determinadas obligaciones de conservación y documentación según lo previsto, entre otros, en el Código de Comercio Alemán (HGB) y el Código Fiscal Alemán (AO). Los plazos de conservación y documentación previstos en dichas normas pueden llegar hasta los diez años. Por último, el plazo de conservación de sus datos personales estará asimismo determinado por los plazos de prescripción legal, que pueden alcanzar los treinta años, por ejemplo, de conformidad con lo previsto en el artículo §§ 195 y siguientes del Código Civil alemán (BGB), siendo el período de prescripción legal ordinario de tres años.
  5. Si usted utiliza nuestros Servicios y reside en España, debe saber que no es habitual que la legislación española establezca períodos de conservación específicos vinculados a determinados tipos de documentos o registros. Por ello, la clave es más bien la finalidad o finalidades para las que se utilizará un determinado documento o registro. Una vez determinada la finalidad, el periodo de conservación aplicable se solapará con el periodo de prescripción vinculado a esa finalidad específica. Dado que los plazos de prescripción más largos absorben a los más cortos, al final, el plazo de prescripción estándar del derecho civil (artículo §§ 1964 del Código Civil español: 5 años) y el plazo de conservación de la correspondencia y la documentación comercial (artículo § 30 del Código de Comercio español: 6 años) pueden establecer la norma, anulando los más cortos. En algunas ocasiones se podrá optar por mantener periodos más largos (10 años) para hacer frente a posibles reclamaciones de derecho penal y otras reclamaciones fiscales o laborales excepcionales. Igualmente, en algunas circunstancias, algunos de sus datos se conservarán durante períodos mucho más cortos, como las grabaciones de llamadas, que se conservarán durante un máximo de 12 meses a partir de la fecha de grabación. Del mismo modo, si una solicitud de contrato

no se completa, sus datos podrán conservarse durante un período razonable, estimado en 12 meses, con el fin de evitar la duplicación del tratamiento en caso de nuevas solicitudes y durante el tiempo necesario para cumplir con las obligaciones legales aplicables.

  1. Adicionalmente, si usted utiliza nuestros Servicios y reside en España, debe conocer que, una vez transcurrido el citado plazo pertinente, sus datos serán almacenados, debidamente bloqueados en un archivo no accesible, en virtud de lo dispuesto en el artículo §§ 32 de la nueva Ley Orgánica 3/2018 de Protección de Datos Personales y Garantía de los Derechos Digitales (NLOPD), por un periodo adicional de 3 años. Así, durante este periodo de bloqueo, se adoptarán todas las medidas técnicas y organizativas necesarias para impedir el tratamiento posterior de los datos, incluida su visualización, salvo la puesta a disposición de los jueces y tribunales, del Ministerio Fiscal español o de las Administraciones Públicas competentes, en particular de las autoridades de protección de datos, para la exigencia de las posibles responsabilidades derivadas del tratamiento. Transcurrido este plazo adicional de tres años, los datos se destruirán.

7.     DERECHOS LEGALES QUE LE ASISTEN PARA CONTROLAR SU PRIVACIDAD

  1. Sujeto a determinadas excepciones, y dependiendo, en ciertos casos, de la actividad del tratamiento que llevemos a cabo, usted tiene determinados derechos en relación con sus datos personales (tal y como se detalla a continuación), incluyendo los derechos a:
  1. acceder a sus datos personales
  2. rectificar / suprimir sus datos personales
  3. limitar el tratamiento de sus datos personales
  4. solicitar la portabilidad de sus datos personales
  5. oponerse al tratamiento de sus datos personales, incluido aquél basado en nuestros intereses legítimos
  6. revocar, en cualquier momento, el consentimiento otorgado al tratamiento de sus datos personales, sin que ello afecte a la licitud del tratamiento basado en el consentimiento previo a su retirada
  7. oponerse a que utilicemos sus datos personales para fines de marketing directo, incluida la elaboración de perfiles
  8. obtener una copia de las cláusulas de salvaguarda utilizadas en relación con la transferencia internacional de sus datos personales
  9. presentar una reclamación ante la autoridad de control de su lugar de residencia

Por razones de seguridad antes de facilitarle ningún dato personal, le solicitaremos determinada información adicional para confirmar su identidad. Cuando así lo permita la ley, nos reservamos el derecho a cobrar un determinado importe por la tramitación de su solicitud en determinados casos, por ejemplo, en el caso de solicitudes manifiestamente injustificadas o excesivas.

Puede ejercitar cualquiera de sus derechos poniéndose en contacto con nosotros a través de la siguiente dirección careteam@springhealth.com. Sujeto a cualquier consideración legal o de otro tipo, realizaremos todos los esfuerzos razonables para tramitar su solicitud a la mayor brevedad posible informándole con prontitud en los casos en los que necesitemos más información para poder tramitarla.

No siempre será posible cumplir, íntegramente, con su solicitud, por ejemplo, en aquellos casos en los que la misma repercuta en cualquier obligación de confidencialidad asumida frente a un tercero o en los que estemos facultados legalmente para tramitar su solicitud de otra manera.

B.      Derecho de acceso a sus datos personales

Tiene derecho a solicitarnos que le facilitemos una copia de sus datos personales y a recibir información acerca de: (a) las fuentes de las que hemos obtenido sus datos personales; (b) los fines, base legal y los medios relacionados con el tratamiento; (c) la identidad del responsable del tratamiento; y (d) las entidades o categorías de entidades a las que se transferirán sus datos personales.

C.      Derecho de rectificación o cancelación de sus datos personales

  1. Tiene derecho a solicitarnos que rectifiquemos los errores que sus datos personales pudieran contener. Trataremos de verificar la exactitud de sus datos personales antes de rectificarlos.
  2. Asimismo, puede solicitarnos que eliminemos sus datos personales en circunstancias muy concretas tales como cuando:
  3. Ya no sean necesarios para los fines para los que se recogieron; o
  4. Usted haya revocado su consentimiento (cuando la base legal que justifica el tratamiento sea dicho consentimiento); o
  5. Haya ejercitado con éxito su derecho de oposición (véase derecho de oposición). Cuando el ejercicio de su derecho de oposición verse sobre el tratamiento de datos personales con fines de mercadotecnia directa, podremos conservar sus datos identificativos necesarios con el fin de impedir tratamientos futuros para estos fines; o
  6. Sus datos hubieran sido objeto de tratamiento ilegal, o
  7. Cuando sea necesario para cumplir con una obligación legal de Spring
  8. No estamos obligados a tramitar ninguna solicitud de cancelación de sus datos personales en aquellos casos en los que el tratamiento de los mismos sea necesario para:
  9. cumplir con una obligación legal; o
  10. interponer, ejercitar o defender cualquier reclamación judicial;

D.      Derecho a limitar el tratamiento de sus datos personales

  1. Puede solicitar que limitemos el tratamiento de sus datos personales únicamente en los siguientes casos:
  2. cuando la exactitud de los datos se haya puesto en cuestión, para permitirnos verificar dicha exactitud; o
  3. cuando el tratamiento sea ilegal, pero usted no desee que sus datos sean eliminados; o

  • cuando los datos no sean ya necesarios para los fines para los que se recogieron pero sí se necesiten para la interposición, ejercicio o defensa de una reclamación judicial; o
  • cuando usted haya ejercitado su derecho de oposición y estemos verificando la existencia de un interés legítimo que deba prevalecer sobre dicha oposición.
  1. Podremos continuar tratando sus datos personales tras una solicitud de limitación del tratamiento cuando:
  2. Tengamos su consentimiento; o
  3. Para interponer, ejercitar o defendernos de cualquier reclamación judicial; o
  4. Para proteger los derechos de cualquier otra persona, física o jurídica.
  5. Haremos constar claramente la limitación del tratamiento de sus datos personales en nuestros sistemas de información.

E.      Derecho a la portabilidad de sus datos personales

  1. Puede solicitarnos que le facilitemos sus Datos Personales en un formato estructurado, de uso común y lectura mecánica o que sus datos personales se envíen directamente a otro responsable del tratamiento, pero, en ambos casos, únicamente cuando:
  2. El tratamiento se base en su consentimiento o en el cumplimiento de lo previsto en un contrato formalizado con usted; y
  3. El tratamiento se realice por medios

F.      Derecho a oponerse al tratamiento de sus datos personales

G.     Derecho a revocar su consentimiento

En los casos en los que la base legal del tratamiento de sus datos personales sea su consentimiento, usted tiene derecho a revocar dicho consentimiento en cualquier momento enviando un correo electrónico a careteam@springhealth.com. Tenga en cuenta que, en determinados casos, la revocación de su consentimiento puede afectar a nuestra capacidad para prestarle los Servicios.

H.      Derecho a oponerse al tratamiento de sus datos personales para fines de marketing directo

Puede optar por no recibir determinadas comunicaciones de marketing y decidir que sus datos personales no sean tratados para fines de marketing, incluida la elaboración de perfiles, en cualquier momento poniéndose en contacto con nosotros a través de la siguiente dirección careteam@springhealth.com o haciendo clic en el enlace “darse de baja” que encontrará en todas nuestras comunicaciones de marketing, solicitándonos que le

excluyamos de cualquier comunicación en el futuro. Deberá especificar si desea ser excluido de todo tipo de comunicaciones de marketing o sólo de un tipo concreto (por ejemplo, correo electrónico).

También puede solicitarnos que modifiquemos la forma en la que nos ponemos en contacto con usted para fines de marketing o que no comuniquemos sus datos personales a terceras empresas no afiliadas para fines de marketing directo o para ningún otro fin.

I.         Derecho a obtener una copia de las cláusulas legales de garantía en relación con el tratamiento de sus datos personales utilizadas en relación con las transferencias internacionales de esos datos

Puede solicitarnos una copia o que le remitamos al lugar donde poder consultar las cláusulas legales de garantía utilizadas para la transferencia de sus datos personales fuera de la Unión Europea y del Reino Unido.

Podemos redactar acuerdos de transferencia internacional de datos independientes para proteger la confidencialidad de nuestras condiciones comerciales.

J.       Derecho a presentar una reclamación ante la autoridad competente en materia de protección de datos de su lugar de residencia

Tiene derecho a presentar una reclamación ante la autoridad competente en materia de protección de datos de su lugar de residencia en el caso de que no esté usted de acuerdo con la forma en la que estemos tratando sus datos personales.

Aunque usted tiene derecho a ponerse en contacto con la autoridad competente en materia de protección de datos en cualquier momento, le pedimos que trate de resolver cualquier problema que pudiera plantearse poniéndose, en primer lugar, en contacto con nosotros.

Además de los derechos previstos en este Apartado VIII, en el caso de que utilice nuestros Servicios desde Francia o España, tiene usted un derecho adicional en relación con sus datos personales:

K.      Derecho al Testamento Digital

Tiene derecho a establecer instrucciones (generales o específicas) acerca de lo que ocurrirá con sus datos personales en el caso de que usted fallezca.

8.        PÓNGASE EN CONTACTO CON NOSOTROS

Si tiene cualquier pregunta acerca de esta política de privacidad, póngase en contacto con nosotros a través de la siguiente dirección de correo electrónico compliance@springhealth.com o con nuestro Delegado de Protección de Datos (IT Governance Europe Limited) a través de la siguiente dirección de correo electrónico eurep@itgovernance.eu.

Spring Health ha nombrado un delegado de protección de datos en el Reino Unido, IT Governance Europe Limited, con el que puede ponerse en contacto a través de: eurep@itgovernance.eu.

Asegúrese de incluir el nombre de nuestra empresa en toda la correspondencia que envíe.

Si tuviera cualquier pregunta, problema o reclamación en relación con el cumplimiento de esta política de privacidad y de las leyes aplicables sobre protección de datos o en el caso de que usted quisiera

ejercitar cualquiera de sus derechos, le pedimos que, en primer lugar, se ponga en contacto con compliance@springhealth.com. Indagaremos en lo ocurrido y trataremos de resolver las reclamaciones y controversias y de hacer todos los esfuerzos razonables para facilitarle el ejercicio de sus derechos a la mayor brevedad posible y, en todo caso, en los plazos previstos en las leyes sobre protección de datos.

VERSION FINALE À TÉLÉCHARGER – 8 DÉCEMBRE 2021

1.      POLITIQUE RELATIVE A LA PROTECTION DES DONNEES DE SPRING CARE, INC. (EUROPE)

Spring Care, Inc. est responsable de vos données à caractère personnel.

Spring Care, Inc. et ses sociétés affiliées (désignées collectivement « Spring Health » ou « nous ») prenons au sérieux nos obligations en matière de protection des données et de respect de la vie privée. La présente politique recense nos pratiques à l’égard des données que nous recueillons de la manière suivante (et notamment en cas d’accès ) : (1) au site Internet de Spring Health actuellement référencé à l’adresse https://benefits.springhealth.com, aux supports et services disponibles sur ce site, et tout site Internet lui succédant, ainsi que tout Contenu : soit tout texte, donnée, graphisme, image, photographie, vidéo, élément audio, information, suggestion, aide, contenu ou autre élément fourni et mis à disposition ou disponible de toute autre façon sur le site Internet (le « Site »), (2) grâce aux applications logicielles que nous pouvons mettre à disposition en vue de leur utilisation sur des ordinateurs ou des appareils mobiles ou par leur biais (les « Applis »), (3) grâce aux quizz, tests et questionnaires (et à leurs résultats) que nous mettons à disposition sur le Site ou les Applis ou par leur biais (les « Questionnaires »), (4) par le biais du système de réservation dans le cas où vous bénéficiez de prestations professionnelles complémentaires fournies par l’intermédiaire de nos prestataires, conseillers, psychothérapeutes ou autres prestataires de services (les « Prestataires »), et (5) par le biais des enregistrements téléphoniques lorsque vous appelez les numéros de nos centres d’appels (l’ensemble des éléments qui précèdent étant désignés collectivement, les « Services »). Nous respectons la présente politique conformément aux lois applicables dans les pays où nous intervenons.

La présente politique explique également la façon dont nous recueillons, utilisons et communiquons vos données à caractère personnel si vous êtes ou représentez l’un de nos Prestataires.

La présente politique décrit notamment :

  • Les données à caractère personnel que nous recueillons, les cas dans lesquels nous les utilisons et les finalités de cette utilisation
  • La façon dont nous partageons vos données à caractère personnel au sein de Spring Health, à nos prestataires de services, aux autorités de contrôle et à d’autres tiers
  • La façon dont nous utilisons vos données pour vous communiquer des informations relatives à la mise à jour de nos Services et la manière dont vous pouvez gérer vos préférences en matière de prospection commerciale
  • Le transfert international de données à caractère personnel
  • La manière dont nous protégeons et conservons les données à caractère personnel
  • Les droits dont vous disposez pour assurer votre vie privée
  • Les moyens afin de nous contacter pour toute assistance complémentaire

2.    MISE À JOUR DE LA PRÉSENTE POLITIQUE

Nous pouvons modifier ponctuellement la présente politique afin de la tenir à jour des exigences légales et de la façon dont nous exerçons notre activité. Nous publierons ces modifications de manière bien visible de sorte que vous sachiez toujours quelles données nous collectons, comment nous les utilisons, et dans quels cas nous les communiquons, le cas échéant. Veuillez vérifier régulièrement ces pages pour accéder à la dernière version de la politique.

Vous pouvez trouver, sur notre Site, des liens externes vers des sites Internet tiers. La présente politique ne s’applique pas à votre utilisation des sites tiers.

3.   TYPES DE DONNEES À CARACTÈRE PERSONNEL QUE NOUS COLLECTONS, QUAND ET POURQUOI NOUS LES UTILISONS

A.      Moment où nous collectons les données à caractère personnel

Nous collections des données vous concernant si :

  • vous vous inscrivez à nos Services ou sur notre Site, utilisez nos Services ou interagissez avec notre Site, ou
  • si vous travaillez avec nous en qualité de Prestataire, collectivement (« vous »).

B.      Données à caractère personnel que nous collectons et utilisons si vous vous inscrivez à nos Services ou les utilisez ou si vous interagissez avec notre Site :

1.             Les données à caractère personnel suivantes sont notamment collectées si vous utilisez notre Site ou nos Services :

  • Renseignements personnels : prénom et nom de famille, date de naissance, adresse électronique, pays de résidence, nom d’utilisateur et mot de
  • Données sensibles vous concernant : origine raciale et informations relatives à votre état de santé, à savoir toute information générale concernant votre état de santé et votre bien-être, en ce compris toute indication relative à votre humeur générale et à vos habitudes quotidiennes, toute information concernant votre bien- être psychique, vos habitudes quotidiennes, votre niveau d’activité, vos habitudes nutritionnelles et alimentaires quotidiennes ainsi que toute information concernant votre vie personnelle, familiale et sociale, que vous mentionnez lorsque vous créez un compte ou dans tout Questionnaire que nous mettons à disposition dans le cadre des

2.             Autres données collectées lorsque vous utilisez nos Services ou interagissez avec notre Site

Les autres données collectées lorsque vous utilisez nos Services ou interagissez avec notre Site sont notamment :

  • Données relatives au navigateur et à l’appareil : certaines données sont recueillies par la plupart des navigateurs ou automatiquement par le biais de votre appareil. C’est notamment le cas des données suivantes : adresse MAC (Media Access Control), système d’exploitation(Windows or Macintosh), résolution de l’écran, nom et version du système d’exploitation, fabriquant et modèle de l’appareil, langue, type et version du navigateur internet et nom et version des Services (par exemple, l’Appli) que vous
  • Données d’utilisation des Applis : lorsque vous utilisez les Applis, nos prestataires de services et nous pouvons tracer et recueillir des données d’utilisation, telles que la date et l’heure auxquelles l’Appli installée sur votre appareil accède à nos serveurs et les informations et fichiers qui ont été téléchargés sur cette Appli d’après le numéro d’identification de votre
  • Données réunies grâce à l’utilisation de cookies, de pixels invisibles ou d’autres technologies : les pixels invisibles (également appelés pixels espions ou GIF invisibles) peuvent être utilisés dans le cadre de certains Services afin, entre autres, de tracer les actions des utilisateurs des Services (en ce compris les destinataires de courrier électronique), et de compiler des statistiques concernant l’utilisation des Services et les taux de réponse ainsi que des informations démographiques générales et des données agrégées.
  • Autres données à caractère personnel : adresse IP, données de localisation et informations concernant vos modes de communication préférés.

Si vous nous communiquez ou si vous communiquez à nos prestataires de services des données à caractère personnel relatives à d’autres personnes dans le cadre des Services, vous déclarez avoir l’autorisation de le faire et de nous autoriser à utiliser ces données conformément à la présente politique .

3.             Si vous utilisez nos Sites ou nos Services, si vous donnez votre consentement ou si la loi applicable le permet, nous pouvons utiliser les données à caractère personnel recueillies pour les finalités suivantes :

  • Afin de vous fournir les Services demandés. Il peut s’agir d’une combinaison entre l’utilisation de notre Site, de notre Appli, de nos Questionnaires et/ou le recours à nos Prestataires ou l’interaction avec ceux-ci.
  • Afin de répondre à vos questions, de traiter vos demandes, et de vous envoyer des communications que vous demandez, telles que les résultats de tout Questionnaire auquel vous avez répondu.
  • Afin de vous envoyer des informations à caractère administratif, concernant par exemple les Services et les modifications apportées à nos termes, conditions et politiques.
  • Afin de promouvoir nos Services auprès de vous, notamment en vous envoyant des communications concernant nos Services, fonctionnalités, études, sondages, actualités, mises à jour, et événements. Nous pouvons pour ce faire recourir à différentes méthodes : courrier électronique, communication ou annonce intégrées à l’application, et annonce sur des plateformes tierces,

  • Pour les besoins de notre gestion interne et de notre activité, et notamment afin d’analyser des données, de concevoir de nouveaux services, de perfectionner, d’améliorer ou de modifier les Services, aux fins d’audits, de contrôle et de prévention de la fraude, et afin de déterminer l’évolution des
  • Nous pouvons utiliser des données à caractère personnel, en ce compris des données sensibles, concernant de nombreux utilisateurs de nos Services afin de créer des « données agrégées » non identifiables (par exemple, des rapports calculant le pourcentage d’utilisateurs ayant donné une réponse particulière ou ayant obtenu un résultat particulier aux Questionnaires) pouvant être communiquées à des tiers.
  • Si vous nous faites part de toute idée, proposition, suggestion, recommandation ou de tout autre élément (une « Remarque »), concernant les Services ou à tout autre égard.
  • Dans la mesure où nous le jugeons nécessaire ou approprié, et uniquement si la loi applicable le permet, (a) pour respecter des procédures légales ; (b) pour répondre aux demandes des autorités publiques ou administratives, en ce compris les autorités publiques ou administratives situées hors de votre pays de résidence ; (c) pour protéger nos opérations ou celles de l’une quelconque de nos sociétés affiliées, notamment dans le cadre de toute enquête portant sur des incidents liés à la sécurité, ou (d) pour protéger nos droits, notre vie privée, notre sécurité ou nos biens, et/ou les vôtres ou ceux de nos sociétés affiliées ou d’autrui.
  • Afin de personnaliser votre expérience dans le cadre des Services, par exemple en vous proposant des Questionnaires et des services

4.             Base légale sur laquelle repose l’utilisation de vos données à caractère personnel

Nous ne recueillons, n’utilisons et ne communiquons vos données à caractère personnel que lorsque nous sommes convaincus que nous pouvons nous fonder sur une base légale appropriée pour le faire. Cette conviction peut être due au fait que :

  • vous avez consenti à ce que nous utilisions les données à caractère personnel, par exemple en choisissant de recevoir le Service, en créant un compte ou en communiquant volontairement vos informations à caractère personnel, par exemple lorsque vous répondez à un Questionnaire ;
  • nous utilisons vos données à caractère personnel dans notre intérêt légitime d’organisation commerciale (par exemple pour les besoins de notre gestion interne et de notre activité, et notamment afin d’analyser des données, de veiller au bon fonctionnement des Services, de concevoir de nouveaux services, de perfectionner, d’améliorer ou de modifier les Services, aux fins d’audits, de contrôle et de prévention de la fraude, et afin de déterminer l’évolution des usages). Dans ces cas, nous protégeons constamment vos données d’une manière proportionnée et respectant vos droits en matière de respect de la vie privée et vous avez le droit de vous opposer à leur traitement comme indiqué dans la section ci-après intitulée DROITS DONT VOUS DISPOSEZ POUR VOUS AIDER À CONTRÔLER LE RESPECT DE VOTRE VIE PRIVÉE ;
  • notre utilisation de vos données à caractère personnel est nécessaire à l’exécution d’un contrat ou à l’exécution de mesures en vue de la conclusion d’un contrat avec vous. Par exemple, si vous avez choisi de recevoir les Services, il est impératif de fournir votre nom et votre adresse électronique pour créer votre compte afin de recevoir les Pour de plus amples informations, veuillez-vous reporter à nos

Conditions Générales de Service (https://care.springhealth.com/terms_of_service) ; et/ou

  • notre utilisation de vos données à caractère personnel est nécessaire au respect d’une obligation légale ou réglementaire applicable à laquelle nous sommes soumis, par exemple de respecter une procédure légale, pour répondre à des demandes des autorités publiques ou administratives, pour protéger nos opérations ou celles de l’une de nos sociétés affiliées notamment dans le cadre de toute enquête portant sur des incidents liés à la sécurité ; ou pour protéger nos droits, notre vie privée, notre sécurité ou nos biens, et/ou les vôtres ou ceux de nos sociétés affiliées ou d’autrui.
  • Pour de plus amples informations concernant la base légale sur laquelle repose le traitement de vos données à caractère personnel, veuillez nous contacter à l’adresse suivante : compliance@springhealth.com.

C.      Données à caractère personnel que nous recueillons si vous travaillez avec nous en qualité de Prestataire

1.  Les données à caractère personnel recueillies si vous postulez pour travailler avec nous en qualité de Prestataire, et continuez de travailler avec nous en cette qualité comprennent :

  • Renseignements personnels : tels que vos nom, adresse électronique, photo, nom de jeune fille ; pseudonyme(s) ; adresses actuelles et antérieures ; date de naissance ; lieu de naissance ; numéro d’identité (pouvant comprendre le numéro de passeport, de carte nationale d’identité ou de permis de conduire) et nom complet de la mère ou du père.
  • Données relatives à votre situation professionnelle : nom et coordonnées de l’employeur ; nom et coordonnées du supérieur hiérarchique ; intitulé du poste ; salaire ; dates de début et de fin de l’emploi ; motif du départ.
  • Données relatives à votre formation et à vos qualifications : nom et coordonnées de l’établissement d’enseignement ; numéro étudiant ; nature du diplôme ; domaine d’étude ; dates de fréquentation de l’établissement d’enseignement ; date d’obtention du diplôme.
  • Autres données : données relatives aux paiements nous permettant de vous payer et données contenues dans nos systèmes de communication, à savoir les moyens de communication de Spring Health que vous utilisez (courrier électronique, téléphone fixe ou mobile et communication informatique).

2.  Si vous êtes l’un de nos Prestataires, nous pouvons utiliser vos données à caractère personnel pour les finalités suivantes :

  • Afin de déterminer, d’exécuter et de signer les termes et conditions selon lesquels vous, ou l’organisation que vous représentez, serez engagé par Spring Health et de communiquer avec vous ;
  • Afin de verser et d’administrer votre rémunération ;
  • Afin de gérer d’autres demandes ou services que vous demandez dans le cadre de votre relation avec nous ;
  • Afin de veiller au bon déroulement de notre relation avec vous (en ce compris toutes les activités devant être exécutées avant, pendant et après cette relation, par

exemple pour confirmer que vous avez le droit de travailler avec nous en qualité de Prestataire) ;

  • Afin de prévenir tout problème lié à la cybersécurité et l’utilisation non autorisée de nos informations, de nos systèmes informatiques et/ou de notre équipement, et d’effectuer un contrôle à cet égard ;
  • Conserver une pièce d’identité avec votre photo pour votre profile ; ou
  • Lorsque cela peut être nécessaire, afin d’introduire une action en justice, de mener toute enquête, de constater, d’exercer ou de défendre des droits en justice ; et de parvenir à une résolution à cet égard.

3.  Base légale sur laquelle repose l’utilisation de vos données à caractère personnel

Nous ne recueillons, n’utilisons et ne communiquons vos données à caractère personnel que lorsque nous sommes convaincus que nous pouvons nous fonder sur une base légale appropriée pour le faire. Cette conviction peut être due au fait que :

  • notre utilisation de vos données à caractère personnel est nécessaire à l’exécution d’un contrat ou à l’exécution de mesures en vue de la conclusion d’un contrat avec vous, à savoir le Contrat de Prestation de Services ;
  • nous utilisons vos données à caractère personnel dans notre intérêt légitime d’organisation commerciale (par exemple pour prévenir tout problème lié à la cybersécurité et l’utilisation non autorisée de nos informations, de nos systèmes informatiques et/ou de notre équipement et effectuer un contrôle à cet égard, ou pour conserver une pièce d’identité avec votre photo pour votre profile) ; et/ou
  • notre utilisation de vos données à caractère personnel est nécessaire au respect d’une obligation légale ou réglementaire applicable à laquelle nous sommes soumis, par exemple de respecter une procédure légale, pour répondre à des demandes des autorités publiques ou administratives, pour protéger nos opérations ou celles de l’une quelconque de nos sociétés affiliées notamment dans le cadre de toute enquête portant sur des incidents liés à la sécurité ; ou pour protéger nos droits, notre vie privée, notre sécurité ou nos biens, et/ou les vôtres ou ceux de nos sociétés affiliées ou d’autrui.
  • Pour de plus amples informations concernant la base juridique sur laquelle repose le traitement de vos informations à caractère personnel, veuillez nous contacter à l’adresse suivante : compliance@springhealth.com.

4.      COMMUNICATION DE DONNEES À CARACTÈRE PERSONNEL AU SEIN DE SPRING CARE, À NOS PRESTATAIRES DE SERVICES, ET À D’AUTRES TIERS

A.            Nous pouvons communiquer vos données dans des cas limités, de la manière et pour les finalités mentionnés ci-après :

  1. au sein de Spring Health, et notamment à notre société médicale professionnelle de la marque Spring, SH Medical Care of Kansas, PC, lorsque cette communication est nécessaire pour vous fournir nos Services ou pour gérer notre activité.
  2. à des tiers qui contribuent à la gestion de notre activité et à la fourniture de Services, par exemple :
  3. nous communiquerons vos données à caractère personnel à nos Prestataires dans la mesure nécessaire pour vous permettre de bénéficier d’un élément spécifique de nos Services ;
  4. si vous êtes l’un de nos Prestataires, nous communiquerons vos données à des tiers afin de confirmer que vous êtes habilité à exécuter les

Ces tiers ont accepté des obligations de confidentialité et utilisent les données à caractère personnel que nous leur communiquons ou qu’ils recueillent pour notre compte uniquement afin de nous fournir le service stipulé au contrat. Il peut s’agir notamment des services suivants : hébergement de site Internet, stockage et analyse de données, plateformes de planification, mise à disposition d’infrastructure de technologie de l’information et d’infrastructure associée, envoi de courrier électronique, audit et autres services.

  1. à nos autorités de contrôle, pouvant comprendre notamment l’autorité britannique de protection des données (Information Commissioner’s Office ou ICO), la Commission Nationale de l’Informatique et des Libertés (CNIL), les autorités allemandes de protection des données, la Commission de Protection des Données (Data Protection Commission ou DPC), et l’autorité suédoise pour la protection de la vie privée (IMY), afin de respecter toutes les lois, réglementations et règles applicables et de se conformer aux demandes des autorités chargées de l’application de la loi, des autorités administratives et de toute autre agence gouvernementale ;
  2. à nos partenaires ou à nos sociétés affiliées, sous forme agrégée et statistique, des données à caractère non personnel concernant les visiteurs de notre Site, les schémas de navigation, et l’utilisation du Site ;
  3. si nous vendons ou transférons à l’avenir une partie ou la totalité de notre activité ou de nos actifs à un tiers, nous pouvons communiquer des données à tout tiers acquéreur potentiel ou réel de notre activité ou de nos

5.      MISE A JOUR DES SERVICES ET PRÉFÉRENCES EN MATIÈRE DE COMMUNICATION COMMERCIALE

A.           Utilisation de données à caractère personnel pour vous tenir informé de nos Services

Afin de protéger vos droits en matière de respect de la vie privée et de veiller à ce que vous puissiez contrôler la façon dont nous gérons notre prospection commerciale à votre égard, nous ferons en sorte que cette prospection commerciale se limite à un niveau raisonnable et proportionné et nous vous adresserons uniquement des communications pouvant, selon nous, vous être utiles ou présenter un intérêt pour vous.

B.           Gestion de vos préférences en matière de communication commerciale

Vous pouvez à tout moment vous désabonner de certaines communications commerciales et vous opposer à l’utilisation de vos données à des fins de prospection commerciale en envoyant un message à l’adresse suivante : careteam@springhealth.com ou en cliquant sur le lien « Se désabonner » figurant dans tous les messages commerciaux qui vous sont adressés et en demandant à ne plus recevoir de communications à l’avenir. Veuillez préciser si vous souhaitez que nous cessions toutes les formes de communication commerciale ou uniquement certains types (par exemple, par courrier électronique).

6.  TRANSFERT INTERNATIONAL DE DONNEES À CARACTÈRE PERSONNEL

  1. Spring Health est une entreprise basée aux États-Unis. En conséquence, où que vous vous trouviez, vos données à caractère personnel seront transférées et conservées aux États- Unis, pays dans lequel les normes relatives à la protection des données peuvent différer de celles de votre pays d’origine. Spring Health prendra des mesures appropriées pour veiller à ce que les transferts de données à caractère personnel soient conformes à la loi applicable et soient gérés de manière rigoureuse afin de protéger vos droits et vos intérêts en matière de respect de la vie privée.

À cette fin :

  1. Nous veillons à ce que les transferts entre les entités et les sociétés affiliées de Spring Health soient couverts par un contrat conclu entre les membres de Spring Health (un contrat interentreprises) et obligeant contractuellement chaque entité à s’assurer que les données à caractère personnel font l’objet d’un niveau de protection adéquat et uniforme dès lors qu’elles sont transférées au sein de Spring Health ;
  2. Lorsque nous transférons vos données à caractère personnel en dehors de Spring Health ou à des tiers contribuant à la fourniture de nos Services, nous obtenons des engagements contractuels de leur part afin de protéger vos données à caractère personnel. Certaines de ces garanties correspondent à des exigences bien connues telles que l’utilisation des Clauses Contractuelles Types de l’UE pour la protection des données à caractère personnel transférées depuis l’UE vers des pays situés hors de l’UE ; ou
  3. Lorsque nous recevons des demandes d’information de la part d’autorités chargées de l’application de la loi ou d’autorités de contrôle, nous vérifions scrupuleusement

l’authenticité de ces demandes avant de communiquer toute donnée à caractère personnel.

  1. Vous avez le droit de nous contacter afin d’obtenir de plus amples informations concernant les garanties que nous avons mises en place (et notamment une copie des engagements contractuels applicables) pour veiller à la protection adéquate de vos données à caractère personnel lorsque celles-ci sont transférées dans les conditions susmentionnées.

7.     COMMENT NOUS PROTEGEONS ET CONSERVONS VOS DONNEES

A.     Sécurité

Nous avons mis en place et maintenons en vigueur des mesures, des politiques et des procédures de sécurité administratives, physiques et techniques afin de réduire le risque de destruction ou de perte accidentelle de ces données, leur communication non autorisée ou l’accès non autorisé à celles-ci, d’une manière raisonnable et appropriée à la nature des données concernées. À ce titre, nous imposons notamment des obligations de confidentialité aux membres de notre personnel et à nos prestataires de services et détruisons ou anonymisons de manière définitive les données à caractère personnel qui ne sont plus nécessaires au regard des finalités pour lesquelles elles ont été recueillies. La sécurité des données dépendant en partie de la sécurité de l’ordinateur que vous utilisez pour communiquer avec nous et des précautions que vous prenez pour protéger vos identifiants et vos mots de passe, nous vous prions de prendre des mesures appropriées pour protéger ces données.

B.     Conservation de vos données à caractère personnel

  1. Nous conserverons vos données à caractère personnel pendant la durée raisonnablement nécessaire au regard des finalités pour lesquelles elles ont été recueillies, comme indiqué dans la présente Dans certains cas, nous pouvons conserver vos données à caractère personnel pendant plus longtemps si la loi l’exige ou le permet, par exemple lorsque nous sommes tenus de le faire en vertu d’exigences légales, réglementaires, fiscales ou comptables.
  2. Dans des circonstances spécifiques, nous pouvons conserver vos données à caractère personnel pendant plus longtemps de manière à disposer d’une trace précise de vos interactions avec nous en cas de réclamation ou de contestation, ou si nous estimons raisonnablement qu’une action en justice liée à vos données à caractère personnel ou à vos interactions est
  3. Étant donné que nous exerçons nos activités depuis les États-Unis, sous réserve des données mentionnées à la Section VI TRANSFERT INTERNATIONAL DE DONNEES A CARACTERE PERSONNEL, toutes les données à caractère personnel que nous collectons sont utilisées et conservées aux États-Unis, sont soumises aux lois des États- Unis, et peuvent faire l’objet d’une communication aux gouvernements, aux juridictions, aux autorités chargées de l’application de la loi ou aux autorités administratives des États-Unis conformément à ces
  4. Si vous utilisez nos Services et vous trouvez en Allemagne, nous sommes soumis à diverses obligations de conservation et de documentation découlant entre autres du Code de commerce allemand (HGB) et du Code fiscal allemand (AO). Les délais de conservation et de documentation spécifiés dans ces codes peuvent aller jusqu’à dix ans. Enfin, la période de conservation est également déterminée par les délais de prescriptions légaux, pouvant par exemple aller jusqu’à trente ans, conformément aux paragraphes 195 et suivants du Code civil allemand (BGB), le délai de prescription ordinaire étant de trois

8.    DROITS PREVUS PAR LA LOI POUR VOUS PERMETTRE DE PARAMÉTRER LE RESPECT DE VOTRE VIE PRIVEE

  1. Sous réserve de certaines dérogations et certains cas liés aux activités de traitement que nous exerçons, vous disposez de certains droits relatifs à vos données à caractère personnel (tels que plus amplement détaillés ci-dessous), et notamment :
  2. Un droit d’accès à vos données à caractère personnel
  3. Un droit de rectification / d’effacement de vos données à caractère personnel
  4. Un droit de limitation du traitement de vos données à caractère personnel
  5. Un droit à la portabilité de vos données à caractère personnel
  6. Un droit d’opposition au traitement de vos données à caractère personnel
  7. Un droit de retrait de votre consentement au traitement de vos données à caractère personnel
  8. Un droit d’opposition à notre utilisation de vos données à caractère personnel aux fins de prospection
  9. Un droit d’information quant aux garanties mises en œuvre en cas de transfert de vos données à caractère personnel vers un pays étranger
  10. Un droit d’introduire une réclamation auprès de votre autorité de contrôle locale

Nous pourrons être amenés à vous demander des renseignements complémentaires afin de confirmer votre identité et pour des raisons de sécurité avant de vous communiquer les données à caractère personnel demandées. Nous nous réservons le droit de vous facturer des frais, dans la mesure où la loi le permet, notamment si votre demande est manifestement infondée ou excessive.

Vous pouvez exercer vos droits en nous écrivant à l’adresse suivante : careteam@springhealth.com. Sous réserves des aspects juridiques et d’autres considérations admises, nous nous efforcerons de faire droit à votre demande dans les meilleurs délais ou de vous indiquer si nous avons besoins d’informations complémentaires afin de répondre à votre demande.

Il est possible que nous ne soyons pas toujours en mesure de répondre à l’intégralité de votre demande, notamment si cela risque de compromettre nos obligations de confidentialité envers des tiers, ou si nous sommes légalement en droit de traiter la demande par d’autres moyens.

B.           Droit d’accès aux données à caractère personnel

Vous disposez du droit de nous demander de vous fournir une copie des données à caractère personnel que nous détenons vous concernant, et vous avez le droit d’être informé : (a) de la provenance de vos données à caractère personnel ; (b) des finalités, fondements juridiques et méthodes du traitement ; (c) de l’identité du responsable du traitement ; et (d) des destinataires ou catégories de destinataires auxquels vos données à caractère personnel peuvent être communiquées.

C.           Droit de rectification et d’effacement des données à caractère personnel

  1. Vous avez le droit de nous demander de rectifier les données à caractère personnel inexactes. Vous pouvez demander à vérifier l’exactitude des données à caractère personnel avant leur
  2. Vous pouvez également nous demander d’effacer vos données à caractère personnel dans un nombre limité de cas :
  3. Si ces données ne sont plus nécessaires au regard des finalités pour lesquelles elles ont été collectées ;
  4. Si vous avez retiré votre consentement (si le traitement était fondé sur votre consentement) ;
  5. Si vous avez exercé avec succès votre droit d’opposition ( d roit d’opposition) ;
  6. Si elles ont fait l’objet d’un traitement illicite ; ou
  7. Pour respecter une obligation légale à laquelle Spring Health est
  8. Nous ne sommes pas tenus de faire droit à votre demande d’effacement des données à caractère personnel si le traitement de celles-ci est nécessaire :
  9. Pour respecter une obligation légale ; ou
  10. À la constatation, à l’exercice ou à la défense de droits en

D.           Droit à la limitation du traitement de vos données à caractère personnel

  1. Vous pouvez nous demander de limiter le traitement de vos données à caractère personnel, mais uniquement dans les cas suivants :
  2. Si leur exactitude est contestée, afin de nous permettre d’en vérifier l’exactitude ;
  3. Si le traitement est illicite et vous vous opposez à l’effacement des données ;
  4. Si nous n’en avons plus besoin aux fins du traitement mais celles-ci sont encore nécessaires pour la constatation, l’exercice ou la défense de droits en justice ; ou
  5. Si vous avez exercé votre droit d’opposition, et la vérification est en cours afin de savoir si les motifs légitimes prévalent.
  6. Nous pouvons continuer d’utiliser vos données à caractère personnel suite à une demande de limitation du traitement dans les cas suivants :
  7. Avec votre consentement ; ou
  8. Pour la constatation, l’exercice ou la défense de droits en justice ; ou
  9. Pour la protection des droits d’une autre personne physique ou

E.           Droit à la portabilité de vos données à caractère personnel

  1. Vous pouvez nous demander de vous fournir vos données à caractère personnel dans un format structuré, couramment utilisé et lisible par machine, ou nous demander de transmettre ces données directement à un autre responsable du traitement, lorsque :
  2. Le traitement est fondé sur votre consentement ou sur l’exécution d’un contrat conclu avec vous ; et

  • Le traitement est effectué à l’aide de procédés automatisés.

F.            Droit d’opposition au traitement de vos données à caractère personnel

G.

Droit de retirer votre consentement

Lorsque le traitement de vos données à caractère personnel est fondé sur le consentement que vous nous avez donné, vous avez le droit de retirer ce consentement à tout moment, par courriel adressé à l’adresse suivante : careteam@springhealth.com. Veuillez noter que, dans certains cas, le retrait de votre consentement peut affecter notre capacité à vous fournir les Services.

H.           Droit d’opposition à l’utilisation de vos données à caractère personnel aux fins de prospection

Vous pouvez à tout moment vous opposez à certaines communications à caractère commercial et à l’utilisation de vos données à des fins de prospection en nous contactant à l’adresse suivante : careteam@springhealth.com ou en cliquant sur le lien « me désabonner » que vous trouverez sur tous les messages à caractère commercial qui vous sont adressés, et en demandant de ne plus figurer parmi les destinataires des communications à l’avenir. Veuillez préciser si vous souhaitez ne plus recevoir aucun message à caractère commercial ou seulement certains types de messages (par ex. par courriel).

Vous pouvez également demander à ce que nous changions le mode de communication que nous utilisons pour vous contacter à des fins de prospection ou à ce que nous ne transférions pas vos données à caractère personnel à des tiers non affiliés aux fins de prospection ou autres.

I.                 Droit d’obtenir une copie des garanties appropriées concernant le transfert des données à caractère personnel vers un pays étranger

Vous pouvez demander à obtenir une copie ou les références des garanties applicables au transfert de vos données à caractère personnel vers un pays situé hors de l’Union européenne et du Royaume-Uni.

Nous pourrons être amenés à masquer certaines parties des contrats de transfert de données afin de préserver la confidentialité des conditions commerciales.

J.             Droit d’introduire une réclamation auprès de votre autorité de contrôle locale

Vous avez le droit d’introduire une réclamation auprès de votre autorité de contrôle locale si vous avez des inquiétudes concernant la manière dont nous traitons vos données à caractère personnel.

Nous vous demandons de bien vouloir nous contacter en premier lieu afin de tenter de résoudre toute difficulté, quand bien même vous disposez du droit de contacter votre autorité de contrôle à tout moment.

