Jiff Privacy Statement And Cookie Statement
This Privacy and Cookie Statement (“Statement”) applies to www.jiff.com and the Jiff software and services, owned and operated by Jiff, Inc. (“Jiff“).
Protecting Your privacy and the protection of Your Personal Information is very important to Jiff. For purposes of this Statement, “Personal Information” is any information that can be used on its own or with other information to identify, contact, or locate an individual, or to identify an individual in context. Here You will find what Personal Information we collect, why we collect it, and what we do with it in connection with the health benefits platform (the “Jiff platform“) and web and mobile application software and services offered by Jiff, or a third-party vendor on Jiff’s behalf, (collectively, the “Jiff Services“) and the products and services offered by Jiff’s many platform partners (“Platform Service Providers” or “PSPs”, collectively the “PSP Services”). As used in this Statement, “Employer” is the Jiff customer who authorized Your access to the Jiff Services and the PPS Services. It also describes the choices available to You regarding the use of, Your access to, and how to update and correct Your Personal Information (defined below). Jiff is committed to protecting the privacy and accuracy of the information we collect about You, including Your Personal Information, to the fullest extent possible.
This Privacy and Cookie Statement is revised as of September 26, 2016.
EU-U.S. Privacy Shield
Jiff participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Jiff is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. [https://www.privacyshield.gov/list]
Jiff is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Jiff complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Jiff is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Jiff may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Jiff has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.
If You have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], You may invoke binding arbitration when other dispute resolution procedures have been exhausted.
U.S. – Swiss Safe Harbor Framework
Jiff complies with the U.S. – Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from Switzerland. Jiff has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Jiff certification, please visit https://safeharbor.export.gov/swisslist.aspx.
Jiff and its vendors collect information as needed to provide the Jiff Services and PSP Services and, in some instances with certain customers, have no direct relationship with the individuals whose personal data is processed. If You are an employee of one of our customers (Your Employer or the Employer of the person who invited You to the Jiff Services, the “Employer”)) and would no longer like to be contacted by the Employer , please contact the Employer directly. We may transfer Personal Information to third-party vendors that help us provide our Jiff Services and PSP Services. Transfers to third-party vendors are covered by service agreements with our customers.
Jiff acknowledges that You have the right to access Your personal information. In situations where Jiff has no direct relationship with the individuals, like You, whose personal data we, or our service vendors, process, if You seek access to Your personal data, or seek to correct, amend, or delete any inaccurate personal data You should direct Your query to Jiff customer (the Employer). In Instances where Jiff has direct relationship with the individuals, like You, whose personal data we, or our service vendors, process, and if You seek access to Your personal data, or seek to correct, amend, or delete any inaccurate personal data, then You should direct Your query to Jiff. If You are uncertain if You have a direct contract with Jiff, You may contact Jiff (by sending an email to email@example.com) and Jiff will assist You with Your inquiry. If requested to remove or correct Your personal data we will respond within a reasonable timeframe.
You authorize Jiff to retain Your Personal Information that we process for as long as needed to provide the Jiff Services and PSP Services to our customers and to comply with our legal obligations, resolve disputes, and enforce our agreements. Jiff will retain Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. However, at anytime, You may request that Jiff deactivate Your account and remove Your Personal Information in a commercially reasonable timeframe. You may ask Jiff to deactivate Your account by sending an email to firstname.lastname@example.org or to the Employer.
Collection and Use of Personal Information and Non-Personally Identifiable Information
You may be asked to provide Personal Information when You use the Jiff Services and PSP Services, or import data from and export data into various third-party applications, devices, and services into the Jiff Services and PSP Services. Your Personal information may also be provided to Jiff and PSPs by Your Employer or third-parties at Your request or instruction.
Your Personal Information That We Collect From You:
Jiff may collect from You the following Personal Information in connection with Your use of the Jiff Services and PSP Services requested by Your Employer:
- Email address and password during account creation.
- Demographic and general health and financial information, including date of birth, gender, zip code, height, weight. For some products and services, these details are required as part of Your registration process.
- Unique temporary or persistent device identifiers.
- Certain hardware information about Your computer or mobile device.
- Data through access to Your calendar if You authorize such calendar access.
- Activity Data such as steps activity data, sleep and food activity data and other data that You enter or upload into Your tracking device, webpage or mobile application.
