Image 01

Pebble Health Digital Platform Privacy Policy


Posted: 2021-10-27 Effective: 2021-10-27

Introduction

Pebble Health Inc., its subsidiaries (including PH Insurance Services Inc. d/b/a/ Pebble Health Administrative Services), and its affiliates (“Pebble Health” or “we” or “us”) have established this Digital Platform Privacy Policy (“Policy”) to describe how we collect, use, and share your Personal Information through the Pebble Health member, employer, provider and broker facing applications. These include: the main Pebble Health website, mobile and web applications, and other digital services (collectively, the “Digital Platform”).

This Policy applies to all individuals and entities who use or access our Digital Platform, (each user shall be referred to in this policy as “you”). If you are agreeing to these terms on behalf of a business or an individual other than yourself, you represent and warrant to us that you have the authority to bind that business or other individual to this Policy, and, your agreement to this Policy will constitute the agreement of and will bind such business or individual. In that event, “you” in this Policy also refers to that business or individual.By clicking the applicable button/checking the box to accept this Policy or by accessing or using our Digital Platform, you agree to be bound by this Policy as of the date of such action.This Policy does not apply to:

Third party sites or applications that we provide access to through our Digital Platform. These sites or applications set their privacy policies and practices independent of Pebble Health. We encourage you to review the privacy policies of these sites and applications before you access, enroll in, or use them.

Your health plan’s privacy practices as they relate to protected health information (“PHI”) as defined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Please refer to your health plan’s notice of privacy practices for information about how your health plan handles PHI.

Data collection or processing from our corporate website, currently located at pebble.health is subject to a separate Privacy Policy.

Personal Information We Collect

When you interact with our Digital Platform, we collect four types of Personal Information: (1) information necessary for the use of our Digital Platform, (2) information you choose to provide to us through our Digital Platform, (3) information that is automatically collected through your use of our Digital Platform, and (4) information we collect from third parties for your use of our Digital Platform. Personal Information is any information that relates to you, identifies you personally, or could be used to identify you, such as your user ID, name, email address, phone number, and address.

The information we collect about you through the Digital Platform for the purposes of administering your health plan constitutes PHI and we limit our collection of that PHI as required by HIPAA.

A. Information necessary for the use of our Digital Platform

To register and use certain portions of the Digital Platform, you may be required to provide Personal Information to create and verify your account, such as:

Account Information. To create an account on our Digital Platform, we may require you to provide information, including your full name, email address, phone number, subscriber ID, and date of birth.

Identity Verification Information. To verify your account, we may collect identity verification information such as the primary subscriber’s ID number, the last four digits of the primary subscriber’s Social Security Number (SSN), or the primary subscriber’s employee ID number.

Communication and Privacy Preferences. When creating your account, you may be required to specify communication and privacy preferences. You can change these preferences at any time.

B. Information you choose to provide to us through our Digital Platform

You may decide to provide us with additional Personal Information to use certain features of our Digital Platform.

Contact and Account Information. You may choose to provide alternate contact information for yourself and/or your dependents when registering for the Digital Platform. As an employer, you may also choose to provide company or employee-related information, such as enrollment and eligibility data, through our Digital Platform for purposes of administering your company’s health plan and benefits.

Information Relating to Specific Health Conditions or Claims. You may choose to provide us with information relating to your health and benefits, such as your health history, specific claims, prescriptions, proofs of payment, and medical provider information, for purposes such as communicating with our Member Advocates and Customer Support Team, submitting claims for reimbursement, conducting a health risk assessment, or personalizing your experience.

Communications with any Customer Support Teams. You may choose to engage with Customer Support teams through our Digital Platform. If you do so, you may choose to provide personal information such as your name, subscriber ID, claim information, medical provider information, or other health related information to enable our Customer Support Teams to answer your questions or to service your account.

Information About Your Experiences with Our Services. You may choose to participate in surveys to provide feedback about your experience with our Digital Platform.Access to Device and Usage Information. You may choose to provide us access to information on your device, including but not limited to, your calendar, call history, and location. You are not required to provide us with this access, but if you choose not to, you may not be able to use certain features of our Digital Platform.

C. Information that is automatically collected through your use of our Digital Platform

When you use our Digital Platform, we will automatically collect information about the services you use and how you use them. This information is necessary to provide and improve functionalities of our Digital Platform and to comply with contractual and legal obligations.