Outre les droits visés au présent Article VIII, si vous avez recours à nos Services depuis la France, vous disposez également d’un autre droit relatif à vos données à caractère personnel :

K.           Droits concernant le traitement de données à caractère personnel relatives aux personnes décédées

Vous avez le droit de définir des directives (générales ou particulières) concernant le sort de vos données à caractère personnel après votre décès.

9.          NOUS CONTACTER

Pour toutes questions relatives à la présente politique, veuillez nous contacter à l’adresse suivante : compliance@springhealth.com ou contacter notre Délégué à la Protection des Données (Data Protection Officer) (IT Governance Europe Limited) à l’adresse suivante : eurep@itgovernance.eu.

Spring Health a désigné un responsable chargé de la protection des données au Royaume-Uni, IT Governance Europe Limited, qui peut être contacté à l’adresse suivante : eurep@itgovernance.eu.

Merci de veiller à bien préciser le nom de notre société dans toutes vos correspondances.

Si vous avez des questions, difficultés ou réclamations concernant le respect de la présente politique et la conformité au regard des lois relatives à la protection des données, ou si vous souhaitez exercer vos droits, nous vous invitons à nous contacter en premier lieu à l’adresse suivante : compliance@springhealth.com. Nous examinerons et tenterons de résoudre les réclamations et différends, et nous nous efforcerons de faire droit à votre souhait d’exercer vos droits aussi rapidement que possible, et en tout état de cause dans les délais prescrits par les lois relatives à la protection des données.

Last Updated: February 22, 2022

SPRING CARE, INC. PRIVACY POLICY

Spring Care, Inc. is responsible for your personal information.

Spring Care, Inc. and its affiliates (collectively referred to as “Spring Health”, “we“, “us“) takes its data protection and privacy responsibilities seriously. This privacy policy describes our practices in connection with information that we collect through (including any access to) (1) the Spring Health website currently located at https://benefits.springhealth.com, materials and services available therein, and successor website(s) thereto, together with any Content: meaning text, data, graphics, images, photographs, video, audio, information, suggestions, guidance, content and other materials provided, made available or otherwise found on the website (“Website”), (2) the software applications we may make available for use on or through computers and mobile devices (“Apps”), (3) the quizzes, tests, and questionnaires (and results thereof) we make available on or through the Website or Apps (“Questionnaires”), (4) the booking system should you avail of additional professional services through our contractors, counselors, therapists or other service providers (“Providers”), and (5) call recordings when you call our call center phone numbers (all of the foregoing, collectively, “Services”). We follow this privacy policy in accordance with applicable laws in the places where we operate.

This privacy policy also explains how we collect, use and share personal information if you are or represent one of our Providers, including if you go through the application process to become one of our Providers.

Specifically, this privacy policy describes:

  • What personal information we collect and when and why we use
  • How we share personal information within Spring Health and with our service providers, regulators and other third parties
  • How we use your information to provide Service updates to you and how you can manage your marketing preferences
  • Transferring personal information globally
  • How we protect and store personal information
  • Legal rights available to help manage your privacy
  • How you can contact us for more support

1.      UPDATES TO THIS PRIVACY POLICY

We may amend this privacy policy from time to time to keep it up to date with legal requirements and the way we operate our business. We will post those changes prominently, so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. Please regularly check these pages for the latest version of this privacy policy.

You might find external links to third party websites on our Website. This privacy policy does not apply to your use of a third party site.

2.    WHAT PERSONAL INFORMATION WE COLLECT AND WHEN AND WHY WE USE IT

A.     When we collect personal information

We collect information about you if you:

  • register with, use our Services or engage with our Website, or
  • work with us as a Provider, collectively (“you“).

B.     Personal information we collect and use if you register with or use our Services or if you engage with our Website:

1.             Personal information collected if you use our Website or Services includes:

  • Personal details: first name and surname, date of birth, email address, country of residence, username and
  • Sensitive information about you: racial origin and health information i.e. general information about your health and wellbeing, including indications about your overall mood and daily habits, information on your mental wellbeing, daily habits, activity levels, daily nutrition and eating habits as well as information about your personal, family and social life which is entered by you when registering for an account or in any Questionnaires we make available through the

2.             Other information when you use our Services or engage with our Website

Other information collected if you use our Services or engage with our Website includes:

  • Browser and device information: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are
  • App usage data: When you use the Apps, we and our service providers may track and collect usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device

  • Information gathered through use of cookies, pixel tags or other technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of users of the Services (including email recipients), and compile statistics about usage of the Services and response rates as well as general demographic information and aggregated information.
  • Other personal information: IP address, location data and information around your preferred means of

If you submit any personal information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this privacy policy.

3.             We may use personal data collected if you use our Websites or Services or if you consent or as permitted by applicable law in the following ways:

  • To provide you with the Services you request, which may be combination of the use or engagement with our Website, App, Questionnaires and/or
  • To respond to your inquiries, fulfil your requests, and send you communications that you request, such as the results of any Questionnaire that you have
  • To send administrative information to you, for example, information regarding the Services and changes to our terms, conditions and
  • To market our Services to you. This includes sending communications about our Services, features, studies, surveys, news, updates, and events. We may do so through various methods, including email, in app communications and ads, and ads on third party
  • For our internal management and business purposes, such as data analysis, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage
  • We may use personal information, including sensitive information, from many Services users to create non-identifiable “aggregate data” (for example, reports that calculate the percentage of users who have a particular response to or result from the Questionnaires) that may be disclosed to third
  • If you provide to us any ideas, proposals, suggestions, recommendations or other materials (“Feedback”), whether related to the Services or
  • As we believe to be necessary or appropriate, and only as permitted under applicable law (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or
  • To personalize your experience on the Services, for example, by presenting Questionnaires and similar services to

4.             The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • you have provided your consent to us using the personal information, for example by opting in to receiving the Service, by registering for an account or by voluntarily inputting your personal information g., when you answer a Questionnaire;
  • our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you for example where you have opted to receive the Services it is mandatory to provide your name and email address to register your account in order to receive the Services. For further information please see our Terms of Service (https://care.springhealth.com/terms_of_service); and/or
  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example, to comply with legal process, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
  • If you would like to find out more about the legal basis for which we process personal information, please contact us at compliance@springhealth.com.

C.     Personal information we collect if you work with us as a Provider

1.  Personal information collected if you apply to work with us as a Provider, and continue to work with us as a Provider, includes:

  • Personal details: such as your name, email address, photo, maiden name; alias(es); current and previous addresses; birth date; birth place; ID number (which may include passport, national ID card, driver’s license) and mother/father’s complete
  • Information about your employment status: employer name; employer contact details; manager name; manager contact details; job title; pay rate; dates of employment; reason for leaving
  • Information about your education and qualifications: school name; school contact details; student number; qualification details; field of study; school attendance dates; school graduation
  • Other information: payment information so that we can make payments to you and information contained on our communications systems, these are the Spring Health communications facilities used by you (email, phone, mobile phone and computer communication).

2.  If you are one of our Providers, we may use your personal data in the following ways:

  • To determine, perform and execute the terms on which you, or the organization you represent will be engaged by us and communicate with you;
  • To pay and administer your fees;
  • To administer other requests or services requested by you throughout your engagement with us;

  • To ensure the smooth running of our engagement with you (including all of the activities that need to be undertaken before, during and after such engagement for instance to confirm your eligibility to work with us as a );
  • To monitor against and prevent cyber-security issues and unauthorised use of our information, IT systems and/or equipment;
  • Maintain photo identification of you for your profile; or
  • Where it may be necessary, to file legal proceedings, investigate, establish, exercise or defend a legal claim; and settle legal

3.  The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you, e. the Contractor Agreement;
  • our use of your personal information is in our legitimate interest as a commercial organisation (for example to monitor against and prevent cyber-security issues and unauthorised use of our information, IT systems and/or equipment, or maintain photo identification of you for your profile); and/or
  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example, to comply with legal process, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
  • If you would like to find out more about the legal basis for which we process personal information please contact us at compliance@springhealth.com.

3.       SHARING PERSONAL INFORMATION WITHIN SPRING CARE, WITH OUR SERVICE PROVIDERS, AND OTHER THIRD PARTIES

A.     We may share your information under limited circumstances in the manner and for the purposes described below:

  1. within Spring Health, where such disclosure is necessary to provide you with our Services or to manage our business, including with our Spring-branded Medical Professional Corporation, SH Medical Care of Kansas,
  2. with third parties who help manage our business and deliver Services, for example:
  3. we will provide your personal information to our Providers, as necessary to allow you to avail of that specific element of our Services;

  1. if you are one of our Providers, we will share your information with third parties to confirm your eligibility to carry out the

These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These may also include website hosting, data storage and analysis, scheduling platforms, information technology and related infrastructure provision, email delivery, auditing and other services.

  1. with our regulators, to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
  2. with our partners or affiliates, in aggregate, statistical form, non-personal information regarding the visitors to our Website, traffic patterns, and Website usage with our partners or affiliates;
  3. if, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or

4.    SERVICE UPDATES AND MARKETING PREFERENCES

A.     How we use personal information to keep you up to date with our Services

To protect privacy rights and to ensure you have control over how we manage marketing with you we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you.

B.     How you can manage your marketing preferences

You can opt out of certain marketing communications and use of your information for marketing at any time by contacting careteam@springhealth.com or by clicking on the “unsubscribe” link you will find on all marketing messages to you and requesting to be removed from future communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email).

5.    TRANSFERRING PERSONAL INFORMATION GLOBALLY

  1. Spring Health is a US based business. Accordingly, regardless of your location, your personal information will be transferred to and stored in the US, which may be subject to

different standards of data protection than your home jurisdiction. Spring Health will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests.

To this end:

  1. We ensure transfers within Spring Health entities and affiliates will be covered by an agreement entered into by members of Spring Health (an intercompany agreement) which contractually obliges each entity to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within Spring Health;
  2. Where we transfer your personal information outside Spring Health or to third parties who help provide our Services, we obtain contractual commitments from them to protect your personal information; or
  3. Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are
  4. You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned

6.      HOW WE PROTECT AND STORE YOUR INFORMATION

A.     Security

We have implemented and maintain appropriate administrative, physical and technical security measures, policies and procedures that are reasonable and appropriate to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information as reasonable and appropriate to the nature of the information concerned. Measures we take include placing confidentiality requirements on our staff members and service providers and destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected. As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect user IDs and passwords please take appropriate measures to protect this information.

B.     Storing your personal information

  1. We will retain your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy policy. In some circumstances we may store your personal information for longer periods of time as required or permitted by law, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting
  2. In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or
  3. As our operations are conducted from the US, subject to the information set out in Section V TRANSFERRING YOUR INFORMATION GLOBALLY, all personal information that we collect is used and stored in the US, is subject to US laws, and may be subject to disclosure to US governments, courts or law enforcement or regulatory agencies pursuant to those

7.     LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY

  1. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information (as further detailed below), including the right:
  1. To access personal information
  2. To rectify / erase personal information
  3. To restrict the processing of your personal information
  4. To transfer your personal information
  5. To object to the processing of personal information
  6. Withdraw consent for processing of personal information
  7. To object to how we use your personal information for direct marketing purposes
  8. To obtain a copy of personal information safeguards used for transfers outside your jurisdiction
  9. To lodge a complaint with your local supervisory authority

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us at careteam@springhealth.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

B.     Right to access personal information

You have a right to request that we provide you with a copy of your personal information that we hold, and you have the right to be informed of; (a) the source of your personal information;

(b) the purposes, legal basis and methods of processing; (c) the controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

C.     Right to rectify, update or erase personal information

  1. You have a right to request that we rectify inaccurate personal We may seek to verify the accuracy of the personal information before rectifying it.
  2. You can also request that we erase your personal information in limited circumstances where:
  3. it is no longer needed for the purposes for which it was collected; or
  4. you have withdrawn your consent (where the data processing was based on consent); or
  5. it has been processed unlawfully; or

  • to comply with a legal obligation to which Spring Health is
  1. We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
  2. for compliance with a legal obligation; or
  3. for the establishment, exercise or defence of legal claims;

D.     Right to withdraw consent

Where we have obtained your consent as our legal basis to process your personal data, you have the right to withdraw consent at any time by emailing careteam@springhealth.com. Please note that in some instances, where you withdraw your consent this may negatively impact our ability to provide you with the Services.

E.      Right to object to how we use your personal information for direct marketing purposes

You can opt out of certain marketing communications and use of your information for marketing at any time by contacting careteam@springhealth.com or by clicking on the “unsubscribe” link you will find on all marketing messages to you and requesting to be removed from future communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email).

You can also request that we change the manner in which we contact you for marketing purposes or request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.

F.      Right to lodge a complaint with your local supervisory authority

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

8.        CONTACT US

If you have any questions about this privacy policy, please contact us at compliance@springhealth.com or our Data Protection Officer (IT Governance Europe Limited) at eurep@itgovernance.eu.

Please ensure to include our company name in any correspondence you send.

If you have any questions, concerns or complaints regarding our compliance with this privacy policy and data protection laws, or if you wish to exercise your rights, we encourage you to first contact compliance@springhealth.com. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by data protection laws.

Última actualización: 22 de febrero de 2022

SPRING CARE, INC. POLÍTICA DE PRIVACIDAD (ARGENTINA)

Spring Care, Inc. es responsable del tratamiento de sus datos personales.

Spring Care, Inc. y sus empresas afiliadas (conjuntamente, “Spring Health”, “nosotros”) se toma muy en serio sus obligaciones en materia de protección de datos y privacidad. Esta política de privacidad describe nuestras prácticas en relación con los datos que recogemos a través de (incluyendo cualquier acceso a) (1) El sitio web de Spring Health, actualmente accesible a través de https://benefits.springhealth.com, los materiales y servicios disponibles en el mismo, cualquier sitio web que pudiera sustituirlo en el futuro, así como cualquier Contenido entendido como texto, datos, gráficos, imágenes, fotografías, video, audio, datos, sugerencias, instrucciones, contenido y cualquier otro material facilitado, disponible o que usted pueda encontrar en el sitio web (“Sitio Web”), (2) las aplicaciones de software que podamos poner a su disposición para su utilización en o a través de cualquier ordenador o dispositivo móvil (“Aplicaciones”), (3) los test y cuestionarios (y los resultados de los mismos) que ponemos a su disposición en o a través del Sitio Web o de las Aplicaciones (“Cuestionarios”), (4) el sistema de reservas en el caso de que usted recurra a cualquier servicio profesional complementario prestado por nuestros subcontratistas, orientadores, terapeutas o cualquier otro proveedor de servicios (“Proveedores”) y (5) las grabaciones de llamadas cuando usted llame a los número de teléfono de nuestro centro de llamadas (todos los anteriores, conjuntamente, “Servicios”). Aplicamos esta política de privacidad de conformidad con lo previsto en la ley aplicable en aquellos lugares en los que desarrollamos nuestra actividad.

Esta política de privacidad también detalla como recogemos, utilizamos y comunicamos sus datos personales en el caso de que usted sea uno de nuestros Proveedores o representante del mismo, incluyendo también todos los casos en los que usted participe en un proceso de selección para convertirse en uno de nuestros Proveedores.

En particular, esta política de privacidad describe:

  • Los datos personales que recogemos y cuándo y por qué efectuamos su
  • Cómo comunicamos los datos personales dentro del grupo Spring Health y a nuestros proveedores de servicios, reguladores y a otros
  • Cómo utilizamos de sus datos para facilitarle actualizaciones del Servicio y cómo puede usted configurar sus preferencias de
  • Transferencias internacionales de
  • Cómo protegemos y almacenamos los datos
  • Los derechos legales que le asisten para controlar su
  • Cómo puede ponerse en contacto con nosotros para obtener más

1.      ACTUALICACIONES DE ESTA POLÍTICA DE PRIVACIDAD

Estamos facultados para modificar esta política de privacidad en cualquier momento incorporando nuevos requisitos legales o cualquier otro elemento que afecte al funcionamiento de nuestro negocio.

Publicaremos los cambios de manera visible para que pueda saber en todo momento qué datos recogemos, cómo los utilizamos y en qué circunstancias, en su caso, los comunicamos a terceros. Revise periódicamente estas páginas para asegurarse de que está al tanto de la última versión de esta política de privacidad.

En nuestro Sitio Web, encontrará enlaces externos a sitios web de terceros. Esta política de privacidad no es aplicable al uso que usted haga de los sitios de terceros.

2.    CUÁLES SON LOS DATOS PERSONALES QUE RECOGEMOS Y CUÁNDO Y POR QUÉ EFECTUAMOS SU TRATAMIENTO

A.      Cuando recogemos datos personales

Recogemos sus datos personales si usted:

  • se registra en nuestro Sitio Web, utiliza nuestros servicios o interactúa con nuestro Sitio Web, o
  • trabaja con nosotros como Proveedor, conjuntamente (“usted”).

B.      Datos personales que recogemos y tratamos cuando usted se registra en o interactúa con nuestro Sitio Web o utiliza nuestros Servicios:

1.              Los datos personales que recogemos si usted utiliza nuestro Sitio Web o nuestros servicios incluyen:

  • Datos identificativos: nombre y apellido, fecha de nacimiento, dirección de correo electrónico, país de residencia, nombre de usuario y contraseña.
  • Datos especialmente protegidos: origen racial y datos sobre salud, i.e. información general acerca de su salud y bienestar, incluyendo la información que nos proporcione acerca de su estado general y hábitos cotidianos, información sobre su salud mental, hábitos cotidianos, nivel de actividad, alimentación diaria y hábitos de alimentación así como la información acerca de su vida personal, familiar y social que usted nos proporcione al darse de alta y crear una cuenta o a través de cualquiera de los Cuestionarios que le facilitamos como parte de nuestros

2.              Otros datos que recopilamos cuando usted utiliza nuestros Servicios o interactúa con nuestro Sitio Web

Cuando usted utiliza nuestros Servicios o interactúa con nuestro Sitio Web recopilamos otros datos que incluyen:

  • Información sobre su navegador y dispositivo: La mayoría de los navegadores o su dispositivo, automáticamente, recogen determinados datos, tales como los siguientes: dirección MAC (Control de Acceso a los Medios), tipo de ordenador (Windows o Macintosh), resolución de pantalla, nombre y versión de su sistema operativo, fabricante y modelo de su dispositivo, idioma, tipo de navegador de internet y versión y nombre y versión de los Servicios (como la Aplicación) que esté usted
  • Datos de uso de la Aplicación: Cuando usted utiliza las Aplicaciones, nosotros o nuestros proveedores hacemos seguimiento y recopilamos determinados datos de uso, tales como la fecha y hora en la que la Aplicación instalada en su dispositivo accede a nuestros servidores y qué información y archivos se descargan en la Aplicación sobre la base del número de su dispositivo.
  • Datos obtenidos a través del uso de cookies, píxeles de seguimiento (pixel tags) u otras tecnologías: Utilizamos píxeles de seguimiento (también conocidos como balizas web y GIFs transparentes) en relación con algunos Servicios para, entre otras cosas, hacer seguimiento de las actividades de los usuarios de los Servicios (incluyendo la de los destinatarios de correo electrónico) y elaborar estadísticas sobre el uso de los Servicios y los índices de respuesta así como datos demográficos de carácter general y datos
  • Otros datos personales: dirección IP, datos de ubicación y datos sobre sus medios de comunicación

Si, en el marco de los Servicios nos enviara, a nosotros o a nuestros proveedores de servicios, cualquier dato personal relativo a otra persona, usted manifiesta que tiene la capacidad necesaria para comunicarnos dichos datos y para permitirnos utilizar los datos de conformidad con esta política de privacidad.

3.              Podemos utilizar los datos personales recogidos cuando usted utiliza nuestros Sitios Web o Servicios así como los recogidos con su consentimiento o de cualquier otra manera permitida por la ley aplicable, para cualquiera de las siguientes finalidades:

  • Proporcionarle los Servicios que nos solicite, que pueden consistir en una combinación de uso e interacción con nuestro Sitio Web, Aplicaciones, Cuestionarios y/o
  • Responder a sus consultas, satisfacer sus peticiones y enviarle las comunicaciones que nos haya solicitado, tales como los resultados de cualquier Cuestionario que usted hubiera podido
  • Enviarle información administrativa, por ejemplo, información relativa a los Servicios y a las modificaciones de nuestras condiciones generales y políticas.
  • Comercializar nuestros Servicios. Esto incluye el envío de comunicaciones acerca de nuestros     Servicios,    características,     estudios,     encuestas,     novedades,

actualizaciones y eventos. Podemos enviar dichas comunicaciones a través de distintos medios incluyendo el correo electrónico, notificaciones y anuncios de la Aplicación así como a través de anuncios publicados en plataformas de terceros.

  • Para nuestra gestión interna, incluyendo el análisis de datos, desarrollo de nuevos servicios, optimización, mejora o modificación de los Servicios, auditorías, control y prevención del fraude e identificación de tendencias de
  • Utilizamos los datos personales, incluyendo los datos especialmente protegidos, de numerosos usuarios de los Servicios para crear “datos agrupados” no identificables (tales como informes en los que se incluye el porcentaje de usuarios que han dado una determinada respuesta u obtenido un resultado concreto al realizar un Cuestionario) que podrán comunicarse a
  • Si usted nos remite ideas, propuestas, sugerencias, recomendaciones o cualquier otro material (“Comentarios”), relacionados o no con los
  • Tal y como consideremos necesario o apropiado y únicamente en la forma permitida por la ley aplicable, para (a) ejercitar cualquier acción legal; (b) responder a cualquier requerimiento de cualquier autoridad pública o administrativa, incluyendo autoridades públicas o administrativas fuera de su país de residencia; (c) proteger nuestro negocio y el de cualquiera de nuestras empresas afiliadas, incluyendo en todos aquellos casos en los que el tratamiento resulte necesario para investigar un incidente de seguridad; o para (d) proteger nuestros derechos, privacidad, seguridad o propiedad privada y/o los de nuestras empresas afiliadas, los suyos o los de cualquier
  • Para personalizar su experiencia al utilizar los Servicios, por ejemplo, para ofrecerle Cuestionarios y servicios

4.              Bases legales que justifican el tratamiento de sus datos personales

Solo recogemos, tratamos y comunicamos sus datos personales cuando tenemos el convencimiento de que existe una base legal adecuada que justifica el tratamiento. Dicha base legal puede ser cualquiera de las siguientes:

  • usted nos ha dado su consentimiento para el tratamiento de sus datos personales, por ejemplo, al acceder a recibir el Servicio, al dar de alta una cuenta o al facilitar voluntariamente sus datos personales, por ejemplo, al contestar a un Cuestionario;
  • el tratamiento de sus datos personales resulta necesario para cumplir con un contrato o para realizar las actuaciones necesarias para formalizar un contrato con usted; por ejemplo, en los casos en los que usted opta por recibir los Servicios, es obligatorio que nos proporcione su nombre y dirección de correo electrónico para dar de alta una cuenta con el fin de recibir los Servicios. Si desea más información, consulte nuestras                                     Condiciones                  Generales (https://care.springhealth.com/terms_of_service); y/o
  • el tratamiento de sus datos personales resulta necesario para cumplir con una obligación legal o regulatoria, por ejemplo, para el ejercicio de una acción legal, responder a los requerimientos efectuados por cualquier autoridad pública o administrativa, proteger nuestro negocio o el de cualquiera de nuestras empresas afiliadas incluyendo todos aquellos casos en los que el tratamiento resulte necesario para investigar un incidente de seguridad; o para proteger nuestros derechos,

privacidad, seguridad o propiedad privada y/o los de nuestras empresas afiliadas, los suyos o los de cualquier tercero.

  • Si desea obtener más información acerca de las bases legales que justifican el tratamiento de sus datos personales, póngase en contacto con nosotros a través de la siguiente dirección compliance@springhealth.com.

C.      Datos personales que recopilamos si trabaja con nosotros como Proveedor

1.              Los datos personales que recopilamos a partir del momento en el que nos solicita trabajar con nosotros como Proveedor y mientras continúe trabajando con nosotros en tal condición, incluyen:

  • Datos identificativos: como su nombre, dirección de correo electrónico, fotografía, nombre de soltera; seudónimo(s); dirección actual y direcciones anteriores; fecha de nacimiento; lugar de nacimiento; número de Identificación (que puede incluir su número de pasaporte, documento nacional de Identidad, carnet de conducir) y nombre completo de sus progenitores.
  • Datos sobre su situación laboral: nombre de su empleador; datos de su contrato de trabajo; nombre y datos de contacto de la persona responsable sobre usted; puesto de trabajo; franja salarial; fecha de inicio y extinción de su relación laboral; razones de extinción de su relación
  • Datos acerca de su formación y cualificación: nombre del centro educativo; datos de contacto del centro educativo; número de estudiante; datos de cualificación; área de estudio; fechas de asistencia; fechas de graduación.
  • Otros datos: Datos de pago para poder efectuar los pagos correspondientes a su favor y datos que deban incluirse en nuestros sistemas de comunicación, esto es, los medios de comunicación pertenecientes a Spring Health que usted utilizará (correo electrónico, teléfono y comunicaciones electrónicas).

2.              Si usted es uno de nuestros Proveedores, utilizaremos sus datos personales de la siguiente forma:

  • Para establecer, cumplir y llevar a efecto las condiciones bajo las que usted o la organización a la que usted representa contratará con nosotros y para comunicarnos con usted;
  • Para pagar y gestionar sus honorarios;
  • Para gestionar cualquier otra solicitud o servicio solicitado por usted durante la vigencia de su relación con nosotros;
  • Para garantizar el buen funcionamiento de nuestra relación con usted (incluyendo el de todas las actividades que deben llevarse a cabo antes, durante y tras la finalización de dicha relación, tales como por ejemplo, poder confirmar su idoneidad para trabajar con nosotros como Proveedor);
  • Controlar y prevenir problemas de ciberseguridad y el uso no autorizado de nuestros datos, sistemas informáticos y/o equipos;
  • Incluir en su perfil su identificación fotográfica; o
  • En los casos en los que resulte necesario, entablar procedimientos legales, investigar, plantear, ejercitar o defender una reclamación judicial; y llegar a un

acuerdo transaccional en relación con cualquier reclamación judicial.

3.              Bases legales que justifican el tratamiento de sus datos personales

Solo recogemos, tratamos y comunicamos sus datos personales cuando tenemos el convencimiento de que existe una base legal adecuada que justifica el tratamiento. Dicha base legal puede ser cualquiera de las siguientes:

  • el tratamiento de sus datos personales es necesario para cumplir con lo previsto en un contrato o para realizar las actuaciones necesarias para poder formalizar un contrato con usted, i.e. el Acuerdo de Subcontratación;
  • tenemos un interés legítimo, como organización empresarial, en el tratamiento de sus datos personales (por ejemplo, para controlar y prevenir problemas de ciberseguridad y el uso no autorizado de nuestros datos, sistemas informáticos y/o equipos, o para incluir una identificación fotográfica suya en su perfil); y/o
  • el tratamiento de sus datos personales resulta necesario para cumplir con cualquier obligación legal o regulatoria, por ejemplo, para el ejercicio de una acción legal, responder a los requerimientos efectuados por cualquier autoridad pública o administrativa, proteger nuestro negocio o el de cualquiera de nuestras empresas afiliadas incluyendo todos aquellos casos en los que el tratamiento resulte necesario para investigar un incidente de seguridad; o para proteger nuestros derechos, privacidad, seguridad o propiedad privada y/o los de nuestras empresas afiliadas, los suyos y los de cualquier
  • Si desea obtener más información acerca de las bases legales que justifican el tratamiento de sus datos personales, póngase en contacto con nosotros a través de la siguiente dirección compliance@springhealth.com.

3.       COMUNICACIÓN DE DATOS PERSONALES DENTRO DEL GRUPO SPRING CARE, A NUESTROS PROVEEDORES DE SERVICIOS Y A OTROS TERCEROS

A.      En determinadas circunstancias, muy concretas, comunicaremos sus datos en la forma y para los fines que se describen a continuación:

  1. dentro del grupo Spring Health, cuando dicha comunicación resulte necesaria para proporcionarle nuestros Servicios o gestionar nuestro negocio, incluyendo la comunicación a nuestra Sociedad Médica Profesional gestionada bajo la marca Spring, SH Medical Care of Kansas,
  2. a terceros que nos prestan servicios relativos a la gestión de nuestro negocio y a la prestación de los Servicios, por ejemplo:
  3. facilitaremos sus datos personales a nuestros Proveedores cuando resulte necesario para permitirle disponer de cualquier prestación específica de nuestros Servicios;

  1. si es usted un Proveedor, comunicaremos sus datos a terceros para comprobar su idoneidad como proveedor de los

Todos estos terceros han formalizado los correspondientes acuerdos de confidencialidad y utilizarán los datos personales que les comuniquemos o que recopilen en nuestro nombre únicamente para prestar el servicio para el que han sido contratados. Lo anterior incluye también servicios de alojamiento de sitios web, almacenamiento y análisis de datos, plataformas de organización y planificación, tecnologías informáticas y suministro de infraestructuras relacionada con lo anterior, entrega de correo electrónico, auditoría y otros servicios.

  1. con los reguladores a cuya jurisdicción estemos sujetos, para cumplir con las leyes, reglamentos y normas aplicables así como con cualquier requerimiento de un órgano judicial, de cualquier regulador o de otro organismo administrativo;
  2. con nuestros socios o empresas afiliadas, datos agregados, estadísticos, que no pueden considerarse como datos personales, relativos a las visitas a nuestro Sitio Web, patrones de tráfico y uso del Sitio Web;
  3. En el caso de que, en el futuro, vendiéramos o transmitiéramos parte o la totalidad de nuestro negocio o activos a cualquier tercero, estaremos facultados para facilitar información a cualquier comprador potencial o real de nuestro negocio o

IV.    ACTUALIZACIONES DE SERVICIO Y OPCIONES DE MARKETING

A.      Cómo tratamos sus datos personales para mantenerle actualizado acerca de nuestros Servicios

Para proteger sus derechos de privacidad y garantizarle el control sobre cómo gestionamos el marketing de nuestros Servicios, adoptaremos las medidas necesarias para limitar el marketing directo a un nivel razonable y proporcionado y únicamente le enviaremos comunicaciones que consideremos que pueden resultarle interesantes o que son apropiadas para usted.

B.      Cómo puede gestionar sus opciones de marketing

Usted puede optar por no recibir determinadas comunicaciones de marketing y oponerse a que sus datos personales se utilicen para fines de marketing en cualquier momento poniéndose en contacto con careteam@springhealth.com o haciendo clic en el enlace “darse de baja” que encontrará en cualquier comunicación de marketing que haya podido recibir, debiendo solicitar que se le excluya de cualquier comunicación futura. Le pediremos que determine si desea ser excluido de todo tipo de comunicaciones de marketing o únicamente de un tipo concreto (v.g. correo electrónico).

5.    TRANSFERENCIA INTERNACIONAL DE SUS DATOS PERSONALES

  1. Spring Health es una empresa con sede en los Estados Unidos. En consecuencia y con independencia de su ubicación, sus datos personales se transmitirán y almacenarán en los Estados Unidos. La normativa de este país establece unos niveles de protección de los datos personales que podrían ser distintos a los aplicables por las leyes vigentes en su país de origen. Spring Health adoptará las medidas necesarias para garantizar que las transferencias de datos personales se realizan de conformidad con la ley aplicable y son gestionadas cuidadosamente para proteger sus derechos de privacidad y sus

A tal efecto:

  1. Nos aseguramos que las transferencias entre las entidades del grupo Spring Health y sus empresas afiliadas quedan cubiertas por un acuerdo formalizado entre las empresas del grupo Spring Health de que se trate (un contrato entre empresas) en virtud del cual cada una de dichas entidades quedará contractualmente obligada a garantizar que los datos personales reciben un nivel de protección adecuado y uniforme, con independencia de cuál sea la entidad del grupo Spring Health a la que se transfieran;
  2. En los casos en los que los datos personales se transfieran fuera del grupo Spring Health o a terceros con los que contratamos para poder prestar nuestros Servicios, el contrato formalizado con estos establecerá la obligación de proteger sus datos personales; o
  3. Al recibir cualquier requerimiento de información de un órgano judicial o regulador, comprobamos cuidadosamente la solicitud antes de remitir ningún tipo de dato
  4. Tiene derecho a ponerse en contacto con nosotros para solicitarnos más información acerca de las garantías que hemos establecido (incluyendo copia de las obligaciones contractuales correspondientes) para garantizar una adecuada protección de sus datos personales cuando estos se transfieren de la forma indicada arriba.

6.      CÓMO PROTEGEMOS Y ALMACENAMOS SUS DATOS PERSONALES

A.      Seguridad

Hemos establecido y mantenemos medidas, políticas y procedimientos de seguridad tanto de carácter administrativo, como físico y técnico, para reducir el riesgo de destrucción, pérdida accidental, revelación o acceso no autorizados a dicha información razonables y apropiadas en función de la naturaleza de los datos de que se trate.

Las medidas que hemos adoptado incluyen la imposición a nuestros empleados y proveedores de servicios, de confidencialidad así como la destrucción o anonimización permanente de los datos personales que ya no resultan necesarios para la finalidad para la que se recogieron. Como la seguridad de sus datos personales depende, en parte, de la seguridad del ordenador que usted utilice para comunicarse con nosotros y de la seguridad

que usted aplique para proteger sus identificadores y contraseñas, deberá usted adoptar las medidas apropiadas para proteger esta información.

B.      Conservación de sus datos personales

  1. Conservaremos sus datos personales durante el plazo razonablemente necesario para cumplir con los fines para los que fueron recogidos, tal y como se detalla en esta política de privacidad. En determinadas circunstancias, conservaremos sus datos personales durante un período más largo, según lo permitido o exigido legalmente, por ejemplo, en aquellos casos en los que debamos conservar esos datos en cumplimiento de una obligación legal, regulatoria, fiscal o
  2. En determinados casos, conservaremos sus datos personales durante un período de tiempo más largo para disponer de registros precisos de su relación con nosotros en caso de reclamaciones o disputas o cuando consideremos razonablemente que existe la posibilidad de que se plantee cualquier litigio sobre sus datos personales o la relación mantenida con
  3. Dado que nuestro negocio se gestiona desde los Estados Unidos, y con sujeción a lo previsto en el Apartado VII TRANSFERENCIA INTERNACIONAL DE SUS DATOS PERSONALES, todos los datos personales que recogemos se tratan y almacenan en los Estados Unidos, según lo previsto en las leyes de este país y podrán ser facilitados a los órganos administrativos, tribunales, reguladores o cualquier otro organismo competente de conformidad con dichas

7.     DERECHOS LEGALES QUE LE ASISTEN PARA CONTROLAR SU PRIVACIDAD

  1. Sujeto a determinadas excepciones, y dependiendo, en ciertos casos, de la actividad del tratamiento que llevemos a cabo, usted tiene determinados derechos en relación con sus datos personales (tal y como se detalla a continuación), incluyendo los derechos a:
  1. acceder a sus datos personales
  2. rectificar/ suprimir sus datos personales
  3. limitar el tratamiento de sus datos personales
  4. solicitar la portabilidad de sus datos personales
  5. oponerse al tratamiento de sus datos personales
  6. revocar el consentimiento otorgado al tratamiento de sus datos personales
  7. oponerse a que utilicemos sus datos personales para fines de marketing directo
  8. obtener una copia de las cláusulas de salvaguarda utilizadas en relación con la transferencia internacional de sus datos personales
  9. presentar una reclamación ante la autoridad de control de su lugar de residencia

Por razones de seguridad antes de facilitarle ningún dato personal, le solicitaremos determinada información adicional para confirmar su identidad. Cuando así lo permita la ley, nos reservamos el derecho a cobrar un determinado importe por la tramitación de su solicitud en determinados casos, por ejemplo, en el caso de solicitudes manifiestamente injustificadas o excesivas.

Puede ejercitar cualquiera de sus derechos poniéndose en contacto con nosotros a través de la siguiente dirección careteam@springhealth.com. Sujeto a cualquier consideración

legal o de otro tipo, realizaremos todos los esfuerzos razonables para tramitar su solicitud a la mayor brevedad posible informándole con prontitud en los casos en los que necesitemos más información para poder tramitarla.

No siempre será posible cumplir, íntegramente, con su solicitud, por ejemplo, en aquellos casos en los que la misma repercuta en cualquier obligación de confidencialidad asumida frente a un tercero o en los que estemos facultados legalmente para tramitar su solicitud de otra manera.

B.      Derecho de acceso a sus datos personales

Tiene derecho a solicitarnos que le facilitemos una copia de sus datos personales y a recibir información acerca de: (a) las fuentes de las que hemos obtenido sus datos personales; (b) los fines, base legal y los medios relacionados con el tratamiento; (c) la identidad del responsable del tratamiento; y (d) las entidades o categorías de entidades a las que se transferirán sus datos personales.

C.      Derecho de rectificación, actualización o supresión de sus datos personales

  1. Tiene derecho a solicitarnos que rectifiquemos o actualicemos los errores que sus datos personales pudieran contener. Trataremos de verificar la exactitud de sus datos personales antes de
  2. Asimismo, puede solicitarnos que eliminemos sus datos personales en circunstancias muy concretas tales como cuando:
  3. Ya no sean necesarios para los fines para los que se recogieron; o
  4. Usted haya revocado su consentimiento (cuando la base legal que justifica el tratamiento sea dicho consentimiento); o
  5. Sus datos hubieran sido objeto de tratamiento ilegal, o
  6. Cuando sea necesario para cumplir con una obligación legal de Spring
  7. No estamos obligados a tramitar ninguna solicitud de supresión de sus datos personales en aquellos casos en los que el tratamiento de los mismos sea necesario para:
  8. cumplir con una obligación legal; o
  9. interponer, ejercitar o defender cualquier reclamación judicial;

D.      Derecho a revocar su consentimiento

En los casos en los que la base legal del tratamiento de sus datos personales sea su consentimiento, usted tiene derecho a revocar dicho consentimiento en cualquier momento enviando un correo electrónico a careteam@springhealth.com. Tenga en cuenta que, en determinados casos, la revocación de su consentimiento puede afectar a nuestra capacidad para prestarle los Servicios.

E.      Derecho a oponerse al tratamiento de sus datos personales para fines de marketing directo

Puede optar por no recibir determinadas comunicaciones de marketing y decidir que sus datos personales no sean tratados para fines de marketing en cualquier momento poniéndose en contacto con nosotros a través de la siguiente dirección careteam@springhealth.com o haciendo clic en el enlace “darse de baja” que encontrará en todas nuestras comunicaciones de marketing, solicitándonos que le excluyamos de

cualquier comunicación en el futuro. Deberá especificar si desea ser excluido de todo tipo de comunicaciones de marketing o sólo de un tipo concreto (por ejemplo, correo electrónico).

También puede solicitarnos que modifiquemos la forma en la que nos ponemos en contacto con usted para fines de marketing o que no comuniquemos sus datos personales a terceras empresas no afiliadas para fines de marketing directo o para ningún otro fin.

F.      Derecho a presentar una reclamación ante la autoridad competente en materia de protección de datos de su lugar de residencia

Tiene derecho a presentar una reclamación ante la autoridad competente en materia de protección de datos de su lugar de residencia en el caso de que no esté usted de acuerdo con la forma en la que estemos tratando sus datos personales.

Aunque usted tiene derecho a ponerse en contacto con la autoridad competente en materia de protección de datos en cualquier momento, le pedimos que trate de resolver cualquier problema que pudiera plantearse poniéndose, en primer lugar, en contacto con nosotros.

8.        PÓNGASE EN CONTACTO CON NOSOTROS

Si tiene cualquier pregunta acerca de esta política de privacidad, póngase en contacto con nosotros a través de la siguiente dirección de correo electrónico compliance@springhealth.com o con nuestro Delegado de Protección de Datos (IT Governance Europe Limited) a través de la siguiente dirección de correo electrónico eurep@itgovernance.eu.

Asegúrese de incluir el nombre de nuestra empresa en toda la correspondencia que envíe.

Si tuviera cualquier pregunta, problema o reclamación en relación con el cumplimiento de esta política de privacidad y de las leyes aplicables sobre protección de datos o en el caso de que usted quisiera ejercitar cualquiera de sus derechos, le pedimos que, en primer lugar, se ponga en contacto con compliance@springhealth.com. Indagaremos en lo ocurrido y trataremos de resolver las reclamaciones y controversias y de hacer todos los esfuerzos razonables para facilitarle el ejercicio de sus derechos a la mayor brevedad posible y, en todo caso, en los plazos previstos en las leyes sobre protección de datos.

Last Updated: December 7, 2021

SPRING CARE, INC. PRIVACY POLICY (AUSTRALIA)

Spring Care, Inc. is responsible for your personal information.

Spring Care, Inc. and its affiliates (collectively referred to as “Spring Health”, “we“, “us“) takes its data protection and privacy responsibilities seriously. This privacy policy describes our practices in connection with information that we collect through (including any access to) (1) the Spring Health website currently located at https://benefits.springhealth.com, materials and services available therein, and successor website(s) thereto, together with any Content: meaning text, data, graphics, images, photographs, video, audio, information, suggestions, guidance, content and other materials provided, made available or otherwise found on the website (“Website”), (2) the software applications we may make available for use on or through computers and mobile devices (“Apps”), (3) the quizzes, tests, and questionnaires (and results thereof) we make available on or through the Website or Apps (“Questionnaires”), (4) the booking system should you avail of additional professional services through our contractors, counselors, therapists or other service providers (“Providers”), and (5) call recordings when you call our call center phone numbers (all of the foregoing, collectively, “Services”). We follow this privacy policy in accordance with applicable laws in the places where we operate.

By using our Website and Services, or otherwise providing us with your information, you consent to us collecting, holding, using, and disclosing your personal information as described in this privacy policy. If we are not able to collect, handle, use and disclose personal information about you as set out in this privacy policy, we may not be able to provide you with our Services or with access to our Website.

This privacy policy also explains how we collect, use and share personal information if you are one of our Providers, including if you go through the application process to become one of our Providers.

Specifically, this privacy policy describes:

  • What personal information we collect and when and why we use
  • How we share personal information within Spring Health and with our service providers, regulators and other third parties
  • How we use your information to provide Service updates to you and how you can manage your marketing preferences
  • Transferring personal information globally
  • How we protect and store personal information
  • Legal rights available to help manage your privacy
  • How you can contact us for more support

UPDATES TO THIS PRIVACY POLICY

We may amend this privacy policy from time to time to keep it up to date with legal requirements and the way we operate our business. We will post those changes prominently, so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. Please

regularly check these pages for the latest version of this privacy policy. You can also obtain a copy of this privacy policy by contacting us at careteam@springhealth.com.

You might find external links to third party websites on our Website. This privacy policy does not apply to your use of a third party site.

WHAT PERSONAL INFORMATION WE COLLECT AND WHEN AND WHY WE USE IT

A.                 When we collect personal information

We collect information about you if you:

  • register with, use or engage with our Services, or
  • work with us as a Provider, collectively (“you“).

