Last Updated: 11/12/2020
WHO WE ARE
We are Cleo Labs, Inc., a Delaware corporation, with a headquarters in California in the United States. We have service providers in the United States and other countries. Your personal information may be collected, used and stored in the United States or other locations outside of your home country. Data protection laws in the locations where we handle your personal information may not be as protective as the data protection laws in your home country.
WHAT WE COLLECT
We get information about you in a range of ways.
Information You Give to Us. We collect information that you provide to us, which may include the following categories of information depending on how you use our Services:
- Information that identifies you, such as your full name, email address, mailing address, telephone number, username, and password.
- Work information such as the identity of your employer or your job title
- Family planning and health information that you share with us when using, signing up for, or requesting more information about the Services, including, but not limited to demographic information, such as gender and birth date.
By providing us with an email address, you consent to receiving information from us by email to that address.
WE DO NOT KNOWINGLY ENROLL OR COLLECT INFORMATION DIRECTLY FROM CHILDREN UNDER THE AGE OF EIGHTEEN.
Please keep in mind that certain features on the Services may give you an opportunity to interact with us and others. These may include forums, message boards, chats, creating community profiles, and rating, tagging and commenting on articles. When you use these features, you should be aware that any information you submit, including your name, location, health issues, and email address, may be publicly available to others. We do not protect the privacy of and are not responsible for your disclosure of any information through these interactive features, including, but not limited to information that you might post related to a minor.
Whenever you voluntarily disclose anyone’s personal information on publicly viewable web pages, that information can be collected and used by others. For example, if you post your email address, you may receive unsolicited messages. We cannot control who reads your post or what other users may do with the information that you voluntarily post, so we encourage you to exercise discretion and caution with respect to information you choose to disclose through these interactive features. When an individual chooses to post information that will be publicly disclosed, he or she is responsible for all legal consequences. We are not responsible under any data protection laws for information that you voluntarily post on a site that can be accessed by others including non-Cleo personnel.
If you believe that Cleo has violated your privacy rights, you should contact us at the mailing address provided below or via e-mail at [email protected].
Information We Get From Your Employer. We may receive information from your Cleo Benefit Sponsor (typically your employer or health plan) to enable us to confirm you, your dependents, or your household member(s)’ eligibility for Cleo, to contact you in order to inform you of the availability of the Cleo benefit, and to help us measure the effectiveness of Cleo.
Information Automatically Collected. We automatically log information about you and your computer, phone, tablet, or other devices you use to access the Site and Services. For example, when visiting our Site or when using the Company’s mobile applications, we log your computer or device identification, operating system type, browser type, browser language, the website you visited before browsing to our Site, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Site or in the Company’s mobile applications. This type of information is routinely collected by virtually any web enabled application or website. How much of this information we collect depends on the type and settings of the device you use to access the Site and Services.
Cookies. We may log information using “cookies.” Cookies are small data files stored on your hard drive by a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. Other similar tools we may use to collect information by automated means include web server logs, web beacons and pixels. This type of information is collected to make the Site and Services more useful to you and to tailor the experience with us to meet your special interests and needs.
California Do Not Track Disclosure. We currently do not support the Do Not Track browser setting or respond to Do Not Track signals. Do Not Track (or DNT) is a preference you can set in your browser to let the websites you visit know that you do not want them collecting certain information about you. For more details about Do Not Track, including how to enable or disable this preference, visit http://www.allaboutdnt.com.
If you choose to interact on the Site or through the Services (such as by registering; using our Services; completing questionnaires, surveys, service contacts, or requests for information) the Company will collect the personal information that you provide. We may collect personal information about you that you provide through telephone, email, or other communications. If you provide us with personal information regarding another individual, we will assume that you have that person’s consent to give us their personal information. Providing personal information about another individual without their consent could be viewed as a data privacy violation and could subject you to sanctions.
USE OF PERSONAL INFORMATION
- To provide the Services and personalize your experience: We use information about you to provide the Services to you, including to
- help establish and verify the identity and eligibility of users, including verifying your eligibility through your Cleo Benefit Sponsor (usually your employer);
- For the purposes for which you specifically provided it including, without limitation, to enable us to process and fulfill your Account, provide the Services or other requests.
