This privacy policy (“Policy”) describes how Workplace Options (“WPO”, “we”, “us” or “our”) collects, protects and uses the personally identifiable information (“Personal Information”) you (“User”, “you” or “your”) may provide while using any of its products or services (collectively, “EAP Services” or “Services”). It also describes the choices available to you regarding our use of your Personal Information and how you can access and update this information. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.

 

Applicable Law

WPO is committed to protect all personal and private information in accordance with any and all applicable laws, regulations and standards, including without limitation any standards established in the United States under the Health Insurance Portability and Accountability Act, HITECH (Health Information Technology for Economic and Clinical Health Act and in the United Kingdom under the Data Protection Act of 2018. In case of use of our services within the European Union, WPO is subject to, the General Data Protection Regulation (Regulation (EU) 2016/679), effective as of May 25, 2018 and any national legislation implementing the foregoing. The legal basis of EU-US data transfer is based on EU Model Clauses (Standard Contractual Clauses) and the derogations as per Art.49 of GDPR. WPO is liable for in cases of onward transfers to third parties.

 

What this Privacy Policy is for

Our privacy policy is designed to protect the privacy of individuals. It explains what information we collect from visitors to this site and members whom we provide services using our websites, applications and various platform based services in the duration of our relationship, how we use that information, and how visitors and/or members can update and verify the uses of the information provided. We will update this policy from time to time to protect your personal information. We encourage you to review this policy from time to time to keep up to date on how we use and protect your information and continually improve the content of our websites/ Mobile Applications and enhance our services. If we make material changes to the collection, use and/or disclosure of personal information you provide to us, we will notify you by posting a clear and highly visible notice. Before using our services, you are asked to accept the terms of this Privacy Policy.

WPO maintains appropriate administrative, technical and physical safeguards designed to protect your personal information in accordance to the applicable law. WPO uses industry standard encryption on this website. WPO will not evaluate any computer, tablet, or other mobile device that you may use to access WPO’s services for the secure handling of your personal information. WPO disclaims any liability for any loss resulting from any security and data protection shortfalls originating from your own electronic devices.

 

What kind of information do we collect?

You must be registered with WPO in order to have access to our service. WPO may collect some information from interactive features such as online surveys, contact and registration forms, and through the use of ‘cookies’ as explained below. The information WPO receives in such a manner depends on the settings on your browser. For example, if you visit this website to read or download information, such as information about a health condition or about one of WPO’s products, WPO may collect certain anonymous, unrestricted, non-personal information about you from your computer, including the type of web browser software you use, the links that you select, traffic data, the name of your Internet domain, the Internet address of the website used for access, location data, the pages you have visited on this website, web logs and other communication data.

Depending on your choices, products and services (e.g. for behavioral and health services), WPO may with your explicit consent collect and process personal information which may include:

  • name
  • date of birth/other vital statistics records
  • email address
  • physical/mailing address
  • telephone number
  • racial or ethnic origin
  • sexual orientation or religious beliefs
  • private ID number/residency number
  • personal health information
  • family health information

For certain services (Telephone based counselling and Anonymous Chat), users are free to remain anonymous. However, we will be able to provide limited services only. Users who are uncertain about what information is mandatory are welcome to contact us or discuss with our counsellor when you contact us for any services.

 

What kind of information do we collect (Mobile Application)?

When you use the Mobile Application our servers automatically record information that your device sends. This data may include information such as your device’s IP address and location, device name and version, operating system type and version, language preferences, information you search for in our Mobile Application, access times and dates, and other statistics. You will be able to control the permissions for location and other device specific parameters based on your device (e.g. location, notification). If you choose not to allow this access, some services may not operate effectively as expected.

If you wish to use the Mobile Application’s features, you will be asked to provide certain Personal Information (for example, your name and e-mail address). We receive and store any information you knowingly provide to us when you create an account or fill any online forms in the Mobile Application. When required, this information may include your email address, name, phone number, or other Personal Information to complete the registration. If you choose not to provide us with your Personal Information, then you may not be able to take advantage of the Mobile Application’s features. Users who are uncertain about what information is mandatory are welcome to contact us.

 

What kind of information do we collect (Payment Processing)?

We use a third-party payment processor to process payments on our website. In connection with the processing of such payments, we do not retain any personally identifiable information or any financial information such as credit card numbers. Rather, all such information is provided directly to our third party processor, Stripe, whose use of your personal information is governed by their privacy policy, which may be viewed at https://stripe.com/us/privacy.

 

What kind of information do we collect (Adapt)?

We use SurveyMonkey to conduct the study. We do not collect/retain any personally identifiable information. SurveyMonkey uses cookies to effectively manage the survey. More information about cookies can be found at here.

