PRIVACY POLICY
Effective 03.04.2022
Welcome!
This Privacy Policy is here to help you understand how we collect, use, disclose, and process your Personal Data (defined below). We also describe your choices and rights with respect to how we process that Personal Data. Please read this policy carefully.
Your use of our Services indicates your acknowledgment of this Policy.
Who We Are
This service is owned or operated by Wider Circle, Inc. (“Wider Circle”). Wider Circle and its affiliates are referred to as “we,” “us,” or “our” and “you” or “your” refers to any User of our Service. Our principal office is located at 50 Woodside Plaza, Suite 743, Redwood City, CA 94061. You can contact us using the information below.
Scope & Third Parties
This Policy applies to our “Services” which includes our public website at widercircle.com (“Corporate Site”), the Wider Circle web application, our mobile applications (“Mobile App(s)”), and any other website or services where this Privacy Policy is posted.
You are subject to the Terms of Use for our Services. Any capitalized term not defined in this Policy will have the definition provided in our Terms of Use. If you are a Plan or Partner (defined below), you may be subject to additional terms relating to your interaction with our Services. Additionally, if you are a User of the Service, you may be subject to separate terms or agreements with Plans or Partners.
This Policy applies only to the processing of Personal Data via our Service. This Policy does not apply to information processed by third parties, including when you visit a third-party website or interact with third-party services, unless those parties collect or process information on our behalf. This Policy does not apply to Plans, nor to our Partners, and these parties may collect and process additional Personal Data from you or process it for their own purposes, even if you establish a relationship with that party through our Service.
Finally, although we may work with Plans, in the context of these Services, Wider Circle is not acting as a Covered Entity nor a Business Associate as defined in the Health Insurance Portability and Accountability Act (“HIPAA”), and this Policy does not apply to our processing of Protected Health Information (“PHI”), as defined by HIPAA. Processing of PHI is subject to the Notice of Privacy Practices of the Covered Entity (e.g. a Plan).
Please review any relevant third parties’ privacy policies for information regarding their privacy practices. We are not responsible for the processing of Personal Data by third parties other than our service providers.
Collection and Use of Personal Data
Personal Data We Collect
Our Services allow individuals, consumers, and members (collectively, “Users”) of our client plans and partners (“Plans”) to connect and participate in meet-ups with other Users as well as certain healthcare and wellness partners (“Partners”). User and Partner meetups, as well as our Services, are supported by “Administrators,” who include member ambassadors (“Ambassadors”) and Wider Circle program facilitators (“Facilitators”).
In order to provide our Services, we may collect and process information that relates to identified or identifiable individuals (“Personal Data”). We collect and process the following categories of Personal Data (note, specific Personal Data elements are examples and may change):
Identity Data: Personal Data about you and your identity, such as your name, username, profile data, and other Personal Data you may provide on registration forms or as part of an account profile.
Contact Data: Identity Data used to contact an individual, e.g. email address, physical address, and phone number.
Event Data: Data relating to event registrations and related transactional information, such as date, general location, event title/purpose and related matters.
Financial Data: Data relating to credit cards, or other payment methods you may input in connection With a financial transaction on our Services.
Device Data: Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID or similar device/application specific OS identifiers, identifiers from cookies, session history and similar browsing metadata, and other data generated through applications and browsers, including via cookies and similar technologies.
Usage Data Data about your activity on and use of our Services, such as site and app performance data, browsing metadata; search history; device and software interactions; user navigation flows; clickstream data; software and device crash data, performance and other diagnostic data; and other device connectivity and usage data.
User Content: Personal Data included in content provided by Users of the Services in any free-form or unstructured format, such as in a “contact us” box, free text field, in a photo, file or document, or messages.
Inference Data: Personal Data relating to inferences drawn from Personal Data to create a profile, e.g. inferred preferences, affinities, and traits.
Health Data: Personal Data relating to Users’ mental or physical health conditions or diagnoses, including information from Plan claim data (this may be considered “Sensitive Information” or a “special category” of Personal Data under applicable law.)
How We Collect Personal Data
We collect Personal Data from various sources based on the context in which the Personal Data will be processed:
You: We collect Personal Data from you directly, for example, when you register through our Service, input information into our Service, or contact us directly.
Your Devices: We may collect certain Personal Data automatically from your devices. For example, we collect Device Data automatically using cookies and similar technologies when you use access our Corporate Sites, access certain portions of our Service, or when you open our marketing communications.
Plans: We may receive Personal Data from the Plans with which Users are associated, subject to any applicable consents and Plan policies. Plans may provide Personal Data directly, or grant us ongoing access to systems or APIs making Personal Data available to us.
Service Providers: We receive Personal Data from third parties with whom we have a relationship in connection with their performance of services or processing of transactions on our behalf.
