Updated August 29, 2018
Be advised that our processing of data obtained as a result of Nudge Customer and service provider relationships shall be governed by our Data Processing Amendment.
Information Gathering and Usage
When you register any account with any of the Nudge Apps we may ask for information such as your name and email address. We will also ask you to create a secure password. We will store all of this information.
We will not collect your credit card information (but our payment processor will collect your credit card information and that information is subject to our payment processor’s terms, conditions and privacy policies).
We use collected information for the following general purposes: products and services provision, billing, identification and authentication, services improvement, contact and research.
We do not share your personal information with unrelated third parties unless explicitly approved by you. By using the Nudge Sites or Services you authorize this list of Sub-Processors to process your data.
We reserve the right to aggregate and redistribute data entered on the Website in accordance with our Terms of Service. The aggregated data we redistribute will never contain or be attached to Personal Data of any kind.
User Accounts and Data Privacy
Users of the Nudge Apps can share personal information with other users voluntarily and at their own risk by posting comments in Nudge “Communities” or opting into Nudge “Leaderboards”.
Please be advised that we do not perform any background searches on our users and that it is your responsibility to take care when sharing your information by posting in Nudge Communities or joining Nudge Leaderboards. For your security, your Personal Information is not discoverable by any other user until you choose to opt-in to a Community or Leaderboard.
At no time will Nudge or any employee of Nudge share, sell or otherwise distribute individual user data or Personal Data that can be reasonably identified with a specific user account without the prior consent of the individual user.
We may choose to aggregate and redistribute data without providing information identifying specific subscribing organizations, companies or individual users without prior consent.
Sharing You Data With A Nudge Coach
A “Nudge Coach” is an authorized Representative of a Customer of Nudge who provides services on behalf of that organization.
If you accept an invitation to connect with a Nudge Coach, you grant them access to all personal and health-related data in your account. This includes data that may be manually entered by you, or data that you choose to sync into the Nudge Apps by enabling one of our health tracking integrations.
Your data provides the Nudge Coach the up-to-date information they require in order to deliver their services effectively.
If you accept an invitation from a Nudge Coach, the Nudge Coach will also be able to send private messages to you. The Nudge Coach has agreed to keep your data and information confidential and not use it for any purpose other than to provide you individualized advice and services, but we cannot provide any assurances that any Nudge Coach will in fact do so.
We are not required to litigate or otherwise pursue any wrongful disclosure of your data and information. To the extent that any of your data or information contains protected health information, you hereby expressly consent to the disclosure of such protected health information when you accept an invitation from a Nudge Coach.
Use of Contact Information
We may use your email address to send you information about our Services or to market to you. You may unsubscribe from these messages by following the instructions contained within the messages or the instructions on the Nudge Sites.
If you email us with a request or question or have provided us with your email address, we may keep your message, email address and contact information to respond to your request or otherwise follow up with you.
No Public Sharing of Your Data
We do not allow the public to see your personal information.
Log Data and Links
When you visit our Website, our servers automatically record information ("Log Data") created by your visit to and use of the Nudge Sites and the Services. Log Data may include information such as your IP address, browser type, the referring domain, pages visited and order of visit, search terms used and other historical data.
We may keep track of how you interact with links across the Nudge Sites and the Services. We do this to help improve our Website and the Services, including the advertising on our Website and through our Services.
We may share the Log Data in the form of aggregate click statistics, such as how many times a particular link was clicked on, without any personally identifiable information, with third parties.
In addition to Log Data, we may also collect information about the device you are using when accessing the Products, including what type of device it is, what operating system you are using, device settings, unique device identifiers, and crash data.
Whether we collect some or all of this information often depends on what type of device you are using and its settings. To learn more about what information your device makes available to us, please also check the policies of your device manufacturer or software provider.
A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a web site's computers and stored on your computer's hard drive.
We use third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run our services.
We do not transfer ownership of any code, databases, Website rights or data to any third party vendors or hosting partners.
Third Party Services (Subprocessors)
We may use a variety of services offered by third parties to help maintain and improve our Website, to help us understand the use of our Website and Services, or simply to provide the Services.
These services may store both personally identifiable information about you which we collect and the information sent by your browser as part of a web page request, such as cookies or your IP address.
If any third parties are given access to your personally identifiable information, we will limit the use of such personally identifiable information only to provide the services to us which we have requested. Visit our list of third party services that may process your data.
Minimum Age 16
Neither the Nudge Sites nor the Services are directed to people under the age of 16. If you become aware that your child has provided personally identifiable information, please contact us at firstname.lastname@example.org.
We do not knowingly permit children under 16 to use our Website or Services or collect personally identifiable information from children under 16.
If we become aware that a child under 16 has provided us with personally identifiable information, we will take steps to remove such information and terminate the child's account.
Information Security, Retention, and Data Integrity
We take reasonable security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data.
These include firewalls and encryption, internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems.
Our software code and all data and information reside on servers that comply with the requirements of the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Act (GDPR).
In addition, our software code resides on one set of servers and all data and information reside on a separate set of servers.
We restrict access to personal information to our employees, contractors and agents who need to know that information in order to operate, develop or improve our Services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination, if they fail to meet these obligations.
Although we cannot guarantee that our security will not be penetrated or compromised or that your information will remain secure under all circumstances, we do commit to adhering to these established Security Measures at all times in order to reduce the risk of breach or incident.
Right To Access, Amend & Delete Personal Data / Choice
You retain the right to access, amend, correct or delete your Personal Data at any time. To do so, use the controls available to you within our Services, or contact our support team via email.
You may request to cancel your account at any time. Keep in mind, however, that even if you request to cancel your account, we may retain your personal information in conformance with our data retention policy, under which we may retain such information to comply with laws such as HIPAA, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigations, enforce our Terms of Service, perform research, and take other actions otherwise permitted by law.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to email@example.com.
Transfer of Information on Sale and for Legal Compliance
(a) upon a sale of Nudge or all or substantially all of its assets, we reserve the right to transfer to the purchaser of Nudge all data it has, including without limitation all Log Data and all personally identifiable data concerning you and any user of the Nudge Sites and the Services and
(b) we will share your personal information if we have a good faith belief that:
(i) access, use, preservation or disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, legal process, such as a court order or subpoena, or a request by law enforcement or governmental authorities,
(ii) such action is appropriate (A) to enforce the Terms of Service, including any investigation of potential violations thereof, or (B) to detect, prevent, or otherwise address fraud, security or technical issues associated with the Nudge Sites and the Services, or
(iii) such action is appropriate to protect the rights, property or safety of Nudge, its employees, users of the Nudge Sites and the Services.
International Data Transfers
The Website and Services are hosted in the United States.
If you access the Nudge Sites or Services from the European Union, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure that differ from United States laws, please be advised that through your continued use of the Nudge Sites or Services, you are transferring your personal information to the United States and you consent to that transfer, as well as to these authorized Subprocessors which may be located elsewhere in the world.
Additionally, you understand that your personal information may be processed in countries (including the United States) where laws regarding processing personal information may be less stringent than in your country.
EU-US Privacy Shield
Nudge complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.
To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Nudge is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Nudge’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Nudge remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Nudge proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, (your organization name) commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Nudge at: firstname.lastname@example.org.
Nudge has further committed to refer unresolved Privacy Shield complaints to BBB EU Privacy Shield, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information or to file a complaint. The services of BBB EU Privacy Shield are provided at no cost to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Attn: Privacy Officer
1717 E Cary St
Richmond, VA 23223