- Medical or lab completion data or claims data submitted by Your insurance company only if authorized You through Your Employer.
- Fitness tracker information You provide, or authorize to be provided, to Jiff.
- Geolocation information that is automatically transmitted based upon Your choice to use of certain tracking devices and applications that automatically provide this information along with other activity data.
- Any additional information that You add manually to the Jiff Services, including answers to surveys and questionnaires, behavioral and mood information, goals, and preferences.
- Any Personal Information that You authorize third-parties to provide to Jiff including through third-party devices, applications, or services.
- Internet Protocol (“IP“) address.
- Financial information, including credit card information.
- User behavior based upon click stream history or contained in log files (e.g., IP address, browser versions, OS versions, internet service provider “ISP” information, time of day of application use, surfing and viewing habits) of how users are using Jiff applications and which pages the users have visited.
- By linking Your tracking device, tracking application, or certain PSP program accounts through the Jiff platform, Jiff will have access to all Personal Information collected through such tracking device, tracking application, or certain PSP program unless there is a feature that allows You to “turn off” the collection of such Personal Information and You turn the feature off.
Jiff may also collect certain non-personally identifiable information relating to You and/or Your use of the Jiff Services and PSP Services (“Non-Personally Identifiable Information”), including aggregated, anonymized information concerning Your use of the Jiff Services. For example, Jiff may collect Non-Personally Identifiable Information regarding the pages and services that You access through the Jiff Services, and information concerning the browser(s) and Internet platform service provider(s) used to access the Jiff Services. For more information, see Use of De-Identified Information and Aggregated User Data below.
The Information We May Collect From Your Employer:
In order to enable Your use of the Jiff Services, You hereby authorize Your Employer to provide Jiff Your first and last name, email address and employee ID. You also hereby authorize Your Employer to provide Jiff Your date of birth, mailing address and user photo, and any additional information as required to provide certain options or additional services.
As part of Jiff’s PSP Programs, the Personal Information Jiff or PSPs may collect and share with each other (as part of Jiff’s agreement with Your Employer to provide such Jiff Services and PSP Services) may also include:
- User Data derived from physical activity (such as steps and ‘active minutes’), sleep, calories burned, standing time, calories consumed, heart rate, food activity data, nutrition data, satisfaction data, cognition, stress, survey comments, parenting advice, collaborative games, news feed comments and other data that You enter or upload into Your tracking device, wearables, webpage or mobile application.
- User adoption data including enrollment, registration, account creation.
- Healthcare claims data and pharmacy claims data from third-parties such as Your Insurance company as requested or provided indirectly by Your Employer.
- Completion status (i.e., “Started”, “In Progress”, or “Completed”).
- Data concerning health status such as Health Risk Assessments (HRA), Lab data, Risk scores and user responses to questions in HRA with action steps for scheduling and completion of survey(s) and Biometric screenings – Biometric data such as BMI (body mass index), blood pressure, cholesterol, and related health screenings with action steps for scheduling and completion of tests towards incentives for achieving set thresholds or improving set thresholds, and other health status programs.
- Data concerning managed health including Disease and care management for chronic conditions such as diabetes, asthma, autism – participation in program(s), action steps indicating completion of tasks towards incentives for achieving set thresholds or improving set thresholds, Employee Assistance Programs (EAP) – enrollment, participation and action steps towards incentives for completion of task(s), Medication management – prescription and nonprescription medications used, dosage, frequency action steps towards incentives for completion of task(s), and other managed health programs.
- Data concerning access to care including Virtual care services such as second opinion and telemedicine – registration/enrollment, health profile, service utilization and action steps towards incentives for completion of task(s), In-person care such as retail clinics, medical and dental care providers – scheduled visit(s), primary diagnosis, ordered lab tests, biometric results and action steps towards incentives for completion of task(s), Provider search and scheduling – user search terms, search results, scheduled appointments and action steps towards incentives for completion of task(s), Medical and dental insurers – available plan options, plan membership, medical and dental claims, triggers for recommended services based on processed claims, and other access care programs.
