Effective: October 01, 2021
Protecting your personal data is important to Stairs Healthcare Corporation (Stairs Healthcare or “Stairs”) and its services which include this web site (www.stairshealthcare.com), and the information, products and services that we provide to you and every user through our different platforms. When you use any of our websites or mobile applications (the “Platform”) or use our our engagement/customer relationship management platforms and services (“CRM”), we may collect information about you, including information that can be used to identify you (“Personal Information”).
Additionally, we may collect Personal Information from your health plan, your employer’s self-funded health plan, your employer, a health service provider, your pharmacy and/or other similar types of entities (your “Sponsor”) or from other third parties described in this Privacy Notice. In some cases, the Personal Information we collect may include Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act (“HIPAA”), which is a regulated subset of Personal Information. We collect this data to provide you with the services and functionality that you request (the “Services”), as well as for the other purposes described in this Privacy Notice.
Stairs Healthcare Corporation has created this Privacy Policy to explain what information we gather from you when you use our Services, how we may use this information, the security approaches we use to protect your information, and how you can access and request modification of certain information that we may store about you. By accessing the Platform or using the Services, you expressly agree that we may collect, process, and share your information (including Personal Information) consistent with this Privacy Notice and to the Terms of Use.
1. INFORMATION ABOUT OUR SERVICES
The Services may allow you to connect to independent third parties that offer programs, resources, content, activities and/or services in categories such as health and wellbeing, condition management, benefits, financial health, etc. (each a “Connect Partner”). These Connect Partners are separate and distinct entities from Stairs Healthcare Corporation, but we may exchange Personal Information with them as described in this Privacy Notice. If you agree to accept the services offered by a Connect Partner, such agreement is solely between you and the Connect Partner, and any information you provide to or that is collected by a Connect Partner is subject to that Connect Partner’s Privacy Notice. We are not responsible for the privacy practices or services of the Connect Partner.
2. WHAT INFORMATION DO WE COLLECT?
We collect personally identifiable information (“Personal Information”) and other non-individually identifiable information from you when you register on the Stairs Healthcare Corporation Platform and Services, respond to communication such as e-mail, or otherwise use the Stairs Healthcare Platform and Services in any manner.
2.a) Personal information: We may collect Personal Information including, but not limited to, the following categories:
- Name,
- Date of Birth,
- Email Address,
- Home Address,
- Business Address,
- Phone Number,
- Geolocation Data, and
- Biometric Information.
2.b) Other Health Information: We also collect Personal Information specifically related to your health including, but not limited to, the following categories:
- Health risk assessments,
- Physical Activity and Movement Data,
- Lab Scores,
- Medications and Prescriptions,
- Cognitive Health Data,
- Health Conditions or Diseases
- Health Plan Information,
- Insurance Information, and
- Nutrition habits.
2.c) Information and third-party services: we use and may allow third party service providers to use “cookies”, flash cookies, local shared objects, pixels, single pixel GIFs, clear GIFs, and/or other tracking technologies to enhance your experience and gather information about visitors and visits to Stairs Healthcare’s Platform and Services, including how you use the Stairs Healthcare Platform and Services (“Usage Data”). We may receive Personal Information from the Sponsor that qualifies as PHI, including claims information, lab and biometric information, electronic medical records/electronic health records, and program activity. We limit our use of such information to restrictions imposed by each Sponsor and HIPAA.
2.d) Usage Information: We may collect certain information automatically when you visit the Stairs Healthcare Platform, including:
- Your browser type and operating system,
- Your Internet Protocol (IP) address, which is the number automatically assigned to your computer whenever you access the Internet and that can sometimes be used to derive your general geographic area,
- Other unique identifiers, including mobile device identification numbers,
- Sites you visited before and after visiting the Platform,
- Pages you view and links you click on within the Platform,
- Information collected through cookies, web beacons, and other technologies,
- Information about your interactions with e-mail messages, such as the links clicked on and whether the messages were opened or forwarded, and
- Standard Server Log Information.
3. HOW DO WE USE YOUR INFORMATION?
We may use the Personal Information and other data we collect from you when you register, purchase services, respond to a survey or marketing communication, access or view the Stairs Healthcare Platform and Services or features in the following ways:
3.a) Providing the Services:
- To provide any legitimate business service or product,
- To personalize your services and to allow us to deliver the type of content and product offerings in which you are most interested (including to present offers to you on behalf of business partners and advertisers),
- To contact you when necessary or requested,
- To quickly process your transactions,
- To verify and validate your identity,
- To administer a promotion, survey or other services and features,
- To the extent you have not opted out of receiving marketing communications, to send you information about our products or Services, including by letter, email, text, telephone, or other forms of communication,
- To show you advertisements, including interest-based or online behavioral advertising,
- To troubleshoot problems with our services,
- To enforce the Terms of Service, and to detect and protect against error, fraud and other unauthorized or illegal activities,
- To operate and improve the Services available through us,
- To fulfill your requests for tools, software, functionality, features and other products, and services,
- To communicate with you and respond to your inquiries,
- To conduct research about your use of our products, and
- To help offer you other products, features or services that may be of interest.