 

Cookies

In operating the Services, we may use a technology called “cookies.” A cookie is a piece of information that the computer that hosts our Services gives to your browser when you access the Services. Our cookies help provide additional functionality to the Services and help us analyze Services usage more accurately. For instance, our Services may set a cookie on your browser that allows you to access the Services without needing to remember and then enter a password more than once during a visit to the Services and/or to maintain a logged in session. In all cases in which we use cookies, we will not collect Personal Data except with your permission. On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive notification when you are receiving a new cookie and how turn cookies off. We recommend that you leave cookies turned on because they allow you to take advantage of some of the Services’ features.

 

Managing personal information

You are able to access, update and delete certain Personal Information about you. The information you can view, update, and delete may change depending on the services. When you update information, however, we may maintain a copy of the unrevised information in our records. We will retain and use your Personal Information for the period necessary to comply with our legal obligations, resolve disputes, and enforce our agreements unless a longer retention period is required or permitted by law. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally. For statistical purposes, we use only anonymized data. Once the retention period expires, Personal Information shall be deleted or anonymized. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period.

 

How will your personal information be used?

Any of the information we collect from you may be used to provide you services, contact you in relation to our services, keep you updated about our offerings, personalize your experience; improve our services/products; improve customer service and respond to queries and emails of our customers; send notification emails such as password reminders, updates, etc; run and operate our Platform and Services. Information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding website/mobile application traffic and usage. This statistical information is not otherwise aggregated in such a way that would identify any particular user of the system.

Your employer will not have access to your Personal Data stored on WPO systems. However, if your employer offers an incentive plan that offers rewards for completion of WPO’s online programs, with your explicit consent via the tick box on the registration page, WPO may share your personal information with your employer including your name, employee identification, and details of which online programs or assessments you have completed including the dates. Neither the scores nor responses from your online programs will be disclosed to your employer as part of an incentive plan.

If your employer provides a coaching plan that includes an outreach call from a WPO coach, with your explicit consent via the tick box on the registration page, a coach may contact you using the contact information and preferences you provide. Your employer will not be given any detail regarding the content of your discussion with a coach; however, WPO may share with your employer your personal data including your name, employee ID, and number of coaching sessions you have completed including the dates.
WPO is the data controller with respect to the personal data collected directly from the members of our Services. We may process Personal Information related to you if one of the following applies: (i) You have given your consent for one or more specific purposes. Note that under some legislations we may be allowed to process information until you object to such processing (by opting out), without having to rely on consent or any other of the following legal bases below. This, however, does not apply, whenever the processing of Personal Information is subject to European data protection law; (ii) Provision of information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof; (iii) Processing is necessary for compliance with a legal obligation to which you are subject; (iv) Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us; (v) Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. In all cases we will reach out to you for additional consent in case of further processing is required.
In any case, we will be happy to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Information is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

 

Information Transfer and Storage

WPO may transfer the personal information collected about you to countries other than the country in which the information was originally collected. These transfers will be to a service centre operated by WPO or one of WPO’s network of providers in order to provide you with the service you requested. WPO adheres to adequate safeguards required for the international transfers of your personal information outside of the European Economic Area. If you are located in the European Union or Switzerland, WPO may transfer data outside of the European Union in accordance with standards set forth by European Union law including the derogations based on Article 49 of GDPR and the EU model clauses. Nevertheless, access to your personal information may be provided only on a “need-to-know” basis so that WPO may deliver its services upon your request; your personal information will not be disclosed to any other person or entity other than in aggregate reports or in de-identified form without your consent. The storage of EEA personal data is maintained in the European Union itself.

 

Who do we share your information with?

We do not sell your email address or other information identifying you to third parties. However, we do share your information with companies that are part of WPO including our global delivery centres, or with selected third parties in order to pursue the objectives set out in this policy, in other contacts with you or on the site (e.g. “survey or informational content” that send you additional information material that may be of interest to you).
We disclose information about you to others when we believe in good faith that we are required by law or legal process to respond to claims or to protect the rights, property or safety of WPO or others.

 

What information may be required to be disclosed?

  • The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at
  • The request of the data subject prior to entering into a contract
  • Processing is necessary for compliance with a legal obligation to which the controller is subject;
  • Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

 

What are your rights?

