myStrength

At myStrength™, your privacy is our priority.

We are committed to maintaining the safety, security and confidentiality of your personal information. This Privacy Policy explains how we collect the personal information you provide through our website and our mobile application and how we process and protect that information in connection with services offered (the “Service”). This Privacy Policy does not apply to the practices of companies that myStrength does not own or control, or to people that myStrength does not employ or manage.

The myStrength Privacy Policy addresses the following areas:

  • How we collect information from you
  • What type of information we collect from you
  • How your information is used
  • How long your information is kept for
  • Who has access to your information
  • Your choices regarding promotional communications
  • Your rights regarding your data
  • Keeping your information safe
  • Keeping your information up to date
  • Links to other websites
  • Data from minors
  • Changes to this Policy
  • Contact us if you have any questions or concerns
  • Rights and practices specific to users located outside of the United States
    • GDPR Compliance
    • Lawful basis for processing your information
    • Rights of users outside of the United States
    • Transferring data internationally

How we collect information from you

  • We collect information directly from you when you use our website or the Service.
  • Information given to us about you via your payer or sponsor for activating the Service.
  • When you visit our website:
    • “Cookies” are alphanumeric identifiers in the form of text files that are inserted and stored by your Web browser on your computer’s hard drive. myStrength may set and access cookies on your computer to track and store preferential information about you. myStrength may gather information about you through cookie technology. For example, myStrength may assign a cookie to limit the number of times you see a particular myStrength Offer or to help better determine which myStrength Offers to serve to you. Please note that most Internet browsers will allow you to stop cookies from being stored on your computer and to delete cookies stored on your computer. If you choose to eliminate cookies, the full functionality of the Service may be impaired.
    • We encode our cookies so that only we can interpret the information stored in them.
    • Web beacons are images embedded in a Web page or e-mail message for the purpose of measuring and analyzing site usage and activity. myStrength, or third-party service providers acting on our behalf, may use Web beacons to help us analyze Site usage and improve the Service.

What type of information we collect from you

  • When you register to use the Service, we require you to provide personal data including your email address or Login ID and password (“Registration Information”) and we may collect your name, date of birth, and gender. We use this information to establish your account and to activate your use of the Service. In order to benefit from the full functionality of the Service, you must also complete a Wellness Assessment and Personal Profile (“Results and Preferences”) to enable myStrength to tailor the Service for your use.
    • Please note, we maintain strict rules to help prevent others from guessing your password. We also recommend that you change your password periodically. Your password must be 6-8 characters in length. You are responsible for maintaining the security of your Login ID and Password. You may not provide these credentials to any third party. If you believe that they have been stolen or been made known to others, you must contact us immediately at security@myStrength.com, but in any event, you should change your password immediately via the Service. We are not responsible if someone else accesses your account through Registration Information they have obtained from you or through a violation by you of this Privacy Policy or the myStrength.com Terms of Use.
  • Automatic data collection: When you use our Service, we may collect technical and navigational information, such as computer browser type, Internet protocol address, myStrength pages visited, and average time spent on our website. This information may be used, for example, to alert you to software compatibility issues, or it may be analyzed to improve our Web design and functionality.

How your information is used

  • To analyze site usage and improve the Service;
  • To communicate with you about your use of the Service;
  • To fulfill your requests for certain services;
  • For market research, project planning, troubleshooting problems, detecting and protecting against error, fraud or other criminal activity;
  • To inform third-party contractors that provide services to myStrength and are bound by these same privacy restrictions;
  • To enforce the myStrength Terms of Use;
  • As may otherwise set forth in this Privacy Policy.

How long your information is kept for

  • We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:

    • any statutory or legal obligations;
    • the purposes for which we originally collected the personal data;
    • the lawful grounds on which we based our processing;
    • the types of personal data we have collected;
    • the amount and categories of your personal data;
    • whether the purpose of the processing could reasonably be fulfilled by other means.