We reserve the right to make full use of Usage Data. For example, we may use Usage Data to provide better service to Service visitors or end users, customize the Services based on your preferences, compile and analyze statistics and trends about the use of our Services and otherwise administer and improve our Services.
3.b) Providing the Services to Your Sponsor: We use your Personal Information to provide the Services to your Sponsor, including but not limited to:
- Administering and managing your Sponsor’s wellness program,
- Providing you with other services on behalf of your Sponsor,
- Providing you with rewards and incentives that you have earned,
- Generating analytical reports, and
- Developing, enhancing, and promoting the Services.
3.c) De-Identified Data: We anonymized and de-identify data by removing information that would allow the remaining data to be linked back to you. We may use the Aggregated Data for internal purposes, such as analyzing patterns and program usage to improve our services. Additionally, we may use Aggregated Data to analyze and understand demographic trends, user behavior patterns and preferences, and information that can help us enrich the content and quality of the Services.
To the extent we de-identify and use PHI, we rely upon applicable rules and guidance and under HIPAA. All de-identification of PHI is undertaken pursuant to the safe harbor provisions of the HIPAA Privacy Rule.
3.d) Analytics: We use analytics, machine learning, and automated decision-making technologies (“Analytics”) to support our data processing activities. Our Analytics rely upon Personal Information that we collect from your Sponsor, from you through surveys, from public sources, and from third parties. Using this Personal Information, our Analytics power our Platform and allow us to tailor our Services to your needs and goals.
4. HOW WE COLLECT INFORMATION
We may collect Personal information in the following ways:
4.a) From you: We may receive Personal Information directly from you such as your name, contact information (e.g., email address, home and business addresses, and phone number), identification number (e.g., member, employee), gender, birthdate. You may also choose to provide Personal Information regarding your health and personal interests when you participate in various activities (e.g., health assessments, challenges or contests, message boards, and engaging with a coach). Additionally, you may be required to provide Personal Information when submitting inquiries to us through the chat functionality, email or otherwise contacting us.
4.b) From sponsors: We may receive Personal Information from your Sponsor such as your name, contact information (e.g., email address, home and business addresses and phone number), identification number (e.g., member, employee), gender, birthdate, etc. We may also receive Personal Information from your Sponsor that qualifies as PHI under HIPAA, including claims information, lab and biometric information, electronic medical record/electronic health record and program activity.
4.c) From a connect partner: We may receive Personal Information from a Connect Partner such as your participation and completion of an activity. We may also receive health, clinical and fitness (e.g., program activity, biometric information, and health assessment) information from the Connect Partner.
4.d) Through other technology: Our Services may use HTTP cookies, HTML5 cookies, Flash cookies and other types of local storage (such as browser-based or plugin-based local storage). Your browser may tell you how to be notified when you receive certain types of cookies and how to restrict or disable certain cookies. Our cookies, tokens, and similar technologies (collectively, “Tracking Technologies”) also are used for administering the Services, including without limitation, for authentication, to remember your settings, to customize the content and layout of the Services for you, to contact you about the Services, and to improve our internal operations and the content of our Services. You may be able to control the use of, or reject or disable, some Tracking Technologies at the individual browser level. If you reject or disable Tracking Technologies, you may still use our Platform and Services, but your ability to use some features may be limited. We use Tracking Technologies to identify your device and keep track of your Internet session with our Services. We also use Tracking Technologies that allow us to recognize your device when you return to the Platform within a certain period (as determined by us in our sole discretion) and automatically log you back into your account with us.
5. WE USE “COOKIES”
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser or mobile device that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. Cookies help us in many ways to make your use of the Stairs Healthcare Platform and Services more adequate, such as understanding usage patterns and improving functionality of our services. We also use cookies to help us compile aggregate data about our traffic so that we can offer better experiences and tools in the future.
We may contract with third-party service providers to assist us in better understanding of our visitors. For example, we use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help us analyze how users use our Platform and Services and enhance your experience. For more information on how Google uses this data, go to www.google.com/policies/privacy/partners/.