Data we create: We (or third parties operating on our behalf) create and infer Personal Data based on our observations or analysis of other Personal Data we process, and we may correlate this data with other data we process about you.
How we Process Personal Data
Account Registration & Use
Users may be required to register for our Service. When Users create an account on our Service, we process certain Personal Data, which typically includes Identity Data, Device Data, and Contact Data. You may be required to provide a phone number in order to register, and your phone number will be your primary login credential. Further, to the extent made available by a User, we may also collect Health Data. Finally, if you enter into a paid subscription or other financial transaction, we (or our third party service providers) may collect Identity Data, Contact Data and Financial Data in connection with the payment transaction.
Upon account creation, we create Inference Data (which may reflect Health Data) relating to the User based on the registration information, and create an account profile and suggest group associations, as described in the Personalization section below. We use this Personal Data primarily to create, maintain, and provide you with important information about your account, verify your eligibility to receive the services, and provide the features and services you request. We may also use such Personal Data for our first-party marketing purposes, subject to your rights and choices, as described in the Marketing Communications section below. We process Financial Data only as necessary to process the payment transaction.
Service and Mobile App
When you use the Service, we may suggest a group or groups for you to join, and once you join, we will allow you to connect with other Users in the group, as well as view and participate in group events, and connect with Group Administers. To provide these features, we process Personal Data such as Identity Data, Contact Data, Device Data, Usage Data, Event Data, Health Data, and Inference Data. We generally process this Personal Data through the Service as necessary to manage event registration, connect Users with other Users and relevant Administrators, to suggest groups, events, or Partners that may be of interest to you, and otherwise provide the Services you request.
Further, once you join a group, to help facilitate events and support your use of the Service, we may make your Identity Data, Event Data, and Contact Data available to Administrators of the group, and other group members. These Administrators and group members may contact you using our messaging services.
We may create Inference Data based on the registration information, and create an account profile and suggest group associations. For example, we may use your registration data, Event Data, User connections, and related information to create related Inference Data regarding health, wellness, or personal affinities or preferences. For more information, please see the Personalization section below.
Posts, Messaging, and Communications Services
We may allow you to publicly post messages or content in your group, and we may provide messaging or other communications services (e.g. chat/voice/SMS) that allow you to connect with other Users or Administrators. When you make a post or use a messaging service, we collect Identity Data, Contact Data, Usage Data, User Content, and Device Data. We use this information as necessary to manage, deliver, store, and secure the communications you send or that are sent to you and to make your post available. Your Identity Data and Contact Data, along with any Personal Data and User Content you make available in your communication, may be made available to any party to whom you send a message, and any post you make may be public to any other User or Administrator with access to the group.
Marketing Communications
We may offer email marketing communications (such as promotional emails), which you might receive if you register for an account, sign up on our Corporate Site to receive marketing communications, or engage in a transaction allowing us to send you marketing communications. We use Identity Data, Contact Data, Inference Data, and (to the extent permitted) Health Data in order to customize, deliver, and otherwise process marketing communications, and in order to tailor certain communications to individuals’ preferences and requests. Additionally, we may process Device Data from devices receiving those marketing communications as part of our business interests in understanding whether our emails are opened or other aspects of engagement with these marketing communications.
Feedback and Surveys
We generally process Identity Data, Contact Data, and User Content collected in connection with customer surveys or questionnaires. We generally process this Personal Data as necessary to respond to User requests, to create aggregate analytics regarding customer satisfaction, and to improve our services. We may also store and analyze feedback for our purposes, for example, to personalize our Service.
Contact Us
When you contact us though the Services using a contact us box or via email, we process Personal Data such as Identity Data, Device Data, and any Personal Data contained within any User Content. We use Identity Data, Contact Data, and User Content as necessary to communicate with you about the subject matter of your request and related matters. We may use such Personal Data for marketing purposes where permitted by local laws (see below) and relevant to the subject matter or your inquiry.
Cookies and Similar Tracking Technologies
We, and certain third parties, automatically collect and process Identity Data, Usage Data, Device Data, and Inference Data when you interact with cookies and similar technologies on our Services. We may receive this data from third parties to the extent allowed by the applicable partner. Please note that the privacy policies of third parties may also apply to these technologies and the Personal Data collected through them.
Subject to your rights & choices, we may use this information as follows:
- for “essential” or “functional” purposes, such as to enable certain features of the Services, or keeping you logged in during your session; and
- for “analytics” and “personalization” purposes, consistent with our business interests in analyzing Users’ use of the Service. We use this data to understand how Plans, Partners and Users use the Service, how the Services performs, how Users engage with and navigate through the Service, what sites Users visit before visiting our Corporate Site, how often they visit our Site, and other similar information, as well as to greet Users by name and modify the appearance of the Services to usage history, tailor the Services based on geographic location, and understand characteristics of Users in certain locations.