  • Who has access to your information

    • We do not sell or rent your information to third parties.
    • We do not share your information with third parties for marketing purposes.
    • In the event that you access the Service as brought to you by one of our co-brand partners, through a co-branded URL or SSO service, your e-mail address used for registration and other information on the Service may be provided to that co-brand partner. If the coaching feature is enabled, information regarding your use of the Service will be provided to Your myStrength Coach to enable them to give personalized support.
    • Your payer or other sponsor is provided with certain activity and outcome information about your use of the Service based on your membership ID or personal information, including, but not limited to: the number of times you logged into the Service, the length of time you spent on the Service, and the results of your wellness assessment(s);
    • Third parties working on our behalf.
      • We may pass your information to our third-party service providers, suppliers, agents, subcontractors and other affiliated organizations for the purposes of completing tasks and providing services to you on our behalf (for example, to send e-mail messages on our behalf or host and operate a particular feature or functionality of the Service). Our contracts with these third parties outline the appropriate use and handling of your information and prohibit them from using any of your personal information for purposes unrelated to the product or service they’re providing. We require such third parties to maintain the confidentiality of the information we provide to them.
      • We may use third-party service providers to help us analyze certain online activities. For example, these service providers may help us measure the performance of our online campaigns or analyze visitor activity on myStrength. We may permit these service providers to use cookies and other technologies to perform these services for myStrength. We do not share any personal information about our customers with these third-party service providers, and these service providers do not collect such information on our behalf. Our third-party service providers are required to comply fully with this Privacy Policy.
    • We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganization, or if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our staff, supporters, customers, users of the website or others. In doing so, we will take the steps necessary to ensure that your privacy rights continue to be protected.
    • myStrength reserves the right (and you authorize myStrength) to share or disclose your personal information when myStrength determines, in its sole discretion, that the disclosure of such information is necessary or appropriate:
      • To enforce our rights against you or in connection with a breach by you of this Privacy Policy or the myStrength Terms of Use;
      • To prevent prohibited or illegal activities; or
      • As required by any applicable law, rule or regulation, subpoena, or other legal process.
    • If you use a community discussion, bulletin board, blog or chat room on our Site, you should be aware that any information you submit there can be read, collected, or used by other users and could be used to send you unsolicited messages. We are not responsible for the personal information you choose to submit in these forums. These forums may be hosted by myStrength or by a third-party service provider on myStrength’s behalf.

    Your choices regarding promotional communications

    You may choose to receive: (i) e-mail newsletters from us; and (ii) emails from us promoting myStrength or third-party goods or services. You will have the ability to opt-out of receiving our promotional e-mails and to terminate your newsletter subscriptions by following the instructions in the e-mails. Please note that opting out in this manner will not end transmission of service-related e-mails, such as e-mail alerts.

    Your rights regarding your data

    Your data is yours. You can remove it any time you want. When you request that we delete your account for the Service, your data will be permanently expunged from our primary production servers, and further access to your account will not be possible. However, your data may remain on a backup server or media. myStrength keeps these backups to ensure our continued ability to provide the Service to you in the event of malfunction or damage to our primary production servers. We also reserve the right to use any aggregated or anonymous data derived from or incorporating your personal information.

    If you are using the Service from a location outside the United States, please refer to the information below, “Rights and practices specific to users located outside the United States”, which references additional rights you have regarding your data.