- To communicate with an expert;
- To send you information about your relationship or transactions with us;
- To otherwise contact you with information that we believe will be of interest to you, including marketing and promotional communications;
- To enhance or develop features, products, and services;
- To allow us to personalize the content that you and others see on the Services;
- To create aggregated and other anonymous data by removing information that makes the data personally identifiable, which we may provide to advertisers and other third parties or use for other lawful business purposes;
- To allow other select companies to send you promotional materials about their products and services.
- For research and development: We are always looking for ways to make our Services smarter, secure, integrated and useful to you. We use collective learnings about how people use our Services and feedback provided to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services; to analyze and improve our Site and/or Services (including developing new products and services); improving safety; managing our communications; analyzing our products; performing market research; for peer-reviewed and non-peer-reviewed clinical research; and performing data analytics. For example, we used information collected about how users engage with our micro-sites to design a better, more user-friendly user experience. In some cases, we may apply these learnings across all our Services to improve and develop similar features or to better integrate the Services you use. We also test and analyze certain new products, workflows, and user experiences with some users before rolling them out to all users.
- To communicate with you about the Services: We use your contact information to send transactional communications via email and within the Services, including sending you reminders, responding to your comments, questions and requests, providing customer support, soliciting outcomes and feedback, and sending you technical notices, updates, security alerts, and administrative messages. Depending on your settings, we may send you email notifications when you or others interact on the Services, for example, when you are sent a message from your Cleo guide through our Services. We also provide tailored communications based on your activity and interactions with us. For example, certain actions you take in the Services may automatically trigger a feature or third-party app suggestion within the Services. These communications are part of the Services and in most cases you cannot opt out of them as they are an integral part of our Services. If an opt out is available, you will find that option within the communication itself or in your account settings.
- To market, promote, and drive engagement with the Services: We may use your contact information and information about how you use the Services to send promotional communications that may be of specific interest to you, including by email. These communications are aimed at driving engagement and maximizing what you get out of the Services, including information about new features, products and services offered by our selected partners, survey requests, and articles we think may be of interest to you. You can control whether you receive these communications within the communication itself or in your account settings.
- For Customer support: We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Services. Where you give us permission to do so, we share your information with a Lyra expert for the purpose of responding to support-related requests.
- For safety and security: We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity, identify violations of Service policies, authenticate, protect against, investigate, and deter fraudulent, unauthorized, or illegal activity.
- To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, accounting, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
- With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above.
We may combine all of the information that we collect with data obtained from third parties or through our products and Services. We may also collect and store information locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
Cleo will take reasonable precautions to protect your information from loss, misuse or alteration. Please be aware, however, that any text, email or other transmission you send in an unencrypted manner cannot be completely protected against unauthorized interception. In particular, we want to make you aware that personal email may be unsecure, and Cleo cannot be responsible for any unauthorized access to information when information is sent to your personal email. You are not required to authorize the use of email for this purpose, a decision not to consent or to opt out of receiving these emails will not restrict your ability to access the Services, and you can continue to receive other emails from Cleo, using our secure electronic communication system instead of your personal email.
We may also use aggregated or anonymous information (for example, statistics regarding use and metrics) for research purposes, for marketing and promotional purposes, and to develop new learning tools and solutions and we may share such information with third parties, including researchers and/or advertisers. We may also use IP addresses to analyze trends, administer the Services, track a visitor’s movement, and gather demographic information which we may combine with other aggregated or anonymous data for the uses described above.
SHARING OF PERSONAL INFORMATION
Personally Identifiable Information: We will not rent or sell your personally identifiable information to others without your consent, although we may share it with partners for the purposes described above under “Use of Personal Information”, such as the provision and personalization of Services.