6. HOW WE SHARE PERSONAL INFORMATION
You understand and agree that we can disclose your Personal Information and other data to third parties, as follows:
- We may provide your name, contact information and other Personal Information as part of our contract with your Sponsor and as required to verify and administer your participation in the Services or in a contest or other event sponsored by your Sponsor and for the Sponsor to manage, administer and evaluate its health and wellness programs. We may also provide Personal Information associated with the activities you have chosen to participate in, your progress and any rewards you may have earned. Some of the Personal Information provided to your Sponsor may include PHI, which will only be disclosed as permitted under HIPAA or with your consent,
- To our subsidiaries or affiliates, strategic partners and to third parties we engage to provide services, such as medical services, web site hosting, credit card payment processing, order processing, analytics services etc,
- In the event of the sale or transfer of Stairs Healthcare, of one or more of our business units or of some or all of our assets, or in the context of some other business acquisition transaction,
- In response to lawful governmental requests or legal process (for example a subpoena, court order, or search warrant); to establish or exercise our legal rights, or to defend against claims; or to protect the safety or security of the public or of users,
- We can disclose aggregate information and other non-individually identifiable information about users of the Stairs Healthcare platform to our service providers, partners, advertisers, or others. For example, we may share information publicly to show trends about the general use of our websites and/or other products or services.
7. DATA PROTECTION
7.a) General: We maintain reasonable administrative, physical, and technological measures to protect the confidentiality, privacy, and security of your Personal Information, based on the nature of the information provided. Unfortunately, no website, server or database is completely secure or “hacker proof.” We therefore cannot guarantee that Personal Information you provide will not be disclosed, misused, or lost by accident or by the unauthorized acts of others.
7.b) HIPAA: Stairs Healthcare is not a “covered entity” under HIPAA, but your Sponsor may be, and in those instances where we receive PHI from or on behalf of a covered entity, we may be a “business associate” of the covered entity Sponsor. When we are a business associate and are handling your PHI, we will protect it in accordance with HIPAA and our business associate agreement with the covered entity. We protect all PHI in accordance with all applicable laws and the requirements imposed by your Sponsor.
7.c) Retention: We retain Personal Information after we cease providing Services to you for the purpose of fraud monitoring, detection, and prevention. We also retain Personal Information to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments, and where data retention is otherwise mandated by law. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law. Please note that we may delete your Personal Information upon the request of your Sponsor or if we are otherwise contractually or legally obligated to do so.
If you have consented to receive marketing materials from us, we will retain your Personal Information for as long as we have your consent to send you marketing materials. Additionally, we indefinitely retain data that is anonymized, de-identified, and/or aggregated in a manner that removes identifiable Personal Information from it.
7.d) Do not track: Our Stairs Healthcare Platform and Services currently do not respond to “Do Not Track” (DNT) signals and do not recognize browser-based “do-not-track” requests.
8. PRIVACY AND THIRD-PARTY LINKS
Our Platform or Services may contain links to other websites, including Sponsor sites and Connect Partner sites. Additionally, other users may post links or references to other websites. Please be aware that we are not responsible for the privacy practices of other websites, regardless of whether the link was provided by us or posted by a user on the Platform. Stairs Healthcare does not monitor the content, safety, or suitability of such external websites. As such, this Privacy Notice only applies to information collected by us on the Platform. We do not control and are not responsible for any use of your Personal Information by or through any third-party sites. By linking to an external website, you assume the risk that Personal Information you provide on that website may be viewed and or used by third parties.
Stairs Healthcare follows generally accepted industry security standards to safeguard and help prevent unauthorized access and maintain data security of Personal Information. However, no commercial method of information transfer over the Internet or electronic data storage is known to be 100% secure. As a result, we cannot guarantee the absolute security of any Personal Information submitted to or otherwise collected during your use of any of our services.
9. EXCLUSIONS
This Privacy Policy shall not apply to any unsolicited information you provide to us through the Stairs Healthcare Platform and Services or through any other means. This includes, but is not limited to, any ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential, and we shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.
10. CHILDREN’S PRIVACY
Only individuals 18 years of age or older are authorized to use the Stairs Healthcare Platform and Services, either for themselves or on behalf of their minor children. We do not knowingly collect information directly from children under the age of eighteen. If you have reason to believe that an individual under the age of 18 has provided Personal Information to us through our Platform or any of our services, please contact us, and we will endeavor to delete that information from our databases.
Even though we do not collect Personal Information from individuals under the age of 18, third parties may provide us with information about these individuals. For example, a Sponsor or the individual’s parent or legal guardian may provide us with such Personal Information. In the event we receive Personal Information about individuals under the age of 18, we will process, store, and disclose it consistent with all applicable laws.
11. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time, and so you should review this Policy periodically. Your continued use of any Services constitutes your acceptance of any such changes.
12. CONTACT STAIRS HEALTHCARE
If you have any questions about this Notice or our privacy practices, please contact us either at info@stairshealthcare.com or by writing to us at:
Stairs Healthcare Corporation
7275 SW 90th WAY
Miami, Florida, 33156
Attn: Privacy Officer