B.                 Personal information we collect and use if you register with or use our Services or if you engage with our Website:

1.             Personal information collected if you use our Website or Services includes:

  • Personal details: first name and surname, date of birth, email address, country of residence, username and
  • Sensitive information about you: racial origin and health information e. general information about your health and wellbeing, including indications about your overall mood and daily habits, information on your mental wellbeing, daily habits, activity levels, daily nutrition and eating habits as well as information about your personal, family and social life which is entered by you when registering for an account or in any Questionnaires we make available through the Services.

2.             Other information when you use our Services or engage with our Website

Other information collected if you use our Services or engage with our Website includes:

  • Browser and device information: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are

  • App usage data: When you use the Apps, we and our service providers may track and collect usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
  • Information gathered through use of cookies, pixel tags or other technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of users of the Services (including email recipients), and compile statistics about usage of the Services and response rates as well as general demographic information and aggregated
  • Other personal information: IP address, location data and information around your preferred means of

If you submit any personal information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this privacy policy.

3.             Personal information we collect with your consent or as permitted by law

Personal information may be collected from other sources where you have given consent to do so or as permitted by applicable law, such as from your employer or healthcare provider, public databases, joint marketing partners and other third parties.

4.             We may use personal information collected if you use our Websites or Services or if you consent or as permitted by applicable law in the following ways:

  • To provide you with the Services you request, which may be combination of the use or engagement with our Website, App, Questionnaires and/or
  • To respond to your inquiries, fulfill your requests, and send you communications that you request, such as the results of any Questionnaire that you have
  • To send administrative information to you, for example, information regarding the Services and changes to our terms, conditions and
  • To market our Services to you. This includes sending communications about our Services, features, studies, surveys, news, updates, and We may do so through various methods, including email, in app communications and ads, and ads on third party platforms.
  • For our internal management and business purposes, such as data analysis, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage
  • We may use personal information, including sensitive information, from many Services users to create non-identifiable “aggregate data” (for example, reports that calculate the percentage of users who have a particular response to or result from the Questionnaires) that may be disclosed to third
  • If you provide to us any ideas, proposals, suggestions, recommendations or other materials (“Feedback”), whether related to the Services or
  • As we believe to be necessary or appropriate, and only as permitted under applicable law (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your

country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

  • To personalize your experience on the Services, for example, by presenting Questionnaires and similar services to
  • We may also use and/or disclose your personal information for other purposes which you consent to or which are required or permitted by law. This may include for a secondary purpose that is related to a purpose for which we collected it, and for which you would reasonably expect us to use or disclose your personal

5.             The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • you have provided your consent to us using the personal information, for example by opting in to receiving the Service, by registering for an account or by voluntarily inputting your personal information g., when you answer a Questionnaire, or where you have provided your consent;
  • our use of your personal information is in our legitimate interest (in some jurisdictions this may also be considered using your personal information for a ‘secondary purpose’) as a commercial organisation (for example for our internal management and business purposes, such as data analysis, to ensure that the Services function properly, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage trends). In these cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the section below Legal Rights Available To Help Manage Your Privacy;
  • our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you for example where you have opted to receive the Services it is mandatory to provide your name and email address to register your account in order to receive the Services. For further information please see our Terms of Service (https://care.springhealth.com/terms_of_service); and/or
  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example, to comply with legal process, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or
  • If you would like to find out more about the legal basis for which we process personal information, please contact us at compliance@springhealth.com.

C.                 Personal information we collect if you work with us as a Provider

1.             Personal information collected if you apply to work with us as a Provider, and continue to work with us a Provider, includes:

  • Personal details: such as your name, email address, photo, maiden name; alias(es); current and previous addresses; birth date; birth place; ID number (which may include passport, national ID card, driver’s license) and mother/father’s complete
  • Information about your employment status: employer name; employer contact details; manager name; manager contact details; job title; pay rate; dates of employment; reason for leaving
  • Information about your education and qualifications: school name; school contact details; student number; qualification details; field of study; school attendance dates; school graduation
  • Other information: payment information so that we can make payments to you and information contained on our communications systems, these are the Spring Health communications facilities used by you (email, phone, mobile phone and computer communication).

2.             If you are one of our Providers, we may use your personal information in the following ways:

  • To determine, perform and execute the terms on which you will be engaged by us and communicate with you;
  • To pay and administer your fees;
  • To administer other requests or services requested by you throughout your engagement with us;
  • To ensure the smooth running of our engagement with you (including all of the activities that need to be undertaken before, during and after such engagement);
  • To monitor against and prevent cyber-security issues and unauthorised use of our information, IT systems and/or equipment;
  • Maintain photo identification of you for your profile; or
  • Where it may be necessary, to file legal proceedings, investigate, establish, exercise or defend a legal claim; and settle legal
  • We may also use and/or disclose your personal information for other purposes which you consent to or which are required or permitted by law. This may include for a secondary purpose that is related to a purpose for which we collected it, and for which you would reasonably expect us to use or disclose your personal

3.             The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you, e. the Contractor Agreement;
  • our use of your personal information is in our legitimate interest (in some jurisdictions

this may also be considered using your personal information for a ‘secondary purpose’) as a commercial organisation (for example to monitor against and prevent cyber-security issues and unauthorised use of our information, IT systems and/or equipment, or maintain photo identification of you for your profile); and/or

  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example, to comply with legal process, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or
  • If you would like to find out more about the legal basis for which we process personal information please contact us at compliance@springhealth.com.

SHARING PERSONAL INFORMATION WITHIN SPRING CARE, WITH OUR SERVICE PROVIDERS, AND OTHER THIRD PARTIES

We may share your information under limited circumstances in the manner and for the purposes described below:

  1. within Spring Health, where such disclosure is necessary to provide you with our Services or to manage our business, including with our Spring-branded Medical Professional Corporation, SH Medical Care of Kansas,
  2. with third parties who help manage our business and deliver Services, for example:
  3. we will provide your personal information to our Providers, as necessary to allow you to avail of that specific element of our Services;
  4. if you are one of our Providers, we will share your information with third parties to confirm your eligibility to carry out the

These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These may also include website hosting, data storage and analysis, scheduling platforms, information technology and related infrastructure provision, email delivery, auditing and other services.

  1. with our regulators, which may include but is not limited to the Information Commissioner’s Office (ICO), Commission Nationale de l’Informatique et des Libertés, Bundesbeauftragte für Datenschutz und Informationsfreiheit, the Data Protection Commission (DPC), the Office of the Australian Information Commissioner (OAIC),and the Swedish Data Protection Authority, to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
  2. with our partners or affiliates, in aggregate, statistical form, non-personal information regarding the visitors to our Website, traffic patterns, and Website usage with our partners or affiliates;

  1. if, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or

SERVICE UPDATES AND MARKETING PREFERENCES

A.                 How we use personal information to keep you up to date with our Services

To protect privacy rights and to ensure you have control over how we manage marketing with you we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you.

B.                 How you can manage your marketing preferences

  1. You can opt out of certain marketing communications and use of your information for marketing at any time by contacting careteam@springhealth.com or by clicking on the “unsubscribe” link you will find on all marketing messages to you and requesting to be removed from future communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (eg email).
  2. You can change the way your browser manages cookies, which may be used to deliver online advertising, by following the settings on your

TRANSFERRING PERSONAL INFORMATION GLOBALLY

  1. Spring Health is a US based business. Accordingly, regardless of your location, your personal information may be transferred to and stored in the US, which may be subject to different standards of data protection than your home jurisdiction. Spring Health will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and

To this end:

  1. We ensure transfers within Spring Health entities and affiliates will be covered by an agreement entered into by members of Spring Health (an intercompany agreement) which contractually obliges each entity to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within Spring Health;
  2. Where we transfer your personal information outside Spring Health or to third parties who help provide our Services, we obtain contractual commitments from them to protect your personal information. Some of these assurances are well recognized requirements like the

use of EU Standard Contractual Clauses for the protection of personal information transferred from within the EU to countries outside of the EU; or

  1. Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are
  1. You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned

HOW WE PROTECT AND STORE YOUR INFORMATION

A.                 Security

We have implemented and maintain appropriate administrative, physical and technical security measures, policies and procedures that are reasonable and appropriate to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information as reasonable and appropriate to the nature of the information concerned. Measures we take include placing confidentiality requirements on our staff members and service providers and destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected. As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect user IDs and passwords please take appropriate measures to protect this information.

B.                 Storing your personal information

  1. We store your personal information in both written and digital formats. We will retain your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy policy. In some circumstances we may store your personal information for longer periods of time as required or permitted by law, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements.
  2. In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or
  3. As our operations are conducted from the US, all personal information that we collect is used and stored in the US, is subject to US laws, and may be subject to disclosure to US governments, courts or law enforcement or regulatory agencies pursuant to those

LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY

  1. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information, including the right:
  2. To access personal information
  3. To rectify / erase personal information
  4. To restrict the processing of your personal information
  5. To transfer your personal information (if you are an individual in a country in the European Economic Area (EEA))

  1. To object to the processing of personal information (if you are an individual in a country in the (EEA))
  2. Withdraw consent for processing of personal information (if you are an individual in a country in the (EEA))
  3. To object to how we use your personal information for direct marketing purposes
  4. To obtain a copy of personal information safeguards used for transfers outside your jurisdiction
  5. To lodge a complaint with your local supervisory authority

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us at careteam@springhealth.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way. If this is the case and subject to applicable laws, we will always let you know.

B.                  Right to access personal information

You have a right to request that we provide you with a copy of your personal information that we hold, and you have the right to be informed of; (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred. You can exercise your rights at any time by contacting us at careteam@springhealth.com.

C.                  Right to rectify or erase personal information

  1. You have a right to request that we rectify inaccurate personal We may seek to verify the accuracy of the personal information before rectifying it.
  2. You can also request that we erase your personal information in limited circumstances where:
  3. it is no longer needed for the purposes for which it was collected; or
  4. you have withdrawn your consent (where the data processing was based on consent); or
  5. following a successful right to object (see right to object); or
  6. it has been processed unlawfully; or
  7. to comply with a legal obligation to which Spring Health is
  8. We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
  9. for compliance with a legal obligation; or
  10. for the establishment, exercise or defence of legal claims;

D.                  Right to restrict the processing of your personal information

  1. You can ask us to restrict your personal information, but only where:
  2. its accuracy is contested, to allow us to verify its accuracy; or
  3. the processing is unlawful, but you do not want it erased; or
  4. it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  5. you have exercised the right to object, and verification of overriding grounds is
  6. We can continue to use your personal information following a request for restriction, where:
  7. we have your consent; or
  8. to establish, exercise or defend legal claims; or
  9. to protect the rights of another natural or legal

E.                  Right to transfer your personal information

  1. You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
  2. the processing is based on your consent or on the performance of a contract with you; and
  3. the processing is carried out by automated

F.                  Right to object to the processing of your personal information

G.                 Right to withdraw consent

Where we have obtained your consent as our legal basis to process your personal information, you have the right to withdraw consent at any time by emailing careteam@springhealth.com. Please note that in some instances, where you withdraw your consent this may negatively impact our ability to provide you with the Services.

H.                  Right to object to how we use your personal information for direct marketing purposes

You can opt out of certain marketing communications and use of your information for marketing at any time by contacting careteam@springhealth.com or by clicking on the “unsubscribe” link you will find on all marketing messages to you and requesting to be removed from future communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (eg email).

You can also request that we change the manner in which we contact you for marketing purposes or request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.

I.                     Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of Australia.

We may redact data transfer agreements to protect commercial terms.

J.                   Right to lodge a complaint with your local supervisory authority

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

CONTACT US

If you have any questions about this privacy policy, please contact us at compliance@springhealth.com. Please ensure to include our company name in any correspondence you send.

If you have any questions, concerns about the handling of your personal information, or complaints regarding our compliance with this privacy policy and data protection laws, or if you wish to exercise your rights, we encourage you to first contact compliance@springhealth.com.

We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible, usually within 30 days and, in any event, within the timescales provided by data protection laws.

For Australian residents:

If we are unable to satisfactorily resolve your concerns about our handling of your personal information, you can contact the Office of the Australian Information Commissioner:

GPO Box 5218

Sydney NSW 2001

Email: enquiries@oaic.gov.au Tel: 1300 363 992

www.oaic.gov.au

Last Updated: December 7, 2021

SPRING CARE, INC. PRIVACY POLICY (BRAZIL)

Spring Care, Inc. is responsible for your personal information.

Spring Care, Inc. and its affiliates (collectively referred to as “Spring Health”, “we“, “us“) takes its data protection and privacy responsibilities seriously. This privacy policy describes our practices in connection with information that we collect through (including any access to) (1) the Spring Health website currently located at https://benefits.springhealth.com, materials and services available therein, and successor website(s) thereto, together with any Content: meaning text, data, graphics, images, photographs, video, audio, information, suggestions, guidance, content and other materials provided, made available or otherwise found on the website (“Website”), (2) the software applications we may make available for use on or through computers and mobile devices (“Apps”), (3) the quizzes, tests, and questionnaires (and results thereof) we make available on or through the Website or Apps (“Questionnaires”), (4) the booking system should you avail of additional professional services through our contractors, counselors, therapists or other service providers (“Providers”), and (5) call recordings when you call our call center phone numbers (all of the foregoing, collectively, “Services”). We follow this privacy policy in accordance with applicable laws in the places where we operate.

This privacy policy also explains how we collect, use and share personal information if you are one of our Providers, including if you go through the application process to become one of our Providers.

Specifically, this privacy policy describes:

  • What personal information we collect and when and why we use
  • How we share personal information within Spring Health and with our service providers, regulators and other third parties
  • How we use your information to provide Service updates to you and how you can manage your marketing preferences
  • Transferring personal information globally
  • How we protect and store personal information
  • Legal rights available to help manage your privacy
  • How you can contact us for more support

1.      UPDATES TO THIS PRIVACY POLICY

We may amend this privacy policy from time to time to keep it up to date with legal requirements and the way we operate our business. We will post those changes prominently, so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. Please regularly check these pages for the latest version of this privacy policy.

You might find external links to third party websites on our Website. This privacy policy does not apply to your use of a third party site.

2.    WHAT PERSONAL INFORMATION WE COLLECT AND WHEN AND WHY WE USE IT

A.     When we collect personal information

We collect information about you if you:

  • register with, use or engage with our Services, or
  • work with us as a Provider, collectively (“you“).

B.     Personal information we collect and use if you register with or use our Services or if you engage with our Website:

1.             Personal information collected if you use our Website or Services includes:

  • Personal details: first name and surname, date of birth, email address, country of residence, username and
  • Sensitive information about you: racial origin and health information e. general information about your health and wellbeing, including indications about your overall mood and daily habits, information on your mental wellbeing, daily habits, activity levels, daily nutrition and eating habits as well as information about your personal, family and social life which is entered by you when registering for an account or in any Questionnaires we make available through the Services.

2.             Other information when you use our Services or engage with our Website

Other information collected if you use our Services or engage with our Website includes:

  • Browser and device information: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are
  • App usage data: When you use the Apps, we and our service providers may track and collect usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device

  • Information gathered through use of cookies, pixel tags or other technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of users of the Services (including email recipients), and compile statistics about usage of the Services and response rates as well as general demographic information and aggregated information.
  • Other personal information: IP address, location data and information around your preferred means of

If you submit any personal information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this privacy policy.

3.             Personal information we collect with your consent or as permitted by law

Personal information may be collected from other sources where you have given consent to do so or as permitted by applicable law, such as from your employer or healthcare provider, public databases, joint marketing partners and other third parties.

4.             We may use personal data collected if you use our Websites or Services or if you consent or as permitted by applicable law in the following ways:

  • To provide you with the Services you request, which may be combination of the use or engagement with our Website, App, Questionnaires and/or
  • To respond to your inquiries, fulfill your requests, and send you communications that you request, such as the results of any Questionnaire that you have
  • To send administrative information to you, for example, information regarding the Services and changes to our terms, conditions and
  • To market our Services to you. This includes sending communications about our Services, features, studies, surveys, news, updates, and events. We may do so through various methods, including email, in app communications and ads, and ads on third party
  • For our internal management and business purposes, such as data analysis, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage
  • We may use personal information, including sensitive information, from many Services users to create non-identifiable “aggregate data” (for example, reports that calculate the percentage of users who have a particular response to or result from the Questionnaires) that may be disclosed to third
  • If you provide to us any ideas, proposals, suggestions, recommendations or other materials (“Feedback”), whether related to the Services or
  • As we believe to be necessary or appropriate, and only as permitted under applicable law (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or

  • To personalize your experience on the Services, for example, by presenting Questionnaires and similar services to

5.             The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • you have provided your consent to us using the personal information, for example by opting in to receiving the Service, by registering for an account or by voluntarily inputting your personal information g., when you answer a Questionnaire, or where you have provided your consent;
  • our use of your personal information is in our legitimate interest as a commercial organisation (for example for our internal management and business purposes, such as data analysis, to ensure that the Services function properly, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage trends). In these cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights;
  • our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you for example where you have opted to receive the Services it is mandatory to provide your name and email address to register your account in order to receive the Services. For further information please see our Terms of Service (https://care.springhealth.com/terms_of_service); and/or
  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example, to comply with legal process, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or

(d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

  • If you would like to find out more about the legal basis for which we process personal information, please contact us at compliance@springhealth.com.

C.     Personal information we collect if you work with us as a Provider

1.  Personal information collected if you apply to work with us as a Provider, and continue to work with us a Provider, includes:

  • Personal details: such as your name, email address, photo, maiden name; alias(es); current and previous addresses; birth date; birth place; ID number (which may include passport, national ID card, driver’s license) and mother/father’s complete
  • Information about your employment status: employer name; employer contact details; manager name; manager contact details; job title; pay rate; dates of employment; reason for leaving
  • Information about your education and qualifications: school name; school contact details; student number; qualification details; field of study; school attendance dates; school graduation
  • Other information: payment information so that we can make payments to you and information contained on our communications systems, these are the Spring Health

communications facilities used by you (email, phone, mobile phone and computer communication).

2.  If you are one of our Providers, we may use your personal data in the following ways:

  • To determine, perform and execute the terms on which you will be engaged by us and communicate with you;
  • To pay and administer your fees;
  • To administer other requests or services requested by you throughout your engagement with us;
  • To ensure the smooth running of our engagement with you (including all of the activities that need to be undertaken before, during and after such engagement);
  • To monitor against and prevent cyber-security issues and unauthorised use of our information, IT systems and/or equipment;
  • Maintain photo identification of you for your profile; or
  • Where it may be necessary, to file legal proceedings, investigate, establish, exercise or defend a legal claim; and settle legal

3.  The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you, e. the Contractor Agreement;
  • our use of your personal information is in our legitimate interest as a commercial organisation (for example to monitor against and prevent cyber-security issues and unauthorised use of our information, IT systems and/or equipment, or maintain photo identification of you for your profile); and/or
  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example, to comply with legal process, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or

(d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

  • If you would like to find out more about the legal basis for which we process personal information please contact us at compliance@springhealth.com.

3.       SHARING PERSONAL INFORMATION WITHIN SPRING CARE, WITH OUR SERVICE PROVIDERS, AND OTHER THIRD PARTIES

A.     We may share your information under limited circumstances in the manner and for the purposes described below:

  1. within Spring Health, where such disclosure is necessary to provide you with our Services or to manage our business, including with our Spring-branded Medical Professional Corporation, SH Medical Care of Kansas,
  2. with third parties who help manage our business and deliver Services, for example:
  3. we will provide your personal information to our Providers, as necessary to allow you to avail of that specific element of our Services;
  4. if you are one of our Providers, we will share your information with third parties to confirm your eligibility to carry out the

These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These may also include website hosting, data storage and analysis, scheduling platforms, information technology and related infrastructure provision, email delivery, auditing and other services.

  1. with our regulators, which may include but is not limited to the Information Commissioner’s Office (ICO), Commission Nationale de l’Informatique et des Libertés, Bundesbeauftragte für Datenschutz und Informationsfreiheit, the Data Protection Commission (DPC), the Swedish Data Protection Authority and the Brazilian Data Protection Authority (ANPD), to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
  2. with our partners or affiliates, in aggregate, statistical form, non-personal information regarding the visitors to our Website, traffic patterns, and Website usage with our partners or affiliates;
  3. if, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or

4.    SERVICE UPDATES AND MARKETING PREFERENCES

A.     How we use personal information to keep you up to date with our Services

To protect privacy rights and to ensure you have control over how we manage marketing with you we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you.

B.     How you can manage your marketing preferences

  1. You can opt out of certain marketing communications and use of your information for marketing at any time by contacting careteam@springhealth.com or by clicking on the “unsubscribe” link you will find on all marketing messages to you and requesting to be

removed from future communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (eg email).

  1. You can change the way your browser manages cookies, which may be used to deliver online advertising, by following the settings on your

5.    TRANSFERRING PERSONAL INFORMATION GLOBALLY

  1. Spring Health is a US based business. Accordingly, regardless of your location, your personal information may be transferred to and stored in the US, which may be subject to different standards of data protection than your home jurisdiction. Spring Health will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and

To this end:

  1. We ensure transfers within Spring Health entities and affiliates will be covered by an agreement entered into by members of Spring Health (an intercompany agreement) which contractually obliges each entity to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within Spring Health;
  2. Where we transfer your personal information outside Spring Health or to third parties who help provide our Services, we obtain contractual commitments from them to protect your personal Some of these assurances are well recognized requirements like the use of Standard Contractual Clauses for the protection of personal information transferred from within Brazil to countries outside Brazil; or
  3. Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are
  4. You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned

6.      HOW WE PROTECT AND STORE YOUR INFORMATION

A.     Security

We have implemented and maintain appropriate administrative, physical and technical security measures, policies and procedures that are reasonable and appropriate to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information as reasonable and appropriate to the nature of the information concerned. Measures we take include placing confidentiality requirements on our staff members and service providers and destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected. As the security of information depends in part on the security of the computer you use to communicate with us and the

security you use to protect user IDs and passwords please take appropriate measures to protect this information.

B.     Storing your personal information

  1. We will retain your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy policy. In some circumstances we may store your personal information for longer periods of time as required or permitted by law, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting
  2. In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or
  3. As our operations are conducted from the US, all personal information that we collect is used and stored in the US, is also subject to US laws, and may be subject to disclosure to US governments, courts or law enforcement or regulatory agencies pursuant to those laws.

7.     LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY

  1. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information, including the right:
  1. To access or confirm the existence of personal information
  2. To rectify / erase, anonymize or block personal information
  3. To request portability of your personal information
  4. To object to the processing of personal information in certain situations
  5. Withdraw consent for processing of personal information
  6. To obtain information about public and private entities with which your personal data was shared
  7. To request review of automated decisions
  8. To lodge a complaint with your local supervisory authority or your consumer protection entities

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. To the extent permitted by applicable law, we reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us at careteam@springhealth.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

B.     Right to access personal information or to confirm the existence of the processing

You have a right to request that we confirm if your personal data is being processed by Spring Health and that we provide you with a copy of your personal information that we hold, and you have the right to be informed of; (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

C.     Right to rectify, erase, anonymize or block personal information

  1. You have a right to request that we rectify inaccurate or incomplete personal information and that we update out of date personal We may seek to verify the accuracy of the personal information before rectifying or updating it.
  2. You can also request that we erase, anonymize or block your personal information in limited circumstances where:
  3. it is no longer needed for the purposes for which it was collected; or
  4. it has been processed unlawfully; or
  5. to comply with a legal obligation to which Spring Health is
  6. We are not required to comply with your request to erase, anonymize or block personal information if the processing of your personal information is necessary:
  7. for compliance with a legal obligation; or
  8. for the establishment, exercise or defence of legal claims;

D.     Right to request portability of your personal information

  1. You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, in accordance with further instructions of the National Authority:

E.      Right to object to the processing of your personal information

F.      Right to withdraw consent

Where we have obtained your consent as our legal basis to process your personal data, you have the right to withdraw consent at any time by emailing careteam@springhealth.com. Please note that in some instances, where you withdraw your consent this may negatively impact our ability to provide you with the Services.

G.       Right to obtain information about data sharing

You have the right to request information about public and private entities with which your personal data were shared.

H.       Right to request review of automated decisions

You have the right to request review, by a natural person, of decisions taken solely based on automated processing of your personal data in case the decisions affect your interests, including decisions intended to define your personal, professional, consumer or credit profile or aspects of your personality.

I.         Right to lodge a complaint with your local supervisory authority or your consumer protection entities

You have a right to lodge a complaint with your local supervisory authority or your consumer protection entities if you have concerns about how we are processing your personal information.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

8.        CONTACT US

If you have any questions about this privacy policy, please contact us at compliance@springhealth.com or our Data Protection Officer (IT Governance Europe Limited) at eurep@itgovernance.eu.

Please ensure to include our company name in any correspondence you send.

If you have any questions, concerns or complaints regarding our compliance with this privacy policy and data protection laws, or if you wish to exercise your rights, we encourage you to first contact compliance@springhealth.com. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by data protection laws.

1.      POLÍTICA DE PRIVACIDADE (BRASIL) DA SPRING CARE, INC.

A Spring Care, Inc. é responsável pelas suas informações pessoais.

A Spring Care, Inc. e suas afiliadas (designadas juntas “Spring Health”, “nós”) levam muito a sério as suas responsabilidades de proteção de dados e privacidade. Esta política de privacidade descreve as nossas práticas com relação às informações que coletamos através de (incluindo qualquer acesso a)

(1) o site da Spring Health, atualmente no endereço https://benefits.springhealth.com, os materiais e serviços nele disponibilizados, e qualquer site(s) que vier a lhe substituir, além de qualquer Conteúdo: definido como textos, dados, elementos gráficos, imagens, fotografias, vídeos, áudios, informações, sugestões, orientações, conteúdos e outros materiais fornecidos, disponibilizados ou de outra forma encontrados no site (“Site”), (2) os aplicativos de software que viermos a disponibilizar para uso em ou através de computadores e dispositivos móveis (“Apps”), (3) os “quizzes”, testes e questionários (e os seus resultados) que disponibilizarmos no Site ou nos Apps, ou através deles (“Questionários”),

  • o sistema de reservas, caso utilize serviços profissionais adicionais prestados pelos nossos contratados autônomos, orientadores, terapeutas ou outros prestadores de serviços (“Prestadores”), e (5) gravações de chamadas, produzidas sempre que você telefonar para a nossa central de atendimento (sendo todos esses designados juntos os “Serviços”). Cumprimos esta política de privacidade de acordo com as leis aplicáveis em vigor nos locais em que

Esta política de privacidade também explica como coletamos, usamos e compartilhamos informações pessoais se você for um dos nossos Prestadores, e até mesmo se você passar pelo processo de seleção para se tornar um dos nossos Prestadores.

Especificamente, esta política de privacidade descreve:

  • Que informações pessoais nós coletamos e quando e por que as
  • A forma como compartilhamos informações pessoais dentro da Spring Health e com os nossos prestadores de serviços, órgãos reguladores e outras partes externas
  • A forma como usamos as suas informações para lhe apresentar atualizações aos Serviços e como você pode gerenciar as suas preferências de marketing
  • Como transferir informações pessoais internacionalmente
  • Como protegemos e armazenamos informações pessoais
  • Os direitos legais cabíveis para ajudá-lo a gerenciar a sua privacidade
  • Como você pode nos contatar se precisar de assistência

2.    ATUALIZAÇÕES A ESTA POLÍTICA DE PRIVACIDADE

Nós poderemos alterar esta política de privacidade periodicamente a fim de mantê-la consistente com os requisitos legais vigentes e com a nossa forma de conduzir a nossa empresa. Qualquer alteração será publicada com destaque, para que você sempre saiba que informações nós coletamos, como as utilizamos e as circunstâncias em que as divulgamos, se houver. Lembre-se de consultar regularmente nessas páginas a versão mais atualizada da política de privacidade.

É possível que encontre links para páginas externas no nosso Site. Esta política de privacidade não se aplica à utilização de qualquer site externo.

3.   QUE INFORMAÇÕES PESSOAIS COLETAMOS E QUANDO E POR QUE AS USAMOS

A.      Quando coletamos informações pessoais

Nós coletamos as suas informações quando você:

  • usa, se registra ou interage com os nossos Serviços, ou
  • trabalha conosco como Prestador, designado apenas (“você“).

B.      Informações pessoais que coletamos e usamos se você usar ou se registrar para usar nossos Serviços ou se você interagir com o nosso Site:

1.             As informações pessoais que coletamos se você usar o nosso Site ou os nossos Serviços incluem:

  • Dados pessoais: nome e sobrenome, data de nascimento, endereço de e-mail, país de residência, nome de usuário e senha.
  • Informações sigilosas sobre você: origem étnica e informações de saúde, tais como informações gerais sobre a sua condição de saúde e bem estar, incluindo indicações sobre seu estado de espírito e hábitos diários gerais, informações sobre seu estado mental, hábitos diários, níveis de atividade, hábitos alimentares e nutricionais diários, além de informações sobre a sua vida pessoal, familiar e social, fornecidas por você ao se registrar para abrir uma conta ou nos Questionários que disponibilizamos através dos Serviços.

2.             Outras informações coletadas quando você usar nossos Serviços ou interagir com o nosso Site

Outras informações que poderão ser coletadas quando você usar nossos Serviços ou interagir com o nosso Site são:

  • Informações do navegador e dispositivo: Algumas informações são coletadas pela maioria dos navegadores ou automaticamente pelo seu dispositivo, como seu endereço de Controle de Acesso ao Meio (MAC), o tipo de computador (Windows ou Macintosh), a resolução de tela, nome e versão do sistema operacional, fabricante e modelo do dispositivo, idioma, tipo e versão do navegador de Internet,

e o nome e a versão dos Serviços (de um App, por exemplo) que estão sendo utilizados.

  • Dados de uso dos Apps: Ao usar os Apps, nós e nossos prestadores de serviços poderemos rastrear e coletar dados de uso, tais como a data e o horário em que o App no seu dispositivo acessar nossos servidores e que informações e arquivos foram baixados para o App com base no número do seu
  • Informações coletadas com a utilização de cookies, pixel tags ou outras tecnologias: Poderão ser utilizados pixel tags (também conhecidos como pixels de rastreamento e GIFs limpos) em conexão com determinados Serviços para, entre outras coisas, rastrear as ações dos usuários dos Serviços (inclusive de destinatários de e-mail) e compilar estatísticas sobre a utilização dos Serviços e as taxas de resposta, além de outras informações demográficas gerais e informações agregadas.
  • Outras informações pessoais: endereço de IP, dados de localização e informações acerca do seu meio de comunicação

Se você fornecer informações pessoais referentes a outras pessoas, a nós ou aos nossos prestadores de serviços, em conexão com os Serviços, você declara que está autorizado a fornecer as informações e nos autoriza a usar as informações de acordo com esta política de privacidade.

3.             Informações pessoais coletadas com o seu consentimento ou conforme permitido por lei

Poderão ser coletadas informações pessoais de outras fontes, nas quais você tenha dado o seu consentimento ou conforme permitido pela legislação aplicável, como seu empregador ou plano de saúde, bancos de dados públicos, parceiros de marketing e outras partes externas.

4.             Poderemos usar os dados pessoais coletados se você usar nossos Sites ou Serviços, ou se você consentir, ou conforme permitido pela legislação aplicável, das seguintes formas:

  • Para lhe prestar os Serviços solicitados, que poderão constituir uma combinação da utilização de, ou interação com, nosso Site, App, Questionários e/ou
  • Para responder suas consultas, atender seus pedidos e enviar as comunicações que você solicitar, tais como os resultados de qualquer Questionário que
  • Para lhe enviar informações administrativas, tais como informações sobre os Serviços e alterações aos nossos termos, condições e políticas.
  • Para vender nossos Serviços a você. Isso inclui o envio de comunicações sobre os nossos Serviços, recursos, estudos, pesquisas, novidades, atualizações e eventos. Isso poderá ser feito por vários meios, inclusive e-mail, anúncios e comunicações dentro dos apps, além de anúncios em plataformas de
  • Para nossos fins comerciais e administrativos internos, como análises de dados, desenvolvimento de novos serviços, melhoria, otimização ou modificação dos Serviços, auditorias, monitoração e prevenção de fraude, identificação de tendências de

  • Poderemos usar informações pessoais, incluindo informações sigilosas, de vários usuários dos Serviços para criar “dados agregados” não identificáveis (por exemplo, relatórios que calculam o percentual de usuários que apresentam uma determinada resposta ou resultado nos Questionários), que poderão ser divulgados a terceiros.
  • Se você nos apresentar ideias, propostas, sugestões, recomendações ou outros materiais (“Feedback”), relacionados ou não aos Serviços.
  • Como considerarmos necessário ou conveniente, e somente na medida permitida pela legislação aplicável, para (a) dar cumprimento a processo judicial; (b) responder a pedidos de autoridades públicas e governamentais, incluindo autoridades públicas e governamentais fora do seu país de residência; (c) proteger nossas operações ou as operações de nossas afiliadas, inclusive em conexão com a investigação de ocorrências de segurança; ou (d) proteger os direitos, a privacidade, a segurança ou as propriedades, nossos e/ou das nossas afiliadas, seus e de
  • Para personalizar a sua experiência com os Serviços, por exemplo, para sugerir-lhe Questionários e serviços

5.             Fundamentação legal para a utilização das suas informações pessoais

Nós só coletamos, usamos e compartilhamos as suas informações pessoais quando tivermos a convicção de que existe uma fundamentação legal adequada para tanto. Isso pode acontecer porque:

  • você nos deu seu consentimento para usar as informações pessoais, por exemplo, ao aceitar receber o Serviço, fazer o registro para abertura de uma conta, ou voluntariamente fornecer suas informações pessoais, ao responder a um Questionário, por exemplo, ou dar seu consentimento expresso;
  • o nosso uso das suas informações pessoais seja do nosso interesse legítimo na condição de uma organização comercial (por exemplo, para os nossos fins comerciais e administrativos internos, tais como análises de dados, a fim de garantir que os Serviços estão funcionando bem, desenvolver novos serviços, melhorar, otimizar ou modificar os Serviços, para auditorias, monitoração e prevenção de fraude, identificação de tendências de uso). Nesses casos, nós cuidaremos das suas informações sempre de forma equilibrada, respeitando seus direitos de privacidade;
  • o nosso uso das suas informações pessoais seja necessário para cumprir um contrato ou para viabilizar a celebração de contrato com você, por exemplo, quando você optar por receber os Serviços, terá obrigatoriamente que fornecer seu nome e endereço de e-mail para registrar sua conta, a fim de receber os Serviços. Para saber mais, consulte os nossos Termos de Serviço (https://care.springhealth.com/terms_of_service); e/ou
  • o nosso uso das suas informações pessoais seja necessário para cumprir uma obrigação jurídica ou normativa relevante que nos caiba, por exemplo, de dar cumprimento a um processo judicial, responder a pedidos de autoridades públicas e governamentais, proteger nossas operações ou as operações de nossas afiliadas, inclusive em conexão com a investigação de ocorrências de segurança, ou proteger os direitos, a privacidade, a segurança ou as propriedades, nossos e/ou das nossas afiliadas, seus e de

  • Se quiser saber mais sobre a fundamentação legal que justifica nosso processamento de informações pessoais, fique à vontade para nos contatar pelo e- mail compliance@springhealth.com.

C.      Informações pessoais que coletamos dos nossos Prestadores

1.              Entre as informações pessoais que coletaremos se você se candidatar a trabalhar conosco como Prestador, e seguir trabalhando conosco como Prestador, estão:

  • Dados pessoais: como seu nome, endereço de e-mail, fotografia, nome de solteira; apelido(s); endereços residenciais atual e anterior(es); data de nascimento; local de nascimento; número de identidade (tais como passaporte, registro geral nacional, carteira de habilitação) e nome completo de mãe/pai.
  • Informações sobre a sua situação de emprego: nome do empregador; informações de contato do empregador; nome do gerente responsável; informações de contato do gerente responsável; cargo ocupado; salário; datas de admissão e saída; motivo de saída do
  • Informações sobre a sua formação e qualificações: nome da instituição de ensino; informações de contato da instituição de ensino; número de matrícula; informações de habilitação; área de estudo; datas de frequência da instituição; datas de formatura.
  • Outras informações: informações de pagamento, para que possamos fazer pagamentos a você, e informações contidas em nossos sistemas de comunicação, ou seja, nos recursos de comunicação da Spring Health usados por você (comunicações por e-mail, telefone, celular e computador).

2.              Se você for um dos nossos Prestadores, poderemos usar seus dados pessoais das seguintes formas:

  • Para determinar, firmar e executar os termos que regerão a sua contratação por nós, e para nos comunicar com você;
  • Para pagar e administrar sua remuneração;
  • Para administrar outros pedidos ou serviços solicitados por você durante o seu tempo de trabalho conosco;
  • Para garantir que o seu trabalho conosco transcorra de forma tranquila (inclusive todas as atividades a serem realizadas antes, durante e depois do período de contratação);
  • Para monitorar e evitar problemas de segurança cibernética e uso não autorizado das nossas informações, equipamentos e/ou sistemas de TI;
  • Para manter uma identificação com foto em seu perfil; ou
  • Quando necessário, para instituir processo judicial, investigar, fundamentar, exercer ou apresentar defesa contra reclamação judicial; e para extinguir por acordo qualquer reclamação judicial.

3.              Fundamentação legal para uso das suas informações pessoais

Nós só coletamos, usamos e compartilhamos as suas informações pessoais quando tivermos a convicção de que existe uma fundamentação legal adequada para tanto. Isso pode acontecer porque:

  • o nosso uso das suas informações pessoais seja necessário para cumprir um contrato ou para viabilizar a celebração de contrato com você, tais como o Contrato de Prestação de Serviços;
  • o nosso uso das suas informações pessoais seja do nosso interesse legítimo na condição de uma organização comercial (por exemplo, para monitorar e evitar problemas de segurança cibernética e uso não autorizado das nossas informações, equipamentos e/ou sistemas de TI, ou para manter uma identificação com foto em seu perfil); e/ou
  • o nosso uso das suas informações pessoais seja necessário para cumprir uma obrigação jurídica ou normativa relevante que nos caiba, por exemplo, de dar cumprimento a um processo judicial, responder a pedidos de autoridades públicas e governamentais, proteger nossas operações ou as operações de nossas afiliadas, inclusive em conexão com a investigação de ocorrências de segurança, ou proteger os direitos, a privacidade, a segurança ou as propriedades, nossos e/ou das nossas afiliadas, seus e de
  • Se quiser saber mais sobre a fundamentação legal que justifica nosso processamento de informações pessoais, fique à vontade para nos contatar pelo e- mail compliance@springhealth.com.

4.      COMPARTILHAMENTO DE INFORMAÇÕES PESSOAIS DENTRO DA SPRING CARE, COM NOSSOS PRESTADORES DE SERVIÇOS E OUTRAS PARTES EXTERNAS

A.      Poderemos compartilhar suas informações em circunstâncias limitadas, da forma e para os fins descritos a seguir:

  1. dentro da Spring Health, quando essa divulgação for necessária para viabilizar a nossa prestação dos Serviços ou a gestão do nosso empreendimento, inclusive através da nossa Empresa de Serviços Médicos Profissionais da marca Spring, a SH Medical Care of Kansas,
  2. com terceiros que nos ajudam a gerir nosso empreendimento e entregar os Serviços, por exemplo:
  3. disponibilizaremos as suas informações pessoais aos nossos Prestadores, conforme necessário para permitir que você utilize o item de Serviço específico prestado por eles;

  1. se você for um Prestador, nós compartilharemos as suas informações com terceiros a fim de confirmar a sua qualificação para prestar os Serviços.

Todos os referidos terceiros aceitaram as restrições de confidencialidade e se comprometeram a usar todas as informações pessoais compartilhadas com eles, ou coletadas por eles a nosso serviço, exclusivamente para nos prestar o serviço contratado. Esses poderão incluir serviços de hospedagem de sites, armazenamento e análise de dados, plataformas de agendamento, disponibilização de infraestrutura de tecnologia da informação e infraestruturas relacionadas, entrega de e-mails, auditoria e outros serviços.

  1. com os órgãos reguladores, incluindo, sem se limitar a, o Gabinete do Comissário para a Informação do Reino Unido (ICO), a “Commission Nationale de l’Informatique et des Libertés”, a “Bundesbeauftragte für Datenschutz und Informationsfreiheit”, a Comissão de Proteção de Dados (DPC), a Autoridade de Proteção de Dados da Suécia e a Autoridade Nacional de Proteção de Dados do Brasil (ANPD), a fim de cumprir todas as leis, normas e regulamentações aplicáveis, além de pedidos da autoridades policiais, agências reguladoras e outros órgãos governamentais;
  2. com nossos parceiros ou afiliadas, em formato estatístico, agregado, informações não pessoais sobre os visitantes do nosso Site, padrões de tráfego, e dados sobre o uso do Site com nossos parceiros ou afiliadas;
  3. se, no futuro, vendermos ou transferirmos a totalidade ou qualquer parte do nosso empreendimento ou bens para uma terceira parte, poderemos divulgar as informações a qualquer comprador potencial ou efetivo do empreendimento ou dos

5.      ATUALIZAÇÕES AO SERVIÇO E PREFERÊNCIAS DE MARKETING

A.      Como usamos informações pessoais para manter você atualizado sobre os nossos Serviços

Para proteger os direitos de privacidade e garantir que você tenha controle sobre a forma como gerenciamos o uso de materiais de marketing com você, tomaremos providências para limitar o marketing direto a um nível razoável e proporcionado, e para apenas enviar a você comunicações que acreditemos ser do seu interesse ou relevantes para você.

B.      Como você pode gerenciar suas preferências de marketing

  1. Você pode desativar o envio de algumas comunicações de marketing e o uso das suas informações para fins de marketing, a qualquer tempo, entrando em contato pelo e-mail careteam@springhealth.com ou clicando no link “cancelar assinatura” (“unsubscribe”), que consta de todas as mensagens de marketing enviadas a você, e solicitando a remoção da lista de comunicações futuras. Você deve especificar se quer encerramento de todos os tipos de marketing ou apenas de um tipo específico (por exemplo, comunicações por e-mail).

  1. Você pode alterar a forma como seu navegador gerencia cookies, que podem ser usados para a entrega de publicidade on-line, definindo as configurações do seu

6.  TRANSFERÊNCIAS INTERNACIONAIS DE INFORMAÇÕES PESSOAIS

  1. A Spring Health é uma empresa dos EUA. Sendo assim, independentemente da sua localização física, as suas informações pessoais poderão ser transferidas para os EUA e armazenados no país, que pode adotar regras de proteção de dados diferentes daqueles vigentes no seu país. A Spring Health tomará as medidas indicadas para garantir que as transferências de informações pessoais sejam realizadas em consonância com a legislação aplicável e administradas criteriosamente a fim de proteger seus interesses e direitos de privacidade.