Device and Connection Information. We automatically collect certain information when you access or use our Digital Platform, even if you have not created an account or logged into our Digital Platform. This information includes your browser type, device information and settings, operating system information, IP address, access dates and times, and any links you clicked to navigate to our Digital Platform. Collecting this information allows us to customize your experience and content when using our Digital Platform.

Tracking Technologies. We use cookies, web beacons, pixels, and other tracking technologies for authentication, remembering your settings and preferences, and analyzing your clicks and movements on our sites. You can control the use of cookies through your browser. In conformity with the California Online Privacy Protection Act (“CalOPPA”) Do Not Track law, we want you to know that the Digital Platform currently does not respond to a “Do Not Track” signal in the HTTP header from your browser or mobile application due to lack of standardization regarding how that signal should be interpreted.

Usage Information. We collect information about your interactions with our Digital Platform, such as the content you view, the links you click, and your search queries. We also may track when you open messages from us if your computer supports this type of program.

Geo-Location. When you use certain features of our Digital Platform, we may collect information about your approximate location through your IP address or your precise location through your device’s geo-location data, if authorized by you, to offer you an improved experience. You may control the collection of GPS   location data in your device or browser settings.

D. Information we collect from third parties for your use of our Digital PlatformTo the extent permitted by applicable law, we may receive additional information about you from publicly available sources, third party service providers, and/or your health plan’s benefit partners and combine it with the information we have about you to provide a more personalized experience.

E. Information not intended for collectionOur Digital Platform is not for use by children under the age of 13. If you learn that your child has used our Digital Platform to provide us with their Personal Information without your consent, please email us at help@pebble.health.

Our Digital Platform operates in the United States (U.S.) and is not targeted to individuals who reside in countries outside of the U.S. If you believe we may have inadvertently collected information from you outside of the U.S., please email us at help@pebble.health.

How We Use the Personal Information We Collect
We use, store, and process the Personal Information that you provide to us or that we collect about you to: (1) provide and improve our Digital Platform, (2) provide you with health plan and benefits information, (3) provide health plan and benefits administration services, and (4) comply with legal requirements and for safety purposes. We limit our use of PHI as required by HIPAA and/or as permitted with your consent.

A. Provide and Improve Our Digital Platform
We use information collected about you to deliver and improve your experience with our Digital Platform, such as:

Enable you to register for our Digital Platform and access your account;
Enable you to sign up to receive information about our products and services;
Authenticate you to our Digital Platform and other third-party sites from your benefit partners;
Communicate with you;
Provide you with content related to our services;
Personalize your digital health experience;
Collect additional feedback about your experience; and
Conduct research and analytics to improve our products and services.

B. Provide You with Health Plan and Benefits Information
We may use the information collected from you when using our Digital Platform to notify you of account activity or other benefits related information. Some examples of notifications may include:

Account activity, such as a new claim received or the availability of a new  Benefits Statement;
New eligible benefits offered by your employer;
Benefits and services that might be specifically relevant to you;and
Platform security and availability alerts or announcements.

C. Provide Health Plan and Benefits Administration Services
We may use the information you provide to us through our Digital Platform to perform services related to the administration of your health plan and benefits, such as:

Communicate with you through our platform;
Process your submitted claims;
Add appointment reminders to your calendar; and
Perform coordination of care services.

D. Comply with Legal Requirements and for Safety Purposes
We use certain information collected through your use of our Digital Platform for the purposes of protecting your data and for complying with legal obligations, such as:

Prevent and detect harmful activity including security incidents, spam, fraud, and abuse;
Investigate suspected security incidents;
Comply with legal obligations;
Enforce this Privacy Policy, and any other terms you have agreed to; and
Resolve any disputes and enforce our agreements with third parties.

Sharing Your Information

We may share the information provided by you or collected by us through the use of our Digital Platform for legitimate business purposes in accordance with HIPAA, your consent, and/or any other applicable State law.

Consistent with the California Shine the Light Law and other similar statutes, we will never share or sell your data to third parties for such third parties’ direct marketing purposes without your explicit consent.

A. Sharing for Purposes of Administering your Health Plan and Benefits
We may share the information described in this Privacy Policy for the purposes of administering your health plan and benefits. Your information may be shared with your health plan and any benefit partners or other third parties who assist in the administration of your health plan, for legitimate health plan and benefits administration purposes.