    Keeping your information safe

    • We use a combination of firewall barriers, encryption techniques, and authentication procedures, among others, to maintain the security of your online session and to protect myStrength accounts and systems from unauthorized access.
    • When you register for the Service, myStrength requires a password from you for your privacy and security. Information such as your Registration Information for myStrength is transferred securely by myStrength.
    • Our servers are in a secure facility. Access requires multiple levels of authentication, including biometrics recognition procedures. Security personnel monitor the system 7 days a week, 24 hours a day.
    • Our databases are protected from general employee access both physically and logically. We encrypt your Service password so that your password cannot be recovered, even by us. All backup drives and tapes also are encrypted.
    • We enforce physical access controls to our buildings.
    • No employee may put any sensitive content on any insecure machine (i.e., nothing can be taken from the database and put on an insecure laptop).
    • myStrength has been verified by Verisign for its use of SSL encryption technologies. In addition, myStrength tests the Site daily for any failure points that would allow hacking.
    • However, it is important to understand that these precautions apply only to our Site and systems. We exercise no control over how your information is stored, maintained, or displayed by third parties or on third-party sites.
    • From the time you submit your Login ID and Password, the communications between your computer and myStrength.com are encrypted. This enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery.

    Keeping your information up to date

    • If your Registration Information changes during your subscription to myStrength, you should update it promptly via the Service.

    Links to other websites

    • This policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other websites even if you access those using links from our website.
    • In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the privacy policy of that third-party site.

    Data from Minors

    • With respect to individuals within the United States, the myStrength Service is not available to anyone younger than 13 years old. We do not knowingly collect or solicit Personal Information from anyone under the age of 13. If we learn that we have collected Personal Information from a child under age 13, we will take immediate steps to remove such information and terminate the child’s account. If you become aware that your child has provided us with personal information, please contact us at customerservice@mystrength.com.
    • With respect to individuals located outside the United States, the myStrength Service is not available to anyone younger than 16 years old. We do not knowingly collect or solicit Personal Information from anyone under the age of 16. If we learn that we have collected Personal Information from a child under age 16, we will take immediate steps to remove such information and terminate the child’s account. If you become aware that your child has provided us with personal information, please contact us at customerservice@mystrength.com.

    Changes to this policy

    • We post updates on our website whenever there is a change to our Privacy Policy. The date last revised appears at the end of the Policy. Changes take effect immediately upon posting.

    Contact us if you have any questions or concerns

    • If you have questions, comments, concerns, or feedback regarding this Privacy Policy or any other privacy or security concern regarding the Service, please send an e-mail to security@myStrength.com.

    Rights and practices specific to users located outside the United States

    Our Privacy Policy has been updated to account for the requirements of the European Union Data Protection Act (the “GDPR”) effective May 25, 2018. In addition to the rights and practices set forth above, the following items are applicable specifically to users located outside of the United States.

    GDPR Compliance

    myStrength is the data controller of your personal data and is subject to the in so far as your data was provided to myStrength while you were located in the European Union.

    Lawful basis for processing your information

    myStrength processes personal data in order to provide and administer its Service. We also process personal data based on:

    • Consent - Where you have provided your explicit consent to us using your personal information.
    • Contractual necessity – When we enter into an agreement with you and are performing our obligations under such agreement.
    • Legal obligation – When necessary for our compliance with a statutory or regulatory obligation.
    • Vital interests – when it is necessary to protect your or another person’s vital interests.

    Rights of users outside of the United States

    • Right of access- You have the right to request a copy of the information we hold about you.
    • Right to correct inaccurate information- You have the right to correct data that we hold about you that is inaccurate or incomplete.
    • Right to restrict use- where certain conditions apply, you have a right to restrict the processing of your personal data.
    • Right of erasure- in certain circumstances, you can ask for the data we hold about you to be erased from our records.
    • Right for your information to be portable- you have the right to have the data we hold about you transferred to another organization.
    • Right to object- You have the right to object to processing of your personal information (1) based on legitimate interests (including the legitimate interests of a third party); or (2) for direct marketing purposes.

    Transferring data internationally

    • If you are located outside the United States, your personal data may be transferred to the United States (e.g. a third-party cloud-based software provider may host information on its servers located within the United States). We will take steps to ensure personal data we transfer is adequately protected as required by applicable data protection laws. If these transfers affect you, you may contact us to obtain more precise information and a copy of relevant documentation.

    (rev. 12/31/2018)