Note: Some of these technologies can be used to identify you across platforms, devices, sites, and services.
Business Purposes of Processing
In addition to the processing described above, we generally process any Personal Data we collect or create for several common business purposes. For example, we process your Personal Data as follows:
Service Provision and Contractual Obligations
We process any Personal Data as is necessary to provide the Services, authenticate Users and their rights to access the Services, and as otherwise necessary to fulfill our contractual obligations to you, and provide you with the information, features, and Services you request.
Internal Processes and Service Improvement
We may use any Personal Data we process through our Services as necessary in connection with our legitimate business interests in improving the design of our Services, understanding how are Services are used or function, for customer service purposes, and for ensuring the security and stability of the Services.
Personalization
We process Personal Data in connection with our legitimate business interest in personalizing the Service. For example, the Services may be customized to you so that it displays your name, reflects service preferences or to display content to you based on your interactions with our Service, Plan/group affiliations, Event Data, and the like. This processing may involve the creation and use of Inference Data relating to your preferences.
We may also analyze any Personal Data we hold about you (subject to your rights and choice below) to create and augment User profiles that we use for personalization purposes. For example, we analyze Personal Data and create Inference Data that we use to assess potential group affiliations, match you with support resources or Administrators, suggest relevant events, suggest User connections, and to enrich our customer experience. We may also send transactional or first-party marketing communications that are personalized using our User profile data. We may use also use this information to personalize future features or services available through our Service, however, User profiles are only used for our internal purposes and to provide the Service, and we do not sell User profile information or grant access to User profiles to third parties
Aggregate Analytics
We will collect and aggregate your Personal Data and information about your use of the Services in order to identify certain trends in how our Services are used, perform, or to develop improvements to our Service (“Aggregated Data”). Aggregated Data will not contain information from which you may be personally identified. We may share Aggregated Data with third parties, including for research and public health purposes, or with Plans as part of client reporting, to give them a better understanding of our business and improve the marketability or performance of our Services.
Compliance, Health, Safety & Public Interest
We may, without your consent or further notice to you, and to the extent required or permitted by law, process any Personal Data for purposes determined to be in the public interest, as required by law, or as necessary in connection with the establishment or defense of our legal rights. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, to establish claims for violations of applicable contracts, for authorized medical or public health purposes, or as otherwise in the public interest or required by a public authority. Please see the data sharing section for more information about how we disclose Personal Data in extraordinary circumstances.
Marketing Communications
We use Personal Data as necessary to provide marketing communications, and consistent with our legitimate business interests, we may send you marketing and promotional communications if you sign up for such communications or register for our Service. We may also process Device Data and Contact Data when you interact with our communications in connection with our interest in understanding communication response and open rates.
Other Processing of Personal Data
If we process Personal Data in connection with our Services in a way not described in this Privacy Notice, this Privacy Notice will still apply generally (e.g. with respect to users’ rights and choices) unless otherwise stated when you provide it.
Data Sharing
Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the categories of recipients or in connection with specific business purposes, each described below.
Plans
We process Personal Data on behalf of Plans and may share with Plans information relating to Users’ use of the Service.
Partners
If you register for an event operated by a Partner, we may share Identity Data, Contact Data, and Event Data with the Partner. Partners may have their own privacy practices that apply to the use of data they receive from or about participants that participate in the event. Please see the Partner’s privacy policy for more information.
Administrators
When you join a group, we may make certain Personal Data available to Administrators associated with that group, or the Plan. Certain Ambassadors (other Users who are members in the group) may have access to Identity Data and Contact Data, as well as event registration data of all members of the group, and may access this Personal Data to facilitate event management, support, and related matters. Additionally, Facilitators (acting on behalf of Wider Circle) may have access to your Identity Data, Contact Data, as well as your account profile, as necessary to provide support, make recommendations, and help you make the most out of our Services.
Users
Other Users in your Group may have access to limited Identity Data and, by default, may be allowed to contact other Users of the group via our Services. Additionally, if you communicate with other Users, Contact Data and Identity Data, as well as any other Personal Data in your communications may be shared with those Users. We may make features available to limit the sharing of Personal Data or communications with Users. Contact support if you have concerns regarding the sharing of Personal Data with other Users.
Service Providers
In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other lawful business interests, we may share Personal Data with service providers or subprocessors who provide certain services or process data on our behalf. For example, we may use cloud-based hosting providers to host our Services or disclose information as part of our own internal operations, such as security operations, internal research, etc.)
Corporate Events
Your Personal Data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.
Affiliates
In order to streamline certain business operations, share promotions and content we believe would be of interest to you, and develop products and services that better meet the interests and needs of our customers, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.
Legal Disclosures
In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use or a customer agreement, or in the vital interests of us or any person. Note, these disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.