Nesse sentido:

  1. Garantimos que as transferências realizadas entre as organizações e afiliadas da Spring Health serão cobertas por um acordo firmado pelos membros da Spring Health (acordo entre as empresas do mesmo grupo), que obrigue contratualmente cada organização a garantir que as informações pessoais receberão um nível de proteção adequado e consistente sempre que forem transferidas dentro do grupo da Spring Health;
  2. Quando transferirmos as suas informações pessoais para fora da Spring Health ou para terceiros que nos ajudam a prestar os Serviços, as partes externas serão obrigadas a firmar um compromisso contratual para proteger suas informações pessoais. Algumas dessas garantias terão a forma de exigências amplamente reconhecidas, como a adoção de Cláusulas Contratuais Padrão conferindo proteção a informações pessoais transferidas do Brasil para outros países; ou
  3. Quando recebemos pedidos de informações de autoridades policiais ou órgãos reguladores, tomamos o cuidado de sempre confirmar a validade dos pedidos antes de divulgar quaisquer informações
  4. Você tem todo o direito de nos procurar caso queira saber mais sobre as medidas de proteção que instituímos (e inclusive de ter acesso a uma cópia de todos os compromissos contratuais firmados) para garantir a proteção adequada das suas informações pessoais quando de sua transferência conforme previsto acima.

7.     COMO PROTEGEMOS E ARMAZENAMOS SUAS INFORMAÇÕES

A.      Segurança

Implementamos e mantemos ativas as medidas, políticas e procedimentos administrativos, físicos e técnicos de segurança que consideramos razoáveis e adequados para reduzir o risco de perda ou destruição acidental, ou de acesso ou divulgação não autorizados de tais informações, conforme razoável e indicado para a natureza das informações em questão.

As medidas tomadas incluem a imposição de obrigações de confidencialidade aos membros da nossa equipe e prestadores de serviços, e a destruição ou anonimização permanente das informações pessoais quando não mais forem necessárias para os fins que motivaram a sua coleta. Como a segurança das informações depende em parte da segurança do computador que você utiliza para se comunicar conosco e dos recursos de segurança que você adota para proteger seus nomes de usuário e senhas, cabe a você também tomar medidas adequadas para proteger as informações.

B.      Armazenamento das suas informações pessoais

  1. Nós retemos as suas informações pessoais pelo tempo que isso seja razoavelmente necessário para os fins que motivaram a sua coleta, conforme descrito nesta política de privacidade. Em algumas situações, poderemos guardar suas informações pessoais por períodos mais longos, conforme exigido ou permitido por lei, por exemplo, quando isso nos for imposto por exigências legais, normativas, fiscais ou contábeis.
  2. Em determinadas circunstâncias, poderemos guardar suas informações pessoais por períodos mais longos a fim de documentarmos melhor as suas tratativas conosco, para usar em caso de reclamação ou contestação, ou se acreditarmos razoavelmente que existe potencial de litígio em relação às suas informações pessoais ou
  3. Como as nossas operações são conduzidas a partir dos EUA, todas as informações pessoais que coletamos serão usadas e armazenadas nos EUA, sendo regidas pela legislação dos EUA, e poderão ficar sujeitas a divulgação ao governo dos EUA, ou a tribunais ou autoridades policiais ou agências reguladoras dos EUA, consoante as leis do país.

8.    DIREITOS LEGAIS QUE PODEM AJUDAR A GERENCIAR SUA PRIVACIDADE

  1. Ressalvadas algumas isenções, e condicionado em alguns casos à atividade de processamento que estivermos realizando, você tem alguns direitos em relação às suas informações pessoais, inclusive os direitos de:
  1. Acessar ou confirmar a existência de informações pessoais
  2. Retificar / apagar, anonimizar ou bloquear as informações pessoais
  3. Pedir a portabilidade das suas informações pessoais
  4. Contestar o processamento de informações pessoais em algumas situações
  5. Retirar seu consentimento para o processamento de informações pessoais
  6. Obter informações sobre as organizações públicas e particulares com as quais os seus dados pessoais tenham sido compartilhados
  7. Pedir a revisão de decisões automatizadas
  8. Registrar reclamação junto à sua autoridade supervisora ou às organizações de proteção ao consumidor locais

Poderemos lhe pedir informações adicionais para confirmar sua identidade, por motivos de segurança, antes de lhe revelar as informações pessoais solicitadas. Na medida em que isso seja permitido pela legislação aplicável, reservamos o direito de cobrar uma taxa,

quando permitido por lei, por exemplo, quando o pedido for claramente infundado ou excessivo.

Você pode exercer seus direitos entrando em contato conosco pelo e-mail careteam@springhealth.com. Respeitadas as considerações legais e outras considerações oportunas, faremos tudo que seja razoavelmente possível para atender seu pedido celeremente, ou lhe comunicaremos que são necessárias mais informações para atender seu pedido.

Pode não ser sempre possível atender seu pedido integral, por exemplo, quando isso afetar nossa obrigação de confidencialidade diante de outras pessoas, ou quando tivermos o direito legal de tratar o pedido de outra forma.

B.      Direito de acessar informações pessoais ou de confirmar a existência do processamento

Você tem o direito de pedir para confirmarmos se os seus dados pessoais estão sendo processados pela Spring Health, e que forneçamos uma cópia das suas informações pessoais em nosso poder, além de ter o direito de ser informado sobre: (a) a fonte que originou as suas informações pessoais; (b) as finalidades, a fundamentação legal e as formas de processamento; (c) a identidade do processador; e (d) as organizações ou categorias de organizações para as quais as suas informações pessoais poderão ser transferidas.

C.      Direito de retificar, apagar, anonimizar ou bloquear as informações pessoais

  1. Você tem o direito de pedir a retificação de informações pessoais incorretas ou incompletas, e de pedir que atualizemos qualquer informação pessoal desatualizada. Nós poderemos, antes de retificar ou atualizar as informações pessoais, confirmar se estão corretas.
  2. Além disso, você pode nos pedir para apagar, anonimizar ou bloquear suas informações pessoais, em situações limitadas, quando:
  3. elas não mais forem necessárias para os fins que motivaram a sua coleta; ou
  4. elas forem processadas ilegalmente; ou
  5. necessário para cumprir uma obrigação legal vinculante da Spring
  6. Não teremos a obrigação de atender seu pedido de apagar, anonimizar ou bloquear as informações pessoais quando o processamento de suas informações pessoais for necessário:
  7. para permitir cumprimento de uma obrigação legal; ou
  8. para a demonstração, a instituição ou a apresentação de defesa contra reclamação judicial;

D.      Direito de pedir a portabilidade de suas informações pessoais

  1. Você pode nos pedir para lhe disponibilizar as suas informações pessoais em um formato estruturado, legível por máquina, de uso corriqueiro, ou pedir que sejam transferidas diretamente para outro processador de dados, conforme as instruções específicas da Autoridade Nacional:

E.      Direito de contestar o processamento de suas informações pessoais

F.      Direito de revogar seu consentimento

Nas hipótese em que a obtenção do seu consentimento constitua a nossa base legal para o processamento de seus dados pessoais, você terá o direito de revogar seu consentimento, a qualquer tempo, enviando e-mail para careteam@springhealth.com. Veja que em algumas situações a revogação do seu consentimento poderá prejudicar nossa capacidade de lhe prestar os Serviços.

G.       Direito de obter informações sobre o compartilhamento de dados

Você tem o direito de solicitar informações sobre as organizações públicas e particulares com as quais os seus dados pessoais tenham sido compartilhados.

H.        Direito de pedir a revisão de decisões automatizadas

Você tem o direito de pedir a revisão, por uma pessoa física, de decisões tomadas exclusivamente com base no processamento automatizado de seus dados pessoais, quando as decisões afetarem os seus interesses, incluindo as decisões em vista da definição de seu perfil pessoal, profissional, de consumidor ou de crédito, ou aspectos da sua personalidade.

I.         Direito de registrar reclamação junto à autoridade supervisora ou às organizações de proteção ao consumidor locais

Você tem o direito de registrar reclamação junto à autoridade supervisora ou às organizações de proteção ao consumidor locais se tiver alguma apreensão sobre a forma como estamos processando as suas informações pessoais.

Pedimos que tente primeiro resolver o assunto conosco, ainda que você tenha o direito de contatar a sua autoridade supervisora a qualquer tempo.

9.          ENTRE EM CONTATO

Se tiver alguma pergunta sobre esta política de privacidade, pedimos que entre em contato conosco pelo e-mail compliance@springhealth.com, ou com a nossa Diretoria de Proteção de Dados (IT Governance Europe Limited), pelo e-mail eurep@itgovernance.eu.

Não deixe de incluir o nome da nossa empresa em todas as suas comunicações.

Se tiver alguma pergunta, preocupação ou reclamação sobre a nossa conformidade com esta política de privacidade ou as leis de proteção de dados, ou se quiser exercer seus direitos, recomendamos primeiro entrar em contato pelo e-mail compliance@springhealth.com. Nos comprometemos a investigar e resolver as reclamações e controvérsias, e faremos tudo o que for razoavelmente possível para acatar seu desejo de exercer seus direitos o mais rapidamente possível e, em todo caso, respeitando os prazos estipulados nas leis de proteção de dados.

Last Updated: December 7, 2021

Spring Care, Inc. is concerned about privacy issues and wants you to be familiar with how we collect, use and disclose information and does so in accordance with laws applicable to our business. This Privacy Policy describes our practices in connection with information that we collect through websites operated by us from which you are accessing this Privacy Policy (the “Website”), through the software applications made available by us for use on or through computers and mobile devices (the “Apps”), and through our social media pages that we control from which you are accessing this Privacy Policy, as well as through HTML-formatted email messages that we may send to you that link to this Privacy Policy (all of the foregoing, collectively, the “Services”).

From time to time, we may make changes to this Privacy Policy. The Privacy Policy is current as of the “last revised” date which appears at the top of this page.

Personal Information

Personal Information We May Collect

“Personal Information” is information that directly or indirectly identifies you as an individual or relates to an identifiable person, including: Name, Email address, Health Information in connection with the quizzes, tests, and questionnaires we make available through the Services (the “Questionnaires”). If you submit any Personal Information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

How We May Collect Personal Information

We and our service providers may collect Personal Information in a variety of ways, including:

  • Through the Services: We may collect Personal Information directly from you through the Services, e.g., when you answer a Questionnaire or register for an
  • From Other Sources: We may receive your Personal Information from other sources with your consent or as permitted by applicable law, such as from your insurance or healthcare provider, public databases, joint marketing partners and other third

When required by applicable law, we will ask you to confirm your consent at the moment of collection.

How We May Use and Disclose Your Personal Information

Spring may have an arrangement with your insurance or healthcare provider and under that arrangement may be permitted to use and disclose your Personal Information as directed by them, consistent with applicable law. Spring also uses and discloses Personal Information to provide the Services as described below.

We may use Personal Information:

  • To respond to your inquiries, fulfill your requests, and send you communications that you request, such as the results of any Questionnaire that you have taken. To send administrative

information to you, for example, information regarding the Services and changes to our terms, conditions and policies.

  • To personalize your experience on the Services, for example, by presenting Questionnaires and similar products to
  • For our internal management and business purposes, such as data analysis, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage trends, but, in some cases that will be only to the extent such use of Personal Information is permitted or required by your insurance or healthcare provider and applicable law.
  • As we believe to be necessary or appropriate, and only as permitted under the Health Insurance Portability & Accountability Act and amendments thereto (HIPAA) or other applicable law such as Canada’s Personal Information Protection and Electronic Documents Act, the Quebec Act respecting the protection of personal information in the private sector, and Ontario’s Personal Health Information Protection Act: (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or
  • For such other purposes as you may consent or as may be authorized or required by applicable law.

When required by applicable law, we will ask you to confirm your consent to such uses at the moment of collection.

Your Personal Information may be transferred or disclosed:

  • To our third party service providers who assist us to provide the Services (such as website hosting, data analysis, information technology and related infrastructure provision, email delivery, auditing and other services), and with whom we have a contract that includes appropriate privacy
  • To third parties, such as your insurance or healthcare provider, consistent with your For example, you may opt in to allow us to share your responses to and results of any Questionnaires.
  • As we believe to be necessary or appropriate, and only as permitted under applicable law, such as Canada’s Personal Information Protection and Electronic Documents Act, the Quebec Act respecting the protection of personal information in the private sector, and Ontario’s Personal Health Information Protection Act: (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or
  • To such third parties and for such purposes to which you consent or which may be authorized or required by

Other Information We May Collect

“Other Information” is any information that does not reveal your specific identity or does not directly relate to an individual, such as:

  • Browser and device information

  • App usage data
  • Information collected through cookies, pixel tags and other technologies
  • General demographic information
  • Aggregated information

If we are required to treat Other Information as Personal Information under applicable law, then we may use it for the purposes for which we use and disclose Personal Information as detailed in this Policy.

How We May Collect Other Information

We and our third party service providers may collect Other Information in a variety of ways, including:

  • Through your browser or device: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using. We use this information to ensure that the Services function
  • Through your use of the Apps: When you download and use the Apps, we and our service providers may track and collect usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device
  • Using pixel tags and other similar technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of users of the Services (including email recipients), and compile statistics about usage of the Services and response
  • Analytics: We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to http://www.google.com/policies/privacy, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
  • IP Address: Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Services. We may also derive your approximate location from your IP address.
  • Physical Location: We may collect the physical location of your device by, for example, using satellite, cell phone tower or WiFi We may use your device’s physical location to provide you with personalized location-based services and content. You may be permitted to allow or deny such use, but, if you do, we may not be able to provide you with the applicable personalized services and content.

From you: Information such as your preferred means of communication is collected when you voluntarily provide it.How We May Use and Disclose Other Information

We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.

Third Party Services

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates. In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Services.

Security and Retention

We seek to use administrative, physical, and technical safeguards that are reasonable and appropriate for the protection of the Personal Information in our custody or control. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section below. We will retain your Personal Information in a file specific to you at our offices in 245 Fifth Ave., 21sth floor, New York, NY 10016 and the data centers of our service providers. We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

As our operations are conducted from the US, all Personal Information that we collect is used and stored in the US, is subject to US laws, and may be subject to disclosure to US governments, courts or law enforcement or regulatory agencies pursuant to those laws.

Individual Rights

The following six rights are collectively referred to as the “Individual Rights.”

  1. The right to access – You have the right to request copies of your personal data that Spring Care, Inc. possesses. We may charge you a small fee for this service;

  1. The right to rectification – You have the right to request that Spring Care, Inc, correct any information you believe is inaccurate. You also have the right to request that Spring Care, Inc. complete information you believe is incomplete;

  1. The right to erasure — You have the right to request that Spring Care, erase your personal data, under certain conditions;

  1. The right to restrict processing – You have the right to request that Spring Care, Inc, restrict the processing of your personal data, under certain conditions;

  1. The right to object to processing – You have the right to object to Spring Care, ’s processing of your personal data, under certain conditions; and

  1. The right to data portability – You have the right to request that Spring Care, Inc. transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you would like to exercise any of your Individual Rights regarding Personal Information that you have previously provided to us, you may do so by logging into your account within the Services or by contacting us in accordance with the “Contacting Us” section below. In your request, please make clear what Individual Right you are exercising. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in compliance with applicable law. Where appropriate, we will transmit the amended information to third parties having access to your Personal Information. We may be prevented from complying with a request to exercise an Individual Right. In such circumstances, we will respond to your request to exercise your Individual Right with a response stating that we cannot comply with such a request and, if legally allowed, why. Reasonable fees may be charged for any copy, transcription, or communication of personal information: when such fees are applicable, you will be notified in advance.

Use of Services by Minors

Services are not directed to individuals under the age of thirteen (13) (14, in the province of Quebec) without parental consent and supervision. Before providing any Personal Information of a minor under 13 (14, in the province of Quebec), an informed consent shall be provided verifying that the User is the parent or legal guardian of the verified minor, that the User has the authority to make medical decisions about the health of the minor, and that the User has received, reviewed, and accepted this Privacy Policy and the terms within the informed consent (Informed Consent). If we learn that we have collected Personal Information from a child under 13 (14, in the province of Quebec) who is not the verified minor of a User or for whom no Informed Consent has been obtained from the parent or guardian, we will delete that information as quickly as possible.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you any of the following, as requested:

  • The categories of personal information we collected about
  • The categories of sources for the personal information we collected about Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information. The specific pieces of personal information we collected about
  • If we disclosed your personal information and identify the personal information categories that each category of recipient

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our

records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  1. Comply with a legal
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such
  3. Debug products to identify and repair errors that impair existing intended
  4. Make other internal and lawful uses of that information that are compatible with the context in which you provided it

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

Non-Discrimination

We will not discriminate against you for exercising any of your rights. Unless permitted under applicable law, we will not:

  • Deny you goods or
  • Charge you different prices or rates for goods or services, including through
  • granting discounts or other benefits, or imposing
  • Provide you a different level or quality of goods or
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or

Updates to This Privacy Policy

We may change this Privacy Policy. The “Last Updated” legend at the top of this page indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services following these changes means that you accept the revised Privacy Policy.

Contacting Us

If you have any questions about this Privacy Policy, please contact us at careteam@springhealth.com or the Security Officer at compliance@springhealth.com. Because email communications are not always secure, please do not include sensitive information in your emails to us.

Quebec Residents

If you are a resident of the province of Quebec, Canada, the following specific terms, conditions and rights apply to you pursuant to the Act respecting the protection of personal information in the private sector, (CQLR c. P-39.1).

We will only collect, use, or communicate your personal information with your consent. In certain cases, we may not be able to provide certain services to you or process an application on your behalf if you do not agree to the collection of personal information.

The means by which we may collect your personal information are those listed in the “How we may collect your personal information” and “How we may collect other information” (to the extent that such “other information” is considered personal information under Quebec law) in the policy above.

In certain cases, we may collect your personal information using tracking or profiling technology. When such technology is used, you will be informed of such use, as well as how to activate and deactivate such functions.

The purposes for which we collect your personal information are those listed in the “We may use and disclose your personal information” section in the policy above.

We may, in certain circumstances, render decisions based on an automatic process using your personal information. Whenever such a decision is rendered, you will be informed accordingly. Upon request, we will notify you of the personal information used to render the decision and of the reasons and parameters considered. You will also have the right to request that the personal information used be corrected or rectified and present your observations.

Your personal information may be communicated to third party service providers and business partners for the purposes identified in the policy above.

Your personal information may be communicated outside of the province of Quebec, including in the United States.

We may, in certain cases, use or communicate your personal information, without your consent, for certain other purposes permitted by law, such as fraud prevention or to provide a service requested by you.

In addition to the rights set out in the “Individual rights” section in the policy above, you have the right to:

  • request access to your personal information;
  • request rectification or correction of your personal information;
  • request deindexation of your personal information in certain circumstances;
  • request data portability (i.e. request a copy of your personal information in a commonly used technological format);
  • withdraw your consent to the use or communication of your personal

If you wish to exercise any of the rights above, please contact us at careteam@springhealth.com. Reasonable fees may be charged for any copy, transcription, or communication of personal information: when such fees are applicable, you will be notified in advance.

Dernière mise à jour : 1er décembre 2021

Politique de confidentialité

Spring Care Inc. est soucieuse de la protection des renseignements personnels et souhaite que vous vous familiarisiez avec la façon dont nous recueillons, utilisons et communiquons les renseignements personnels en conformité avec lois applicables à notre entreprise. Cette Politique de confidentialité décrit nos pratiques en lien avec les informations que nous recueillons via les sites Web que nous exploitons à partir desquels vous accédez à cette Politique de confidentialité (le « Site Web »), via les applications logicielles mises que nous rendons disponibles pour une utilisation sur ou via des ordinateurs et appareils mobiles (les « Applications »), via nos pages de médias sociaux que nous contrôlons et à partir desquelles vous accédez à cette Politique de confidentialité, ainsi que via des e- mails au format HTML que nous pouvons vous envoyer et qui renvoient à cette Politique de confidentialité (tout ce qui précède, collectivement, les « Services »).

Nous pouvons apporter des modifications à la présente Politique de confidentialité de temps à autre. La Politique de confidentialité est à jour à la date de la « dernière révision » qui figure en haut de cette page

Renseignements personnels

Renseignements personnels que nous pouvons recueillir

Les « Renseignements personnels » sont des renseignements qui, directement ou indirectement, permettent de vous identifier en tant qu’individu ou qui concernent une personne identifiable. Ils comprennent notamment : le nom, l’adresse courriel, les informations relatives à la santé en rapport avec les quiz, tests et questionnaires que nous rendons disponibles via les Services (les

« Questionnaires »). Si vous soumettez des Renseignements personnels relatifs à d’autres personnes à nous ou à nos fournisseurs de services dans le cadre des Services, vous déclarez que vous avez le droit de le faire et de nous autoriser à utiliser ces Renseignements personnels conformément à la présente Politique de confidentialité.

Comment nous pouvons recueillir des Renseignements personnels

Nous et nos fournisseurs de services pouvons recueillir des Renseignements personnels de diverses manières, notamment

  • À travers les Services : Nous pouvons recueillir des Renseignements personnels directement auprès de vous à travers les Services, par exemple, lorsque vous répondez à un Questionnaire ou créez un
  • D’autres sources : Nous pouvons, avec votre consentement ou dans la mesure permise par la loi applicable, recevoir vos Renseignements personnels d’autres sources telles que votre assureur, votre fournisseur de soins de santé, des bases de données publiques, des partenaires de marketing, et d’autres tierces

Lorsque la loi applicable l’exige, nous vous demanderons de confirmer votre consentement au moment de recueillir vos Renseignements personnels.

Comment nous pouvons utiliser et communiquer vos Renseignements personnels

Spring peut avoir une entente avec votre assureur ou votre fournisseur de soins de santé et, en vertu de cet accord, peut être autorisé à utiliser et à communiquer vos Renseignements personnels selon leurs instructions et en conformité avec la loi applicable. Spring peut également utiliser et communiquer des Renseignements personnels pour fournir les services décrits ci-dessous.

Nous pouvons utiliser des Renseignements personnels :

  • Pour répondre à vos questions ou demandes, ainsi que pour vous faire parvenir les communications que vous nous demandez, telles que les résultats d’un Questionnaire auquel vous avez répondu. Nous pouvons également utiliser vos Renseignements personnels pour vous envoyer des informations de nature administrative, telles que des informations concernant les Services ou les modifications apportées à nos modalités d’utilisation et
  • Pour permettre de personnaliser votre expérience dans le cadre de votre utilisation des Services, par exemple, en vous présentant des Questionnaires ou des produits
  • Pour des fins de gestion interne et à des fins commerciales, telles que l’analyse de données, le développement de nouveaux services, l’amélioration ou la modification des Services, pour des fins de vérification ou d’audit, pour des fins de surveillance et de prévention de la fraude, ou pour identifier des tendances d’utilisation. Dans certains cas, l’utilisation de vos Renseignements personnels à ces fins sera limitée à ce qui est autorisé ou requis par votre assureur ou votre fournisseur de soins de santé et par la loi
  • De la manière que nous jugeons nécessaire ou appropriée, et uniquement dans la mesure permise par les lois applicables en matière de protection de la vie privée telles que la Loi sur la protection des renseignements personnels et les documents électroniques du Canada, la Loi sur la protection des renseignements personnels dans le secteur privé du Québec, et la Loi de 2004 sur la protection des renseignements personnels sur la santé de l’Ontario, dans les situations suivantes : (a) pour se conformer à une ordonnance dans le cadre d’une procédure judiciaire; (b) pour répondre aux demandes des autorités publiques et gouvernementales, y compris les autorités publiques et gouvernementales autres que celles de votre pays de résidence; (c) pour protéger nos opérations ou celles de l’une de nos sociétés affiliées, y compris dans le cadre d’enquêtes sur des incidents de sécurité; ou (d) pour protéger nos droits de manière générale, notre droit à la confidentialité, notre sécurité ou nos biens, ainsi que ceux de nos sociétés affiliées, les vôtres, ou ceux de tierces
  • Pour d’autres fins auxquelles vous avez donné votre consentement ou qui peuvent être autorisées ou requises par la loi

Lorsque la loi applicable l’exige, nous vous demanderons de confirmer votre consentement à de telles utilisations au moment de recueillir vos Renseignements personnels.

Vos Renseignements personnels peuvent être transférés ou communiqués :

  • À nos fournisseurs de services tiers qui nous aident à fournir les Services (ce qui inclut des services tels que l’hébergement de sites Web, l’analyse de données, la fourniture de technologies de l’information et d’infrastructures connexes, la livraison de courrier électronique, des services de vérifications et d’audit, ainsi que d’autres services), et avec lesquels nous avons conclu un contrat qui comprend des obligations de confidentialité appropriées.
  • À certains tiers, tels que votre assureur ou votre fournisseur de soins de santé, conformément à vos instructions. Par exemple, vous pouvez choisir de nous permettre de partager vos réponses ainsi que vos résultats en lien avec certains Questionnaires auxquels vous répondez.

  • De la manière que nous jugeons nécessaire ou appropriée, et uniquement dans la mesure permise par les lois applicables en matière de protection de la vie privée telles que la Loi sur la protection des renseignements personnels et les documents électroniques du Canada, la Loi sur la protection des renseignements personnels dans le secteur privé du Québec, et la Loi de 2004 sur la protection des renseignements personnels sur la santé de l’Ontario, dans les situations suivantes : (a) pour se conformer à une ordonnance dans le cadre d’une procédure judiciaire; (b) pour répondre aux demandes des autorités publiques et gouvernementales, y compris les autorités publiques et gouvernementales autres que celles de votre pays de résidence; (c) pour protéger nos opérations ou celles de l’une de nos sociétés affiliées, y compris dans le cadre d’enquêtes sur des incidents de sécurité; ou (d) pour protéger nos droits de manière générale, notre droit à la confidentialité, notre sécurité ou nos biens, ainsi que ceux de nos sociétés affiliées, les vôtres, ou ceux de tierces .
  • À d’autre tierces parties, pour les fins auxquelles vous avez donné votre consentement ou qui peuvent être autorisées ou requises par la loi

Autres renseignements que nous pouvons recueillir

L’expression « Autres renseignements » désigne tout renseignement qui ne permet pas de vous identifier ou qui n’a pas de lien direct avec une personne physique, et comprend, à titre d’exemple :

  • Les informations sur le navigateur et l’appareil utilisés
  • Les données d’utilisation des applications
  • Les renseignements recueillis via les témoins de connexion (cookies), les pixels balises (pixel tags) et d’autres technologies similaires
  • Certains renseignements généraux d’ordre démographique
  • Les renseignements agrégés

Si la loi applicable nous oblige à traiter les Autres renseignements comme des Renseignements personnels, nous pourrons les utiliser et les communiquer aux fins qui sont énoncées dans la présente Politique.

Comment nous pouvons recueillir les Autres renseignements

Nous et nos fournisseurs de services tiers pouvons recueillir d’Autres renseignements de plusieurs manières, notamment :

  • Via votre navigateur ou appareil : Certains renseignements sont recueillis automatiquement par la plupart des navigateurs ou par votre Ces renseignements peuvent inclure l’adresse MAC (Media Access Control), le type d’ordinateur (Windows ou Macintosh), la résolution de l’écran, le nom et la version du système d’exploitation, le fabricant et le modèle de l’appareil, la langue, le type et la version du navigateur Web, ainsi que le nom et la version des Services (incluant l’Application) que vous utilisez. Nous utilisons ces renseignements pour nous assurer que les Services fonctionnent correctement.
  • Par votre utilisation des Applications : Lorsque vous téléchargez et utilisez les Applications, nous et nos fournisseurs de services pouvons recueillir et faire un suivi de certaines données d’utilisation telles que la date et l’heure auxquelles l’Application sur votre appareil accède à nos serveurs et quelles informations ou fichiers ont été téléchargés sur l’Application en fonction de votre numéro d’appareil.
  • Utilisation de pixels balises (pixel tags) et d’autres technologies similaires : Les pixels invisibles (également appelés balises Web, Web beacons, ou GIF invisibles) peuvent être utilisés en lien

avec certains Services afin notamment de suivre les actions des utilisateurs des Services (y compris les destinataires de courriels) et de compiler des statistiques sur l’utilisation des Services et sur les taux de réponse.

  • Analytique : Nous utilisons le service Google Analytics, qui utilise des témoins de connexion (cookies) et d’autres technologies similaires pour recueillir et analyser certains renseignements sur l’utilisation des Services et produire des rapports sur les activités et les tendances. Ce service peut également recueillir des informations concernant l’utilisation d’autres sites Web, applications et ressources disponibles en ligne. Vous pouvez en savoir plus sur les pratiques de Google en vous rendant sur https://www.google.com/policies/privacy. Vous pouvez également désactiver ces fonctions et vous désinscrire en téléchargeant le module complémentaire de navigateur (add-on) pour la désactivation de Google Analytics, disponible sur https://tools.google.com/dlpage/gaoptout.
  • Adresse IP : Votre adresse IP est un numéro qui est automatiquement attribué à l’ordinateur que vous utilisez par votre fournisseur d’accès Internet (Internet Service Provider ou ISP). Une adresse IP peut être identifiée et enregistrée automatiquement dans nos fichiers journaux de serveur chaque fois qu’un utilisateur accède aux Services, en même temps que l’heure de la visite et la ou les pages visitées. La collecte d’adresses IP est une pratique courante et est effectuée automatiquement par de nombreux sites Web, applications et autres services. Nous utilisons les adresses IP à des fins telles que le calcul des niveaux d’utilisation, le diagnostic des problèmes de serveur et l’administration des Services. Nous pouvons également déduire votre emplacement approximatif à partir de votre adresse
  • Emplacement physique : Nous pouvons recueillir l’emplacement physique de votre appareil en utilisant, par exemple, des signaux satellite, ou provenant de tours de téléphonie cellulaire ou de réseaux sans fil (Wi-Fi). Nous pouvons utiliser l’emplacement physique de votre appareil pour vous fournir des services et du contenu personnalisés basés sur la localisation. Certaines fonctionnalités peuvent vous permettre d’autoriser ou non de telles Si vous décidez de ne pas permettre l’utilisation de votre emplacement physique, nous pourrions ne pas être en mesure de vous fournir certains services et contenu personnalisés.
  • De vous: Nous pouvons recueillir certains renseignements que vous nous fournissez volontairement, tels que vos préférences quant aux moyens de

Comment nous pouvons utiliser et communiquer vos Autres renseignements

Nous pouvons utiliser et divulguer les Autres renseignements à n’importe quelle fin, à moins que la loi applicable nous oblige à faire autrement. Dans certains cas, nous pouvons combiner ces Autres renseignements et des Renseignements personnels. Si nous le faisons, nous traiterons les renseignements ainsi combinés comme des Renseignements personnels, et ce jusqu’à ce qu’ils cessent d’être combinés.

Services fournis par des tiers

Cette Politique de confidentialité ne couvre pas les pratiques de tiers (y compris tout tiers exploitant un site ou un service auquel peut mener un lien accessible à travers les Services) en matière de confidentialité, de gestion des renseignements, ou autres. Nous ne sommes aucunement responsables pour les pratiques de ces tiers. L’inclusion d’un lien dans les Services ne signifie ni n’implique notre approbation du site ou du service auquel mène (ou celle de nos entités affiliées). De plus, nous ne sommes pas responsables de la collecte, de l’utilisation, de la communication, ou des politiques ou pratiques de sécurité d’autres organisations, telles que Facebook, Apple, Google, Microsoft, RIM, ou de tout autre développeur ou fournisseur d’applications, fournisseur de plate-forme de médias sociaux, fournisseur de système d’exploitation, fournisseur de services de téléphonie sans fil, ou fabricant

d’appareils, y compris en ce qui concerne les Renseignements personnels que vous pouvez divulguer à d’autres organisations à travers ou en lien avec les Services.

Sécurité et rétention

Nous nous efforçons d’utiliser des mesures de protection administratives, physiques et techniques raisonnables et appropriées pour assurer la protection des Renseignements personnels qui sont sous notre garde ou notre contrôle. Malheureusement, aucune transmission de données ou système de stockage ne peut être garanti sécurisé à 100%. Si vous avez des motifs de croire que votre interaction avec nous n’est plus sécurisée (par exemple, si vous pensez que la sécurité de votre compte a été compromise), veuillez nous en informer immédiatement de la manière prévue à la section « Nous contacter » ci-dessous. Nous conserverons vos Renseignements personnels dans un dossier qui vous est spécifique et qui sera conservé dans nos bureaux situés au 245 Fifth Ave., 21sth floor, New York, NY 10016, ainsi que dans les centres de données de nos fournisseurs de services. Nous conserverons vos Renseignements personnels pendant la période nécessaire pour les fins énoncées dans la présente Politique, à moins que la loi applicable nous permette ou nous oblige à les conserver pendant une période plus longue.

Nos activités sont menées à partir des États-Unis. Par conséquent, tous les Renseignements personnels que nous recueillons sont utilisés et stockés aux États-Unis, sont assujettis aux lois des États-Unis et peuvent être communiqués aux organismes gouvernementaux, tribunaux, organismes de réglementation ou aux organismes chargés de l’application de la loi des États-Unis conformément à ces lois.

Droits individuels

L’expression « Droits individuels » désigne, collectivement, les six droits énoncés ci-dessous :

  1. Droit d’accès – Vous avez le droit de demander une copie de vos renseignements personnels qui sont en possession de Spring Care Inc. Des frais minimes peuvent vous être exigés à cette fin;

  1. Droit à la rectification – Vous avez le droit de demander que Spring Care Inc. corrige tout renseignement personnel que vous pensez être inexact. Vous avez également le droit de demander que Spring Care, Inc. complète tout renseignement personnel que vous jugez incomplet;

  • Droit à l’effacement — Vous avez le droit de demander à Spring Care Inc. d’effacer vos renseignements personnels, à certaines conditions;

  1. Droit de limiter le traitement – Vous avez le droit de demander à Spring Care Inc de limiter le traitement de vos renseignements personnels, à certaines conditions;

  1. Droit de vous opposer au traitement – Vous avez le droit de vous opposer au traitement par Spring Care Inc. de vos renseignements personnels, à certaines conditions; et

  1. Droit à la portabilité – Vous avez le droit de demander à Spring Care Inc. de transférer vos renseignements personnels qui ont été recueillis à une autre organisation, ou directement à vous, à certaines

Si vous souhaitez exercer l’un de vos Droits individuels en lien avec les Renseignements personnels que vous nous avez fournis précédemment, vous pouvez le faire en vous connectant à votre compte pour les Services ou en nous contactant de la manière indiquée dans la section « Nous contacter » ci-

dessous. Nous vous demandons d’indiquer clairement le type de droit que vous exercez dans toute demande à cet effet. Afin d’assurer votre protection, nous ne pourrons répondre qu’aux demandes qui concernent les Renseignements personnels associés à l’adresse de courrier électronique utilisée pour nous envoyer cette demande. Il peut arriver que nous ayons à vérifier votre identité avant de pouvoir répondre à votre demande. Nous tenterons de répondre à votre demande dans les meilleurs délais et conformément à la loi applicable. Lorsque nécessaire, nous communiquerons les renseignements corrigés ou modifiés à tout tiers pouvant avoir accès à vos Renseignements personnels. Il peut arriver que nous ne puissions pas donner suite à une demande d’exercice d’un Droit individuel. Dans un tel cas, nous vous ferons parvenir une réponse indiquant que nous ne pouvons donner suite à votre demande et, dans la mesure permise par la loi applicable, les motifs qui nous empêchent de donner suite à votre demande. Des frais raisonnables peuvent être exigés pour toute copie, transcription ou communication de Renseignements personnels : lorsque de tels frais sont applicables, vous en serez avisé à l’avance.

Utilisation des Services par des mineurs

Les Services ne sont pas destinés aux personnes de moins de treize (13) ans (dans la province de Québec, 14 ans) sans le consentement et la supervision des parents. Avant que tout Renseignement personnel relatif à une personne de moins de treize (13) ans (dans la province de Québec, 14 ans) ne soit fourni, un consentement éclairé et attestant que l’Utilisateur est le parent ou tuteur de la personne et que l’Utilisateur a reçu, lu et accepté la présente Politique de confidentialité et les modalités du formulaire de consentement, devra nous être fourni. Si nous apprenons que nous avons recueilli des Renseignements personnels auprès d’une personne mineure de moins de 13 ans (dans la province de Québec, 14 ans) qui n’est pas une personne mineure vérifiée rattachée à un Utilisateur ou pour laquelle aucun consentement éclairé n’a été obtenu du parent ou du tuteur, nous supprimerons ces informations le plus rapidement possible.

Accès à des renseignements spécifiques et droit à la portabilité

Vous avez le droit de demander que nous vous divulguions certaines informations concernant notre collecte et notre utilisation de vos Renseignements personnels au cours des 12 derniers mois. Une fois que nous aurons reçu et confirmé votre demande, nous pourrons vous divulguer l’un ou l’autres des éléments suivants, selon votre demande :

  • Les catégories de Renseignements personnels que nous avons recueillis à votre
  • Les catégories de sources auprès desquelles nous avons recueilli des Renseignements personnels à votre
  • Les fins, commerciales ou autres, pour lesquelles nous recueillons ou vendons ces Renseignements
  • Les catégories de tiers avec lesquels nous partageons ces Renseignements
  • Les Renseignements personnels spécifiques que nous avons recueillis à votre
  • Si nous avons divulgué ou non vos Renseignements personnels, et, le cas échéant, les catégories de Renseignements personnels que chaque catégorie de destinataires a

Droit de demander la suppression

Vous avez le droit de nous demander de supprimer tout renseignement que nous avons recueilli auprès de vous et conservé, sous réserve de certaines exceptions. Une fois que nous aurons reçu et confirmé une demande de votre part à cet effet, nous supprimerons (et donnerons instructions à nos fournisseurs de services de supprimer) vos Renseignements personnels de nos dossiers, à moins qu’une exception

ne s’applique. Il peut arriver que nous ne puissions pas donner suite à une demande de suppression si la conservation de certains renseignements est nécessaire pour permettre à nous ou à nos fournisseurs de :

  1. Respecter nos obligations en vertu de la loi
  2. Détecter des incidents de sécurité, et assurer la protection contre les activités malveillantes, frauduleuses ou illégales, ou pour permettre que les responsables de telles activités soient traduits en
  3. Pour permettre le débogage des produits afin d’identifier et de réparer les erreurs qui nuisent aux fonctionnalités prévues.
  4. Pour d’autres utilisations internes et licites de ces renseignements qui sont compatibles avec le contexte dans lequel vous les avez

Délai et format des réponses

Nous ferons les efforts nécessaires pour répondre à toute demande de votre part dans les 45 jours suivant sa réception. Dans l’éventualité où nous aurions besoin de plus de temps (jusqu’à un maximum de 90 jours), nous vous informerons par écrit des motifs et de la durée de cette prolongation. Si vous avez un compte avec nous, nous vous transmettrons notre réponse écrite à travers votre compte. Si vous n’avez pas de compte avec nous, nous vous enverrons une réponse écrite par courrier ou par voie électronique, selon votre choix. Toute divulgation que nous faisons à l’occasion d’une telle réponse ne couvrira que la période de 12 mois précédant la réception de votre demande. Notre réponse indiquera également, le cas échéant, les motifs pour lesquels nous ne pouvons donner suite à votre demande.

Non-discrimination

Vous ne ferez l’objet d’aucune discrimination pour avoir exercé l’un ou l’autre de vos droits. Sauf dans la mesure permise par la loi applicable:

  • Nous ne vous refuserons aucun bien ou
  • Nous ne vous appliquerons pas de prix ou tarifs différents pour des biens ou des services, y compris par le biais de remises ou d’autres avantages, ou par l’imposition de pénalités.
  • Nous ne vous fournirons pas de biens ou de services d’un niveau ou d’une qualité différents.
  • Nous ne suggérerons ou laisserons pas croire que vous pourriez bénéficier d’un prix ou de taux différents pour des biens ou services, ou de biens ou de services d’un niveau ou d’une qualité différents.

Mises à jour de la Politique de confidentialité

Nous pouvons apporter des modifications à la présente Politique de confidentialité. La date de la dernière révision ou mise à jour de la présente Politique est indiquée sous la rubrique « Dernière mise à jour » en haut de cette page. Toute modification prendra effet lorsque nous afficherons la version révisée de la Politique de confidentialité dans les Services. En continuant d’utiliser les Services après l’entrée en vigueur de ces changements, vous acceptez ces changements à la présente Politique.

Nous contacter

Pour toute question en lien avec la présente Politique de confidentialité, veuillez nous contacter à l’adresse careteam@springhealth.com. Vous pouvez également contacter notre Responsable de la sécurité à l’adresse compliance@springhealth.com. Puisque les communications par courriel ne peuvent toujours être parfaitement sécurisées, nous vous demandons ne pas inclure de renseignements sensibles dans les courriels que vous nous adressez.

Résidents du Québec

Si vous êtes un résident de la province de Québec, Canada, les modalités, conditions et droits spécifiques suivants s’appliquent à vous en vertu de la Loi sur la protection des renseignements personnels dans le secteur privé (RLRQ c. P-39.1).

Nous ne recueillerons, n’utiliserons ou ne communiquerons vos Renseignements personnels qu’avec votre consentement. Dans certains cas, nous pourrions ne pas être en mesure de vous fournir certains services ou de traiter une demande en votre nom si vous n’acceptez que nous recueillons certains Renseignements personnels.

Les moyens par lesquels nous pouvons collecter vos Renseignements personnels sont ceux qui sont énumérés dans les sections « Comment nous pouvons recueillir des Renseignements personnels » et

« Comment nous pouvons recueillir les Autres renseignements» (dans la mesure où ces Autres renseignements sont considérés comme des renseignements personnels en vertu des lois du Québec) dans la Politique ci-dessus.

Dans certains cas, nous pouvons recueillir vos Renseignements personnels en utilisant une technologie permettant la localisation ou d’effectuer un profilage. Lorsque cette technologie est utilisée, vous serez informé du recours à cette technologie, ainsi que de la manière d’activer et de désactiver ces fonctions.

Les fins pour lesquelles nous recueillons vos Renseignements personnels sont celles énumérées dans la section « Nous pouvons utiliser des Renseignements personnels » de la Politique ci-dessus

Nous pouvons, dans certaines circonstances, rendre des décisions fondées sur un traitement automatisé de vos Renseignements personnels. Nous vous informerons du recours à un tel traitement automatisé au moment où une décision est rendue à votre égard. Sur demande, nous vous communiquerons les Renseignements personnels utilisées pour rendre la décision ainsi que les motifs et les paramètres qui ont mené à celle-ci. Vous aurez également le droit de demander que les Renseignements personnels utilisés pour rendre cette décision soient corrigés ou rectifiés et de présenter vos observations.

Vos Renseignements personnels peuvent être communiqués à des fournisseurs de services ou partenaires d’affaires tiers pour les fins énoncées dans la Politique ci-haut.

Vos Renseignements personnels peuvent être communiqués à l’extérieur de la province de Québec, y compris aux États-Unis.