- Data concerning health maintenance and wellness including Weight management – weight tracked, participation in programs and action steps indicating completion of tasks towards incentives for achieving set thresholds or improving set thresholds, Pregnancy/fertility – weight, kicks, exercise, as well as personal health information such as due date, Stress/resilience – cognitive and emotional assessments through games and videos with action steps for scheduling and completion of tasks, Nutrition management – completion data towards incentives for achieving set thresholds or improving set thresholds, Smoking cessation – tobacco use, nicotine replacement therapy, action steps towards incentives for completion of the task(s), Physical fitness – fitness center check-ins, workout participation, and action steps towards incentives for completion of the task(s), Sleep management – sleep duration, sleep quality and action steps towards incentives for completion of task(s), and other health maintenance and wellness programs.
- Data concerning finance and wealth management including Retirement services such as 401(k) – available retirement plan options, enrollment, participation and action steps towards incentives for completion of task(s), Tax-advantaged savings services such as Health Savings Accounts (HSA), Flexible Spending Accounts (FSA) – available services, enrollment, participation, and action steps towards incentives for completion of task(s), Financial wellness – available educational programs, content, participation action steps towards incentives for completion of the task(s), and other finance and wealth programs.
How We Use the Personal Information We Collect:
Jiff and PSP’s use Your Personal Information:
- to administer, monitor and moderate the Jiff Services and PSP Services.
- to direct You to programs, actions, Content and events that are most relevant and helpful to You
- to implement and provide You with Jiff Services and PSP Services customized to Your needs.
- In an aggregated and anonymized format, to help Your Employer understand and select the types of programs they should offer their employees.
- to send important notices or other communications to You from time to time.
- to update terms, conditions, and policies.
- for internal purposes such as auditing, data analysis and research, to improve our content, to develop, deliver, understand performance, to perform internal market research, project planning, troubleshooting problems, and to detect and protect against error, fraud or other criminal activity
- improve and promote the Jiff Services and PSP Services.
- to administration of any sweepstakes or promotions, purchases, donations or other activities that You are involved in using the Jiff Services and PSP Services.
- to help our PSP support their programs for You on the Jiff Platform
- to enforce the Jiff “Terms of Service” which can be found https://www.jiff.com/eula/ if necessary and applicable to You.
- to create aggregated anonymous analytical data.
- to support incentives that encourage You to use programs that can help You achieve Your goals.
- to ensure that that You have registered or completed setting up an account, that You are using a product regularly, or that You have started or completed some set of activities or achieved a desired goal using the Jiff Services or the PSP Services.
- as underlying data used to create reports (that are aggregated and anonymized so Your Employer cannot see data at the individual level) to help employers understand how programs are being used by their employees.
- so Your Employer will be able to see how many people started or completed a program, but not see who did so.
If required by Your Employer, we may provide, and You consent to Jiff providing, Your Personal Information to third-party administrators (that have signed a confidentiality agreement with Jiff or Your Employer agreeing to protect Your Personal Information) who will access Your Personal Information, de-identify it and create aggregated anonymous analytical data for Your company’s health and wellness programs.
Sharing Options with Spouse, Domestic Partners, Family or Friends.
Some programs allow You to have a spouse, Domestic Partner (DP), other family member or other third person that You designate to share Your Personal Information with while using a Jiff Services and PSP Services. Additionally, You are able to tag Your friends to follow them or allow others to follow You, adding comments and note, have conversations and otherwise share Your Personal Information. Jiff is not able to remove comments, postings or content, once it has been posted by You or an individual following or mentioning You.
Disclosure to Third-Parties and Jiff Platform Providers
The Jiff Services may contain links to third-party websites and applications. If You disclose information to any third-party in connection with Your use of the Jiff Services (including, for example, a third-party application provider using the Jiff platform to provide independent goods and services directly to You), different rules may apply to their use or disclosure of the information You disclose to them. When You click on links You may leave the mobile or web location providing You the Jiff Services.
If You order a device, application, or service on the Jiff Services that is marketed or sold by a third-party, Jiff may provide Your name and contact information to such third-party. Your payment information will not be shared with these third-parties. If You do not want us to share Your Personal Information with these third-parties, contact us at (email@example.com).
Jiff may share the information it collects from You, including Personal Information, with companies who provide services such as information processing, fulfilling customer orders, delivering products, rewards, incentives to You, managing Employer data, providing customer service, and conducting customer research or satisfaction surveys and other subcontracted services for Jiff or Your Employer through Jiff. These companies are authorized to use Your Personal Information only as necessary to provide these products and services to You and are obligated to protect Your information. For example, if You use a credit card in the Jiff Store, Your credit card information will be shared with Jiff’s credit card processing company.