All of the above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Your Rights & Choices
Your Rights
Applicable law may grant you rights in your Personal Data. These rights vary based on your location, state/country of residence, and may be limited by or subject to our own rights in your Personal Data. You may contact us with respect to rights requests at privacy@widercircle.com.
All rights requests we receive must be verified to ensure that the individual making the request is authorized to make that request, to avoid fraud, and to ensure the security of your Personal Data. We may require that you log in to your account or verify that you have access to your account or the email on file in order to verify your identity. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.
For information regarding Privacy Rights under the CCPA (if you are a California resident), please see below.
Note: We are able to fulfill rights requests regarding Personal Data that we control or process. Please contact the Plan, Partner, or other appropriate third party directly to exercise your rights in information controlled by those parties.
Your Choices
You may have the following choices regarding the Personal Data we process, to the extent required under applicable law:
Consent: If you consent to processing, you may withdraw your consent at any time. You may be required to close your account in order to withdraw consent where your consent is necessary to perform essential aspects of our Services.
Direct Marketing: You have the choice to opt-out of or withdraw your consent to marketing communications. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choice via the links in our communications or by contacting us re: direct marketing.
Cookies/Similar Tech: If you do not want information collected through the use of cookies and similar technologies, you can manage/deny cookies and certain similar technologies using your browser’s settings menu. You must opt out of the use of some third-party services directly via the third party. For example, to opt-out of Google’s analytic services, please see the Google Analytics Opt-out.
Other Processing: You may have the right under applicable law to object to our processing of your Personal Data for certain purposes, including without limitation, situations where we process in accordance with our business interests. You may do so by contacting us re: data rights requests. Note that we may not be required to cease processing based solely on your objection.
Security
Across all of our Services, we implement and maintain reasonable security measures to safeguard the Personal Data you provide us. While we strive to keep our Services secure, we cannot warrant perfect security and so we do not provide any guarantees that your Personal Data or any other information you provide us will remain secure. Note, we sometimes share Personal Data with third parties as noted above, and though we may require them to meet certain security requirements, we do not have control over third parties’ security processes.
Data Retention
We retain information for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law. We will review retention periods periodically, and may sometimes pseudonymize or anonymize data held for longer periods, if appropriate.
Minors
Our Services are neither directed at nor intended for use by individuals under the age of 18. Further, we do not knowingly collect Personal Data from such individuals. If we learn that we have inadvertently done so, we will promptly delete it.
International Transfers
We operate in and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. may not provide the same legal protections guaranteed to Personal Data in foreign countries. Contact us for more information regarding transfers of data to the U.S.
Your California Privacy Rights
Under the California Consumer Privacy Act (“CCPA”) and other California laws, California residents may have the following rights, subject to your submission of an appropriately verified request (see below for verification requirements):
Privacy Rights
Right to Know
You have the right to request any of the following, for the 12 month period preceding your request: (1) the categories of Personal Data we have collected about you, or that we have sold, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the business or commercial purpose for which we collected or sold your Personal Data; (4) the categories of third parties to whom we have sold your Personal Data, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data we have collected about you.
Right to Delete
You may have the right to delete certain Personal Data that we hold about you, subject to exceptions under applicable law.
Right to Non-Discrimination
You may have the right to not to receive discriminatory treatment as a result of your exercise of any rights conferred by the CCPA.
Right to Correct
You may have the right to request to have inaccurate information corrected.
Direct Marketing
You may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes (if any) during the preceding calendar year.
Limit Use and Disclosure
You may have the right to limit the use and disclosure of certain Sensitive Personal Information
Opt-Out of Sale
At this time, we do not sell Personal Data. If we engage in sales of Personal Data in the future (as defined by applicable law), you may direct us to stop selling Personal Data.
Submission of Rights Requests
You may submit rights requests to us at privacy@widercircle.com. You may be required to provide additional verification information in order to complete your request, as described below.
Verification of Rights Requests
All rights requests must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Data. We may require that you provide the email address we have on file for you (and verify that you can access that email account) and we may request additional information such as an address, phone number, or other data we have on file, in order to verify your identity. Depending on the sensitivity of the Personal Data you request and what type of request you submit, we may request additional information from you. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.
Supplemental Data Processing Disclosures
Categories of Personal Data Disclosed for Business Purposes
For purposes of the CCPA, we may disclose to Service Providers for “business purposes” the following categories of Personal Data: Identity Data, Contact Data, Event Data, Device Data, Usage Data, Health Data, User Content, and Inference Data.
Data Sale
For purposes of the CCPA, we do not “sell” your Personal Data.
Changes to Our Policy
We may change this Policy from time to time. Please visit this page regularly so that you are aware of our latest updates. Your use of the Services following notice of any changes indicates acceptance of any changes.
Contact Us
Feel free to contact us with questions or concerns using the appropriate address below.
Security inquiries: security@widercircle.com
Privacy Rights & Compliance: privacy@widercircle.com