Nous pouvons, dans certains cas, utiliser ou communiquer vos Renseignements personnels, sans votre consentement, à certaines autres fins autorisées par la loi, telles que la prévention de la fraude ou la prestation d’un service que vous avez demandé.

En plus des droits énoncés dans la section « Droits individuels » de la Politique ci-dessus, vous avez le droit de :

  • demander l’accès à vos Renseignements personnels ;
  • demander la rectification ou la correction de vos Renseignements personnels ;
  • demander la désindexation de vos Renseignements personnels dans certaines circonstances ;
  • demander la portabilité de vos données (c’est-à-dire demander une copie de vos Renseignements personnels dans un format technologique couramment utilisé) ; et
  • retirer votre consentement à l’utilisation ou à la communication de vos Renseignements personnels.

Si  vous  souhaitez  vous  prévaloir  l’un  des  droits  ci-dessus,  veuillez  nous  contacter  à   l’adresse

careteam@springhealth.com.  Des  frais  raisonnables  peuvent  être  exigés  pour  toute  copie,

transcription ou communication de vos Renseignements personnels. Nous vous aviserons à l’avance lorsque de tels frais s’appliquent.

Last Updated: February 22, 2022

SPRING CARE, INC. PRIVACY POLICY (CHILE)

Spring Care, Inc. is responsible for your personal information.

Spring Care, Inc. and its affiliates (collectively referred to as “Spring Health”, “we“, “us“) takes its data protection and privacy responsibilities seriously. This privacy policy describes our practices in connection with information that we collect through (including any access to) (1) the Spring Health website currently located at https://benefits.springhealth.com, materials and services available therein, and successor website(s) thereto, together with any Content: meaning text, data, graphics, images, photographs, video, audio, information, suggestions, guidance, content and other materials provided, made available or otherwise found on the website (“Website”), (2) the software applications we may make available for use on or through computers and mobile devices (“Apps”), (3) the quizzes, tests, and questionnaires (and results thereof) we make available on or through the Website or Apps (“Questionnaires”), (4) the booking system should you avail of additional professional services through our contractors, counselors, therapists or other service providers (“Providers”), and (5) call recordings when you call our call center phone numbers (all of the foregoing, collectively, “Services”). We follow this privacy policy in accordance with applicable laws in the places where we operate.

This privacy policy also explains how we collect, use and share personal information if you are or represent one of our Providers, including if you go through the application process to become one of our Providers.

Specifically, this privacy policy describes:

  • What personal information we collect and when and why we use it
  • How we share personal information within Spring Health and with our service providers, regulators and other third parties
  • How we use your information to provide Service updates to you and how you can manage your marketing preferences
  • How we transfer personal information globally
  • How we protect and store personal information
  • Legal rights available to help manage your privacy
  • How you can contact us for more

1.      UPDATES TO THIS PRIVACY POLICY

We may amend this privacy policy from time to time to keep it up to date with legal requirements and the way we operate our business. We will post those changes prominently, so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. Please regularly check these pages for the latest version of this privacy policy.

You might find external links to third party websites on our Website. This privacy policy does not apply to your use of a third party site.

2.    WHAT PERSONAL INFORMATION WE COLLECT AND WHEN AND WHY WE USE IT

A.     When we collect personal information

We collect information about you if you:

  • register with, use our Services or engage with our Website, or
  • work with us as a Provider, collectively (“you“).

B.     Personal information we collect and use if you register with or use our Services or if you engage with our Website and purposes of data processing:

1.             Personal information collected if you use our Website or Services includes:

  • Personal details: first name and surname, date of birth, email address, country of residence, username and
  • Sensitive information about you: racial origin and health information i.e. general information about your health and wellbeing, including indications about your overall mood and daily habits, information on your mental wellbeing, daily habits, activity levels, daily nutrition and eating habits as well as information about your personal, family and social life which is entered by you when registering for an account or in any Questionnaires we make available through the

2.             Other information when you use our Services or engage with our Website

Other information collected if you use our Services or engage with our Website includes:

  • Browser and device information: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are
  • App usage data: When you use the Apps, we and our service providers may track and collect usage data, such as the date and time the App on your device accesses

our servers and what information and files have been downloaded to the App based on your device number.

  • Information gathered through use of cookies, pixel tags or other technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of users of the Services (including email recipients), and compile statistics about usage of the Services and response rates as well as general demographic information and aggregated information.
  • Other personal information: IP address, location data and information around your preferred means of

If you submit any personal information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this privacy policy.

3.             We may use personal data collected if you use our Websites or Services if you consent or as permitted by applicable law in the following ways:

  • To provide you with the Services you request, which may be a combination of the use or engagement with our Website, App, Questionnaires and/or
  • To respond to your inquiries, fulfil your requests, and send you communications that you request, such as the results of any Questionnaire that you have
  • To send administrative information to you, for example, information regarding the Services and changes to our terms, conditions and
  • To market our Services to you. This includes sending communications about our Services, features, studies, surveys, news, updates, and events. We may do so through various methods, including email, in app communications and ads, and ads on third party
  • For our internal management and business purposes, such as data analysis, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage
  • We may use personal information, including sensitive information, from many Services users to create non-identifiable “aggregate data” (for example, reports that calculate the percentage of users who have a particular response to or result from the Questionnaires) that may be disclosed to third
  • If you provide to us any ideas, proposals, suggestions, recommendations or other materials (“Feedback”), whether related to the Services or
  • As we believe to be necessary or appropriate, and only as permitted under applicable law (a) to comply with legal processes; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or
  • To personalize your experience on the Services, for example, by presenting Questionnaires and similar services to

4.             The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • you have provided your consent to us using the personal information and/or
  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have, for example, to comply with legal processes, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or to protect our rights, privacy, safety or property, and/or that of our affiliates, you or
  • If you would like to find out more about the legal basis for which we process personal information, please contact us at compliance@springhealth.com.

C.     Personal information we collect and use if you work with us as a Provider and purposes of data processing

1.  Personal information collected if you apply to work with us as a Provider, and continue to work with us as a Provider, includes:

  • Personal details: such as your name, email address, photo, maiden name; alias(es); current and previous addresses; birth date; birth place; ID number (which may include passport, national ID card, driver’s license) and mother/father’s complete
  • Information about your employment status: employer name; employer contact details; manager name; manager contact details; job title; pay rate; dates of employment; reason for leaving
  • Information about your education and qualifications: school name; school contact details; student number; qualification details; field of study; school attendance dates; school graduation
  • Other information: payment information so that we can make payments to you and information contained on our communications systems, these are the Spring Health communications facilities used by you (email, phone, mobile phone and computer communication).

2.  If you are one of our Providers, we may use your personal data in the following ways:

  • To determine, perform and execute the terms on which you, or the organization you represent will be engaged by us and communicate with you;
  • To pay and administer your fees;
  • To administer other requests or services requested by you throughout your engagement with us;
  • To ensure the smooth running of our engagement with you (including all of the activities that need to be undertaken before, during and after such engagement for instance to confirm your eligibility to work with us as a Provider);
  • To monitor against and prevent cyber-security issues and unauthorised use of our

information, IT systems and/or equipment;

  • To maintain photo identification of you for your profile; or
  • Where it may be necessary, to file legal proceedings, investigate, establish, exercise or defend a legal claim; and settle legal

3.  The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have, for example, to comply with legal processes, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others
  • you have provided your consent to us processing your personal
  • If you would like to find out more about the legal basis for which we process personal information please contact us at compliance@springhealth.com.

3.       SHARING PERSONAL INFORMATION WITHIN SPRING HEALTH, WITH OUR SERVICE PROVIDERS, AND OTHER THIRD PARTIES

A.     We may share your information under limited circumstances in the manner and for the purposes described below:

  1. within Spring Health, where such disclosure is necessary to provide you with our Services or to manage our business, including with our Spring-branded Medical Professional Corporation, SH Medical Care of Kansas,
  2. with third parties who help manage our business and deliver Services, for example:
  3. we will provide your personal information to our Providers, as necessary to allow you to avail of specific elements of our Services;
  4. if you are one of our Providers, we will share your information with third parties to confirm your eligibility to carry out the

These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These may also include website hosting, data storage and analysis, scheduling platforms, information technology and related infrastructure provision, email delivery, auditing and other services.

  1. with our regulators, which may include but is not limited to the Information Commissioner’s Office (ICO), Commission Nationale de l’Informatique et des Libertés

(CNIL), the German data protection authorities, the Data Protection Commission (DPC), and the Swedish Authority for Privacy Protection (IMY), and the Spanish Data Protection Commissioner (Agencia Española de Protección de Datos, (AEPD)), to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies.

  1. with our partners or affiliates, in aggregate, statistical form, non-personal information regarding the visitors to our Website, traffic patterns, and Website usage with our partners or affiliates;
  2. if, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or

4. SERVICE UPDATES AND MARKETING PREFERENCES

A.     How we use personal information to keep you up to date with our Services

To protect privacy rights and to ensure you have control over how we manage marketing with you we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you.

B.     How you can manage your marketing preferences

You can opt out of marketing communications and use of your information for marketing at any time by contacting careteam@springhealth.com or by clicking on the “unsubscribe” link you will find on all marketing messages to you and requesting to be removed from future communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email).

5.    TRANSFERRING PERSONAL INFORMATION GLOBALLY

  1. Spring Health is a US based business. Accordingly, regardless of your location, your personal information will be transferred to and stored in the US, which may be subject to different standards of data protection than your home jurisdiction. Spring Health will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and

To this end:

  1. We ensure transfers within Spring Health entities and affiliates will be covered by an agreement entered into by members of Spring Health (an intercompany agreement)

which contractually obliges each entity to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within Spring Health;

  1. Where we transfer your personal information outside Spring Health or to third parties who help provide our Services, we obtain contractual commitments from them to protect your personal Some of these assurances are well recognized requirements like the use of EU Standard Contractual Clauses for the protection of personal information transferred from within the EU to countries outside of the EU; or
  2. Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are
  3. You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned

6.      HOW WE PROTECT AND STORE YOUR INFORMATION

A.     Security

We have implemented and maintain appropriate administrative, physical and technical security measures, policies and procedures that are reasonable and appropriate to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information as reasonable and appropriate to the nature of the information concerned. Measures we take include placing confidentiality requirements on our staff members and service providers and destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected. As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect user IDs and passwords please take appropriate measures to protect this information.

B.     Storing your personal information

  1. We will retain your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy policy. In some circumstances we may store your personal information for longer periods of time as required or permitted by law, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting
  2. In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or

7.     LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY

  1. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information (as further detailed below), including the right:
  1. To access personal information
  2. To rectify / erase personal information
  3. To restrict the processing of your personal information
  4. To withdraw consent for processing of personal information

  1. To object to how we use your personal information for direct marketing, market research or opinion polling purposes

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you.

You can exercise your rights by contacting us at careteam@springhealth.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

B.     Right to access personal information

You have a right to request that we provide you with a copy of your personal information that we hold, and you have the right to be informed of; (a) the source of your personal information;

(b) the purposes, legal basis and methods of processing; (c) the controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

C.     Right to rectify or erase personal information

  1. You have a right to request that we rectify inaccurate, erroneous, misleading or incomplete personal information. We may seek to verify the accuracy of the personal information before rectifying
  2. You can also request that we erase your personal information in limited circumstances where:
  3. you have withdrawn your consent (where the data processing was based on consent); or
  4. if their storage has no legal basis or if they are out of date; or
  5. when you have voluntarily provided your personal data or they are used for commercial communications and you no longer wish to be included in the respective registry, either permanently or
  6. We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
  7. for compliance with a legal obligation; or
  8. for the establishment, exercise or defence of legal claims;

D.     Right to restrict the processing of your personal information

  1. You can ask us to restrict the processing of your personal information, but only where:
  2. its accuracy cannot be established or its validity is doubtful and for which deletion is not appropriate
  3. We can continue to use your personal information following a request for restriction, where:
  4. we have your consent; or

  • to establish, exercise or defend legal claims

E.      Right to withdraw consent

Where we have obtained your consent as our legal basis to process your personal data, you have the right to withdraw consent at any time by emailing careteam@springhealth.com. Please note that in some instances, where you withdraw your consent this may negatively impact our ability to provide you with the Services.

F.      Right to object to how we use your personal information for direct marketing purposes

You can opt out of certain marketing communications and use of your information for marketing, market research or opinion polling purposes at any time by contacting careteam@springhealth.com or by clicking on the “unsubscribe” link you will find on all marketing messages to you and requesting to be removed from future communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email).

You can also request that we change the manner in which we contact you for marketing purposes or request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.

G.     Post-mortem rights

You have the right to set out instructions (general or specific) about what happens to your personal data after your death.

8.        CONTACT US

If you have any questions about this privacy policy, please contact us at compliance@springhealth.com or our Data Protection Officer (IT Governance Europe Limited) at eurep@itgovernance.eu.

Spring Health has appointed a data protection representative in the United Kingdom IT Governance Europe Limited who can be contacted at: eurep@itgovernance.eu.

Please ensure to include our company name in any correspondence you send.

If you have any questions, concerns or complaints regarding our compliance with this privacy policy and data protection laws, or if you wish to exercise your rights, we encourage you to first contact compliance@springhealth.com. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by data protection laws.

Última actualización: 22 de febrero de 2022

SPRING CARE, INC. POLÍTICA DE PRIVACIDAD (CHILE)

Spring Care, Inc. es responsable del tratamiento de sus datos personales.

Spring Care, Inc. y sus empresas afiliadas (conjuntamente, “Spring Health”, “nosotros”) se toma muy en serio sus obligaciones en materia de protección de datos y privacidad. Esta política de privacidad describe nuestras prácticas en relación con los datos que recogemos a través de (incluyendo cualquier acceso a) (1) El sitio web de Spring Health, actualmente accesible a través de https://benefits.springhealth.com, los materiales y servicios disponibles en el mismo, cualquier sitio web que pudiera sustituirlo en el futuro, así como cualquier Contenido entendido como texto, datos, gráficos, imágenes, fotografías, video, audio, datos, sugerencias, instrucciones, contenido y cualquier otro material facilitado, disponible o que usted pueda encontrar en el sitio web (“Sitio Web”), (2) las aplicaciones de software que podamos poner a su disposición para su utilización en o a través de cualquier ordenador o dispositivo móvil (“Aplicaciones”), (3) los test y cuestionarios (y los resultados de los mismos) que ponemos a su disposición en o a través del Sitio Web o de las Aplicaciones (“Cuestionarios”), (4) el sistema de reservas en el caso de que usted recurra a cualquier servicio profesional complementario prestado por nuestros subcontratistas, orientadores, terapeutas o cualquier otro proveedor de servicios (“Proveedores”) y (5) las grabaciones de llamadas cuando usted llame a los número de teléfono de nuestro centro de llamadas (todos los anteriores, conjuntamente, “Servicios”). Aplicamos esta política de privacidad de conformidad con lo previsto en la ley aplicable en aquellos lugares en los que desarrollamos nuestra actividad.

Esta política de privacidad también detalla como recogemos, utilizamos y comunicamos sus datos personales en el caso de que usted sea uno de nuestros Proveedores o representante del mismo, incluyendo también todos los casos en los que usted participe en un proceso de selección para convertirse en uno de nuestros Proveedores.

En particular, esta política de privacidad describe:

  • Los datos personales que recogemos y cuándo y por qué efectuamos su
  • Cómo comunicamos los datos personales dentro del grupo Spring Health y a nuestros proveedores de servicios, reguladores y a otros
  • Cómo utilizamos de sus datos para facilitarle actualizaciones del Servicio y cómo puede usted configurar sus preferencias de
  • Transferencias internacionales de
  • Cómo protegemos y almacenamos los datos
  • Los derechos legales que le asisten para controlar su
  • Cómo puede ponerse en contacto con nosotros para obtener más

1.      ACTUALICACIONES DE ESTA POLÍTICA DE PRIVACIDAD

Estamos facultados para modificar esta política de privacidad en cualquier momento incorporando nuevos requisitos legales o cualquier otro elemento que afecte al funcionamiento de nuestro negocio.

Publicaremos los cambios de manera visible para que pueda saber en todo momento qué datos recogemos, cómo los utilizamos y en qué circunstancias, en su caso, los comunicamos a terceros. Revise periódicamente estas páginas para asegurarse de que está al tanto de la última versión de esta política de privacidad.

En nuestro Sitio Web, encontrará enlaces externos a sitios web de terceros. Esta política de privacidad no es aplicable al uso que usted haga de los sitios de terceros.

2.    CUÁLES SON LOS DATOS PERSONALES QUE RECOGEMOS Y CUÁNDO Y POR QUÉ EFECTUAMOS SU TRATAMIENTO

A.      Cuando recogemos datos personales

Recogemos sus datos personales si usted:

  • se registra en nuestro Sitio Web, utiliza nuestros Servicios o interactúa con nuestro Sitio Web, o
  • trabaja con nosotros como Proveedor, conjuntamente (“usted”).

B.                  Datos personales que recogemos y tratamos cuando usted se registra en o interactúa con nuestro Sitio Web o utiliza nuestros Servicios, y fines del tratamiento de datos:

1.             Datos personales que recogemos si usted utiliza nuestro Sitio Web o nuestros Servicios incluyen:

  • Datos identificativos: nombre y apellido, fecha de nacimiento, dirección de correo electrónico, país de residencia, nombre de usuario y contraseña.
  • Datos sensibles: origen racial y datos sobre salud, i.e. información general acerca de su salud y bienestar, incluyendo la información que nos proporcione acerca de su estado general y hábitos cotidianos, información sobre su salud mental, hábitos cotidianos, nivel de actividad, alimentación diaria y hábitos de alimentación así como la información acerca de su vida personal, familiar y social que usted nos proporcione al darse de alta y crear una cuenta o a través de cualquiera de los Cuestionarios que le facilitamos como parte de nuestros

2.             Otros datos que recopilamos cuando usted utiliza nuestros Servicios o interactúa con nuestro Sitio Web

Cuando usted utiliza nuestros Servicios o interactúa con nuestro Sitio Web recopilamos otros datos que incluyen:

  • Información sobre su navegador y dispositivo: La mayoría de los navegadores o su dispositivo, automáticamente, recogen determinados datos, tales como los siguientes: dirección MAC (Control de Acceso a los Medios), tipo de ordenador (Windows o Macintosh), resolución de pantalla, nombre y versión de su sistema operativo, fabricante y modelo de su dispositivo, idioma, tipo de navegador de internet y versión y nombre y versión de los Servicios (como la Aplicación) que esté usted
  • Datos de uso de la Aplicación: Cuando usted utiliza las Aplicaciones, nosotros o nuestros proveedores hacemos seguimiento y recopilamos determinados datos de uso, tales como la fecha y hora en la que la Aplicación instalada en su dispositivo accede a nuestros servidores y qué información y archivos se descargan en la Aplicación sobre la base del número de su dispositivo.
  • Datos obtenidos a través del uso de cookies, píxeles de seguimiento (pixel tags) u otras tecnologías: Utilizamos píxeles de seguimiento (también conocidos como balizas web y GIFs transparentes) en relación con algunos Servicios para, entre otras cosas, hacer seguimiento de las actividades de los usuarios de los Servicios (incluyendo la de los destinatarios de correo electrónico) y elaborar estadísticas sobre el uso de los Servicios y los índices de respuesta así como datos demográficos de carácter general y datos
  • Otros datos personales: dirección IP, datos de ubicación y datos sobre sus medios de comunicación

Si, en el marco de los Servicios nos enviara, a nosotros o a nuestros proveedores de servicios, cualquier dato personal relativo a otra persona, usted manifiesta que tiene la capacidad necesaria para comunicarnos dichos datos y para permitirnos utilizar los datos de conformidad con esta política de privacidad.

3.             Podemos utilizar los datos personales recogidos cuando usted utiliza nuestros Sitios Web o Servicios con su consentimiento o de cualquier otra manera permitida por la ley aplicable, para cualquiera de las siguientes finalidades:

  • Proporcionarle los Servicios que nos solicite, que pueden consistir en una combinación de uso e interacción con nuestro Sitio Web, Aplicaciones, Cuestionarios y/o
  • Responder a sus consultas, satisfacer sus peticiones y enviarle las comunicaciones que nos haya solicitado, tales como los resultados de cualquier Cuestionario que usted hubiera podido
  • Enviarle información administrativa, por ejemplo, información relativa a los Servicios y a las modificaciones de nuestras condiciones generales y políticas.
  • Comercializar nuestros Servicios. Esto incluye el envío de comunicaciones acerca de nuestros Servicios, características, estudios, encuestas, novedades, actualizaciones y eventos. Podemos enviar dichas comunicaciones a través de

distintos medios incluyendo el correo electrónico, notificaciones y anuncios de la Aplicación así como a través de anuncios publicados en plataformas de terceros.

  • Para nuestra gestión interna, incluyendo el análisis de datos, desarrollo de nuevos servicios, optimización, mejora o modificación de los Servicios, auditorías, control y prevención del fraude e identificación de tendencias de
  • Utilizamos los datos personales, incluyendo los datos sensibles, de numerosos usuarios de los Servicios para crear “datos agregados” no identificables (tales como informes en los que se incluye el porcentaje de usuarios que han dado una determinada respuesta u obtenido un resultado concreto al realizar un Cuestionario) que podrán comunicarse a
  • Si usted nos remite ideas, propuestas, sugerencias, recomendaciones o cualquier otro material (“Comentarios”), relacionados o no con los
  • Tal y como consideremos necesario o apropiado y únicamente en la forma permitida por la ley aplicable, para (a) ejercitar cualquier acción legal; (b) responder a cualquier requerimiento de cualquier autoridad pública o administrativa, incluyendo autoridades públicas o administrativas fuera de su país de residencia; (c) proteger nuestro negocio y el de cualquiera de nuestras empresas afiliadas, incluyendo en todos aquellos casos en los que el tratamiento resulte necesario para investigar un incidente de seguridad; o para (d) proteger nuestros derechos, privacidad, seguridad o propiedad privada y/o los de nuestras empresas afiliadas, los suyos o los de cualquier
  • Para personalizar su experiencia al utilizar los Servicios, por ejemplo, para ofrecerle Cuestionarios y servicios

4.             Bases legales que justifican el tratamiento de sus datos personales

Solo recogemos, tratamos y comunicamos sus datos personales cuando tenemos el convencimiento de que existe una base legal adecuada que justifica el tratamiento. Dicha base legal puede ser cualquiera de las siguientes:

  • usted nos ha dado su consentimiento para el tratamiento de sus datos personales;
  • y/o
  • el tratamiento de sus datos personales resulta necesario para cumplir con una obligación legal o regulatoria, por ejemplo, para el ejercicio de una acción legal, responder a los requerimientos efectuados por cualquier autoridad pública o administrativa, proteger nuestro negocio o el de cualquiera de nuestras empresas afiliadas incluyendo todos aquellos casos en los que el tratamiento resulte necesario para investigar un incidente de seguridad; o para proteger nuestros derechos, privacidad, seguridad o propiedad privada y/o los de nuestras empresas afiliadas, los suyos o los de cualquier
  • Si desea obtener más información acerca de las bases legales que justifican el tratamiento de sus datos personales, póngase en contacto con nosotros a través de la siguiente dirección compliance@springhealth.com.

C.      Datos personales que recopilamos y usamos si trabaja con nosotros como Proveedor y fines del tratamiento de datos

1.              Los datos personales que recopilamos a partir del momento en el que nos solicita trabajar con nosotros como Proveedor y mientras continúe trabajando con nosotros en tal condición, incluyen:

  • Datos identificativos: como su nombre, dirección de correo electrónico, fotografía, nombre de soltera; seudónimo(s); dirección actual y direcciones anteriores; fecha de nacimiento; lugar de nacimiento; número de Identificación (que puede incluir su número de pasaporte, documento nacional de Identidad, carnet de conducir) y nombre completo de sus progenitores.
  • Datos sobre su situación laboral: nombre de su empleador; datos de su contrato de trabajo; nombre y datos de contacto de su supervisor; puesto de trabajo; franja salarial; fecha de inicio y extinción de su relación laboral; razones de extinción de su relación laboral.
  • Datos acerca de su formación y cualificación: nombre del centro educativo; datos de contacto del centro educativo; número de estudiante; datos de cualificación; área de estudio; fechas de asistencia; fechas de graduación.
  • Otros datos: Datos de pago para poder efectuar los pagos correspondientes a su favor y datos que deban incluirse en nuestros sistemas de comunicación, esto es, los medios de comunicación pertenecientes a Spring Health que usted utilizará (correo electrónico, teléfono y comunicaciones electrónicas).

2.              Si usted es uno de nuestros Proveedores, utilizaremos sus datos personales de la siguiente forma:

  • Para establecer, cumplir y llevar a efecto las condiciones bajo las que usted o la organización a la que usted representa contratará con nosotros y para comunicarnos con usted;
  • Para pagar y gestionar sus honorarios;
  • Para gestionar cualquier otra solicitud o servicio solicitado por usted durante la vigencia de su relación con nosotros;
  • Para garantizar el buen funcionamiento de nuestra relación con usted (incluyendo el de todas las actividades que deben llevarse a cabo antes, durante y tras la finalización de dicha relación, tales como por ejemplo, poder confirmar su idoneidad para trabajar con nosotros como Proveedor);
  • Para controlar y prevenir problemas de ciberseguridad y el uso no autorizado de nuestros datos, sistemas informáticos y/o equipos;
  • Para incluir en su perfil su identificación fotográfica; o
  • En los casos en los que resulte necesario, para entablar procedimientos legales, investigar, plantear, ejercitar o defender una reclamación judicial; y llegar a un acuerdo transaccional en relación con cualquier reclamación

3.              Bases legales que justifican el tratamiento de sus datos personales

Solo recogemos, tratamos y comunicamos sus datos personales cuando tenemos el convencimiento de que existe una base legal adecuada que justifica el tratamiento. Dicha base legal puede ser cualquiera de las siguientes:

  • el tratamiento de sus datos personales resulta necesario para cumplir con cualquier obligación legal o regulatoria, por ejemplo, para el ejercicio de una acción legal, responder a los requerimientos efectuados por cualquier autoridad pública o administrativa, proteger nuestro negocio o el de cualquiera de nuestras empresas afiliadas incluyendo todos aquellos casos en los que el tratamiento resulte necesario para investigar un incidente de seguridad; o para proteger nuestros derechos, privacidad, seguridad o propiedad privada y/o los de nuestras empresas afiliadas, los suyos y los de cualquier tercero;
  • usted ha dado su consentimiento para que tratemos sus datos
  • Si desea obtener más información acerca de las bases legales que justifican el tratamiento de sus datos personales, póngase en contacto con nosotros a través de la siguiente dirección compliance@springhealth.com.

3.       COMUNICACIÓN DE DATOS PERSONALES DENTRO DE SPRING HEALTH, A NUESTROS PROVEEDORES DE SERVICIOS Y A OTROS TERCEROS

A.      En determinadas circunstancias, muy concretas, comunicaremos sus datos en la forma y para los fines que se describen a continuación:

  1. dentro del grupo Spring Health, cuando dicha comunicación resulte necesaria para proporcionarle nuestros Servicios o gestionar nuestro negocio, incluyendo la comunicación a nuestra Sociedad Médica Profesional gestionada bajo la marca Spring, SH Medical Care of Kansas,
  2. a terceros que nos prestan servicios relativos a la gestión de nuestro negocio y a la prestación de los Servicios, por ejemplo:
  3. facilitaremos sus datos personales a nuestros Proveedores cuando resulte necesario para permitirle disponer de cualquier prestación específica de nuestros Servicios;
  4. si es usted un Proveedor, comunicaremos sus datos a terceros para comprobar su idoneidad como proveedor de los

Todos estos terceros han formalizado los correspondientes acuerdos de confidencialidad y utilizarán los datos personales que les comuniquemos o que recopilen en nuestro nombre únicamente para prestar el servicio para el que han sido contratados. Lo anterior incluye también servicios de alojamiento de sitios web, almacenamiento y análisis de datos, plataformas de organización y planificación, tecnologías informáticas

y suministro de infraestructuras relacionada con lo anterior, entrega de correo electrónico, auditoría y otros servicios.

  1. con los reguladores a cuya jurisdicción estemos sujetos, incluyendo, sin limitación la Agencia de Inspección de Información (Information Commissioner’s Office) (ICO), la Comisión Nacional de Informática y Libertades (Commission Nationale de l’Informatique et des Libertés) (CNIL), las autoridades de protección de datos alemanas, la Comisión de Protección de Datos (DPC), la autoridad sueca para la Protección de la Privacidad (IMY) y la Agencia Española de Protección de Datos (AEPD), para cumplir con las leyes, reglamentos y normas aplicables así como con cualquier requerimiento de un órgano judicial, de cualquier regulador o de otro organismo
  2. con nuestros socios o empresas afiliadas, datos agregados, estadísticos, que no pueden considerarse como datos personales, relativos a las visitas a nuestro Sitio Web, patrones de tráfico y uso del Sitio Web;
  3. En el caso de que, en el futuro, vendiéramos o transmitiéramos parte o la totalidad de nuestro negocio o activos a cualquier tercero, estaremos facultados para facilitar información a cualquier comprador potencial o real de nuestro negocio o

4.    ACTUALIZACIONES DE SERVICIO Y OPCIONES DE MARKETING

A.      Cómo tratamos sus datos personales para mantenerle actualizado acerca de nuestros Servicios

Para proteger sus derechos de privacidad y garantizarle el control sobre cómo gestionamos el marketing de nuestros Servicios, adoptaremos las medidas necesarias para limitar el marketing directo a un nivel razonable y proporcionado y únicamente le enviaremos comunicaciones que consideremos que pueden resultarle interesantes o que son apropiadas para usted.

B.      Cómo puede gestionar sus opciones de marketing

Usted puede optar por no recibir comunicaciones de marketing y oponerse a que sus datos personales se utilicen para fines de marketing en cualquier momento poniéndose en contacto con careteam@springhealth.com o haciendo clic en el enlace “darse de baja” que encontrará en cualquier comunicación de marketing que haya podido recibir, debiendo solicitar que se le excluya de cualquier comunicación futura. Le pediremos que determine si desea ser excluido de todo tipo de comunicaciones de marketing o únicamente de un tipo concreto (v.g. correo electrónico).

5.    TRANSFERENCIA INTERNACIONAL DE SUS DATOS PERSONALES

  1. Spring Health es una empresa con sede en los Estados Unidos. En consecuencia y con independencia de su ubicación, sus datos personales se transmitirán y almacenarán en los Estados Unidos. La normativa de este país establece unos niveles de protección de los datos personales que podrían ser distintos a los aplicables por las leyes vigentes en su país de origen. Spring Health adoptará las medidas necesarias para garantizar que las transferencias de datos personales se realizan de conformidad con la ley aplicable y son gestionadas cuidadosamente para proteger sus derechos de privacidad y sus

A tal efecto:

  1. Nos aseguramos que las transferencias entre las entidades del grupo Spring Health y sus empresas afiliadas quedan cubiertas por un acuerdo formalizado entre las empresas del grupo Spring Health de que se trate (un contrato entre empresas) en virtud del cual cada una de dichas entidades quedará contractualmente obligada a garantizar que los datos personales reciben un nivel de protección adecuado y uniforme, con independencia de cuál sea la entidad del grupo Spring Health a la que se transfieran;
  2. En los casos en los que los datos personales se transfieran fuera del grupo Spring Health o a terceros con los que contratamos para poder prestar nuestros Servicios, el contrato formalizado con estos establecerá la obligación de proteger sus datos personales. Algunas de estas garantías son requisitos ampliamente reconocidos como el uso de las Cláusulas Contractuales Tipo de la UE para la protección de los datos personales transferidos desde la UE a países fuera de la misma; o
  3. Al recibir cualquier requerimiento de información de un órgano judicial o regulador, comprobamos cuidadosamente la solicitud antes de remitir ningún tipo de dato
  4. Tiene derecho a ponerse en contacto con nosotros para solicitarnos más información acerca de las garantías que hemos establecido (incluyendo copia de las obligaciones contractuales correspondientes) para garantizar una adecuada protección de sus datos personales cuando estos se transfieren de la forma indicada

6.      CÓMO PROTEGEMOS Y ALMACENAMOS SUS DATOS PERSONALES

A.      Seguridad

Hemos establecido y mantenemos medidas, políticas y procedimientos de seguridad tanto de carácter administrativo, como físico y técnico, para reducir el riesgo de destrucción, pérdida accidental, revelación o acceso no autorizados a dicha información razonables y apropiadas en función de la naturaleza de los datos de que se trate.

Las medidas que hemos adoptado incluyen la imposición a nuestros empleados y proveedores de servicios, de confidencialidad así como la destrucción o anonimización permanente de los datos personales que ya no resultan necesarios para la finalidad para la que se recogieron. Como la seguridad de sus datos personales depende, en parte, de la

seguridad del ordenador que usted utilice para comunicarse con nosotros y de la seguridad que usted aplique para proteger sus identificadores y contraseñas, deberá usted adoptar las medidas apropiadas para proteger esta información.

B.      Conservación de sus datos personales

  1. Conservaremos sus datos personales durante el plazo razonablemente necesario para cumplir con los fines para los que fueron recogidos, tal y como se detalla en esta política de privacidad. En determinadas circunstancias, conservaremos sus datos personales durante un período más largo, según lo permitido o exigido legalmente, por ejemplo, en aquellos casos en los que debamos conservar esos datos en cumplimiento de una obligación legal, regulatoria, fiscal o
  2. En determinados casos, conservaremos sus datos personales durante un período de tiempo más largo para disponer de registros precisos de su relación con nosotros en caso de reclamaciones o disputas o cuando consideremos razonablemente que existe la posibilidad de que se plantee cualquier litigio sobre sus datos personales o la relación mantenida con
  3. Si usted utiliza nuestros Servicios y reside en Alemania, debe saber que estamos sujetos a determinadas obligaciones de conservación y documentación según lo previsto, entre otros, en el Código de Comercio Alemán (HGB) y el Código Fiscal Alemán (AO). Los plazos de conservación y documentación previstos en dichas normas pueden llegar hasta los diez años. Por último, el plazo de conservación de sus datos personales estará asimismo determinado por los plazos de prescripción legal, que pueden alcanzar los treinta años, por ejemplo, de conformidad con lo previsto en el artículo §§ 195 y siguientes del Código Civil alemán (BGB), siendo el período de prescripción legal ordinario de tres años.

7.     DERECHOS LEGALES QUE LE ASISTEN PARA CONTROLAR SU PRIVACIDAD

  1. Sujeto a determinadas excepciones, y dependiendo, en ciertos casos, de la actividad del tratamiento que llevemos a cabo, usted tiene determinados derechos en relación con sus datos personales (tal y como se detalla a continuación), incluyendo los derechos a:
  1. acceder a sus datos personales
  2. rectificar/ suprimir sus datos personales
  3. limitar el tratamiento de sus datos personales
  4. revocar el consentimiento otorgado al tratamiento de sus datos personales
  5. oponerse a que utilicemos sus datos personales para fines de marketing directo, investigación de mercado o encuestas de opinión

Por razones de seguridad antes de facilitarle ningún dato personal, le solicitaremos determinada información adicional para confirmar su identidad. Cuando así lo permita la ley, nos reservamos el derecho a cobrar un determinado importe por la tramitación de su solicitud en determinados casos, por ejemplo, en el caso de solicitudes manifiestamente injustificadas o excesivas.

Puede ejercitar cualquiera de sus derechos poniéndose en contacto con nosotros a través de la siguiente dirección careteam@springhealth.com. Sujeto a cualquier consideración legal o de otro tipo, realizaremos todos los esfuerzos razonables para tramitar su solicitud a la mayor brevedad posible informándole con prontitud en los casos en los que necesitemos más información para poder tramitarla.

No siempre será posible cumplir íntegramente con su solicitud, por ejemplo, en aquellos casos en los que la misma repercuta en cualquier obligación de confidencialidad asumida frente a un tercero o en los que estemos facultados legalmente para tramitar su solicitud de otra manera.

B.      Derecho de acceso a sus datos personales

Tiene derecho a solicitarnos que le facilitemos una copia de sus datos personales y a recibir información acerca de: (a) las fuentes de las que hemos obtenido sus datos personales; (b) los fines, base legal y los medios relacionados con el tratamiento; (c) la identidad del responsable del tratamiento; y (d) las entidades o categorías de entidades a las que se transferirán sus datos personales.

C.      Derecho de rectificación o cancelación de sus datos personales

  1. Tiene derecho a solicitarnos que rectifiquemos sus datos personales erróneos, inexactos, equívocos o incompletos. Trataremos de verificar la exactitud de sus datos personales antes de
  2. Asimismo, puede solicitarnos que eliminemos sus datos personales en circunstancias muy concretas tales como cuando:
  3. Usted haya revocado su consentimiento (cuando la base legal que justifica el tratamiento sea dicho consentimiento); o
  4. en caso de que su almacenamiento carezca de fundamento legal o cuando estuvieren caducos; o
  5. cuando haya proporcionado voluntariamente sus datos personales o ellos se usen para comunicaciones comerciales y no desee continuar figurando en el registro respectivo, sea de modo definitivo o temporal
  6. No estamos obligados a tramitar ninguna solicitud de cancelación de sus datos personales en aquellos casos en los que el tratamiento de los mismos sea necesario para:
  7. cumplir con una obligación legal; o
  8. interponer, ejercitar o defender cualquier reclamación

D.      Derecho a limitar el tratamiento de sus datos personales

  1. Puede solicitar que limitemos el tratamiento de sus datos personales únicamente en los siguientes casos:
  2. cuando la exactitud de los datos no pueda ser establecida o cuya vigencia sea dudosa y respecto de los cuales no corresponda la cancelación
  3. .
  4. Podremos continuar tratando sus datos personales tras una solicitud de limitación del tratamiento cuando:
  5. Tengamos su consentimiento; o
  6. Para interponer, ejercitar o defendernos de cualquier reclamación

E.      Derecho a revocar su consentimiento

En los casos en los que la base legal del tratamiento de sus datos personales sea su consentimiento, usted tiene derecho a revocar dicho consentimiento en cualquier momento enviando un correo electrónico a careteam@springhealth.com. Tenga en cuenta que, en determinados casos, la revocación de su consentimiento puede afectar a nuestra capacidad para prestarle los Servicios.

F.      Derecho a oponerse al tratamiento de sus datos personales para fines de marketing directo

Puede optar por no recibir determinadas comunicaciones de marketing y decidir que sus datos personales no sean tratados para fines de marketing, investigación de mercado o encuestas de opinión en cualquier momento poniéndose en contacto con nosotros a través de la siguiente dirección careteam@springhealth.com o haciendo clic en el enlace “darse de baja” que encontrará en todas nuestras comunicaciones de marketing, solicitándonos que le excluyamos de cualquier comunicación en el futuro. Deberá especificar si desea ser excluido de todo tipo de comunicaciones de marketing o sólo de un tipo concreto (por ejemplo, correo electrónico).

También puede solicitarnos que modifiquemos la forma en la que nos ponemos en contacto con usted para fines de marketing o que no comuniquemos sus datos personales a terceras empresas no afiliadas para fines de marketing directo o para ningún otro fin.

G.     Herencia Digital

Tiene derecho a establecer instrucciones (generales o específicas) acerca de lo que ocurrirá con sus datos personales en el caso de que usted fallezca.

8.        PÓNGASE EN CONTACTO CON NOSOTROS

Si tiene cualquier pregunta acerca de esta política de privacidad, póngase en contacto con nosotros a través de la siguiente dirección de correo electrónico compliance@springhealth.com o con nuestro Delegado de Protección de Datos (IT Governance Europe Limited) a través de la siguiente dirección de correo electrónico eurep@itgovernance.eu.

Spring Health ha nombrado un delegado de protección de datos en el Reino Unido, IT Governance Europe Limited, con el que puede ponerse en contacto a través de: eurep@itgovernance.eu.

Asegúrese de incluir el nombre de nuestra empresa en toda la correspondencia que envíe.

Si tuviera cualquier pregunta, problema o reclamación en relación con el cumplimiento de esta política de privacidad y de las leyes aplicables sobre protección de datos o en el caso de que usted quisiera ejercitar cualquiera de sus derechos, le pedimos que, en primer lugar, se ponga en contacto con compliance@springhealth.com. Indagaremos en lo ocurrido y trataremos de resolver las reclamaciones y controversias y de hacer todos los esfuerzos razonables para facilitarle el ejercicio de sus derechos a la mayor brevedad posible y, en todo caso, en los plazos previstos en las leyes sobre protección de datos.

Last Updated: February 23, 2022

SPRING CARE, INC. PRIVACY POLICY (COLOMBIA)

Spring Care, Inc. is responsible for your personal information.

Spring Care, Inc. and its affiliates (collectively referred to as “Spring Health”, “we“, “us“) takes its data protection and privacy responsibilities seriously. This privacy policy describes our practices in connection with information that we collect through (including any access to) (1) the Spring Health website currently located at https://benefits.springhealth.com, materials and services available therein, and successor website(s) thereto, together with any Content: meaning text, data, graphics, images, photographs, video, audio, information, suggestions, guidance, content and other materials provided, made available or otherwise found on the website (“Website”), (2) the software applications we may make available for use on or through computers and mobile devices (“Apps”), (3) the quizzes, tests, and questionnaires (and results thereof) we make available on or through the Website or Apps (“Questionnaires”), (4) the booking system should you avail of additional professional services through our contractors, counselors, therapists or other service providers (“Providers”), and (5) call recordings when you call our call center phone numbers (all of the foregoing, collectively, “Services”). We follow this privacy policy in accordance with applicable laws in the places where we operate.

This privacy policy also explains how we collect, use and share personal information if you are or represent one of our Providers, including if you go through the application process to become one of our Providers.

Specifically, this privacy policy describes:

  • What personal information we collect and when and why we use
  • How we share personal information within Spring Health and with our service providers, regulators and other third parties
  • How we use your information to provide Service updates to you and how you can manage your marketing preferences
  • Transferring personal information globally
  • How we protect and store personal information
  • Legal rights available to help manage your privacy
  • How you can contact us for more support

1.      UPDATES TO THIS PRIVACY POLICY

We may amend this privacy policy from time to time to keep it up to date with legal requirements and the way we operate our business. We will post those changes prominently, so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. Please regularly check these pages for the latest version of this privacy policy.

You might find external links to third party websites on our Website. This privacy policy does not apply to your use of a third party site.

2.    WHAT PERSONAL INFORMATION WE COLLECT AND WHEN AND WHY WE USE IT

A.     When we collect personal information

We collect information about you if you:

  • register with, use our Services or engage with our Website, or
  • work with us as a Provider, collectively (“you“).