Disclosures to Your Employer
Jiff may, to the extent permitted under applicable laws including HIPAA (Health Insurance Portability and Accountability Act of 1996), provide Your Employer on an ongoing basis with data necessary to enable Your Employer to manage incentive, reward, and wellness programs, including providing points earned to administrate subsidies and other benefits related accounting processes. This may include aggregated data related to program performance and population health to employers for the ongoing administration and evaluation of the programs. Jiff will not disclose Protected Health Information (“PHI“) (as defined in HIPAA) to Your Employer.
Your Personal Information and the information collected by us with respect to Your usage of the Jiff Services may be stored and processed in any country where we have facilities or service providers, and by using the Jiff Services or by providing consent to us (where required by law), You agree to the transfer of information to countries outside of Your country of residence, including to the United States, which may provide for different data protection rules than in Your country. You authorize Jiff to store Your Personal Information in the United States in one of Jiff’s licensed data centers.
In certain situations, Jiff may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose Your Personal Information as required by law, such as to comply with a subpoena, bankruptcy proceedings, or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect Your safety or the safety of others, investigate fraud, or respond to a government request. Your Personal Information could be transferred to or acquired by a third-party in the event of a Jiff merger or acquisition. You will be notified via email and/or a prominent notice on the Site, of any change in ownership, uses of Your Personal Information, and choices You may have regarding Your Personal Information. We may also disclose Your Personal Information to any other third-party with Your prior consent.
Push Notifications and Other Communications
In certain situations, Jiff may provide Push notifications to You from time-to-time in order to update You about any events or promotions that we may be running. If You no longer wish to receive these types of communications, You may turn them off at the device level. To ensure You receive proper notifications, we will need to collect certain information about Your device such as operating system and user identification information.
User Access and Choice
Upon request Jiff will provide You with information about whether we hold any of Your personal information. If Your Personal Information changes, or if You no longer desire our Jiff Services, You may correct, update, amend, delete/remove, ask to have it removed from a public forum, directory or testimonial on our Site or deactivate it by making the change on our member information page or by emailing our Customer Support at firstname.lastname@example.org or by contacting us by telephone or postal mail at the contact information listed at the end of this Statement (see JIFF CONTACT INFORMATION below). We will respond to Your request within a reasonable timeframe.
We will retain Your information for as long as Your account is active or as needed to provide You the Jiff Services. We will retain and use Your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We may also occasionally use “web beacons” (also known as “clear gifs,” “web bugs,” “1-pixel gifs,” etc.) that allow us to collect Non-Personally Identifiable Information about Your response to our email communications, and for other purposes. Web beacons are tiny images, placed on a web page or e-mail that can tell us if You have visited a particular area of the Site. For example, if You have given us permission to send You emails, we may send You an email urging You to use a certain feature of the Site. If You do respond to that email and use that feature, the web beacon will tell us that our email communication with You has been successful. Because web beacons are used in conjunction with persistent cookies (described above), if You set Your browser to decline or deactivate cookies, web beacons cannot function.
Internet Protocol (“IP”) Address
We collect the IP address of all visitors to our website. An IP address is a number that is automatically assigned to Your computer when You use the Internet. We use IP addresses to help us diagnose problems with our server, administer our website, analyze trends, and gather broad demographic information for aggregate use to improve our site, and deliver customized, personalized content. IP addresses are not linked to Personal Information.
As is true of most websites, we gather certain information automatically and store it in log files. This information may include IP addresses, browser type, ISP, referring/exit pages, operating system, date/time stamp, and/or clickstream data.
We may combine this automatically collected log information with other information we collect about You. We do this to improve services we offer You, to improve marketing, analytics, or site functionality.
Our third-party vendor may use technologies such as cookies to gather information about Your activities on this Site and other websites in order to provide You advertising based upon Your browsing activities and interests. If You wish to not have this information used for the purpose of serving You interest-based ads, You may opt-out by clicking http://preferences-mgr.truste.com/ (or if located in the European Union click onhttp://www.Youronlinechoices.eu/). Please note this does not opt You out of being served ads. You will continue to receive generic ads.
We use mobile analytics software to allow us to better understand the functionality of our Jiff Services on Your phone. This software may record information such as how often You use the Jiff Services, the events that occur within the Jiff Services, aggregated usage, performance data, and where the Jiff Services was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information You submit within the Jiff Services.