With your consent, we may share your information as follows:
- With Affiliates: We may share your personal information with affiliated companies and businesses;
- With Service Providers: We may use other companies to perform services including, without limitation, facilitating some aspects of our Services such as processing credit card transactions sending emails, and fulfilling purchase requests. These other companies may be supplied with or have access to your personal information solely for the purpose of providing these services to you on our behalf. Such service providers shall be bound by appropriate confidentiality and security obligations, which may include, as applicable, business associate contract obligations;
- With Business Partners: When you make purchases or engage in promotions offered through our Services, we may share personal information with the businesses with which we partner to offer you those products, services, and promotions. When you accept a particular business partner’s offer, you authorize us to provide your information to that business partner;
- With other Service Providers: We occasionally will share information and data on users of the Services with third-party providers who provide targeted services, such as advertising or data analysis on our behalf;
- With your employer or health plan: We may share your enrollment status as a user of the Services.
- With experts and coaches: We may share your personal information with experts and coaches enlisted to provide the Services.
- Special Circumstances: We also may disclose your Personal Information:
- In response to a subpoena or similar investigative demand, a court order, or other request from a law enforcement or government agency where required by applicable law;
- When disclosure is required or allowed by law in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce our Terms or other agreements or policies;
Any personally identifiable information you elect to make publicly available on our Sites or through the Services will be available to others. If you remove information that you have made public on our Sites or through the Services, copies may remain viewable in cached and archived pages of our Sites or through the Services, or if other users have copied or saved that information.
Non-Personally Identifiable Information: We may share non-personally identifiable information (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to help us understand the usage patterns for certain Services and those of our partners. Non-personally identifiable information may be stored indefinitely.
HOW INFORMATION IS STORED AND PROCESSED
Your information is stored in databases maintained by the Company or third parties that are located within North America.
You should be aware that when you are on the Site or using our Services, you can be directed to other websites that are beyond our control, and we are not responsible for the privacy practices of third parties or the content of linked websites.
HOW INFORMATION IS PROTECTED
We are committed to protecting your privacy and data. We encrypt sensitive information (e.g. your login credentials, PII) during transmission and storage. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you, other involved parties, and any applicable regulator(s) of a breach as soon as reasonably possible, in accordance with applicable laws.
However, no method of transmission over the Internet or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any questions about the security of our Services, you can contact us at [email protected]..
What are your data protection rights?
Our Company would like to make sure you are fully aware of all your data protection rights. Every user is entitled to the following:
The right to access. You have the right to request Our Company for copies of your personal data. We may charge you a small fee for this service if there is more than one request per year.
The right to rectification. You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete information you believe is incomplete.
The right to erasure. You have the right to request that Our Company erase your personal data, under certain conditions.
The right to restrict processing. You have the right to request that Our Company restrict the processing of your personal data, under certain conditions.
The right to object to processing. You have the right to object to Our Company’s processing of your personal data, under certain conditions.
The right to data portability. You have the right to request that Our Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: [email protected] Or write to us at Cleo Labs, Inc., 85 2nd Street, Suite 710, San Francisco, CA 94105.
If you are a citizen of the European Economic Area, you may also choose to contact our European Union Representative, as per Article 27 of the GDPR:
Rickert Rechtsanwaltsgesellschaft mbH
Colmantstraße 15 53115 Bonn Germany
INFORMATION CHOICES AND CHANGES
Our marketing emails tell you how to “opt-out.” After doing so, you will not receive future promotional emails unless you open a new account or sign up to receive newsletters or emails. If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you.
You may send requests about personal information to our Contact Information below or to [email protected]. You can request to change contact choices, opt out of our sharing with others, and update your personal information.
You can typically remove and reject cookies from our Site with your browser settings. Many browsers are set to accept cookies until you change your settings. If you remove or reject our cookies, it could affect how our Site works for you.
Privacy Shield Notice
As required under the Principles, if we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third party service provider that performs services on Cleo’s behalf, we have certain liability under the Privacy Shield if both (i) the service provider processes the personal data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, Cleo commits to resolve complaints about our collection or use of your personal information. If you are a resident of a European country participating in the Privacy Shield with inquiries or complaints regarding our Privacy Shield practices, you should first contact Cleo by email at [email protected], or by mail at the address listed below in the How to Contact Us section, and we will work with you to resolve your issue.