B.     Personal information we collect and use if you register with or use our Services or if you engage with our Website:

1.             Personal information collected if you use our Website or Services includes:

  • Personal details: first name and surname, date of birth, email address, country of residence, username and
  • Sensitive information about you: racial origin and health information i.e. general information about your health and wellbeing, including indications about your overall mood and daily habits, information on your mental wellbeing, daily habits, activity levels, daily nutrition and eating habits as well as information about your personal, family and social life which is entered by you when registering for an account or in any Questionnaires we make available through the

2.             Other information when you use our Services or engage with our Website

Other information collected if you use our Services or engage with our Website includes:

  • Browser and device information: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are
  • App usage data: When you use the Apps, we and our service providers may track and collect usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device

  • Information gathered through use of cookies, pixel tags or other technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of users of the Services (including email recipients), and compile statistics about usage of the Services and response rates as well as general demographic information and aggregated information.
  • Other personal information: IP address, location data and information around your preferred means of

If you submit any personal information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this privacy policy.

3.             We may use personal data collected if you use our Websites or Services or if you consent or as permitted by applicable law in the following ways:

  • To provide you with the Services you request, which may be combination of the use or engagement with our Website, App, Questionnaires and/or
  • To respond to your inquiries, fulfil your requests, and send you communications that you request, such as the results of any Questionnaire that you have
  • To send administrative information to you, for example, information regarding the Services and changes to our terms, conditions and
  • To market our Services to you. This includes sending communications about our Services, features, studies, surveys, news, updates, and events. We may do so through various methods, including email, in app communications and ads, and ads on third party
  • For our internal management and business purposes, such as data analysis, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage
  • We may use personal information, including sensitive information, from many Services users to create non-identifiable “aggregate data” (for example, reports that calculate the percentage of users who have a particular response to or result from the Questionnaires) that may be disclosed to third
  • If you provide to us any ideas, proposals, suggestions, recommendations or other materials (“Feedback”), whether related to the Services or
  • As we believe to be necessary or appropriate, and only as permitted under applicable law (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or
  • To personalize your experience on the Services, for example, by presenting Questionnaires and similar services to

4.             The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • you have provided your consent to us using the personal information, for example by opting in to receiving the Service, by registering for an account or by voluntarily inputting your personal information g., when you answer a Questionnaire;
  • our use of your personal information is in our legitimate interest as a commercial organisation (for example for our internal management and business purposes, such as data analysis, to ensure that the Services function properly, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage trends). In these cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the section below LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY;
  • our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you for example where you have opted to receive the Services it is mandatory to provide your name and email address to register your account in order to receive the Services. For further information please see our Terms of Service (https://care.springhealth.com/terms_of_service); and/or
  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example, to comply with legal process, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
  • If you would like to find out more about the legal basis for which we process personal information, please contact us at compliance@springhealth.com.

C.     Personal information we collect if you work with us as a Provider

1.  Personal information collected if you apply to work with us as a Provider, and continue to work with us as a Provider, includes:

  • Personal details: such as your name, email address, photo, maiden name; alias(es); current and previous addresses; birth date; birth place; ID number (which may include passport, national ID card, driver’s license) and mother/father’s complete
  • Information about your employment status: employer name; employer contact details; manager name; manager contact details; job title; pay rate; dates of employment; reason for leaving
  • Information about your education and qualifications: school name; school contact details; student number; qualification details; field of study; school attendance dates; school graduation
  • Other information: payment information so that we can make payments to you and information contained on our communications systems, these are the Spring Health communications facilities used by you (email, phone, mobile phone and computer communication).

2.  If you are one of our Providers, we may use your personal data in the following ways:

  • To determine, perform and execute the terms on which you, or the organization you represent will be engaged by us and communicate with you;
  • To pay and administer your fees;
  • To administer other requests or services requested by you throughout your engagement with us;
  • To ensure the smooth running of our engagement with you (including all of the activities that need to be undertaken before, during and after such engagement for instance to confirm your eligibility to work with us as a );
  • To monitor against and prevent cyber-security issues and unauthorised use of our information, IT systems and/or equipment;
  • Maintain photo identification of you for your profile; or
  • Where it may be necessary, to file legal proceedings, investigate, establish, exercise or defend a legal claim; and settle legal

3.  The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you, e. the Contractor Agreement;
  • our use of your personal information is in our legitimate interest as a commercial organisation (for example to monitor against and prevent cyber-security issues and unauthorised use of our information, IT systems and/or equipment, or maintain photo identification of you for your profile); and/or
  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example, to comply with legal process, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
  • If you would like to find out more about the legal basis for which we process personal information please contact us at compliance@springhealth.com.

3.       SHARING PERSONAL INFORMATION WITHIN SPRING CARE, WITH OUR SERVICE PROVIDERS, AND OTHER THIRD PARTIES

A.     We may share your information under limited circumstances in the manner and for the purposes described below:

  1. within Spring Health, where such disclosure is necessary to provide you with our Services or to manage our business, including with our Spring-branded Medical Professional Corporation, SH Medical Care of Kansas,
  2. with third parties who help manage our business and deliver Services, for example:
  3. we will provide your personal information to our Providers, as necessary to allow you to avail of that specific element of our Services;
  4. if you are one of our Providers, we will share your information with third parties to confirm your eligibility to carry out the

These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These may also include website hosting, data storage and analysis, scheduling platforms, information technology and related infrastructure provision, email delivery, auditing and other services.

  1. with our regulators, which may include but is not limited to the Information Commissioner’s Office (ICO), Commission Nationale de l’Informatique et des Libertés (CNIL), the German data protection authorities, the Data Protection Commission (DPC), and the Swedish Authority for Privacy Protection (IMY), and the Spanish Data Protection Commissioner (Agencia Española de Protección de Datos, (AEPD)), to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
  2. with our partners or affiliates, in aggregate, statistical form, non-personal information regarding the visitors to our Website, traffic patterns, and Website usage with our partners or affiliates;
  3. if, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or

IV.    SERVICE UPDATES AND MARKETING PREFERENCES

A.     How we use personal information to keep you up to date with our Services

To protect privacy rights and to ensure you have control over how we manage marketing with you we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you.

B.     How you can manage your marketing preferences

You can opt out of certain marketing communications and use of your information for marketing at any time by contacting careteam@springhealth.com or by clicking on the “unsubscribe” link you will find on all marketing messages to you and requesting to be removed from future

communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email).

5.    TRANSFERRING PERSONAL INFORMATION GLOBALLY

  1. Spring Health is a US based business. Accordingly, regardless of your location, your personal information will be transferred to and stored in the US, which may be subject to different standards of data protection than your home jurisdiction. Spring Health will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and

To this end:

  1. We ensure transfers within Spring Health entities and affiliates will be covered by an agreement entered into by members of Spring Health (an intercompany agreement) which contractually obliges each entity to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within Spring Health;
  2. Where we transfer your personal information outside Spring Health or to third parties who help provide our Services, we obtain contractual commitments from them to protect your personal Some of these assurances are well recognized requirements like the use of EU Standard Contractual Clauses for the protection of personal information transferred from within the EU to countries outside of the EU; or
  3. Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are
  4. You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned

6.      HOW WE PROTECT AND STORE YOUR INFORMATION

A.     Security

We have implemented and maintain appropriate administrative, physical and technical security measures, policies and procedures that are reasonable and appropriate to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information as reasonable and appropriate to the nature of the information concerned. Measures we take include placing confidentiality requirements on our staff members and service providers and destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected. As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect user IDs and passwords please take appropriate measures to protect this information.

B.     Storing your personal information

  1. We will retain your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy policy. In some circumstances we may store your personal information for longer periods of time as required or permitted by law, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting
  2. In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or
  3. As our operations are conducted from the US, subject to the information set out in Section V TRANSFERRING YOUR INFORMATION GLOBALLY, all personal information that we collect is used and stored in the US, is subject to US laws, and may be subject to disclosure to US governments, courts or law enforcement or regulatory agencies pursuant to those

7.     LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY

  1. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information (as further detailed below), including the right:
  1. To access personal information
  2. To rectify / erase personal information
  3. To restrict the processing of your personal information
  4. To transfer your personal information
  5. To object to the processing of personal information
  6. Withdraw consent for processing of personal information
  7. To object to how we use your personal information for direct marketing purposes
  8. To obtain a copy of personal information safeguards used for transfers outside your jurisdiction
  9. To lodge a complaint with your local supervisory authority

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us at careteam@springhealth.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

B.     Right to access personal information

You have a right to request that we provide you with a copy of your personal information that we hold, and you have the right to be informed of; (a) the source of your personal information;

(b) the purposes, legal basis and methods of processing; (c) the controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

C.     Right to rectify or erase personal information

  1. You have a right to request that we rectify inaccurate personal We may seek to verify the accuracy of the personal information before rectifying it.
  2. You can also request that we erase your personal information in limited circumstances where:
  3. it is no longer needed for the purposes for which it was collected; or
  4. you have withdrawn your consent (where the data processing was based on consent); or
  5. following a successful right to object (see right to object); or
  6. it has been processed unlawfully; or
  7. to comply with a legal obligation to which Spring Health is
  8. We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
  9. for compliance with a legal obligation; or
  10. for the establishment, exercise or defence of legal claims;

D.     Right to restrict the processing of your personal information

  1. You can ask us to restrict your personal information, but only where:
  2. its accuracy is contested, to allow us to verify its accuracy; or
  3. the processing is unlawful, but you do not want it erased; or
  4. it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  5. you have exercised the right to object, and verification of overriding grounds is pending.
  6. We can continue to use your personal information following a request for restriction, where:
  7. we have your consent; or
  8. to establish, exercise or defend legal claims; or
  9. to protect the rights of another natural or legal

E.      Right to transfer your personal information

  1. You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
  2. the processing is based on your consent or on the performance of a contract with you; and
  3. the processing is carried out by automated

F.      Right to object to the processing of your personal information

G.     Right to withdraw consent

Where we have obtained your consent as our legal basis to process your personal data, you have the right to withdraw consent at any time by emailing careteam@springhealth.com. Please note that in some instances, where you withdraw your consent this may negatively impact our ability to provide you with the Services.

H.     Right to object to how we use your personal information for direct marketing purposes

You can opt out of certain marketing communications and use of your information for marketing at any time by contacting careteam@springhealth.com or by clicking on the “unsubscribe” link you will find on all marketing messages to you and requesting to be removed from future communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email).

You can also request that we change the manner in which we contact you for marketing purposes or request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.

I.         Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union and the United Kingdom.

We may redact data transfer agreements to protect commercial terms.

J.       Right to lodge a complaint with your local supervisory authority

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

K.     Post-mortem rights

You have the right to set out instructions (general or specific) about what happens to your personal data after your death.

L.      Legitimation for the exercise of the rights

The rights may be exercised by the following persons:

  1. by the Data Subject, who must sufficiently prove his identity by the different means made available by the responsible

  1. By their successors in title, who must prove such

  1. By the representative and/or attorney-in-fact of the Data Controller, prior accreditation of the representation or power of

  1. By stipulation in favor of another or for

The rights of children or adolescents shall be exercised by the persons authorized to represent them.

8.        CONTACT US

If you have any questions about this privacy policy, please contact us at compliance@springhealth.com or our Data Protection Officer (IT Governance Europe Limited) at eurep@itgovernance.eu.

Spring Health has appointed a data protection representative in the United Kingdom IT Governance Europe Limited who can be contacted at: eurep@itgovernance.eu.

Please ensure to include our company name in any correspondence you send.

If you have any questions, concerns or complaints regarding our compliance with this privacy policy and data protection laws, or if you wish to exercise your rights, we encourage you to first contact compliance@springhealth.com. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by data protection laws.

Última actualización: 22 de febrero de 2022

SPRING CARE, INC. POLÍTICA DE PRIVACIDAD

Spring Care, Inc. es responsable del tratamiento de sus datos personales.

Spring Care, Inc. y sus empresas afiliadas (conjuntamente, “Spring Health”, “nosotros”) se toma muy en serio sus obligaciones en materia de protección de datos y privacidad. Esta política de privacidad describe nuestras prácticas en relación con los datos que recogemos a través de (incluyendo cualquier acceso a) (1) El sitio web de Spring Health, actualmente accesible a través de https://benefits.springhealth.com, los materiales y servicios disponibles en el mismo, cualquier sitio web que pudiera sustituirlo en el futuro, así como cualquier Contenido entendido como texto, datos, gráficos, imágenes, fotografías, video, audio, datos, sugerencias, instrucciones, contenido y cualquier otro material facilitado, disponible o que usted pueda encontrar en el sitio web (“Sitio Web”), (2) las aplicaciones de software que podamos poner a su disposición para su utilización en o a través de cualquier ordenador o dispositivo móvil (“Aplicaciones”), (3) los test y cuestionarios (y los resultados de los mismos) que ponemos a su disposición en o a través del Sitio Web o de las Aplicaciones (“Cuestionarios”), (4) el sistema de reservas en el caso de que usted recurra a cualquier servicio profesional complementario prestado por nuestros subcontratistas, orientadores, terapeutas o cualquier otro proveedor de servicios (“Proveedores”) y (5) las grabaciones de llamadas cuando usted llame a los número de teléfono de nuestro centro de llamadas (todos los anteriores, conjuntamente, “Servicios”). Aplicamos esta política de privacidad de conformidad con lo previsto en la ley aplicable en aquellos lugares en los que desarrollamos nuestra actividad.

Esta política de privacidad también detalla como recogemos, utilizamos y comunicamos sus datos personales en el caso de que usted sea uno de nuestros Proveedores o representante del mismo, incluyendo también todos los casos en los que usted participe en un proceso de selección para convertirse en uno de nuestros Proveedores.

En particular, esta política de privacidad describe:

  • Los datos personales que recogemos y cuándo y por qué efectuamos su
  • Cómo comunicamos los datos personales dentro del grupo Spring Health y a nuestros proveedores de servicios, reguladores y a otros
  • Cómo utilizamos de sus datos para facilitarle actualizaciones del Servicio y cómo puede usted configurar sus preferencias de
  • Transferencias internacionales de
  • Cómo protegemos y almacenamos los datos
  • Los derechos legales que le asisten para controlar su
  • Cómo puede ponerse en contacto con nosotros para obtener más

1.      ACTUALICACIONES DE ESTA POLÍTICA DE PRIVACIDAD

Estamos facultados para modificar esta política de privacidad en cualquier momento incorporando nuevos requisitos legales o cualquier otro elemento que afecte al funcionamiento de nuestro negocio.

Publicaremos los cambios de manera visible para que pueda saber en todo momento qué datos recogemos, cómo los utilizamos y en qué circunstancias, en su caso, los comunicamos a terceros. Revise periódicamente estas páginas para asegurarse de que está al tanto de la última versión de esta política de privacidad.

En nuestro Sitio Web, encontrará enlaces externos a sitios web de terceros. Esta política de privacidad no es aplicable al uso que usted haga de los sitios de terceros.

2.    CUÁLES SON LOS DATOS PERSONALES QUE RECOGEMOS Y CUÁNDO Y POR QUÉ EFECTUAMOS SU TRATAMIENTO

A.      Cuando recogemos datos personales

Recogemos sus datos personales si usted:

  • se registra en nuestro Sitio Web, utiliza nuestros servicios o interactúa con nuestro Sitio Web, o
  • trabaja con nosotros como Proveedor, conjuntamente (“usted”).

B.      Datos personales que recogemos y tratamos cuando usted se registra en o interactúa con nuestro Sitio Web o utiliza nuestros Servicios:

1.              Los datos personales que recogemos si usted utiliza nuestro Sitio Web o nuestros servicios incluyen:

  • Datos identificativos: nombre y apellido, fecha de nacimiento, dirección de correo electrónico, país de residencia, nombre de usuario y contraseña.
  • Datos especialmente protegidos o sensibles: origen racial y datos sobre salud,

i.e. información general acerca de su salud y bienestar, incluyendo la información que nos proporcione acerca de su estado general y hábitos cotidianos, información sobre su salud mental, hábitos cotidianos, nivel de actividad, alimentación diaria y hábitos de alimentación así como la información acerca de su vida personal, familiar y social que usted nos proporcione al darse de alta y crear una cuenta o a través de cualquiera de los Cuestionarios que le facilitamos como parte de nuestros Servicios.

2.              Otros datos que recopilamos cuando usted utiliza nuestros Servicios o interactúa con nuestro Sitio Web

Cuando usted utiliza nuestros Servicios o interactúa con nuestro Sitio Web recopilamos otros datos que incluyen:

  • Información sobre su navegador y dispositivo: La mayoría de los navegadores o su dispositivo, automáticamente, recogen determinados datos, tales como los siguientes: dirección MAC (Control de Acceso a los Medios), tipo de ordenador (Windows o Macintosh), resolución de pantalla, nombre y versión de su sistema operativo, fabricante y modelo de su dispositivo, idioma, tipo de navegador de internet y versión y nombre y versión de los Servicios (como la Aplicación) que esté usted
  • Datos de uso de la Aplicación: Cuando usted utiliza las Aplicaciones, nosotros o nuestros proveedores hacemos seguimiento y recopilamos determinados datos de uso, tales como la fecha y hora en la que la Aplicación instalada en su dispositivo accede a nuestros servidores y qué información y archivos se descargan en la Aplicación sobre la base del número de su dispositivo.
  • Datos obtenidos a través del uso de cookies, píxeles de seguimiento (pixel tags) u otras tecnologías: Utilizamos píxeles de seguimiento (también conocidos como balizas web y GIFs transparentes) en relación con algunos Servicios para, entre otras cosas, hacer seguimiento de las actividades de los usuarios de los Servicios (incluyendo la de los destinatarios de correo electrónico) y elaborar estadísticas sobre el uso de los Servicios y los índices de respuesta así como datos demográficos de carácter general y datos
  • Otros datos personales: dirección IP, datos de ubicación y datos sobre sus medios de comunicación

Si, en el marco de los Servicios nos enviara, a nosotros o a nuestros proveedores de servicios, cualquier dato personal relativo a otra persona, usted manifiesta que tiene la capacidad necesaria para comunicarnos dichos datos y para permitirnos utilizar los datos de conformidad con esta política de privacidad.

3.              Podemos utilizar los datos personales recogidos cuando usted utiliza nuestros Sitios Web o Servicios así como los recogidos con su consentimiento o de cualquier otra manera permitida por la ley aplicable, para cualquiera de las siguientes finalidades:

  • Proporcionarle los Servicios que nos solicite, que pueden consistir en una combinación de uso e interacción con nuestro Sitio Web, Aplicaciones, Cuestionarios y/o
  • Responder a sus consultas, satisfacer sus peticiones y enviarle las comunicaciones que nos haya solicitado, tales como los resultados de cualquier Cuestionario que usted hubiera podido
  • Enviarle información administrativa, por ejemplo, información relativa a los Servicios y a las modificaciones de nuestras condiciones generales y políticas.
  • Comercializar nuestros Servicios. Esto incluye el envío de comunicaciones acerca de nuestros     Servicios,    características,     estudios,     encuestas,     novedades,

actualizaciones y eventos. Podemos enviar dichas comunicaciones a través de distintos medios incluyendo el correo electrónico, notificaciones y anuncios de la Aplicación así como a través de anuncios publicados en plataformas de terceros.

  • Para nuestra gestión interna, incluyendo el análisis de datos, desarrollo de nuevos servicios, optimización, mejora o modificación de los Servicios, auditorías, control y prevención del fraude e identificación de tendencias de
  • Utilizamos los datos personales, incluyendo los datos especialmente protegidos o sensibles, de numerosos usuarios de los Servicios para crear “datos agrupados” no identificables (tales como informes en los que se incluye el porcentaje de usuarios que han dado una determinada respuesta u obtenido un resultado concreto al realizar un Cuestionario) que podrán comunicarse a
  • Si usted nos remite ideas, propuestas, sugerencias, recomendaciones o cualquier otro material (“Comentarios”), relacionados o no con los
  • Tal y como consideremos necesario o apropiado y únicamente en la forma permitida por la ley aplicable, para (a) ejercitar cualquier acción legal; (b) responder a cualquier requerimiento de cualquier autoridad pública o administrativa, incluyendo autoridades públicas o administrativas fuera de su país de residencia; (c) proteger nuestro negocio y el de cualquiera de nuestras empresas afiliadas, incluyendo en todos aquellos casos en los que el tratamiento resulte necesario para investigar un incidente de seguridad; o para (d) proteger nuestros derechos, privacidad, seguridad o propiedad privada y/o los de nuestras empresas afiliadas, los suyos o los de cualquier
  • Para personalizar su experiencia al utilizar los Servicios, por ejemplo, para ofrecerle Cuestionarios y servicios

4.              Bases legales que justifican el tratamiento de sus datos personales

Solo recogemos, tratamos y comunicamos sus datos personales cuando tenemos el convencimiento de que existe una base legal adecuada que justifica el tratamiento. Dicha base legal puede ser cualquiera de las siguientes:

  • usted nos ha dado su consentimiento para el tratamiento de sus datos personales, por ejemplo, al acceder a recibir el Servicio, al dar de alta una cuenta o al facilitar voluntariamente sus datos personales, por ejemplo, al contestar a un Cuestionario;
  • el tratamiento de sus datos personales se efectúa como consecuencia de nuestro interés legítimo como organización empresarial (por ejemplo, para finalidades empresariales o de gestión interna, como análisis de datos, garantizar que los Servicios funcionan correctamente, desarrollar nuevos servicios, optimizar, mejorar o modificar los Servicios, auditorías, control y prevención del fraude, identificación de tendencias de uso). En estos casos, protegeremos sus datos en todo momento, de forma proporcional y respetando sus derechos de Usted tiene derecho a oponerse al tratamiento tal y como se detalla en el apartado DERECHOS LEGALES QUE LE ASISTEN PARA CONTROLAR SU PRIVACIDAD que se incluye a continuación;
  • el tratamiento de sus datos personales resulta necesario para cumplir con un contrato o para realizar las actuaciones necesarias para formalizar un contrato con usted; por ejemplo, en los casos en los que usted opta por recibir los Servicios, es obligatorio que nos proporcione su nombre y dirección de correo electrónico para

dar de alta una cuenta con el fin de recibir los Servicios. Si desea más información, consulte                        nuestras                        Condiciones                        Generales (https://care.springhealth.com/terms_of_service); y/o

  • el tratamiento de sus datos personales resulta necesario para cumplir con una obligación legal o regulatoria, por ejemplo, para el ejercicio de una acción legal, responder a los requerimientos efectuados por cualquier autoridad pública o administrativa, proteger nuestro negocio o el de cualquiera de nuestras empresas afiliadas incluyendo todos aquellos casos en los que el tratamiento resulte necesario para investigar un incidente de seguridad; o para proteger nuestros derechos, privacidad, seguridad o propiedad privada y/o los de nuestras empresas afiliadas, los suyos o los de cualquier
  • Si desea obtener más información acerca de las bases legales que justifican el tratamiento de sus datos personales, póngase en contacto con nosotros a través de la siguiente dirección compliance@springhealth.com.

C.      Datos personales que recopilamos si trabaja con nosotros como Proveedor

1.              Los datos personales que recopilamos a partir del momento en el que nos solicita trabajar con nosotros como Proveedor y mientras continúe trabajando con nosotros en tal condición, incluyen:

  • Datos identificativos: como su nombre, dirección de correo electrónico, fotografía, nombre de soltera; seudónimo(s); dirección actual y direcciones anteriores; fecha de nacimiento; lugar de nacimiento; número de Identificación (que puede incluir su número de pasaporte, documento nacional de Identidad, carnet de conducir) y nombre completo de sus progenitores.
  • Datos sobre su situación laboral: nombre de su empleador; datos de su contrato de trabajo; nombre y datos de contacto de la persona responsable sobre usted; puesto de trabajo; franja salarial; fecha de inicio y extinción de su relación laboral; razones de extinción de su relación
  • Datos acerca de su formación y cualificación: nombre del centro educativo; datos de contacto del centro educativo; número de estudiante; datos de cualificación; área de estudio; fechas de asistencia; fechas de graduación.
  • Otros datos: Datos de pago para poder efectuar los pagos correspondientes a su favor y datos que deban incluirse en nuestros sistemas de comunicación, esto es, los medios de comunicación pertenecientes a Spring Health que usted utilizará (correo electrónico, teléfono y comunicaciones electrónicas).

2.              Si usted es uno de nuestros Proveedores, utilizaremos sus datos personales de la siguiente forma:

  • Para establecer, cumplir y llevar a efecto las condiciones bajo las que usted o la organización a la que usted representa contratará con nosotros y para comunicarnos con usted;
  • Para pagar y gestionar sus honorarios;
  • Para gestionar cualquier otra solicitud o servicio solicitado por usted durante la vigencia de su relación con nosotros;

  • Para garantizar el buen funcionamiento de nuestra relación con usted (incluyendo el de todas las actividades que deben llevarse a cabo antes, durante y tras la finalización de dicha relación, tales como por ejemplo, poder confirmar su idoneidad para trabajar con nosotros como Proveedor);
  • Controlar y prevenir problemas de ciberseguridad y el uso no autorizado de nuestros datos, sistemas informáticos y/o equipos;
  • Incluir en su perfil su identificación fotográfica; o
  • En los casos en los que resulte necesario, entablar procedimientos legales, investigar, plantear, ejercitar o defender una reclamación judicial; y llegar a un acuerdo transaccional en relación con cualquier reclamación

3.              Bases legales que justifican el tratamiento de sus datos personales

Solo recogemos, tratamos y comunicamos sus datos personales cuando tenemos el convencimiento de que existe una base legal adecuada que justifica el tratamiento. Dicha base legal puede ser cualquiera de las siguientes:

  • el tratamiento de sus datos personales es necesario para cumplir con lo previsto en un contrato o para realizar las actuaciones necesarias para poder formalizar un contrato con usted, i.e. el Acuerdo de Subcontratación;
  • tenemos un interés legítimo, como organización empresarial, en el tratamiento de sus datos personales (por ejemplo, para controlar y prevenir problemas de ciberseguridad y el uso no autorizado de nuestros datos, sistemas informáticos y/o equipos, o para incluir una identificación fotográfica suya en su perfil); y/o
  • el tratamiento de sus datos personales resulta necesario para cumplir con cualquier obligación legal o regulatoria, por ejemplo, para el ejercicio de una acción legal, responder a los requerimientos efectuados por cualquier autoridad pública o administrativa, proteger nuestro negocio o el de cualquiera de nuestras empresas afiliadas incluyendo todos aquellos casos en los que el tratamiento resulte necesario para investigar un incidente de seguridad; o para proteger nuestros derechos, privacidad, seguridad o propiedad privada y/o los de nuestras empresas afiliadas, los suyos y los de cualquier
  • Si desea obtener más información acerca de las bases legales que justifican el tratamiento de sus datos personales, póngase en contacto con nosotros a través de la siguiente dirección compliance@springhealth.com.

3.       COMUNICACIÓN DE DATOS PERSONALES DENTRO DEL GRUPO SPRING CARE, A NUESTROS PROVEEDORES DE SERVICIOS Y A OTROS TERCEROS

A.      En determinadas circunstancias, muy concretas, comunicaremos sus datos en la forma y para los fines que se describen a continuación:

  1. dentro del grupo Spring Health, cuando dicha comunicación resulte necesaria para proporcionarle nuestros Servicios o gestionar nuestro negocio, incluyendo la comunicación a nuestra Sociedad Médica Profesional gestionada bajo la marca Spring, SH Medical Care of Kansas,
  2. a terceros que nos prestan servicios relativos a la gestión de nuestro negocio y a la prestación de los Servicios, por ejemplo:
  3. facilitaremos sus datos personales a nuestros Proveedores cuando resulte necesario para permitirle disponer de cualquier prestación específica de nuestros Servicios;
  4. si es usted un Proveedor, comunicaremos sus datos a terceros para comprobar su idoneidad como proveedor de los

Todos estos terceros han formalizado los correspondientes acuerdos de confidencialidad y utilizarán los datos personales que les comuniquemos o que recopilen en nuestro nombre únicamente para prestar el servicio para el que han sido contratados. Lo anterior incluye también servicios de alojamiento de sitios web, almacenamiento y análisis de datos, plataformas de organización y planificación, tecnologías informáticas y suministro de infraestructuras relacionada con lo anterior, entrega de correo electrónico, auditoría y otros servicios.

  1. con los reguladores a cuya jurisdicción estemos sujetos, incluyendo, sin limitación la Agencia de Inspección de Información (Information Commissioner’s Office) (ICO), la Comisión Nacional de Informática y Libertades (Commission Nationale de l’Informatique et des Libertés) (CNIL), las autoridades de protección de datos alemanas, la Comisión de Protección de Datos (DPC), la autoridad sueca para la Protección de la Privacidad (IMY) y la Agencia Española de Protección de Datos (AEPD), para cumplir con las leyes, reglamentos y normas aplicables así como con cualquier requerimiento de un órgano judicial, de cualquier regulador o de otro organismo administrativo;
  2. Con nuestros socios o empresas afiliadas, datos agregados, estadísticos, que no pueden considerarse como datos personales, relativos a las visitas a nuestro Sitio Web, patrones de tráfico y uso del Sitio Web;
  3. En el caso de que, en el futuro, vendiéramos o transmitiéramos parte o la totalidad de nuestro negocio o activos a cualquier tercero, estaremos facultados para facilitar información a cualquier comprador potencial o real de nuestro negocio o

4.    ACTUALIZACIONES DE SERVICIO Y OPCIONES DE MARKETING

A.      Cómo tratamos sus datos personales para mantenerle actualizado acerca de nuestros Servicios

Para proteger sus derechos de privacidad y garantizarle el control sobre cómo gestionamos el marketing de nuestros Servicios, adoptaremos las medidas necesarias para limitar el marketing

directo a un nivel razonable y proporcionado y únicamente le enviaremos comunicaciones que consideremos que pueden resultarle interesantes o que son apropiadas para usted.

B.      Cómo puede gestionar sus opciones de marketing

Usted puede optar por no recibir determinadas comunicaciones de marketing y oponerse a que sus datos personales se utilicen para fines de marketing en cualquier momento poniéndose en contacto con careteam@springhealth.com o haciendo clic en el enlace “darse de baja” que encontrará en cualquier comunicación de marketing que haya podido recibir, debiendo solicitar que se le excluya de cualquier comunicación futura. Le pediremos que determine si desea ser excluido de todo tipo de comunicaciones de marketing o únicamente de un tipo concreto (v.g. correo electrónico).

5.    TRANSFERENCIA INTERNACIONAL DE SUS DATOS PERSONALES

  1. Spring Health es una empresa con sede en los Estados Unidos. En consecuencia y con independencia de su ubicación, sus datos personales se transmitirán y almacenarán en los Estados Unidos. La normativa de este país establece unos niveles de protección de los datos personales que podrían ser distintos a los aplicables por las leyes vigentes en su país de origen. Spring Health adoptará las medidas necesarias para garantizar que las transferencias de datos personales se realizan de conformidad con la ley aplicable y son gestionadas cuidadosamente para proteger sus derechos de privacidad y sus

A tal efecto:

  1. Nos aseguramos que las transferencias entre las entidades del grupo Spring Health y sus empresas afiliadas quedan cubiertas por un acuerdo formalizado entre las empresas del grupo Spring Health de que se trate (un contrato entre empresas) en virtud del cual cada una de dichas entidades quedará contractualmente obligada a garantizar que los datos personales reciben un nivel de protección adecuado y uniforme, con independencia de cuál sea la entidad del grupo Spring Health a la que se transfieran;
  2. En los casos en los que los datos personales se transfieran fuera del grupo Spring Health o a terceros con los que contratamos para poder prestar nuestros Servicios, el contrato formalizado con estos establecerá la obligación de proteger sus datos personales. Algunas de estas garantías son requisitos ampliamente reconocidos como el uso de las Cláusulas Contractuales Tipo de la UE para la protección de los datos personales transferidos desde la UE a países fuera de la misma; o
  3. Al recibir cualquier requerimiento de información de un órgano judicial o regulador, comprobamos cuidadosamente la solicitud antes de remitir ningún tipo de dato
  4. Tiene derecho a ponerse en contacto con nosotros para solicitarnos más información acerca de las garantías que hemos establecido (incluyendo copia de las obligaciones contractuales correspondientes) para garantizar una adecuada protección de sus datos personales cuando estos se transfieren de la forma indicada arriba.

6.      CÓMO PROTEGEMOS Y ALMACENAMOS SUS DATOS PERSONALES

A.      Seguridad

Hemos establecido y mantenemos medidas, políticas y procedimientos de seguridad tanto de carácter administrativo, como físico y técnico, para reducir el riesgo de destrucción, pérdida accidental, revelación o acceso no autorizados a dicha información razonables y apropiadas en función de la naturaleza de los datos de que se trate.

Las medidas que hemos adoptado incluyen la imposición a nuestros empleados y proveedores de servicios, de confidencialidad así como la destrucción o anonimización permanente de los datos personales que ya no resultan necesarios para la finalidad para la que se recogieron. Como la seguridad de sus datos personales depende, en parte, de la seguridad del ordenador que usted utilice para comunicarse con nosotros y de la seguridad que usted aplique para proteger sus identificadores y contraseñas, deberá usted adoptar las medidas apropiadas para proteger esta información.

B.      Conservación de sus datos personales

  1. Conservaremos sus datos personales durante el plazo razonablemente necesario para cumplir con los fines para los que fueron recogidos, tal y como se detalla en esta política de privacidad. En determinadas circunstancias, conservaremos sus datos personales durante un período más largo, según lo permitido o exigido legalmente, por ejemplo, en aquellos casos en los que debamos conservar esos datos en cumplimiento de una obligación legal, regulatoria, fiscal o
  2. En determinados casos, conservaremos sus datos personales durante un período de tiempo más largo para disponer de registros precisos de su relación con nosotros en caso de reclamaciones o disputas o cuando consideremos razonablemente que existe la posibilidad de que se plantee cualquier litigio sobre sus datos personales o la relación mantenida con
  3. Dado que nuestro negocio se gestiona desde los Estados Unidos, y con sujeción a lo previsto en el Apartado V TRANSFERENCIA INTERNACIONAL DE SUS DATOS PERSONALES, todos los datos personales que recogemos se tratan y almacenan en los Estados Unidos, según lo previsto en las leyes de este país y podrán ser facilitados a los órganos administrativos, tribunales, reguladores o cualquier otro organismo competente de conformidad con dichas
  4. Si usted utiliza nuestros Servicios y reside en Alemania, debe saber que estamos sujetos a determinadas obligaciones de conservación y documentación según lo previsto, entre otros, en el Código de Comercio Alemán (HGB) y el Código Fiscal Alemán (AO). Los plazos de conservación y documentación previstos en dichas normas pueden llegar hasta los diez años. Por último, el plazo de conservación de sus datos personales estará asimismo determinado por los plazos de prescripción legal, que pueden alcanzar los treinta años, por ejemplo, de conformidad con lo previsto en el artículo §§ 195 y siguientes del Código Civil alemán (BGB), siendo el período de prescripción legal ordinario de tres años.

7.     DERECHOS LEGALES QUE LE ASISTEN PARA CONTROLAR SU PRIVACIDAD

  1. Sujeto a determinadas excepciones, y dependiendo, en ciertos casos, de la actividad del tratamiento que llevemos a cabo, usted tiene determinados derechos en relación con sus datos personales (tal y como se detalla a continuación), incluyendo los derechos a:
  1. acceder a sus datos personales

  1. rectificar/ suprimir sus datos personales
  2. limitar el tratamiento de sus datos personales
  3. solicitar la portabilidad de sus datos personales
  4. oponerse al tratamiento de sus datos personales
  5. revocar el consentimiento otorgado al tratamiento de sus datos personales
  6. oponerse a que utilicemos sus datos personales para fines de marketing directo
  7. obtener una copia de las cláusulas de salvaguarda utilizadas en relación con la transferencia internacional de sus datos personales
  8. presentar una reclamación ante la autoridad de control de su lugar de residencia

Por razones de seguridad antes de facilitarle ningún dato personal, le solicitaremos determinada información adicional para confirmar su identidad. Cuando así lo permita la ley, nos reservamos el derecho a cobrar un determinado importe por la tramitación de su solicitud en determinados casos, por ejemplo, en el caso de solicitudes manifiestamente injustificadas o excesivas.

Puede ejercitar cualquiera de sus derechos poniéndose en contacto con nosotros a través de la siguiente dirección careteam@springhealth.com. Sujeto a cualquier consideración legal o de otro tipo, realizaremos todos los esfuerzos razonables para tramitar su solicitud a la mayor brevedad posible informándole con prontitud en los casos en los que necesitemos más información para poder tramitarla.

No siempre será posible cumplir, íntegramente, con su solicitud, por ejemplo, en aquellos casos en los que la misma repercuta en cualquier obligación de confidencialidad asumida frente a un tercero o en los que estemos facultados legalmente para tramitar su solicitud de otra manera.

B.      Derecho de acceso a sus datos personales

Tiene derecho a solicitarnos que le facilitemos una copia de sus datos personales y a recibir información acerca de: (a) las fuentes de las que hemos obtenido sus datos personales; (b) los fines, base legal y los medios relacionados con el tratamiento; (c) la identidad del responsable del tratamiento; y (d) las entidades o categorías de entidades a las que se transferirán sus datos personales.

C.      Derecho de rectificación o cancelación de sus datos personales

  1. Tiene derecho a solicitarnos que rectifiquemos los errores que sus datos personales pudieran contener. Trataremos de verificar la exactitud de sus datos personales antes de rectificarlos.
  2. Asimismo, puede solicitarnos que eliminemos sus datos personales en circunstancias muy concretas tales como cuando:
  3. Ya no sean necesarios para los fines para los que se recogieron; o
  4. Usted haya revocado su consentimiento (cuando la base legal que justifica el tratamiento sea dicho consentimiento); o
  5. Haya ejercitado con éxito su derecho de oposición (véase derecho de oposición); o
  6. Sus datos hubieran sido objeto de tratamiento ilegal, o

  • Cuando sea necesario para cumplir con una obligación legal de Spring
  1. No estamos obligados a tramitar ninguna solicitud de cancelación de sus datos personales en aquellos casos en los que el tratamiento de los mismos sea necesario para:
  2. cumplir con una obligación legal; o
  3. interponer, ejercitar o defender cualquier reclamación judicial;

D.      Derecho a limitar el tratamiento de sus datos personales

  1. Puede solicitar que limitemos el tratamiento de sus datos personales únicamente en los siguientes casos:
  2. cuando la exactitud de los datos se haya puesto en cuestión, para permitirnos verificar dicha exactitud; o
  3. cuando el tratamiento sea ilegal, pero usted no desee que sus datos sean eliminados; o
  4. cuando los datos no sean ya necesarios para los fines para los que se recogieron pero sí se necesiten para la interposición, ejercicio o defensa de una reclamación judicial; o
  5. cuando usted haya ejercitado su derecho de oposición y estemos verificando la existencia de un interés legítimo que deba prevalecer sobre dicha oposición.
  6. Podremos continuar tratando sus datos personales tras una solicitud de limitación del tratamiento cuando:
  7. Tengamos su consentimiento; o
  8. Para interponer, ejercitar o defendernos de cualquier reclamación judicial; o
  9. Para proteger los derechos de cualquier otra persona, física o jurídica.

E.     Derecho a la portabilidad de sus datos personales

  1. Puede solicitarnos que le facilitemos sus Datos Personales en un formato estructurado, de uso común y lectura mecánica o que sus datos personales se envíen directamente a otro responsable del tratamiento, pero, en ambos casos, únicamente cuando:
  2. El tratamiento se base en su consentimiento o en el cumplimiento de lo previsto en un contrato formalizado con usted; y
  3. El tratamiento se realice por medios

F.      Derecho a oponerse al tratamiento de sus datos personales

G.     Derecho a revocar su consentimiento

En los casos en los que la base legal del tratamiento de sus datos personales sea su consentimiento, usted tiene derecho a revocar dicho consentimiento en cualquier momento enviando un correo electrónico a careteam@springhealth.com. Tenga en cuenta que, en determinados casos, la revocación de su consentimiento puede afectar a nuestra capacidad para prestarle los Servicios.

H.      Derecho a oponerse al tratamiento de sus datos personales para fines de marketing directo

Puede optar por no recibir determinadas comunicaciones de marketing y decidir que sus datos personales no sean tratados para fines de marketing en cualquier momento poniéndose en contacto con nosotros a través de la siguiente dirección careteam@springhealth.com o haciendo clic en el enlace “darse de baja” que encontrará en todas nuestras comunicaciones de marketing, solicitándonos que le excluyamos de cualquier comunicación en el futuro. Deberá especificar si desea ser excluido de todo tipo de comunicaciones de marketing o sólo de un tipo concreto (por ejemplo, correo electrónico).

También puede solicitarnos que modifiquemos la forma en la que nos ponemos en contacto con usted para fines de marketing o que no comuniquemos sus datos personales a terceras empresas no afiliadas para fines de marketing directo o para ningún otro fin.

I.         Derecho a obtener una copia de las cláusulas legales de garantía en relación con el tratamiento de sus datos personales utilizadas en relación con las transferencias internacionales de esos datos

Puede solicitarnos una copia o que le remitamos al lugar donde poder consultar las cláusulas legales de garantía utilizadas para la transferencia de sus datos personales fuera de la Unión Europea y del Reino Unido.

Podemos redactar acuerdos de transferencia internacional de datos independientes para proteger la confidencialidad de nuestras condiciones comerciales.

J.       Derecho a presentar una reclamación ante la autoridad competente en materia de protección de datos de su lugar de residencia

Tiene derecho a presentar una reclamación ante la autoridad competente en materia de protección de datos de su lugar de residencia en el caso de que no esté usted de acuerdo con la forma en la que estemos tratando sus datos personales.

Aunque usted tiene derecho a ponerse en contacto con la autoridad competente en materia de protección de datos en cualquier momento, le pedimos que trate de resolver cualquier problema que pudiera plantearse poniéndose, en primer lugar, en contacto con nosotros.

Además de los derechos previstos en este Apartado VIII, en el caso de que utilice nuestros Servicios desde Francia, tiene usted un derecho adicional en relación con sus datos personales:

K.      Herencia Digital

Tiene derecho a establecer instrucciones (generales o específicas) acerca de lo que ocurrirá con sus datos personales en el caso de que usted fallezca.

L.      Legitimación para el ejercicio de los derechos del titular. Los derechos de los Titulares establecidos en la Ley, podrán ejercerse por las siguientes personas:

  1. Por el Titular, quien deberá acreditar su identidad en forma suficiente por los distintos medios que le ponga a disposición el

  1. Por sus causahabientes, quienes deberán acreditar tal

  1. Por el representante y/o apoderado del Titular, previa acreditación de la representación o apoderamiento.

  1. Por estipulación a favor de otro o para

Los derechos de los niños, niñas o adolescentes se ejercerán por las personas que estén facultadas para representarlos.

8.        PÓNGASE EN CONTACTO CON NOSOTROS

Si tiene cualquier pregunta acerca de esta política de privacidad, póngase en contacto con nosotros a través de la siguiente dirección de correo electrónico compliance@springhealth.com o con nuestro Delegado de Protección de Datos (IT Governance Europe Limited) a través de la siguiente dirección de correo electrónico eurep@itgovernance.eu.

Spring Health ha nombrado un delegado de protección de datos en el Reino Unido, IT Governance Europe Limited, con el que puede ponerse en contacto a través de: eurep@itgovernance.eu.