You have certain rights regarding the personal information WPO collects and maintains about you. WPO offers you choices about what personal information is collected from you, how that information is used, and how WPO communicates with you:

  • You can expect that WPO will collect and process your personal information fairly and in accordance with applicable law.
  • You can choose not to provide personal information to WPO by refraining from conducting electronic transactions.
  • You can elect not to have a unique cookie identification number assigned to your computer.
  • Your personal data may be used for statistical analysis and reporting purposes in a manner that does not identify you in any way.
  • You may agree to the release of any or all of your personal information to anyone or any organization by giving your consent to WPO; otherwise, your personal data will not be routinely released unless WPO has a legal obligation to do so.
  • You may withdraw any consents you previously provided to WPO, or, on legitimate grounds, object at any time to the processing of your personal information or specific categories of data that you consider sensitive.
  • You have the right of data portability so that you can retrieve and reuse your personal information for your own purposes.
  • You have the right to request at any time correction of any error(s) in your personal information that is collected and processed by WPO.
  • You have the right to lodge complaints with any supervisory authority.
  • You have the right, under certain circumstances, to invoke binding arbitration to resolve any dispute regarding the collection, processing, retention, and/or release of your personal information.
  • You may, subject to local law requirements, have the right to (a) to request access to and receive information about the personal information WPO collects and maintains about you; (b) update and correct inaccuracies in your personal information; and (c) have your personal information blocked or deleted, as appropriate.
  • You have the right to ask WPO to no longer collect your personal information for information purposes (e.g. sending information to you by email or SMS text; asking your opinion on WPO products and services) by withdrawing your consent. You can exercise your right to withdrawal at any time by contacting WPO

In compliance with the Privacy Shield Principles, WPO commits to resolve complaints about our collection or use of your personal information. WPO is subject to the investigatory and enforcement powers of the Federal Trade Commission. Individuals domiciled in the EU and/or Switzerland with inquires or complaints regarding our Privacy Shield policy should first contact WPO at: dataprotection@workplaceoptions.com. We do not use Privacy Shield as a legal basis of data transfer, however we maintain the Privacy Shield membership.

WPO has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.

 

California Privacy Rights

In addition to the rights as explained in this Privacy Policy, California residents who provide Personal Information (as defined in the statute) to obtain products or services for personal, family, or household use are entitled to request and obtain from us, once a calendar year, information about the Personal Information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of Personal Information and the names and addresses of those businesses with which we shared such personal information for the immediately prior calendar year (e.g., requests made in the current year will receive information about the prior year). To obtain this information please contact us at our toll-free number +1 877 811 2424 and leave a voice mail with your request details.

 

Privacy of children

Minors are provided service only based on the consent from the parents and legal guardians. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through our Service without their permission. If you have reason to believe that a child under the age of 18 has provided Personal Information to us, please contact us. You must also be at least 18 years of age to consent to the processing of your Personal Information in your country (in some countries we may allow your parent or guardian to do so on your behalf).

 

Security of your data

Your personal data provided to us will be secured by taking all technical and organisational security measures in such a way that they are inaccessible for access by unauthorised third parties. When sending very sensitive data or information, it is recommended to use the postal service, as complete data security by e-mail cannot be guaranteed.

 

Duration of storage

The personal data provided by you will be stored by us for the duration of use of our Services or in the event of the provision of information, services or support until expiry of the statutory storage period, taking into account the basic principles of the GDPR and the local laws to the permissible extent. With respect to European Union participants, data is retained for five (5) years from the date of case closure with an exception of one (1) year in France.

 

Data breach

In the event we become aware that the security of the applications and/or platform has been compromised or users Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will send you an email.

 

Legal disclosure

We will disclose any information we collect, use or receive if required or permitted by law, such as to comply with a subpoena, or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. In the event we go through a business transition, such as a merger or acquisition by another company, or sale of all or a portion of its assets, your user account, and Personal Information will likely be among the assets transferred.

 

Any other questions or concerns

If you have any questions or concerns about our privacy policy or the collection of your information, you can contact us at any time at the following address:

Data Protection Officer of Workplace Options
Robert Niedermeier,
Data Business Services GmbH & Co. KG
dataprotection@workplaceoptions.com

Please be aware that e-mail is not the most secure way of communication, we therefore recommend not to send sensible personal data via e-mail in the first instance.

 

Jurisdiction and Applicable Law.

The laws of the State of North Carolina govern this Privacy Statement (“Statement”) to the extent as not overruled by applicable local law as the GDPR for data subjects within the EEA. You irrevocably consent to the jurisdiction of the courts located in the County of Wake, State of North Carolina, U.S.A. for any action arising out of or relating to this Statement if not local law gives you the inevitable right to apply to your local court. If the information and materials presented on this websites/applications includes the sale of goods (e.g. publications, books), then any following rights and obligations that you or WPO may have shall not be governed by the United Nations Convention on Contracts for the International Sales of Goods (“CISG”) and its application is excluded. You may be able to access this site from any region in the world. If your use of any benefit offered by this website/or Services conflicts with the laws of your region, then WPO respectfully requests that you do not use this website/or Services; you are responsible for your own knowledge and understanding of the laws of your region as well as your compliance with them.

 

Acceptance of this policy

You acknowledge that you have read this Policy and agree to all its terms and conditions. By using the website/applications or its Services you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to use or access our website/applications and its Services.