B. Sharing with Third Party Service Providers
Pebble Health uses a variety of third-party service providers, such as internet service providers, website analytics providers, hosting providers, and software platforms to help us provide our Digital Platform. We may share the information described in this  Privacy Policy with these third-party service providers. When we do so, we will only provide the information necessary for the third-party to perform its agreed upon services.

C. Sharing with Company Affiliates
To support us in providing our Digital Platform, we may share the information described in this Privacy Policy with our affiliated companies or subsidiaries for purposes of providing services to you. We will never share or sell your information to affiliated companies or subsidiaries for direct marketing purposes without your explicit consent.

D. Sharing for Business Transactions
If Pebble Health is involved in any merger, acquisition, sale of assets, bankruptcy, or insolvency event, we may sell or transfer some or all of our assets, including all or a portion of your information in connection with such transaction. We will notify you before your personal information becomes subject to a different privacy policy.

E. Sharing for Legal and Compliance Purposes
We may share the information collected through the use of our Digital Platform with law enforcement agencies, government agencies, private parties, or external law firms to respond to valid legal process (e.g., a court order or subpoena). We may also share your information to comply with applicable laws, to protect the safety of any person, to address suspected fraud, security, or technical issues, or to enforce this Policy and any other terms or conditions you have agreed to with us.

Your Rights and Choices

Your privacy is important to us. HIPAA provides you certain rights with regards to your PHI. You may choose to exercise your rights described in this section by sending a message to our customer support through our Digital Platform or by sending an email to help@pebble.health.

A. Managing your Information
You may access, correct, update, or amend the Personal Information you have provided to us through our Digital Platform in your account settings, by contacting our customer service through our Digital Platform or by sending an email to help@pebble.health. It is your responsibility to keep your information up to date.

B. Data Retention
We will retain your Personal Information for as long as necessary to perform the services and to comply with our legal obligations.

C. Communication Preferences
We may periodically send you communications that promote our services. When you receive such promotional communications from us, you may opt-out either through your account, on your device, or by following the unsubscribe instructions provided in the email you receive. We do need to send you certain communications regarding our services and products and you will not be able to opt-out of those communications – for example, communications regarding updates to our Terms of Service or this Policy, information about your health plan and benefits, or certain information about billing.

D. California ResidentsExempt from CCPA. The information we collect about you on the Digital Platform constitutes PHI. The federal HIPAA rules govern your rights in relation to that PHI. Since the California Consumer Privacy Act of 2018 (“CCPA”) does not apply to PHI, the CCPA does not apply to the Personal Information we collect on the Digital Platform.

California Residents Under the Age of 18. If you are a California resident under the age of 18 (a “minor”) and are a registered user of the Digital Platform, you may request that we remove content or information that you uploaded to the Digital Platform by (i) submitting a request in writing to help@pebble.health; (ii) clearly identifying the content or information you wish to have removed and providing sufficient information to allow us to locate the content or information to be removed.

Please note that we are not required to erase or otherwise eliminate content or information if (a) other state or federal laws require us or a third party to maintain the  content or information; (b) the content or information was provided by another user; (c) the content or information is anonymized so that the minor cannot be individually identified; (d) the minor does not follow the instructions posted in this Privacy Policy on how to request removal of such content or information; and (e) the minor has received compensation or other consideration for providing the content. Further, nothing in this provision will be construed to limit the authority of a law enforcement agency to obtain such content or information.

Information Security

We are serious about protecting the security of your Personal Information and  have taken steps to protect your personal information from loss, misuse, unauthorized access, disclosure, or destruction, however, no security measures are completely secure. We do not and cannot guarantee the security of your information. If you have reason to believe that your Pebble Health account credentials have been lost, stolen, or otherwise compromised, please contact Pebble Health immediately by phone (1-888-670-3664) or through the Digital Platform.

Changes to this Policy

Pebble Health may make changes to this Policy as needed to accurately reflect our information collection, use, and sharing practices. If we make changes to the Policy, the revised policy will be posted on the appropriate application with the effective date. If you are a registered user of our Digital Platform, you will be required to accept the changes in order to continue using the Digital Platform.

Contact Us
If you have any questions or comments about this Policy, please contact us through the Digital Platform, send an email to help@pebble.health, or send us a letter at:

Pebble Health
Attn: Privacy Policy
1122 E Pike Street,#1082,
Seattle, WA 98122