Asegúrese de incluir el nombre de nuestra empresa en toda la correspondencia que envíe.

Si tuviera cualquier pregunta, problema o reclamación en relación con el cumplimiento de esta política de privacidad y de las leyes aplicables sobre protección de datos o en el caso de que usted quisiera ejercitar cualquiera de sus derechos, le pedimos que, en primer lugar, se ponga en contacto con compliance@springhealth.com. Indagaremos en lo ocurrido y trataremos de resolver las reclamaciones y controversias y de hacer todos los esfuerzos razonables para facilitarle el ejercicio de sus derechos a la mayor brevedad posible y, en todo caso, en los plazos previstos en las leyes sobre protección de datos.

Last Updated: February 23, 2022

SPRING CARE, INC. PRIVACY POLICY

Spring Care, Inc. is responsible for your personal information.

Spring Care, Inc. and its affiliates (collectively referred to as “Spring Health”, “we“, “us“) takes its data protection and privacy responsibilities seriously. This privacy policy describes our practices in connection with information that we collect through (including any access to) (1) the Spring Health website currently located at https://benefits.springhealth.com, materials and services available therein, and successor website(s) thereto, together with any Content: meaning text, data, graphics, images, photographs, video, audio, information, suggestions, guidance, content and other materials provided, made available or otherwise found on the website (“Website”), (2) the software applications we may make available for use on or through computers and mobile devices (“Apps”), (3) the quizzes, tests, and questionnaires (and results thereof) we make available on or through the Website or Apps (“Questionnaires”), (4) the booking system should you avail of additional professional services through our contractors, counselors, therapists or other service providers (“Providers”), and (5) call recordings when you call our call center phone numbers (all of the foregoing, collectively, “Services”). We follow this privacy policy in accordance with applicable laws in the places where we operate.

This privacy policy also explains how we collect, use and share personal information if you are or represent one of our Providers, including if you go through the application process to become one of our Providers.

Specifically, this privacy policy describes:

  • What personal information we collect and when and why we use
  • How we share personal information within Spring Health and with our service providers, regulators and other third parties
  • How we use your information to provide Service updates to you and how you can manage your marketing preferences
  • Transferring personal information globally
  • How we protect and store personal information
  • Legal rights available to help manage your privacy
  • How you can contact us for more support

1.      UPDATES TO THIS PRIVACY POLICY

We may amend this privacy policy from time to time to keep it up to date with legal requirements and the way we operate our business. We will post those changes prominently, so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. Please regularly check these pages for the latest version of this privacy policy.

You might find external links to third party websites on our Website. This privacy policy does not apply to your use of a third party site.

2.    WHAT PERSONAL INFORMATION WE COLLECT AND WHEN AND WHY WE USE IT

A.     When we collect personal information

We collect information about you if you:

  • register with, use our Services or engage with our Website, or
  • work with us as a Provider, collectively (“you“).

B.     Personal information we collect and use if you register with or use our Services or if you engage with our Website:

1.             Personal information collected if you use our Website or Services includes:

  • Personal details: first name and surname, date of birth, email address, country of residence, username and
  • Sensitive information about you: racial origin and health information i.e. general information about your health and wellbeing, including indications about your overall mood and daily habits, information on your mental wellbeing, daily habits, activity levels, daily nutrition and eating habits as well as information about your personal, family and social life which is entered by you when registering for an account or in any Questionnaires we make available through the

2.             Other information when you use our Services or engage with our Website

Other information collected if you use our Services or engage with our Website includes:

  • Browser and device information: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are
  • App usage data: When you use the Apps, we and our service providers may track and collect usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device

  • Information gathered through use of cookies, pixel tags or other technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of users of the Services (including email recipients), and compile statistics about usage of the Services and response rates as well as general demographic information and aggregated information.
  • Other personal information: IP address, location data and information around your preferred means of

If you submit any personal information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this privacy policy.

3.             We may use personal data collected if you use our Websites or Services or if you consent or as permitted by applicable law in the following ways:

  • To provide you with the Services you request, which may be combination of the use or engagement with our Website, App, Questionnaires and/or
  • To respond to your inquiries, fulfil your requests, and send you communications that you request, such as the results of any Questionnaire that you have
  • To send administrative information to you, for example, information regarding the Services and changes to our terms, conditions and
  • To market our Services to you. This includes sending communications about our Services, features, studies, surveys, news, updates, and events. We may do so through various methods, including email, in app communications and ads, and ads on third party
  • For our internal management and business purposes, such as data analysis, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage
  • We may use personal information, including sensitive information, from many Services users to create non-identifiable “aggregate data” (for example, reports that calculate the percentage of users who have a particular response to or result from the Questionnaires) that may be disclosed to third
  • If you provide to us any ideas, proposals, suggestions, recommendations or other materials (“Feedback”), whether related to the Services or
  • As we believe to be necessary or appropriate, and only as permitted under applicable law (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or
  • To personalize your experience on the Services, for example, by presenting Questionnaires and similar services to

4.             The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • you have provided your consent to us using the personal information, for example by opting in to receiving the Service, by registering for an account or by voluntarily inputting your personal information g., when you answer a Questionnaire;
  • our use of your personal information is in our legitimate interest as a commercial organisation (for example for our internal management and business purposes, such as data analysis, to ensure that the Services function properly, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage trends). In these cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the section below LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY;
  • our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you for example where you have opted to receive the Services it is mandatory to provide your name and email address to register your account in order to receive the Services. For further information please see our Terms of Service (https://care.springhealth.com/terms_of_service); and/or
  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example, to comply with legal process, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
  • If you would like to find out more about the legal basis for which we process personal information, please contact us at compliance@springhealth.com.

C.     Personal information we collect if you work with us as a Provider

1.  Personal information collected if you apply to work with us as a Provider, and continue to work with us as a Provider, includes:

  • Personal details: such as your name, email address, photo, maiden name; alias(es); current and previous addresses; birth date; birth place; ID number (which may include passport, national ID card, driver’s license) and mother/father’s complete
  • Information about your employment status: employer name; employer contact details; manager name; manager contact details; job title; pay rate; dates of employment; reason for leaving
  • Information about your education and qualifications: school name; school contact details; student number; qualification details; field of study; school attendance dates; school graduation
  • Other information: payment information so that we can make payments to you and information contained on our communications systems, these are the Spring Health communications facilities used by you (email, phone, mobile phone and computer communication).

2.  If you are one of our Providers, we may use your personal data in the following ways:

  • To determine, perform and execute the terms on which you, or the organization you represent will be engaged by us and communicate with you;
  • To pay and administer your fees;
  • To administer other requests or services requested by you throughout your engagement with us;
  • To ensure the smooth running of our engagement with you (including all of the activities that need to be undertaken before, during and after such engagement for instance to confirm your eligibility to work with us as a );
  • To monitor against and prevent cyber-security issues and unauthorised use of our information, IT systems and/or equipment;
  • Maintain photo identification of you for your profile; or
  • Where it may be necessary, to file legal proceedings, investigate, establish, exercise or defend a legal claim; and settle legal

3.  The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you, e. the Contractor Agreement;
  • our use of your personal information is in our legitimate interest as a commercial organisation (for example to monitor against and prevent cyber-security issues and unauthorised use of our information, IT systems and/or equipment, or maintain photo identification of you for your profile); and/or
  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example, to comply with legal process, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
  • If you would like to find out more about the legal basis for which we process personal information please contact us at compliance@springhealth.com.

3.       SHARING PERSONAL INFORMATION WITHIN SPRING CARE, WITH OUR SERVICE PROVIDERS, AND OTHER THIRD PARTIES

A.     We may share your information under limited circumstances in the manner and for the purposes described below:

  1. within Spring Health, where such disclosure is necessary to provide you with our Services or to manage our business, including with our Spring-branded Medical Professional Corporation, SH Medical Care of Kansas,
  2. with third parties who help manage our business and deliver Services, for example:
  3. we will provide your personal information to our Providers, as necessary to allow you to avail of that specific element of our Services;
  4. if you are one of our Providers, we will share your information with third parties to confirm your eligibility to carry out the

These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These may also include website hosting, data storage and analysis, scheduling platforms, information technology and related infrastructure provision, email delivery, auditing and other services.

  1. with our regulators, which may include but is not limited to the Information Commissioner’s Office (ICO), Commission Nationale de l’Informatique et des Libertés (CNIL), the German data protection authorities, the Data Protection Commission (DPC), and the Swedish Authority for Privacy Protection (IMY), and the Spanish Data Protection Commissioner (Agencia Española de Protección de Datos, (AEPD)), to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
  2. with our partners or affiliates, in aggregate, statistical form, non-personal information regarding the visitors to our Website, traffic patterns, and Website usage with our partners or affiliates;
  3. if, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or

4.    SERVICE UPDATES AND MARKETING PREFERENCES

A.     How we use personal information to keep you up to date with our Services

To protect privacy rights and to ensure you have control over how we manage marketing with you we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you.

B.     How you can manage your marketing preferences

You can opt out of certain marketing communications and use of your information for marketing at any time by contacting careteam@springhealth.com or by clicking on the “unsubscribe” link you will find on all marketing messages to you and requesting to be removed from future

communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email).

5.    TRANSFERRING PERSONAL INFORMATION GLOBALLY

  1. Spring Health is a US based business. Accordingly, regardless of your location, your personal information will be transferred to and stored in the US, which may be subject to different standards of data protection than your home jurisdiction. Spring Health will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and

To this end:

  1. We ensure transfers within Spring Health entities and affiliates will be covered by an agreement entered into by members of Spring Health (an intercompany agreement) which contractually obliges each entity to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within Spring Health;
  2. Where we transfer your personal information outside Spring Health or to third parties who help provide our Services, we obtain contractual commitments from them to protect your personal Some of these assurances are well recognized requirements like the use of EU Standard Contractual Clauses for the protection of personal information transferred from within the EU to countries outside of the EU; or
  3. Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are
  4. You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned

6.      HOW WE PROTECT AND STORE YOUR INFORMATION

A.     Security

We have implemented and maintain appropriate administrative, physical and technical security measures, policies and procedures that are reasonable and appropriate to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information as reasonable and appropriate to the nature of the information concerned. Measures we take include placing confidentiality requirements on our staff members and service providers and destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected. As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect user IDs and passwords please take appropriate measures to protect this information.

B.     Storing your personal information

  1. We will retain your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy policy. In some circumstances we may store your personal information for longer periods of time as required or permitted by law, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting
  2. In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or
  3. As our operations are conducted from the US, subject to the information set out in Section V TRANSFERRING YOUR INFORMATION GLOBALLY, all personal information that we collect is used and stored in the US, is subject to US laws, and may be subject to disclosure to US governments, courts or law enforcement or regulatory agencies pursuant to those

7.     LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY

  1. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information (as further detailed below), including the right:
  1. To access personal information
  2. To rectify / erase personal information
  3. To restrict the processing of your personal information
  4. To transfer your personal information
  5. To object to the processing of personal information
  6. Withdraw consent for processing of personal information
  7. To object to how we use your personal information for direct marketing purposes
  8. To obtain a copy of personal information safeguards used for transfers outside your jurisdiction
  9. To lodge a complaint with your local supervisory authority

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us at careteam@springhealth.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

B.     Right to access personal information

You have a right to request that we provide you with a copy of your personal information that we hold, and you have the right to be informed of; (a) the source of your personal information;

(b) the purposes, legal basis and methods of processing; (c) the controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

C.     Right to rectify or erase personal information

  1. You have a right to request that we rectify inaccurate personal We may seek to verify the accuracy of the personal information before rectifying it.
  2. You can also request that we erase your personal information in limited circumstances where:
  3. it is no longer needed for the purposes for which it was collected; or
  4. you have withdrawn your consent (where the data processing was based on consent); or
  5. following a successful right to object (see right to object); or
  6. it has been processed unlawfully; or
  7. to comply with a legal obligation to which Spring Health is
  8. We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
  9. for compliance with a legal obligation; or
  10. for the establishment, exercise or defence of legal claims;

D.     Right to restrict the processing of your personal information

  1. You can ask us to restrict your personal information, but only where:
  2. its accuracy is contested, to allow us to verify its accuracy; or
  3. the processing is unlawful, but you do not want it erased; or
  4. it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  5. you have exercised the right to object, and verification of overriding grounds is pending.
  6. We can continue to use your personal information following a request for restriction, where:
  7. we have your consent; or
  8. to establish, exercise or defend legal claims; or
  9. to protect the rights of another natural or legal

E.      Right to transfer your personal information

  1. You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:

  • the processing is based on your consent or on the performance of a contract with you; and
  • the processing is carried out by automated

F.      Right to object to the processing of your personal information

G.     Right to withdraw consent

Where we have obtained your consent as our legal basis to process your personal data, you have the right to withdraw consent at any time by emailing careteam@springhealth.com. Please note that in some instances, where you withdraw your consent this may negatively impact our ability to provide you with the Services.

H.     Right to object to how we use your personal information for direct marketing purposes

You can opt out of certain marketing communications and use of your information for marketing at any time by contacting careteam@springhealth.com or by clicking on the “unsubscribe” link you will find on all marketing messages to you and requesting to be removed from future communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email).

You can also request that we change the manner in which we contact you for marketing purposes or request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.

I.         Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union and the United Kingdom.

We may redact data transfer agreements to protect commercial terms.

J.       Right to lodge a complaint with your local supervisory authority

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

K.                 Post-mortem rights

You have the right to set out instructions (general or specific) about what happens to your personal data after your death.

8.        CONTACT US

If you have any questions about this privacy policy, please contact us at compliance@springhealth.com or our Data Protection Officer (IT Governance Europe Limited) at eurep@itgovernance.eu.

Spring Health has appointed a data protection representative in the United Kingdom IT Governance Europe Limited who can be contacted at: eurep@itgovernance.eu.

Please ensure to include our company name in any correspondence you send.

If you have any questions, concerns or complaints regarding our compliance with this privacy policy and data protection laws, or if you wish to exercise your rights, we encourage you to first contact compliance@springhealth.com. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by data protection laws.

Última actualización: 22 de febrero de 2022

SPRING CARE, INC. POLÍTICA DE PRIVACIDAD

Spring Care, Inc. es responsable del tratamiento de sus datos personales.

Spring Care, Inc. y sus empresas afiliadas (conjuntamente, “Spring Health”, “nosotros”) se toma muy en serio sus obligaciones en materia de protección de datos y privacidad. Esta política de privacidad describe nuestras prácticas en relación con los datos que recogemos a través de (incluyendo cualquier acceso a) (1) El sitio web de Spring Health, actualmente accesible a través de https://benefits.springhealth.com, los materiales y servicios disponibles en el mismo, cualquier sitio web que pudiera sustituirlo en el futuro, así como cualquier Contenido entendido como texto, datos, gráficos, imágenes, fotografías, video, audio, datos, sugerencias, instrucciones, contenido y cualquier otro material facilitado, disponible o que usted pueda encontrar en el sitio web (“Sitio Web”), (2) las aplicaciones de software que podamos poner a su disposición para su utilización en o a través de cualquier ordenador o dispositivo móvil (“Aplicaciones”), (3) los test y cuestionarios (y los resultados de los mismos) que ponemos a su disposición en o a través del Sitio Web o de las Aplicaciones (“Cuestionarios”), (4) el sistema de reservas en el caso de que usted recurra a cualquier servicio profesional complementario prestado por nuestros subcontratistas, orientadores, terapeutas o cualquier otro proveedor de servicios (“Proveedores”) y (5) las grabaciones de llamadas cuando usted llame a los número de teléfono de nuestro centro de llamadas (todos los anteriores, conjuntamente, “Servicios”). Aplicamos esta política de privacidad de conformidad con lo previsto en la ley aplicable en aquellos lugares en los que desarrollamos nuestra actividad.

Esta política de privacidad también detalla como recogemos, utilizamos y comunicamos sus datos personales en el caso de que usted sea uno de nuestros Proveedores o representante del mismo, incluyendo también todos los casos en los que usted participe en un proceso de selección para convertirse en uno de nuestros Proveedores.

En particular, esta política de privacidad describe:

  • Los datos personales que recogemos y cuándo y por qué efectuamos su
  • Cómo comunicamos los datos personales dentro del grupo Spring Health y a nuestros proveedores de servicios, reguladores y a otros
  • Cómo utilizamos de sus datos para facilitarle actualizaciones del Servicio y cómo puede usted configurar sus preferencias de
  • Transferencias internacionales de
  • Cómo protegemos y almacenamos los datos
  • Los derechos legales que le asisten para controlar su
  • Cómo puede ponerse en contacto con nosotros para obtener más

1.      ACTUALICACIONES DE ESTA POLÍTICA DE PRIVACIDAD

Estamos facultados para modificar esta política de privacidad en cualquier momento incorporando nuevos requisitos legales o cualquier otro elemento que afecte al funcionamiento de nuestro negocio.

Publicaremos los cambios de manera visible para que pueda saber en todo momento qué datos recogemos, cómo los utilizamos y en qué circunstancias, en su caso, los comunicamos a terceros. Revise periódicamente estas páginas para asegurarse de que está al tanto de la última versión de esta política de privacidad.

En nuestro Sitio Web, encontrará enlaces externos a sitios web de terceros. Esta política de privacidad no es aplicable al uso que usted haga de los sitios de terceros.

2.    CUÁLES SON LOS DATOS PERSONALES QUE RECOGEMOS Y CUÁNDO Y POR QUÉ EFECTUAMOS SU TRATAMIENTO

A.      Cuando recogemos datos personales

Recogemos sus datos personales si usted:

  • se registra en nuestro Sitio Web, utiliza nuestros servicios o interactúa con nuestro Sitio Web, o
  • trabaja con nosotros como Proveedor, conjuntamente (“usted”).

B.      Datos personales que recogemos y tratamos cuando usted se registra en o interactúa con nuestro Sitio Web o utiliza nuestros Servicios:

1.              Los datos personales que recogemos si usted utiliza nuestro Sitio Web o nuestros servicios incluyen:

  • Datos identificativos: nombre y apellido, fecha de nacimiento, dirección de correo electrónico, país de residencia, nombre de usuario y contraseña.
  • Datos especialmente protegidos: origen racial y datos sobre salud, i.e. información general acerca de su salud y bienestar, incluyendo la información que nos proporcione acerca de su estado general y hábitos cotidianos, información sobre su salud mental, hábitos cotidianos, nivel de actividad, alimentación diaria y hábitos de alimentación así como la información acerca de su vida personal, familiar y social que usted nos proporcione al darse de alta y crear una cuenta o a través de cualquiera de los Cuestionarios que le facilitamos como parte de nuestros

2.              Otros datos que recopilamos cuando usted utiliza nuestros Servicios o interactúa con nuestro Sitio Web

Cuando usted utiliza nuestros Servicios o interactúa con nuestro Sitio Web recopilamos otros datos que incluyen:

  • Información sobre su navegador y dispositivo: La mayoría de los navegadores o su dispositivo, automáticamente, recogen determinados datos, tales como los siguientes: dirección MAC (Control de Acceso a los Medios), tipo de ordenador (Windows o Macintosh), resolución de pantalla, nombre y versión de su sistema operativo, fabricante y modelo de su dispositivo, idioma, tipo de navegador de internet y versión y nombre y versión de los Servicios (como la Aplicación) que esté usted
  • Datos de uso de la Aplicación: Cuando usted utiliza las Aplicaciones, nosotros o nuestros proveedores hacemos seguimiento y recopilamos determinados datos de uso, tales como la fecha y hora en la que la Aplicación instalada en su dispositivo accede a nuestros servidores y qué información y archivos se descargan en la Aplicación sobre la base del número de su dispositivo.
  • Datos obtenidos a través del uso de cookies, píxeles de seguimiento (pixel tags) u otras tecnologías: Utilizamos píxeles de seguimiento (también conocidos como balizas web y GIFs transparentes) en relación con algunos Servicios para, entre otras cosas, hacer seguimiento de las actividades de los usuarios de los Servicios (incluyendo la de los destinatarios de correo electrónico) y elaborar estadísticas sobre el uso de los Servicios y los índices de respuesta así como datos demográficos de carácter general y datos
  • Otros datos personales: dirección IP, datos de ubicación y datos sobre sus medios de comunicación

Si, en el marco de los Servicios nos enviara, a nosotros o a nuestros proveedores de servicios, cualquier dato personal relativo a otra persona, usted manifiesta que tiene la capacidad necesaria para comunicarnos dichos datos y para permitirnos utilizar los datos de conformidad con esta política de privacidad.

3.              Podemos utilizar los datos personales recogidos cuando usted utiliza nuestros Sitios Web o Servicios así como los recogidos con su consentimiento o de cualquier otra manera permitida por la ley aplicable, para cualquiera de las siguientes finalidades:

  • Proporcionarle los Servicios que nos solicite, que pueden consistir en una combinación de uso e interacción con nuestro Sitio Web, Aplicaciones, Cuestionarios y/o
  • Responder a sus consultas, satisfacer sus peticiones y enviarle las comunicaciones que nos haya solicitado, tales como los resultados de cualquier Cuestionario que usted hubiera podido
  • Enviarle información administrativa, por ejemplo, información relativa a los Servicios y a las modificaciones de nuestras condiciones generales y políticas.
  • Comercializar nuestros Servicios. Esto incluye el envío de comunicaciones acerca de nuestros     Servicios,    características,     estudios,     encuestas,     novedades,

actualizaciones y eventos. Podemos enviar dichas comunicaciones a través de distintos medios incluyendo el correo electrónico, notificaciones y anuncios de la Aplicación así como a través de anuncios publicados en plataformas de terceros.

  • Para nuestra gestión interna, incluyendo el análisis de datos, desarrollo de nuevos servicios, optimización, mejora o modificación de los Servicios, auditorías, control y prevención del fraude e identificación de tendencias de
  • Utilizamos los datos personales, incluyendo los datos especialmente protegidos, de numerosos usuarios de los Servicios para crear “datos agrupados” no identificables (tales como informes en los que se incluye el porcentaje de usuarios que han dado una determinada respuesta u obtenido un resultado concreto al realizar un Cuestionario) que podrán comunicarse a
  • Si usted nos remite ideas, propuestas, sugerencias, recomendaciones o cualquier otro material (“Comentarios”), relacionados o no con los
  • Tal y como consideremos necesario o apropiado y únicamente en la forma permitida por la ley aplicable, para (a) ejercitar cualquier acción legal; (b) responder a cualquier requerimiento de cualquier autoridad pública o administrativa, incluyendo autoridades públicas o administrativas fuera de su país de residencia; (c) proteger nuestro negocio y el de cualquiera de nuestras empresas afiliadas, incluyendo en todos aquellos casos en los que el tratamiento resulte necesario para investigar un incidente de seguridad; o para (d) proteger nuestros derechos, privacidad, seguridad o propiedad privada y/o los de nuestras empresas afiliadas, los suyos o los de cualquier
  • Para personalizar su experiencia al utilizar los Servicios, por ejemplo, para ofrecerle Cuestionarios y servicios

4.              Bases legales que justifican el tratamiento de sus datos personales

Solo recogemos, tratamos y comunicamos sus datos personales cuando tenemos el convencimiento de que existe una base legal adecuada que justifica el tratamiento. Dicha base legal puede ser cualquiera de las siguientes:

  • usted nos ha dado su consentimiento para el tratamiento de sus datos personales, por ejemplo, al acceder a recibir el Servicio, al dar de alta una cuenta o al facilitar voluntariamente sus datos personales, por ejemplo, al contestar a un Cuestionario;
  • el tratamiento de sus datos personales se efectúa como consecuencia de nuestro interés legítimo como organización empresarial (por ejemplo, para finalidades empresariales o de gestión interna, como análisis de datos, garantizar que los Servicios funcionan correctamente, desarrollar nuevos servicios, optimizar, mejorar o modificar los Servicios, auditorías, control y prevención del fraude, identificación de tendencias de uso). En estos casos, protegeremos sus datos en todo momento, de forma proporcional y respetando sus derechos de Usted tiene derecho a oponerse al tratamiento tal y como se detalla en el apartado DERECHOS LEGALES QUE LE ASISTEN PARA CONTROLAR SU PRIVACIDAD que se incluye a continuación;
  • el tratamiento de sus datos personales resulta necesario para cumplir con un contrato o para realizar las actuaciones necesarias para formalizar un contrato con usted; por ejemplo, en los casos en los que usted opta por recibir los Servicios, es obligatorio que nos proporcione su nombre y dirección de correo electrónico para

dar de alta una cuenta con el fin de recibir los Servicios. Si desea más información, consulte                        nuestras                        Condiciones                        Generales (https://care.springhealth.com/terms_of_service); y/o

  • el tratamiento de sus datos personales resulta necesario para cumplir con una obligación legal o regulatoria, por ejemplo, para el ejercicio de una acción legal, responder a los requerimientos efectuados por cualquier autoridad pública o administrativa, proteger nuestro negocio o el de cualquiera de nuestras empresas afiliadas incluyendo todos aquellos casos en los que el tratamiento resulte necesario para investigar un incidente de seguridad; o para proteger nuestros derechos, privacidad, seguridad o propiedad privada y/o los de nuestras empresas afiliadas, los suyos o los de cualquier
  • Si desea obtener más información acerca de las bases legales que justifican el tratamiento de sus datos personales, póngase en contacto con nosotros a través de la siguiente dirección compliance@springhealth.com.

C.      Datos personales que recopilamos si trabaja con nosotros como Proveedor

1.              Los datos personales que recopilamos a partir del momento en el que nos solicita trabajar con nosotros como Proveedor y mientras continúe trabajando con nosotros en tal condición, incluyen:

  • Datos identificativos: como su nombre, dirección de correo electrónico, fotografía, nombre de soltera; seudónimo(s); dirección actual y direcciones anteriores; fecha de nacimiento; lugar de nacimiento; número de Identificación (que puede incluir su número de pasaporte, documento nacional de Identidad, carnet de conducir) y nombre completo de sus progenitores.
  • Datos sobre su situación laboral: nombre de su empleador; datos de su contrato de trabajo; nombre y datos de contacto de la persona responsable sobre usted; puesto de trabajo; franja salarial; fecha de inicio y extinción de su relación laboral; razones de extinción de su relación
  • Datos acerca de su formación y cualificación: nombre del centro educativo; datos de contacto del centro educativo; número de estudiante; datos de cualificación; área de estudio; fechas de asistencia; fechas de graduación.
  • Otros datos: Datos de pago para poder efectuar los pagos correspondientes a su favor y datos que deban incluirse en nuestros sistemas de comunicación, esto es, los medios de comunicación pertenecientes a Spring Health que usted utilizará (correo electrónico, teléfono y comunicaciones electrónicas).

2.              Si usted es uno de nuestros Proveedores, utilizaremos sus datos personales de la siguiente forma:

  • Para establecer, cumplir y llevar a efecto las condiciones bajo las que usted o la organización a la que usted representa contratará con nosotros y para comunicarnos con usted;
  • Para pagar y gestionar sus honorarios;
  • Para gestionar cualquier otra solicitud o servicio solicitado por usted durante la vigencia de su relación con nosotros;

  • Para garantizar el buen funcionamiento de nuestra relación con usted (incluyendo el de todas las actividades que deben llevarse a cabo antes, durante y tras la finalización de dicha relación, tales como por ejemplo, poder confirmar su idoneidad para trabajar con nosotros como Proveedor);
  • Controlar y prevenir problemas de ciberseguridad y el uso no autorizado de nuestros datos, sistemas informáticos y/o equipos;
  • Incluir en su perfil su identificación fotográfica; o
  • En los casos en los que resulte necesario, entablar procedimientos legales, investigar, plantear, ejercitar o defender una reclamación judicial; y llegar a un acuerdo transaccional en relación con cualquier reclamación

3.              Bases legales que justifican el tratamiento de sus datos personales

Solo recogemos, tratamos y comunicamos sus datos personales cuando tenemos el convencimiento de que existe una base legal adecuada que justifica el tratamiento. Dicha base legal puede ser cualquiera de las siguientes:

  • el tratamiento de sus datos personales es necesario para cumplir con lo previsto en un contrato o para realizar las actuaciones necesarias para poder formalizar un contrato con usted, i.e. el Acuerdo de Subcontratación;
  • tenemos un interés legítimo, como organización empresarial, en el tratamiento de sus datos personales (por ejemplo, para controlar y prevenir problemas de ciberseguridad y el uso no autorizado de nuestros datos, sistemas informáticos y/o equipos, o para incluir una identificación fotográfica suya en su perfil); y/o
  • el tratamiento de sus datos personales resulta necesario para cumplir con cualquier obligación legal o regulatoria, por ejemplo, para el ejercicio de una acción legal, responder a los requerimientos efectuados por cualquier autoridad pública o administrativa, proteger nuestro negocio o el de cualquiera de nuestras empresas afiliadas incluyendo todos aquellos casos en los que el tratamiento resulte necesario para investigar un incidente de seguridad; o para proteger nuestros derechos, privacidad, seguridad o propiedad privada y/o los de nuestras empresas afiliadas, los suyos y los de cualquier
  • Si desea obtener más información acerca de las bases legales que justifican el tratamiento de sus datos personales, póngase en contacto con nosotros a través de la siguiente dirección compliance@springhealth.com.

3.       COMUNICACIÓN DE DATOS PERSONALES DENTRO DEL GRUPO SPRING CARE, A NUESTROS PROVEEDORES DE SERVICIOS Y A OTROS TERCEROS

A.      En determinadas circunstancias, muy concretas, comunicaremos sus datos en la forma y para los fines que se describen a continuación:

  1. dentro del grupo Spring Health, cuando dicha comunicación resulte necesaria para proporcionarle nuestros Servicios o gestionar nuestro negocio, incluyendo la comunicación a nuestra Sociedad Médica Profesional gestionada bajo la marca Spring, SH Medical Care of Kansas,
  2. a terceros que nos prestan servicios relativos a la gestión de nuestro negocio y a la prestación de los Servicios, por ejemplo:
  3. facilitaremos sus datos personales a nuestros Proveedores cuando resulte necesario para permitirle disponer de cualquier prestación específica de nuestros Servicios;
  4. si es usted un Proveedor, comunicaremos sus datos a terceros para comprobar su idoneidad como proveedor de los

Todos estos terceros han formalizado los correspondientes acuerdos de confidencialidad y utilizarán los datos personales que les comuniquemos o que recopilen en nuestro nombre únicamente para prestar el servicio para el que han sido contratados. Lo anterior incluye también servicios de alojamiento de sitios web, almacenamiento y análisis de datos, plataformas de organización y planificación, tecnologías informáticas y suministro de infraestructuras relacionada con lo anterior, entrega de correo electrónico, auditoría y otros servicios.

  1. con los reguladores a cuya jurisdicción estemos sujetos, incluyendo, sin limitación la Agencia de Inspección de Información (Information Commissioner’s Office) (ICO), la Comisión Nacional de Informática y Libertades (Commission Nationale de l’Informatique et des Libertés) (CNIL), las autoridades de protección de datos alemanas, la Comisión de Protección de Datos (DPC), la autoridad sueca para la Protección de la Privacidad (IMY) y la Agencia Española de Protección de Datos (AEPD), para cumplir con las leyes, reglamentos y normas aplicables así como con cualquier requerimiento de un órgano judicial, de cualquier regulador o de otro organismo administrativo;
  2. Con nuestros socios o empresas afiliadas, datos agregados, estadísticos, que no pueden considerarse como datos personales, relativos a las visitas a nuestro Sitio Web, patrones de tráfico y uso del Sitio Web;
  3. En el caso de que, en el futuro, vendiéramos o transmitiéramos parte o la totalidad de nuestro negocio o activos a cualquier tercero, estaremos facultados para facilitar información a cualquier comprador potencial o real de nuestro negocio o

4.    ACTUALIZACIONES DE SERVICIO Y OPCIONES DE MARKETING

A.      Cómo tratamos sus datos personales para mantenerle actualizado acerca de nuestros Servicios

Para proteger sus derechos de privacidad y garantizarle el control sobre cómo gestionamos el marketing de nuestros Servicios, adoptaremos las medidas necesarias para limitar el marketing

directo a un nivel razonable y proporcionado y únicamente le enviaremos comunicaciones que consideremos que pueden resultarle interesantes o que son apropiadas para usted.

B.      Cómo puede gestionar sus opciones de marketing

Usted puede optar por no recibir determinadas comunicaciones de marketing y oponerse a que sus datos personales se utilicen para fines de marketing en cualquier momento poniéndose en contacto con careteam@springhealth.com o haciendo clic en el enlace “darse de baja” que encontrará en cualquier comunicación de marketing que haya podido recibir, debiendo solicitar que se le excluya de cualquier comunicación futura. Le pediremos que determine si desea ser excluido de todo tipo de comunicaciones de marketing o únicamente de un tipo concreto (v.g. correo electrónico).

5.    TRANSFERENCIA INTERNACIONAL DE SUS DATOS PERSONALES

  1. Spring Health es una empresa con sede en los Estados Unidos. En consecuencia y con independencia de su ubicación, sus datos personales se transmitirán y almacenarán en los Estados Unidos. La normativa de este país establece unos niveles de protección de los datos personales que podrían ser distintos a los aplicables por las leyes vigentes en su país de origen. Spring Health adoptará las medidas necesarias para garantizar que las transferencias de datos personales se realizan de conformidad con la ley aplicable y son gestionadas cuidadosamente para proteger sus derechos de privacidad y sus

A tal efecto:

  1. Nos aseguramos que las transferencias entre las entidades del grupo Spring Health y sus empresas afiliadas quedan cubiertas por un acuerdo formalizado entre las empresas del grupo Spring Health de que se trate (un contrato entre empresas) en virtud del cual cada una de dichas entidades quedará contractualmente obligada a garantizar que los datos personales reciben un nivel de protección adecuado y uniforme, con independencia de cuál sea la entidad del grupo Spring Health a la que se transfieran;
  2. En los casos en los que los datos personales se transfieran fuera del grupo Spring Health o a terceros con los que contratamos para poder prestar nuestros Servicios, el contrato formalizado con estos establecerá la obligación de proteger sus datos personales. Algunas de estas garantías son requisitos ampliamente reconocidos como el uso de las Cláusulas Contractuales Tipo de la UE para la protección de los datos personales transferidos desde la UE a países fuera de la misma; o
  3. Al recibir cualquier requerimiento de información de un órgano judicial o regulador, comprobamos cuidadosamente la solicitud antes de remitir ningún tipo de dato
  4. Tiene derecho a ponerse en contacto con nosotros para solicitarnos más información acerca de las garantías que hemos establecido (incluyendo copia de las obligaciones contractuales correspondientes) para garantizar una adecuada protección de sus datos personales cuando estos se transfieren de la forma indicada arriba.

6.      CÓMO PROTEGEMOS Y ALMACENAMOS SUS DATOS PERSONALES

A.      Seguridad

Hemos establecido y mantenemos medidas, políticas y procedimientos de seguridad tanto de carácter administrativo, como físico y técnico, para reducir el riesgo de destrucción, pérdida accidental, revelación o acceso no autorizados a dicha información razonables y apropiadas en función de la naturaleza de los datos de que se trate.

Las medidas que hemos adoptado incluyen la imposición a nuestros empleados y proveedores de servicios, de confidencialidad así como la destrucción o anonimización permanente de los datos personales que ya no resultan necesarios para la finalidad para la que se recogieron. Como la seguridad de sus datos personales depende, en parte, de la seguridad del ordenador que usted utilice para comunicarse con nosotros y de la seguridad que usted aplique para proteger sus identificadores y contraseñas, deberá usted adoptar las medidas apropiadas para proteger esta información.

B.      Conservación de sus datos personales

  1. Conservaremos sus datos personales durante el plazo razonablemente necesario para cumplir con los fines para los que fueron recogidos, tal y como se detalla en esta política de privacidad. En determinadas circunstancias, conservaremos sus datos personales durante un período más largo, según lo permitido o exigido legalmente, por ejemplo, en aquellos casos en los que debamos conservar esos datos en cumplimiento de una obligación legal, regulatoria, fiscal o
  2. En determinados casos, conservaremos sus datos personales durante un período de tiempo más largo para disponer de registros precisos de su relación con nosotros en caso de reclamaciones o disputas o cuando consideremos razonablemente que existe la posibilidad de que se plantee cualquier litigio sobre sus datos personales o la relación mantenida con
  3. Dado que nuestro negocio se gestiona desde los Estados Unidos, y con sujeción a lo previsto en el Apartado V TRANSFERENCIA INTERNACIONAL DE SUS DATOS PERSONALES, todos los datos personales que recogemos se tratan y almacenan en los Estados Unidos, según lo previsto en las leyes de este país y podrán ser facilitados a los órganos administrativos, tribunales, reguladores o cualquier otro organismo competente de conformidad con dichas
  4. Si usted utiliza nuestros Servicios y reside en Alemania, debe saber que estamos sujetos a determinadas obligaciones de conservación y documentación según lo previsto, entre otros, en el Código de Comercio Alemán (HGB) y el Código Fiscal Alemán (AO). Los plazos de conservación y documentación previstos en dichas normas pueden llegar hasta los diez años. Por último, el plazo de conservación de sus datos personales estará asimismo determinado por los plazos de prescripción legal, que pueden alcanzar los treinta años, por ejemplo, de conformidad con lo previsto en el artículo §§ 195 y siguientes del Código Civil alemán (BGB), siendo el período de prescripción legal ordinario de tres años.

7.     DERECHOS LEGALES QUE LE ASISTEN PARA CONTROLAR SU PRIVACIDAD

  1. Sujeto a determinadas excepciones, y dependiendo, en ciertos casos, de la actividad del tratamiento que llevemos a cabo, usted tiene determinados derechos en relación con sus datos personales (tal y como se detalla a continuación), incluyendo los derechos a:
  1. acceder a sus datos personales

  1. rectificar/ suprimir sus datos personales
  2. limitar el tratamiento de sus datos personales
  3. solicitar la portabilidad de sus datos personales
  4. oponerse al tratamiento de sus datos personales
  5. revocar el consentimiento otorgado al tratamiento de sus datos personales
  6. oponerse a que utilicemos sus datos personales para fines de marketing directo
  7. obtener una copia de las cláusulas de salvaguarda utilizadas en relación con la transferencia internacional de sus datos personales
  8. presentar una reclamación ante la autoridad de control de su lugar de residencia

Por razones de seguridad antes de facilitarle ningún dato personal, le solicitaremos determinada información adicional para confirmar su identidad. Cuando así lo permita la ley, nos reservamos el derecho a cobrar un determinado importe por la tramitación de su solicitud en determinados casos, por ejemplo, en el caso de solicitudes manifiestamente injustificadas o excesivas.

Puede ejercitar cualquiera de sus derechos poniéndose en contacto con nosotros a través de la siguiente dirección careteam@springhealth.com. Sujeto a cualquier consideración legal o de otro tipo, realizaremos todos los esfuerzos razonables para tramitar su solicitud a la mayor brevedad posible informándole con prontitud en los casos en los que necesitemos más información para poder tramitarla.

No siempre será posible cumplir, íntegramente, con su solicitud, por ejemplo, en aquellos casos en los que la misma repercuta en cualquier obligación de confidencialidad asumida frente a un tercero o en los que estemos facultados legalmente para tramitar su solicitud de otra manera.

B.      Derecho de acceso a sus datos personales

Tiene derecho a solicitarnos que le facilitemos una copia de sus datos personales y a recibir información acerca de: (a) las fuentes de las que hemos obtenido sus datos personales; (b) los fines, base legal y los medios relacionados con el tratamiento; (c) la identidad del responsable del tratamiento; y (d) las entidades o categorías de entidades a las que se transferirán sus datos personales.

C.      Derecho de rectificación o cancelación de sus datos personales

  1. Tiene derecho a solicitarnos que rectifiquemos los errores que sus datos personales pudieran contener. Trataremos de verificar la exactitud de sus datos personales antes de rectificarlos.
  2. Asimismo, puede solicitarnos que eliminemos sus datos personales en circunstancias muy concretas tales como cuando:
  3. Ya no sean necesarios para los fines para los que se recogieron; o
  4. Usted haya revocado su consentimiento (cuando la base legal que justifica el tratamiento sea dicho consentimiento); o
  5. Haya ejercitado con éxito su derecho de oposición (véase derecho de oposición); o
  6. Sus datos hubieran sido objeto de tratamiento ilegal, o

  • Cuando sea necesario para cumplir con una obligación legal de Spring
  1. No estamos obligados a tramitar ninguna solicitud de cancelación de sus datos personales en aquellos casos en los que el tratamiento de los mismos sea necesario para:
  2. cumplir con una obligación legal; o
  3. interponer, ejercitar o defender cualquier reclamación judicial;

D.      Derecho a limitar el tratamiento de sus datos personales

  1. Puede solicitar que limitemos el tratamiento de sus datos personales únicamente en los siguientes casos:
  2. cuando la exactitud de los datos se haya puesto en cuestión, para permitirnos verificar dicha exactitud; o
  3. cuando el tratamiento sea ilegal, pero usted no desee que sus datos sean eliminados; o
  4. cuando los datos no sean ya necesarios para los fines para los que se recogieron pero sí se necesiten para la interposición, ejercicio o defensa de una reclamación judicial; o
  5. cuando usted haya ejercitado su derecho de oposición y estemos verificando la existencia de un interés legítimo que deba prevalecer sobre dicha oposición.
  6. Podremos continuar tratando sus datos personales tras una solicitud de limitación del tratamiento cuando:
  7. Tengamos su consentimiento; o
  8. Para interponer, ejercitar o defendernos de cualquier reclamación judicial; o
  9. Para proteger los derechos de cualquier otra persona, física o jurídica.

E.     Derecho a la portabilidad de sus datos personales

  1. Puede solicitarnos que le facilitemos sus Datos Personales en un formato estructurado, de uso común y lectura mecánica o que sus datos personales se envíen directamente a otro responsable del tratamiento, pero, en ambos casos, únicamente cuando:
  2. El tratamiento se base en su consentimiento o en el cumplimiento de lo previsto en un contrato formalizado con usted; y
  3. El tratamiento se realice por medios

F.      Derecho a oponerse al tratamiento de sus datos personales

G.     Derecho a revocar su consentimiento

En los casos en los que la base legal del tratamiento de sus datos personales sea su consentimiento, usted tiene derecho a revocar dicho consentimiento en cualquier momento enviando un correo electrónico a careteam@springhealth.com. Tenga en cuenta que, en determinados casos, la revocación de su consentimiento puede afectar a nuestra capacidad para prestarle los Servicios.

H.      Derecho a oponerse al tratamiento de sus datos personales para fines de marketing directo

Puede optar por no recibir determinadas comunicaciones de marketing y decidir que sus datos personales no sean tratados para fines de marketing en cualquier momento poniéndose en contacto con nosotros a través de la siguiente dirección careteam@springhealth.com o haciendo clic en el enlace “darse de baja” que encontrará en todas nuestras comunicaciones de marketing, solicitándonos que le excluyamos de cualquier comunicación en el futuro. Deberá especificar si desea ser excluido de todo tipo de comunicaciones de marketing o sólo de un tipo concreto (por ejemplo, correo electrónico).