If you are a resident of a European country participating in the Privacy Shield and have an inquiry or complaint that we have not addressed to your satisfaction, you may seek further assistance, at no cost to you, from the American Arbitration Association (AAA) and the International Centre for Dispute Resolution (ICDR)
In addition to the steps described in Your Choices, above, some residents of European countries participating in the Privacy Shield may have certain legal rights to access or limit the use or disclosure of their personal information. To exercise those rights, these users may contact us at [email protected].
The services of the American Arbitration Association are provided at no cost to you. Under certain limited conditions, individuals may invoke binding arbitration as a last resort before the Privacy Shield Panel.
Cleo’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Cleo commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human and non-human resources data transferred from the EU.
RIGHTS OF CALIFORNIA RESIDENTS
This privacy notice describes the personal information we collect or process about California residents in connection with the Site or the Services, how we use, share, and protect that personal information, and what your rights are concerning personal information that we collect or process.
In this section, “personal information” has the same meaning as under the California Consumer Privacy Act (CCPA), California Civil Code Section 1798.83: information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Information does not include information that has been de-identified or aggregated or information that is considered “PHI” under HIPAA or medical information protected under California’s Medical Information Act.
Personal Information We Collect and Share, and For What Purpose: In the past 12 months, we have collected and shared personal information from visitors in the following circumstances when they interact with the Site or the Services, as described in detail above:
- Information You Give to Us
- Information We Get From Your Cleo Benefit Sponsor
- Information We Get From Others
- Information Automatically Collected
As described in detail above, we use your personal information for a variety of purposes to operate, assess activity on, and improve the performance of the Site, including the following:
- To provide the Services and personalize your experience
- For research and development
- To communicate with you about the Services
- To market, promote, and drive engagement with the Services
- For Customer support
- For safety and security
- To protect our legitimate business interests and legal rights
Except as described in detail above, we will not share with third parties information about you without your consent.
We do not share your personal information with third parties for third party marketing purposes.
Your Rights as a California Resident: Under California law, users who are California residents have specific rights regarding their personal information. These rights are subject to certain exceptions described below. When required, we will respond to most requests within 45 days unless it is reasonably necessary to extend the response time.
Right to Disclosure of Information: You have the right to request that we disclose certain information regarding our practices with respect to personal information. If you submit a valid and verifiable request and we confirm your identity and/or authority to make the request, we will disclose to you any of the following at your direction:
- The categories of personal information we have collected about you in the last 12 months.
- The categories of sources for the personal information we have collected about you in the last 12 months.
- Our business or commercial purpose for collecting that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you.
- If we disclosed your personal information to a third party for a business purpose, a list of the personal information types that each category of recipient received.
Right to Delete Personal Information: You have the right to request that we delete any of your personal information collected from you and retained, subject to certain exceptions. Upon receiving a verified request to delete your personal information, we will do so unless otherwise authorized by law.
How to Exercise these Rights: You may submit a verifiable consumer request to us for disclosure or deletion of personal information by emailing us. We will respond to verifiable requests for disclosure or deletion of personal information free of charge, within 10 days of receipt.
In order to protect your privacy and the security of your information, we verify consumer requests by matching personal information that you provide with information in our possession, in order to confirm your identity. Any additional information you provide will be used only to verify your identity and not for any other purpose.
You may designate an authorized agent to make requests on your behalf. You must provide an authorized agent written permission to submit a request on your behalf, and we may require that you verify your identity directly with us. Alternatively, an authorized agent that has been provided power of attorney under Probate Code sections 4000-4465 may submit a request on your behalf.
Right to Opt Out of Sale of Your Personal Information: We do not sell your personal information.
Right to Non-Discrimination: You have the right not to be discriminated against for the exercise of your California privacy rights described above.
Minors: We support and comply with the Children’s Online Privacy Protection Act (COPPA) and we do not knowingly collect information from children under the age of 18, nor do we share such information with third parties. Children under the age of 18 may not use the Services. If you seek Services for a minor, you will be responsible for providing information related to the minor and for paying for Services requested for the minor.