California Do Not Track Disclosures
Our websites and web portals are not configured to respond to do-not-track settings in Your browser.
How Jiff uses email
We may use a third-party vendor to help us manage some of our email communications with You. Although we may supply this vendor with email addresses of those we wish them to contact, Your email address is never used for any purpose other than to communicate with You on our behalf. When You click on a link in an email, You may temporarily be redirected through one of the vendor’s servers (although this process will be invisible to You) which will register that You have clicked on that link, and have visited our Jiff Services. We never share any information, other than Your email address, with our third-party email vendor, which does not share these email addresses with anyone else. You may opt-out at any time by clicking on the Unsubscribe link at the bottom of these emails, accessing the email preferences in Your account settings page, or You can contact us at email@example.com.
Jiff may also share email addresses with our PSPs for the programs that You have registered for so that they can send information concerning the program pertaining to You.
Use of De-Identified Information and Aggregated User Data
Jiff, or designated third-parties subject to appropriate confidentiality requirements, may de-identify the Personal Information we collect, by removing any data from that information which could be used to identify, contact or locate an individual. We may provide such de-identified information to Your Employer, our customers, vendors and PSPs.
Jiff, or designated third-parties subject to appropriate confidentiality requirements, may also generate aggregate usage information in order to understand how often and in what ways people use the Jiff Services to provide You with an optimal online experience. Such aggregate data may derive from or incorporate Your Personal Information, but will not include information which could be used to identify, contact or locate an individual. If appropriate, Jiff, or designated third-parties subject to appropriate confidentiality requirements, may provide aggregated data related to program performance and population health Your Employer for program administration and evaluation.
User Profiles and Submissions
Certain user profile information, including Your name, location, and any video or image content that YOU upload to the Jiff Services may be displayed to other users to facilitate user interaction within the Jiff Services. You may limit the profile information that can be seen by other by adjusting Your account privacy settings. Please remember that any content You upload to Your public user profile, along with any Personal Information or content that You voluntarily disclose online in a manner other users can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by others. Jiff reserves the right to delete any comments it deems inappropriate, at Jiff’s sole discretion. Your user name may also be displayed to other users if and when You send messages or comments or upload images or videos through the Jiff Services, and other users can contact You through messages and comments. Jiff does not control the policies and practices of any other third-party site or service.
Social Media Widgets
Our Site includes “Social Media Features” such as the Facebook ‘Like’ button, and “Widgets” such as the ‘Share This’ button or interactive mini-programs that run on the Site. These features may collect Your IP address, which page You are visiting on the Site, and may set a cookie to enable the feature to function properly. Social Media Features and Widgets are either hosted by a third-party or hosted directly on the Site. Your interactions with these features are governed by the privacy statement of the company providing it.
Our Commitment to Children’s Privacy
Protecting the privacy of children is very important to us. The Children’s Online Privacy and Protection Act of 1998 (“COPPA“) defines a “Child” as anyone under the age of 13. Jiff strictly adheres to COPPA. For that reason, we do not collect or maintain information obtained through the Jiff Services from those we actually know are under 13, and no part of our Site is structured to attract anyone under 13.
Your account is protected by a password for Your privacy and security. You must prevent unauthorized access to Your account and Personal Information by selecting and protecting Your password and/or other sign-on mechanism appropriately and limiting access to Your computer or device and browser by signing off after You have finished accessing Your account.
We endeavor to protect the privacy of Your account and other Personal Information we hold in our records. We employ SSL to encrypt communications between our servers and client applications, and do our best to protect our systems so third-parties can not access Your private information. However, we cannot guarantee complete security — unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Information, which we share with our third-parties for marketing purposes, and providing contact information for third-parties. If You are a California resident and would like a copy of this notice, please submit a written request to: firstname.lastname@example.org.
JIFF CONTACT INFORMATION
You may direct questions, complaints or claims regarding the Jiff Services to 215 Castro Street, Suite 200, Mountain View, California 94041, email: email@example.com, phone: +1-650-323-3500. Questions about this Statement should be directed to firstname.lastname@example.org.
Our Statement may change from time to time. We will not reduce Your rights under this Statement without Your explicit consent. We will post any privacy statement changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy statement changes). We will also keep prior versions of this Statement in an archive for Your review.