También puede solicitarnos que modifiquemos la forma en la que nos ponemos en contacto con usted para fines de marketing o que no comuniquemos sus datos personales a terceras empresas no afiliadas para fines de marketing directo o para ningún otro fin.

I.         Derecho a obtener una copia de las cláusulas legales de garantía en relación con el tratamiento de sus datos personales utilizadas en relación con las transferencias internacionales de esos datos

Puede solicitarnos una copia o que le remitamos al lugar donde poder consultar las cláusulas legales de garantía utilizadas para la transferencia de sus datos personales fuera de la Unión Europea y del Reino Unido.

Podemos redactar acuerdos de transferencia internacional de datos independientes para proteger la confidencialidad de nuestras condiciones comerciales.

J.       Derecho a presentar una reclamación ante la autoridad competente en materia de protección de datos de su lugar de residencia

Tiene derecho a presentar una reclamación ante la autoridad competente en materia de protección de datos de su lugar de residencia en el caso de que no esté usted de acuerdo con la forma en la que estemos tratando sus datos personales.

Aunque usted tiene derecho a ponerse en contacto con la autoridad competente en materia de protección de datos en cualquier momento, le pedimos que trate de resolver cualquier problema que pudiera plantearse poniéndose, en primer lugar, en contacto con nosotros.

K.      Herencia Digital

Tiene derecho a establecer instrucciones (generales o específicas) acerca de lo que ocurrirá con sus datos personales en el caso de que usted fallezca.

8.        PÓNGASE EN CONTACTO CON NOSOTROS

Si tiene cualquier pregunta acerca de esta política de privacidad, póngase en contacto con nosotros a través de la siguiente dirección de correo electrónico compliance@springhealth.com o con nuestro Delegado de Protección de Datos (IT Governance Europe Limited) a través de la siguiente dirección de correo electrónico eurep@itgovernance.eu.

Spring Health ha nombrado un delegado de protección de datos en el Reino Unido, IT Governance Europe Limited, con el que puede ponerse en contacto a través de: eurep@itgovernance.eu.

Asegúrese de incluir el nombre de nuestra empresa en toda la correspondencia que envíe.

Si tuviera cualquier pregunta, problema o reclamación en relación con el cumplimiento de esta política de privacidad y de las leyes aplicables sobre protección de datos o en el caso de que usted quisiera ejercitar cualquiera de sus derechos, le pedimos que, en primer lugar, se ponga en contacto con compliance@springhealth.com. Indagaremos en lo ocurrido y trataremos de resolver las reclamaciones y controversias y de hacer todos los esfuerzos razonables para facilitarle el ejercicio de sus dere chos a la mayor brevedad posible y, en todo caso, en los plazos previstos en las leyes sobre protección de datos.

Last Updated: December 7, 2021

SPRING CARE, INC. PRIVACY POLICY

Spring Care, Inc. is responsible for your personal information.

Spring Care, Inc. and its affiliates (collectively referred to as “Spring Health”, “we“, “us“) takes its data protection and privacy responsibilities seriously. This privacy policy describes our practices in connection with information that we collect through (including any access to) (1) the Spring Health website currently located at https://benefits.springhealth.com, materials and services available therein, and successor website(s) thereto, together with any Content: meaning text, data, graphics, images, photographs, video, audio, information, suggestions, guidance, content and other materials provided, made available or otherwise found on the website (“Website”), (2) the software applications we may make available for use on or through computers and mobile devices (“Apps”), (3) the quizzes, tests, and questionnaires (and results thereof) we make available on or through the Website or Apps (“Questionnaires”), (4) the booking system should you avail of additional professional services through our contractors, counselors, therapists or other service providers (“Providers”), and (5) call recordings when you call our call center phone numbers (all of the foregoing, collectively, “Services”). We follow this privacy policy in accordance with applicable laws in the places where we operate.

This privacy policy also explains how we collect, use and share personal information if you are one of our Providers, including if you go through the application process to become one of our Providers.

Specifically, this privacy policy describes:

  • What personal information we collect and when and why we use
  • How we share personal information within Spring Health and with our service providers, regulators and other third parties
  • How we use your information to provide Service updates to you and how you can manage your marketing preferences
  • Transferring personal information globally
  • How we protect and store personal information
  • Legal rights available to help manage your privacy
  • How you can contact us for more support

1.      UPDATES TO THIS PRIVACY POLICY

We may amend this privacy policy from time to time to keep it up to date with legal requirements and the way we operate our business. We will post those changes prominently, so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. Please regularly check these pages for the latest version of this privacy policy.

You might find external links to third party websites on our Website. This privacy policy does not apply to your use of a third party site.

2.    WHAT PERSONAL INFORMATION WE COLLECT AND WHEN AND WHY WE USE IT

A.     When we collect personal information

We collect information about you if you:

  • register with, use or engage with our Services, or
  • work with us as a Provider, collectively (“you“).

B.     Personal information we collect and use if you register with or use our Services or if you engage with our Website:

1.             Personal information collected if you use our Website or Services includes:

  • Personal details: first name and surname, date of birth, email address, country of residence, username and
  • Sensitive information about you: racial origin and health information e. general information about your health and wellbeing, including indications about your overall mood and daily habits, information on your mental wellbeing, daily habits, activity levels, daily nutrition and eating habits as well as information about your personal, family and social life which is entered by you when registering for an account or in any Questionnaires we make available through the Services.

2.             Other information when you use our Services or engage with our Website

Other information collected if you use our Services or engage with our Website includes:

  • Browser and device information: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are
  • App usage data: When you use the Apps, we and our service providers may track and collect usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device

  • Information gathered through use of cookies, pixel tags or other technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of users of the Services (including email recipients), and compile statistics about usage of the Services and response rates as well as general demographic information and aggregated information.
  • Other personal information: IP address, location data and information around your preferred means of

If you submit any personal information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this privacy policy.

3.             Personal information we collect with your consent or as permitted by law

Personal information may be collected from other sources where you have given consent to do so or as permitted by applicable law, such as from your employer or healthcare provider, public databases, joint marketing partners and other third parties.

4.             We may use personal data collected if you use our Websites or Services or if you consent or as permitted by applicable law in the following ways:

  • To provide you with the Services you request, which may be combination of the use or engagement with our Website, App, Questionnaires and/or
  • To respond to your inquiries, fulfill your requests, and send you communications that you request, such as the results of any Questionnaire that you have
  • To send administrative information to you, for example, information regarding the Services and changes to our terms, conditions and
  • To market our Services to you. This includes sending communications about our Services, features, studies, surveys, news, updates, and events. We may do so through various methods, including email, in app communications and ads, and ads on third party
  • For our internal management and business purposes, such as data analysis, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage
  • We may use personal information, including sensitive information, from many Services users to create non-identifiable “aggregate data” (for example, reports that calculate the percentage of users who have a particular response to or result from the Questionnaires) that may be disclosed to third
  • If you provide to us any ideas, proposals, suggestions, recommendations or other materials (“Feedback”), whether related to the Services or
  • As we believe to be necessary or appropriate, and only as permitted under applicable law (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or

  • To personalize your experience on the Services, for example, by presenting Questionnaires and similar services to

5.             The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • you have provided your consent to us using the personal information, for example by opting in to receiving the Service, by registering for an account or by voluntarily inputting your personal information g., when you answer a Questionnaire, or where you have provided your consent;
  • our use of your personal information is in our legitimate interest as a commercial organisation (for example for our internal management and business purposes, such as data analysis, to ensure that the Services function properly, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage trends). In these cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the section below LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY;
  • our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you for example where you have opted to receive the Services it is mandatory to provide your name and email address to register your account in order to receive the Services. For further information please see our Terms of Service (https://care.springhealth.com/terms_of_service); and/or
  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example, to comply with legal process, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or

(d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

  • If you would like to find out more about the legal basis for which we process personal information, please contact us at compliance@springhealth.com.

C.     Personal information we collect if you work with us as a Provider

1.  Personal information collected if you apply to work with us as a Provider, and continue to work with us a Provider, includes:

  • Personal details: such as your name, email address, photo, maiden name; alias(es); current and previous addresses; birth date; birth place; ID number (which may include passport, national ID card, driver’s license) and mother/father’s complete
  • Information about your employment status: employer name; employer contact details; manager name; manager contact details; job title; pay rate; dates of employment; reason for leaving
  • Information about your education and qualifications: school name; school contact details; student number; qualification details; field of study; school attendance dates; school graduation

  • Other information: payment information so that we can make payments to you and information contained on our communications systems, these are the Spring Health communications facilities used by you (email, phone, mobile phone and computer communication).

2.  If you are one of our Providers, we may use your personal data in the following ways:

  • To determine, perform and execute the terms on which you will be engaged by us and communicate with you;
  • To pay and administer your fees;
  • To administer other requests or services requested by you throughout your engagement with us;
  • To ensure the smooth running of our engagement with you (including all of the activities that need to be undertaken before, during and after such engagement);
  • To monitor against and prevent cyber-security issues and unauthorised use of our information, IT systems and/or equipment;
  • Maintain photo identification of you for your profile; or
  • Where it may be necessary, to file legal proceedings, investigate, establish, exercise or defend a legal claim; and settle legal

3.  The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you, e. the Contractor Agreement;
  • our use of your personal information is in our legitimate interest as a commercial organisation (for example to monitor against and prevent cyber-security issues and unauthorised use of our information, IT systems and/or equipment, or maintain photo identification of you for your profile); and/or
  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example, to comply with legal process, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or

(d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

  • If you would like to find out more about the legal basis for which we process personal information please contact us at compliance@springhealth.com.

3.       SHARING PERSONAL INFORMATION WITHIN SPRING CARE, WITH OUR SERVICE PROVIDERS, AND OTHER THIRD PARTIES

A.     We may share your information under limited circumstances in the manner and for the purposes described below:

  1. within Spring Health, where such disclosure is necessary to provide you with our Services or to manage our business, including with our Spring-branded Medical Professional Corporation, SH Medical Care of Kansas,
  2. with third parties who help manage our business and deliver Services, for example:
  3. we will provide your personal information to our Providers, as necessary to allow you to avail of that specific element of our Services;
  4. if you are one of our Providers, we will share your information with third parties to confirm your eligibility to carry out the

These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These may also include website hosting, data storage and analysis, scheduling platforms, information technology and related infrastructure provision, email delivery, auditing and other services.

  1. with our regulators, which may include but is not limited to the Information Commissioner’s Office (ICO), Commission Nationale de l’Informatique et des Libertés, Bundesbeauftragte für Datenschutz und Informationsfreiheit, the Data Protection Commission (DPC), and the Swedish Data Protection Authority, to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
  2. with our partners or affiliates, in aggregate, statistical form, non-personal information regarding the visitors to our Website, traffic patterns, and Website usage with our partners or affiliates;
  3. if, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or

4.    SERVICE UPDATES AND MARKETING PREFERENCES

A.     How we use personal information to keep you up to date with our Services

To protect privacy rights and to ensure you have control over how we manage marketing with you we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you.

B.     How you can manage your marketing preferences

  1. You can opt out of certain marketing communications and use of your information for marketing at any time by contacting careteam@springhealth.com or by clicking on the

“unsubscribe” link you will find on all marketing messages to you and requesting to be removed from future communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (eg email).

  1. You can change the way your browser manages cookies, which may be used to deliver online advertising, by following the settings on your

5.    TRANSFERRING PERSONAL INFORMATION GLOBALLY

  1. Spring Health is a US based business. Accordingly, regardless of your location, your personal information may be transferred to and stored in the US, which may be subject to different standards of data protection than your home jurisdiction. Spring Health will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and

To this end:

  1. We ensure transfers within Spring Health entities and affiliates will be covered by an agreement entered into by members of Spring Health (an intercompany agreement) which contractually obliges each entity to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within Spring Health;
  2. Where we transfer your personal information outside Spring Health or to third parties who help provide our Services, we obtain contractual commitments from them to protect your personal Some of these assurances are well recognized requirements like the use of EU Standard Contractual Clauses for the protection of personal information transferred from within the EU to countries outside of the EU; or
  3. Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are
  4. You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned

6.      HOW WE PROTECT AND STORE YOUR INFORMATION

A.     Security

We have implemented and maintain appropriate administrative, physical and technical security measures, policies and procedures that are reasonable and appropriate to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information as reasonable and appropriate to the nature of the information concerned. Measures we take include placing confidentiality requirements on our staff members and service providers and destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected. As the security of information depends in part on the security of the computer you use to communicate with us and the

security you use to protect user IDs and passwords please take appropriate measures to protect this information.

B.     Storing your personal information

  1. We will retain your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy policy. In some circumstances we may store your personal information for longer periods of time as required or permitted by law, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting
  2. In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or
  3. As our operations are conducted from the US, all personal information that we collect is used and stored in the US, is subject to US laws, and may be subject to disclosure to US governments, courts or law enforcement or regulatory agencies pursuant to those laws.

7.     LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY

  1. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information, including the right:
  1. To access personal information
  2. To rectify / erase personal information
  3. To restrict the processing of your personal information
  4. To transfer your personal information
  5. To object to the processing of personal information
  6. Withdraw consent for processing of personal information
  7. To object to how we use your personal information for direct marketing purposes
  8. To obtain a copy of personal information safeguards used for transfers outside your jurisdiction
  9. To lodge a complaint with your local supervisory authority

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us at careteam@springhealth.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

B.     Right to access personal information

You have a right to request that we provide you with a copy of your personal information that we hold, and you have the right to be informed of; (a) the source of your personal information;

(b) the purposes, legal basis and methods of processing; (c) the controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

C.     Right to rectify or erase personal information

  1. You have a right to request that we rectify inaccurate personal We may seek to verify the accuracy of the personal information before rectifying it.
  2. You can also request that we erase your personal information in limited circumstances where:
  3. it is no longer needed for the purposes for which it was collected; or
  4. you have withdrawn your consent (where the data processing was based on consent); or
  5. following a successful right to object (see right to object); or
  6. it has been processed unlawfully; or
  7. to comply with a legal obligation to which Spring Health is
  8. We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
  9. for compliance with a legal obligation; or
  10. for the establishment, exercise or defence of legal claims;

D.     Right to restrict the processing of your personal information

  1. You can ask us to restrict your personal information, but only where:
  2. its accuracy is contested, to allow us to verify its accuracy; or
  3. the processing is unlawful, but you do not want it erased; or
  4. it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  5. you have exercised the right to object, and verification of overriding grounds is pending.
  6. We can continue to use your personal information following a request for restriction, where:
  7. we have your consent; or
  8. to establish, exercise or defend legal claims; or
  9. to protect the rights of another natural or legal

E.      Right to transfer your personal information

  1. You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
  2. the processing is based on your consent or on the performance of a contract with you; and
  3. the processing is carried out by automated

F.      Right to object to the processing of your personal information

G.     Right to withdraw consent

Where we have obtained your consent as our legal basis to process your personal data, you have the right to withdraw consent at any time by emailing careteam@springhealth.com. Please note that in some instances, where you withdraw your consent this may negatively impact our ability to provide you with the Services.

H.     Right to object to how we use your personal information for direct marketing purposes

You can opt out of certain marketing communications and use of your information for marketing at any time by contacting careteam@springhealth.com or by clicking on the “unsubscribe” link you will find on all marketing messages to you and requesting to be removed from future communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (eg email).

You can also request that we change the manner in which we contact you for marketing purposes or request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.

I.         Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of India.

We may redact data transfer agreements to protect commercial terms.

J.       Right to lodge a complaint with your local supervisory authority

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

8.        CONTACT US

If you have any questions about this privacy policy, please contact us at compliance@springhealth.com. Please ensure to include our company name in any correspondence you send.

If you have any questions, concerns or complaints regarding our compliance with this privacy policy and data protection laws, or if you wish to exercise your rights, we encourage you to first contact compliance@springhealth.com. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by data protection laws.

Last Updated: February 23, 2022

SPRING CARE, INC. PRIVACY POLICY

Spring Care, Inc. is responsible for your personal information.

Spring Care, Inc. and its affiliates (collectively referred to as “Spring Health”, “we“, “us“) takes its data protection and privacy responsibilities seriously. This privacy policy describes our practices in connection with information that we collect through (including any access to) (1) the Spring Health website currently located at https://benefits.springhealth.com, materials and services available therein, and successor website(s) thereto, together with any Content: meaning text, data, graphics, images, photographs, video, audio, information, suggestions, guidance, content and other materials provided, made available or otherwise found on the website (“Website”), (2) the software applications we may make available for use on or through computers and mobile devices (“Apps”), (3) the quizzes, tests, and questionnaires (and results thereof) we make available on or through the Website or Apps (“Questionnaires”), (4) the booking system should you avail of additional professional services through our contractors, counselors, therapists or other service providers (“Providers”), and (5) call recordings when you call our call center phone numbers (all of the foregoing, collectively, “Services”). We follow this privacy policy in accordance with applicable laws in the places where we operate.

This privacy policy also explains how we collect, use and share personal information if you are or represent one of our Providers, including if you go through the application process to become one of our Providers.

Specifically, this privacy policy describes:

  • What personal information we collect and when and why we use
  • How we share personal information within Spring Health and with our service providers, regulators and other third parties
  • How we use your information to provide Service updates to you and how you can manage your marketing preferences
  • Transferring personal information globally
  • How we protect and store personal information
  • Legal rights available to help manage your privacy
  • How you can contact us for more support

1.      UPDATES TO THIS PRIVACY POLICY

We may amend this privacy policy from time to time to keep it up to date with legal requirements and the way we operate our business. We will post those changes prominently, so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. Please regularly check these pages for the latest version of this privacy policy.

You might find external links to third party websites on our Website. This privacy policy does not apply to your use of a third party site.

2.    WHAT PERSONAL INFORMATION WE COLLECT AND WHEN AND WHY WE USE IT

A.     When we collect personal information

We collect information about you if you:

  • register with, use our Services or engage with our Website, or
  • work with us as a Provider, collectively (“you“).

B.     Personal information we collect and use if you register with or use our Services or if you engage with our Website:

1.             Personal information collected if you use our Website or Services includes:

  • Personal details: first name and surname, date of birth, email address, country of residence, username and
  • Sensitive information about you: racial origin and health information i.e. general information about your health and wellbeing, including indications about your overall mood and daily habits, information on your mental wellbeing, daily habits, activity levels, daily nutrition and eating habits as well as information about your personal, family and social life which is entered by you when registering for an account or in any Questionnaires we make available through the

2.             Other information when you use our Services or engage with our Website

Other information collected if you use our Services or engage with our Website includes:

  • Browser and device information: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are
  • App usage data: When you use the Apps, we and our service providers may track and collect usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device
  • Information gathered through use of cookies, pixel tags or other technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of users of the Services

(including email recipients), and compile statistics about usage of the Services and response rates as well as general demographic information and aggregated information.

  • Other personal information: IP address, location data and information around your preferred means of

If you submit any personal information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this privacy policy.

3.             We may use personal data collected if you use our Websites or Services or if you consent or as permitted by applicable law in the following ways:

  • To provide you with the Services you request, which may be combination of the use or engagement with our Website, App, Questionnaires and/or
  • To respond to your inquiries, fulfil your requests, and send you communications that you request, such as the results of any Questionnaire that you have
  • To send administrative information to you, for example, information regarding the Services and changes to our terms, conditions and
  • To market our Services to you. This includes sending communications about our Services, features, studies, surveys, news, updates, and events. We may do so through various methods, including email, in app communications and ads, and ads on third party
  • For our internal management and business purposes, such as data analysis, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage
  • We may use personal information, including sensitive information, from many Services users to create non-identifiable “aggregate data” (for example, reports that calculate the percentage of users who have a particular response to or result from the Questionnaires) that may be disclosed to third
  • If you provide to us any ideas, proposals, suggestions, recommendations or other materials (“Feedback”), whether related to the Services or
  • As we believe to be necessary or appropriate, and only as permitted under applicable law (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or
  • To personalize your experience on the Services, for example, by presenting Questionnaires and similar services to

4.             The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • you have provided your consent to us using the personal information, for example by opting in to receiving the Service, by registering for an account or by voluntarily inputting your personal information g., when you answer a Questionnaire;
  • our use of your personal information is in our legitimate interest as a commercial organisation (for example for our internal management and business purposes, such as data analysis, to ensure that the Services function properly, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage trends). In these cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the section below LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY;
  • our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you for example where you have opted to receive the Services it is mandatory to provide your name and email address to register your account in order to receive the Services. For further information please see our Terms of Service (https://care.springhealth.com/terms_of_service); and/or
  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example, to comply with legal process, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
  • If you would like to find out more about the legal basis for which we process personal information, please contact us at compliance@springhealth.com.

C.     Personal information we collect if you work with us as a Provider

1.  Personal information collected if you apply to work with us as a Provider, and continue to work with us as a Provider, includes:

  • Personal details: such as your name, email address, photo, maiden name; alias(es); current and previous addresses; birth date; birth place; ID number (which may include passport, national ID card, driver’s license) and mother/father’s complete
  • Information about your employment status: employer name; employer contact details; manager name; manager contact details; job title; pay rate; dates of employment; reason for leaving
  • Information about your education and qualifications: school name; school contact details; student number; qualification details; field of study; school attendance dates; school graduation
  • Other information: payment information so that we can make payments to you and information contained on our communications systems, these are the Spring Health communications facilities used by you (email, phone, mobile phone and computer communication).

2.  If you are one of our Providers, we may use your personal data in the following ways:

  • To determine, perform and execute the terms on which you, or the organization you represent will be engaged by us and communicate with you;
  • To pay and administer your fees;
  • To administer other requests or services requested by you throughout your engagement with us;
  • To ensure the smooth running of our engagement with you (including all of the activities that need to be undertaken before, during and after such engagement for instance to confirm your eligibility to work with us as a );
  • To monitor against and prevent cyber-security issues and unauthorised use of our information, IT systems and/or equipment;
  • Maintain photo identification of you for your profile; or
  • Where it may be necessary, to file legal proceedings, investigate, establish, exercise or defend a legal claim; and settle legal

3.  The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you, e. the Contractor Agreement;
  • our use of your personal information is in our legitimate interest as a commercial organisation (for example to monitor against and prevent cyber-security issues and unauthorised use of our information, IT systems and/or equipment, or maintain photo identification of you for your profile); and/or
  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example, to comply with legal process, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
  • If you would like to find out more about the legal basis for which we process personal information please contact us at compliance@springhealth.com.

3.       SHARING PERSONAL INFORMATION WITHIN SPRING CARE, WITH OUR SERVICE PROVIDERS, AND OTHER THIRD PARTIES

A.     We may share your information under limited circumstances in the manner and for the purposes described below:

  1. within Spring Health, where such disclosure is necessary to provide you with our Services or to manage our business, including with our Spring-branded Medical Professional Corporation, SH Medical Care of Kansas,
  2. with third parties who help manage our business and deliver Services, for example:
  3. we will provide your personal information to our Providers, as necessary to allow you to avail of that specific element of our Services;
  4. if you are one of our Providers, we will share your information with third parties to confirm your eligibility to carry out the

These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These may also include website hosting, data storage and analysis, scheduling platforms, information technology and related infrastructure provision, email delivery, auditing and other services.

  1. with our regulators, which may include but is not limited to the Information Commissioner’s Office (ICO), Commission Nationale de l’Informatique et des Libertés (CNIL), the German data protection authorities, the Data Protection Commission (DPC), and the Swedish Authority for Privacy Protection (IMY), and the Spanish Data Protection Commissioner (Agencia Española de Protección de Datos, (AEPD)), to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
  2. with our partners or affiliates, in aggregate, statistical form, non-personal information regarding the visitors to our Website, traffic patterns, and Website usage with our partners or affiliates;
  3. if, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or

4.    SERVICE UPDATES AND MARKETING PREFERENCES

A.     How we use personal information to keep you up to date with our Services

To protect privacy rights and to ensure you have control over how we manage marketing with you we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you.

B.     How you can manage your marketing preferences

You can opt out of certain marketing communications and use of your information for marketing at any time by contacting careteam@springhealth.com or by clicking on the “unsubscribe” link you will find on all marketing messages to you and requesting to be removed from future

communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email).

5.    TRANSFERRING PERSONAL INFORMATION GLOBALLY

  1. Spring Health is a US based business. Accordingly, regardless of your location, your personal information will be transferred to and stored in the US, which may be subject to different standards of data protection than your home jurisdiction. Spring Health will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and

To this end:

  1. We ensure transfers within Spring Health entities and affiliates will be covered by an agreement entered into by members of Spring Health (an intercompany agreement) which contractually obliges each entity to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within Spring Health;
  2. Where we transfer your personal information outside Spring Health or to third parties who help provide our Services, we obtain contractual commitments from them to protect your personal Some of these assurances are well recognized requirements like the use of EU Standard Contractual Clauses for the protection of personal information transferred from within the EU to countries outside of the EU; or
  3. Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are
  4. You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned

6.      HOW WE PROTECT AND STORE YOUR INFORMATION

A.     Security

We have implemented and maintain appropriate administrative, physical and technical security measures, policies and procedures that are reasonable and appropriate to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information as reasonable and appropriate to the nature of the information concerned. Measures we take include placing confidentiality requirements on our staff members and service providers and destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected. As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect user IDs and passwords please take appropriate measures to protect this information.

B.     Storing your personal information

  1. We will retain your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy policy. In some circumstances we may store your personal information for longer periods of time as required or permitted by law, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting
  2. In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or
  3. As our operations are conducted from the US, subject to the information set out in Section V TRANSFERRING YOUR INFORMATION GLOBALLY, all personal information that we collect is used and stored in the US, is subject to US laws, and may be subject to disclosure to US governments, courts or law enforcement or regulatory agencies pursuant to those

7.     LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY

  1. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information (as further detailed below), including the right:
  1. To access personal information
  2. To rectify / erase personal information
  3. To restrict the processing of your personal information
  4. To transfer your personal information
  5. To object to the processing of personal information
  6. Withdraw consent for processing of personal information
  7. To object to how we use your personal information for direct marketing purposes
  8. To obtain a copy of personal information safeguards used for transfers outside your jurisdiction
  9. To lodge a complaint with your local supervisory authority

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us at careteam@springhealth.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

B.     Right to access personal information

You have a right to request that we provide you with a copy of your personal information that we hold, and you have the right to be informed of; (a) the source of your personal information;

(b) the purposes, legal basis and methods of processing; (c) the controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

C.     Right to rectify or erase personal information

  1. You have a right to request that we rectify inaccurate personal We may seek to verify the accuracy of the personal information before rectifying it.
  2. You can also request that we erase your personal information in limited circumstances where:
  3. it is no longer needed for the purposes for which it was collected; or
  4. you have withdrawn your consent (where the data processing was based on consent); or
  5. following a successful right to object (see right to object); or
  6. it has been processed unlawfully; or
  7. to comply with a legal obligation to which Spring Health is
  8. We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
  9. for compliance with a legal obligation; or
  10. for the establishment, exercise or defence of legal claims;

D.     Right to restrict the processing of your personal information

  1. You can ask us to restrict your personal information, but only where:
  2. its accuracy is contested, to allow us to verify its accuracy; or
  3. the processing is unlawful, but you do not want it erased; or
  4. it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  5. you have exercised the right to object, and verification of overriding grounds is pending.
  6. We can continue to use your personal information following a request for restriction, where:
  7. we have your consent; or
  8. to establish, exercise or defend legal claims; or
  9. to protect the rights of another natural or legal

E.      Right to transfer your personal information

  1. You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:

  • the processing is based on your consent or on the performance of a contract with you; and
  • the processing is carried out by automated

F.      Right to object to the processing of your personal information

G.     Right to withdraw consent

Where we have obtained your consent as our legal basis to process your personal data, you have the right to withdraw consent at any time by emailing careteam@springhealth.com. Please note that in some instances, where you withdraw your consent this may negatively impact our ability to provide you with the Services.

H.     Right to object to how we use your personal information for direct marketing purposes

You can opt out of certain marketing communications and use of your information for marketing at any time by contacting careteam@springhealth.com or by clicking on the “unsubscribe” link you will find on all marketing messages to you and requesting to be removed from future communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email).

You can also request that we change the manner in which we contact you for marketing purposes or request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.

I.         Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union and the United Kingdom.

We may redact data transfer agreements to protect commercial terms.

J.       Right to lodge a complaint with your local supervisory authority

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

K.                 Post-mortem rights

You have the right to set out instructions (general or specific) about what happens to your personal data after your death.

8.        CONTACT US

If you have any questions about this privacy policy, please contact us at compliance@springhealth.com or our Data Protection Officer (IT Governance Europe Limited) at eurep@itgovernance.eu.

Spring Health has appointed a data protection representative in the United Kingdom IT Governance Europe Limited who can be contacted at: eurep@itgovernance.eu.

Please ensure to include our company name in any correspondence you send.

If you have any questions, concerns or complaints regarding our compliance with this privacy policy and data protection laws, or if you wish to exercise your rights, we encourage you to first contact compliance@springhealth.com. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by data protection laws.

Last Updated: April 7, 2022

SPRING CARE, INC. PRIVACY POLICY

Spring Care, Inc. is responsible for your personal information.

Spring Care, Inc. and its affiliates (collectively referred to as “Spring Health”, “we“, “us“) takes its data protection and privacy responsibilities seriously. This privacy policy describes our practices in connection with information that we collect through (including any access to) (1) the Spring Health website currently located at https://benefits.springhealth.com, materials and services available therein, and successor website(s) thereto, together with any Content: meaning text, data, graphics, images, photographs, video, audio, information, suggestions, guidance, content and other materials provided, made available or otherwise found on the website (“Website”), (2) the software applications we may make available for use on or through computers and mobile devices (“Apps”), (3) the quizzes, tests, and questionnaires (and results thereof) we make available on or through the Website or Apps (“Questionnaires”), (4) the booking system should you avail of additional professional services through our contractors, counselors, therapists or other service providers (“Providers”), and (5) call recordings when you call our call center phone numbers (all of the foregoing, collectively, “Services”). We follow this privacy policy in accordance with applicable laws in the places where we operate.

This privacy policy also explains how we collect, use and share personal information if you are or represent one of our Providers, including if you go through the application process to become one of our Providers.

Specifically, this privacy policy describes:

  • What personal information we collect and when and why we use
  • How we share personal information within Spring Health and with our service providers, regulators and other third parties
  • How we use your information to provide Service updates to you and how you can manage your marketing preferences
  • Transferring personal information globally
  • How we protect and store personal information
  • Legal rights available to help manage your privacy
  • How you can contact us for more support

1.      UPDATES TO THIS PRIVACY POLICY

We may amend this privacy policy from time to time to keep it up to date with legal requirements and the way we operate our business. We will post those changes prominently, so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. Please regularly check these pages for the latest version of this privacy policy.

You might find external links to third party websites on our Website. This privacy policy does not apply to your use of a third party site.

2.    WHAT PERSONAL INFORMATION WE COLLECT AND WHEN AND WHY WE USE IT

A.     When we collect personal information

We collect information about you if you:

  • register with, use our Services or engage with our Website, or
  • work with us as a Provider, collectively (“you“).

B.     Personal information we collect and use if you register with or use our Services or if you engage with our Website:

1.             Personal information collected if you use our Website or Services includes:

  • Personal details: first name and surname, date of birth, email address, country of residence, username and password.
  • Sensitive information about you: racial origin and health information i.e. general information about your health and wellbeing, including indications about your overall mood and daily habits, information on your mental wellbeing, daily habits, activity levels, daily nutrition and eating habits as well as information about your personal, family and social life which is entered by you when registering for an account or in any Questionnaires we make available through the Services.

2.             Other information when you use our Services or engage with our Website

Other information collected if you use our Services or engage with our Website includes:

  • Browser and device information: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using.
  • App usage data: When you use the Apps, we and our service providers may track and collect usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
  • Information gathered through use of cookies, pixel tags or other technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of users of the Services (including email recipients), and compile statistics about usage of the Services and response rates as well as general demographic information and aggregated information.
  • Other personal information: IP address, location data and information around your preferred means of communication.

If you submit any personal information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this privacy policy.

3.             We may use personal data collected if you use our Websites or Services or if you consent or as permitted by applicable law in the following ways:

  • To provide you with the Services you request, which may be combination of the use or engagement with our Website, App, Questionnaires and/or Providers.
  • To respond to your inquiries, fulfil your requests, and send you communications that you request, such as the results of any Questionnaire that you have taken.
  • To send administrative information to you, for example, information regarding the Services and changes to our terms, conditions and policies.
  • To market our Services to you. This includes sending communications about our Services, features, studies, surveys, news, updates, and events. We may do so through various methods, including email, in app communications and ads, and ads on third party platforms.
  • For our internal management and business purposes, such as data analysis, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage trends.
  • We may use personal information, including sensitive information, from many Services users to create non-identifiable “aggregate data” (for example, reports that calculate the percentage of users who have a particular response to or result from the Questionnaires) that may be disclosed to third parties.
  • If you provide to us any ideas, proposals, suggestions, recommendations or other materials (“Feedback”), whether related to the Services or otherwise.
  • As we believe to be necessary or appropriate, and only as permitted under applicable law (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
  • To personalize your experience on the Services, for example, by presenting Questionnaires and similar services to you.

4.             The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • you have provided your consent to us using the personal information, for example by opting in to receiving the Service, by registering for an account or by voluntarily inputting your personal information g., when you answer a Questionnaire;
  • our use of your personal information is in our legitimate interest as a commercial organisation (for example for our internal management and business purposes, such as data analysis, to ensure that the Services function properly, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage trends). In these cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the section below LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY;
  • our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you for example where you have opted to receive the Services it is mandatory to provide your name and email address to register your account in order to receive the Services. For further information please see our Terms of Service (https://care.springhealth.com/terms_of_service); and/or
  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example, to comply with legal process, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
  • If you would like to find out more about the legal basis for which we process personal information, please contact us at compliance@springhealth.com.

C.     Personal information we collect if you work with us as a Provider

1.  Personal information collected if you apply to work with us as a Provider, and continue to work with us as a Provider, includes:

  • Personal details: such as your name, email address, photo, maiden name; alias(es); current and previous addresses; birth date; birth place; ID number (which may include passport, national ID card, driver’s license) and mother/father’s complete name.
  • Information about your employment status: employer name; employer contact details; manager name; manager contact details; job title; pay rate; dates of employment; reason for leaving employment.
  • Information about your education and qualifications: school name; school contact details; student number; qualification details; field of study; school attendance dates; school graduation dates.
  • Other information: payment information so that we can make payments to you and information contained on our communications systems, these are the Spring Health communications facilities used by you (email, phone, mobile phone and computer communication).

2.  If you are one of our Providers, we may use your personal data in the following ways:

  • To determine, perform and execute the terms on which you, or the organization you represent will be engaged by us and communicate with you;
  • To pay and administer your fees;
  • To administer other requests or services requested by you throughout your engagement with us;
  • To ensure the smooth running of our engagement with you (including all of the activities that need to be undertaken before, during and after such engagement for instance to confirm your eligibility to work with us as a Provider. );
  • To monitor against and prevent cyber-security issues and unauthorised use of our information, IT systems and/or equipment;
  • Maintain photo identification of you for your profile; or
  • Where it may be necessary, to file legal proceedings, investigate, establish, exercise or defend a legal claim; and settle legal claims.

3.  The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you, e. the Contractor Agreement;
  • our use of your personal information is in our legitimate interest as a commercial organisation (for example to monitor against and prevent cyber-security issues and unauthorised use of our information, IT systems and/or equipment, or maintain photo identification of you for your profile); and/or
  • our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example, to comply with legal process, respond to requests from public and government authorities, protect our operations or those of any of our affiliates including in connection with investigating security incidents; or to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
  • If you would like to find out more about the legal basis for which we process personal information please contact us at compliance@springhealth.com.

3.       SHARING PERSONAL INFORMATION WITHIN SPRING CARE, WITH OUR SERVICE PROVIDERS, AND OTHER THIRD PARTIES

A.     We may share your information under limited circumstances in the manner and for the purposes described below:

  1. within Spring Health, where such disclosure is necessary to provide you with our Services or to manage our business, including with our Spring-branded Medical Professional Corporation, SH Medical Care of Kansas,PC
  2. with third parties who help manage our business and deliver Services, for example:
  3. we will provide your personal information to our Providers, as necessary to allow you to avail of that specific element of our Services;
  4. if you are one of our Providers, we will share your information with third parties to confirm your eligibility to carry out the Services.

These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These may also include website hosting, data storage and analysis, scheduling platforms, information technology and related infrastructure provision, email delivery, auditing and other services.

  1. with our regulators, which may include but is not limited to the Information Commissioner’s Office (ICO), Commission Nationale de l’Informatique et des Libertés (CNIL), the German data protection authorities, the Data Protection Commission (DPC), and the Swedish Authority for Privacy Protection (IMY), and the Spanish Data Protection Commissioner (Agencia Española de Protección de Datos, (AEPD)), to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
  2. with our partners or affiliates, in aggregate, statistical form, non-personal information regarding the visitors to our Website, traffic patterns, and Website usage with our partners or affiliates;
  3. if, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or assets.

4.    SERVICE UPDATES AND MARKETING PREFERENCES

A.     How we use personal information to keep you up to date with our Services

To protect privacy rights and to ensure you have control over how we manage marketing with you we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you.

B.     How you can manage your marketing preferences

You can opt out of certain marketing communications and use of your information for marketing at any time by contacting careteam@springhealth.com or by clicking on the “unsubscribe” link you will find on all marketing messages to you and requesting to be removed from future communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email).

5.    TRANSFERRING PERSONAL INFORMATION GLOBALLY

  1. Spring Health is a US based business. Accordingly, regardless of your location, your personal information will be transferred to and stored in the US, which may be subject to different standards of data protection than your home jurisdiction. Spring Health will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests.

To this end:

  1. We ensure transfers within Spring Health entities and affiliates will be covered by an agreement entered into by members of Spring Health (an intercompany agreement) which contractually obliges each entity to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within Spring Health;
  2. Where we transfer your personal information outside Spring Health or to third parties who help provide our Services, we obtain contractual commitments from them to protect your personal Some of these assurances are well recognized requirements like the use of EU Standard Contractual Clauses for the protection of personal information transferred from within the EU to countries outside of the EU; or
  3. Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are disclosed.
  4. You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.

6.      HOW WE PROTECT AND STORE YOUR INFORMATION

A.     Security

We have implemented and maintain appropriate administrative, physical and technical security measures, policies and procedures that are reasonable and appropriate to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information as reasonable and appropriate to the nature of the information concerned. Measures we take include placing confidentiality requirements on our staff members and service providers and destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected. As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect user IDs and passwords please take appropriate measures to protect this information.

B.     Storing your personal information

  1. We will retain your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy policy. In some circumstances we may store your personal information for longer periods of time as required or permitted by law, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements.
  2. In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
  3. As our operations are conducted from the US, subject to the information set out in Section V TRANSFERRING YOUR INFORMATION GLOBALLY, all personal information that we collect is used and stored in the US, is subject to US laws, and may be subject to disclosure to US governments, courts or law enforcement or regulatory agencies pursuant to those laws.
  4. If you are using our Services and based in Germany, we are subject to various storage
    and documentation obligations resulting among others from the German Commercial
    Code (HGB) and the German Fiscal Code (AO). The time limits specified there for
    storage and documentation are up to ten years. Finally, the storage period is also
    determined by the statutory limitation periods, which can be up to thirty years, for
    example, according to §§ 195 et seq. of the German Civil Code (BGB), with the regular
    limitation period being three years.

7.     LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY

  1. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information (as further detailed below), including the right:
  1. To access personal information
  2. To rectify / erase personal information
  3. To restrict the processing of your personal information
  4. To transfer your personal information
  5. To object to the processing of personal information
  6. Withdraw consent for processing of personal information
  7. To object to how we use your personal information for direct marketing purposes
  8. To obtain a copy of personal information safeguards used for transfers outside your jurisdiction
  9. To lodge a complaint with your local supervisory authority

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us at careteam@springhealth.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

B.     Right to access personal information

You have a right to request that we provide you with a copy of your personal information that we hold, and you have the right to be informed of; (a) the source of your personal information;(b) the purposes, legal basis and methods of processing; (c) the controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

C.     Right to rectify or erase personal information

  1. You have a right to request that we rectify inaccurate personal We may seek to verify the accuracy of the personal information before rectifying it.
  2. You can also request that we erase your personal information in limited circumstances where:
  3. it is no longer needed for the purposes for which it was collected; or
  4. you have withdrawn your consent (where the data processing was based on consent); or
  5. following a successful right to object (see right to object); or
  6. it has been processed unlawfully; or
  7. to comply with a legal obligation to which Spring Health is subject.
  8. We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
  9. for compliance with a legal obligation; or
  10. for the establishment, exercise or defence of legal claims;

D.     Right to restrict the processing of your personal information

  1. You can ask us to restrict your personal information, but only where:
  2. its accuracy is contested, to allow us to verify its accuracy; or
  3. the processing is unlawful, but you do not want it erased; or
  4. it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  5. you have exercised the right to object, and verification of overriding grounds is pending.
  6. We can continue to use your personal information following a request for restriction, where:
  7. we have your consent; or
  8. to establish, exercise or defend legal claims; or
  9. to protect the rights of another natural or legal

E.      Right to transfer your personal information

  1. You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:

  • the processing is based on your consent or on the performance of a contract with you; and
  • the processing is carried out by automated means.

F.      Right to object to the processing of your personal information

G.     Right to withdraw consent

Where we have obtained your consent as our legal basis to process your personal data, you have the right to withdraw consent at any time by emailing careteam@springhealth.com. Please note that in some instances, where you withdraw your consent this may negatively impact our ability to provide you with the Services.

H.     Right to object to how we use your personal information for direct marketing purposes

You can opt out of certain marketing communications and use of your information for marketing at any time by contacting careteam@springhealth.com or by clicking on the “unsubscribe” link you will find on all marketing messages to you and requesting to be removed from future communications. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email).

You can also request that we change the manner in which we contact you for marketing purposes or request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.

I.         Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union and the United Kingdom.

We may redact data transfer agreements to protect commercial terms.

J.       Right to lodge a complaint with your local supervisory authority

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

K.                 Post-mortem rights

You have the right to set out instructions (general or specific) about what happens to your personal data after your death.

8.        CONTACT US

If you have any questions about this privacy policy, please contact us at compliance@springhealth.com or our Data Protection Officer (IT Governance Europe Limited) at eurep@itgovernance.eu.

Spring Health has appointed a data protection representative in the United Kingdom IT Governance Europe Limited who can be contacted at: eurep@itgovernance.eu.

Please ensure to include our company name in any correspondence you send.

If you have any questions, concerns or complaints regarding our compliance with this privacy policy and data protection laws, or if you wish to exercise your rights, we encourage you to first contact compliance@springhealth.com. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by data protection laws.