European Union Residents

If you reside in a country in the European Economic Area or in Switzerland, then information we collect from you may be subject to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”), and the following additional information is provided for your benefit.

As further discussed below, the principal controller of the Information collected through the StayWell Services is your Employer, who is StayWell’s customer.  For certain specific types of uses however, StayWell is also a controller of some of your Information, as well as otherwise being the processor of the Information collected through the Services.  StayWell’s contact information as both a controller and processor is:

The StayWell Company, LLC

Attention: Legal Department 
800 Township Line Road, Suite 100

Yardley, PA 19067

privacy@staywell.com

 

If you use the StayWell Services, you acknowledge that your Information is being processed pursuant to the lawful bases described below, and you specifically consent to your Information gathered through the Services being transferred, used, and stored in the United States. 

The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country.  You may withdraw your consent at any time by following the instructions in the “Transparency and Choice” section below, but this will not affect the lawfulness of processing based on consent before its withdrawal.  However, as described below, StayWell needs certain information in order to provide the Services to you.  You understand that, should you choose not to permit StayWell to collect certain information, certain features and functions of the StayWell Services may not be available to you.  You have the right to file a complaint relating to the processing of Information with a supervisory authority.

  • StayWell as a Controller

StayWell is the controller of certain Information you disclose via use of the StayWell Services, specifically information that you disclose to StayWell when you complete a Health Assessment.  Portions of your Information will be used by StayWell in its capacity as a controller solely for the purpose of conducting research and analyzing the Information in order to understand trends and generate anonymous statistical information, which StayWell may then publish in the form of industry white-papers or similar public-facing disclosures.  When you are offered the choice to complete a Health Assessment in the StayWell Services, you will be asked to expressly consent to StayWell’s use of your Information for these purposes, and you will be given an opportunity to review more detailed information about the types of your Information that StayWell will use.  If you’d like more information regarding StayWell’s use of your Information from a Health Assessment you complete, please send us an email at privacy@staywell.com.

  • StayWell as a Processor

In all respects other than as described in the “StayWell as a Controller” section above, StayWell is solely the processor of the Information you disclose via use of the StayWell Services.  StayWell’s processing activities are conducted at the direction of, and in the course of providing its services to the data controller, StayWell’s customer, who may be your Employer, Plan, or other health-services provider.   

  1. How We Process European Personal Information

Under European law, companies must have a legal basis to process data. You have particular rights available to you depending on which legal basis we use, and we've explained these below. You always have the right to request access to, rectification of, and erasure of your data under the GDPR. To exercise your rights, see the “Transparency and Choicesection of this Privacy Policy.

StayWell primarily processes your Personal Information and Personal Health Information as necessary to perform our contracts with StayWell’s customer, who may be your employer or health-services provider.  We describe the contractual services for which this data processing is necessary throughout this Privacy Policy and in our Terms of Use.  The main uses of your data necessary to provide our contractual services are:

  • To provide, improve, customize, and support the StayWell Services;
  • To promote safety and security;
  • To transfer to, transmit to, store in, or process in the United States and other countries; and
  • To communicate with you, for example, on StayWell Service-related issues.

We'll use the data we have to provide these services; if you choose not to provide certain data, the quality of your experience using the StayWell Services may be impacted.

When we process data you provide to us as necessary to perform our contracts with you, you have the right under the GDPR to request a portable version of your data from StayWell. To exercise your rights, see the “Transparency and Choice” section of this Privacy Policy.

The other legal bases we rely on in certain instances, as described more fully below, when processing your data are:

Your Consent:

The main uses of your data for which we use your consent as the lawful basis are: 

    • Disclosures to certain third-parties as described below in the “Disclosure of Your Information” section.
    • Conducting research and analysis in order to generate anonymous statistical information that StayWell may publish in the form of industry white-papers or similar public-facing disclosures.  The StayWell Services will ask for your express consent to the use of your information described above in StayWell’s capacity as a controller before you are asked to complete a Health Assessment. 


When we process data you provide to us based on your consent, you have the rights under the GDPR to (a) withdraw your consent at any time, and (b) to request a portable version of your data from StayWell. To exercise your rights, see the “Transparency and Choice” section of this Privacy Policy.

Our legitimate interests or the legitimate interests of a third party, where not outweighed by your interests or fundamental rights and freedoms ("legitimate interests"):

The main uses of your data for which we use our legitimate interests as the lawful basis are:

  • For aggregating your Information in order to provide measurement, analytics, and other business services. The types of legitimate interests we rely on for this processing are:
    • To better understand user trends and improve the StayWell Services;
    • To provide accurate and reliable reporting to businesses and other partners, to ensure accurate pricing and statistics on performance, and to demonstrate the value our partners realize using the StayWell Services; and
    • In the interests of businesses and other partners to help them understand their customers and improve their businesses, validate our pricing models, and evaluate the effectiveness and distribution of their services and messages, and understand how people interact with them on the StayWell Services.
  • For sharing information with others including law enforcement and to respond to legal requests.  The types of legitimate interests we rely on for this processing are:
    • To prevent and address fraud, unauthorized use of the StayWell Services, violations of our terms and policies, or other harmful or illegal activity; to protect ourselves (including our rights, property or products), our users or others, including as part of investigations or regulatory inquiries; or to prevent death or imminent bodily harm.
    • For sharing information with StayWell’s business partners and prospective business partners. The types of legitimate interests we rely on for this processing are:
      • StayWell’s operation of its day-to-day business, and ability to plan and execute strategic corporate transactions, including mergers


You have the right to object to, and seek restriction of, such processing; to exercise your rights, see the “Transparency and Choice” section of this Privacy Policy.


We will consider several factors when assessing an objection to our processing in furtherance of StayWell’s legitimate interests, including: our users' reasonable expectations; the benefits and risks to you, us, other users, or third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportional effort. Your objection will be upheld, and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.

Compliance with a legal obligation:

The main use of your data for which we use our compliance with a legal obligation as the lawful basis is:

  • For processing data when the law requires it, including, for example, if there is a valid legal request for certain data.