PRIVACY POLICY

User privacy is very important to us, in fact, it’s a top priority.

Walker Tracker and GDPR Compliance

Walker Tracker Privacy Policy

Walker Tracker (“Provider”) is an online application that allows participants to enter and store information pertaining to daily physical activity and other personal health metrics measured outside of a clinical setting. This privacy statement applies to the data collected on the Provider site or on corporate portal sites run by Provider; it does not apply to data collected through other online or offline sites, products or services.

By using the website and/or the services and providing us with personal information, you agree to the practices described in this Privacy Policy and to the updates to this policy posted here from time to time. To make sure you stay informed of all changes, you should check these policies periodically. Updates will be referenced by the “Last Updated” date shown at the end of this Policy.

  1. Personally Identifiable Information Submitted by Children Under 13
    No part of the Provider services is intended for use by persons under 13 years of age without the written consent of a parent or guardian. IF YOU ARE UNDER 13 YEARS OF AGE, PLEASE DO NOT USE OR ACCESS THE PROVIDER SERVICES AT ANY TIME OR IN ANY MANNER WITHOUT PARENTAL CONSENT (as described below). If we determine that personally identifiable information of persons under 13 has been collected without verifiable parental consent, we will remove the information from our systems. If you are a parent or guardian and learn that your child under 13 has created a Provider account, you may contact us and request that the information be removed from our systems.

On occasion, a client program administrator may ask that Provider collect the personal information of children under 13, in order to include the children of its enrollees in activities and challenges. In that case, we will ask for a parent or guardian email address, so that we may seek consent from the parent or guardian to collect that information. We will not collect the information of children under 13 without such consent, and we will not use the parent or guardian email address for any purpose other than to receive such consent and to provide the services. Once consent has been provided, it may be revoked at any time, and the child’s information will be deleted from Provider’s records. The consenting parent or guardian may review any personal information collected about the child, or revoke consent, by contacting Provider at privacy@walkertracker.com or by mail at: Walker Tracker PO Box 15111, Portland, OR 97293.

  1. Data Collection and Transfer
    We collect the e-mail addresses of those who communicate with us via e-mail, aggregate information on what pages users access or visit, and information volunteered by the user (such as survey information and/or site registrations). The information we collect is used to improve the content of our web pages and the quality of our service, and is not shared with or sold to other organizations for commercial purposes, except to provide products or services you’ve requested, when we have your permission, or under the following circumstances:
    1. If it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Terms of Service, or as otherwise required by law.
    2. We transfer information about you if Provider is acquired by or merged with another company. In this event, Provider will notify you before information about you is transferred and becomes subject to a different privacy policy.
    3. Cookies
      A cookie is a small amount of data, which often includes an anonymous unique identifier, that is sent to your browser from a web site’s computers and stored on your computer’s hard drive. We use cookies to record current session information, but do not use permanent cookies. You are required to log-in to your Provider Project Site after a certain period of time has elapsed to protect you against others accidentally accessing your account contents. Please note: cookies are required to use the Provider service.
  2. Data Storage
    Provider uses hosting services (such as Amazon Web Services) to provide the necessary hardware, software, networking, storage, and related technology required to run Provider. Although Provider owns the code, databases, and all rights to the Provider application, you retain all rights to your data.
  3. Disclosure
    Provider may disclose personally identifiable information under special circumstances, such as to comply with law or legal process, or in response to lawful requests from public authorities, including to meet national security or law enforcement requirements. We may also disclose your personal information to a third party for a business purpose. For example, we may disclose personally identifiable information to a contractor or service provider to perform work on our behalf. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. Finally, in the event that Provider sells or transfers all or a portion of its business or assets, personal information about our users would be among the assets transferred to the buyer.
  4. Access and Deletion Rights
    1. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you.
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
    • sales, identifying the personal information categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

B. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

C. You have the right to rectify any personal information that we have about you, or to complete partial information. In the majority of cases, the ability to fix inaccurate or incomplete personal data is built into our app, and will not require our assistance. If you are unable to directly update or correct the information within your account, you can contact us at support@walkertracker.com to request that we update or correct the information for you. We will respond to your request within a reasonable timeframe.

  1. Changes
    Provider may periodically update this policy. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your Provider account or by placing a prominent notice on our site.
  2. Anonymity
    Provider’s client can decide to configure their portal so that individual users are not required to use their real name when registering – instead, participants can choose a username and anonymous email address, allowing for an additional level of individual privacy and anonymity. Visibility of real names on the site is the sole discretion of the client program administrator.
  3. Third Party Wellness Providers
    Provider never sells your data. However, if a third party wellness provider administers your program (such as your employer, wellness provider, health insurance carrier or plan), it may have access to the following Personal Information:
  • Name (if required in registration)
  • Username
  • Email address
  • Registration date
  • Last login date
  • Step Data
  • Activity data (from activity converter)
  • Step data (from a device such as a Fitbit)
  • Participant answers to pop up questions posted on this site
  • Type of device linked (if any) and last sync time/date from device
  • Challenges that the participant does
  • Team(s) participant is on
  1. Provider and HIPAA
    Since Provider is not a health plan, information clearinghouse, nor a provider of healthcare services or medical/diagnostic advice, Provider is not covered under the HIPAA regulations or the 2009 ARRA extensions to HIPAA. Activity and health information entered into the Provider site, generally referred to as “Observations of Daily Living”, are similarly not covered under HIPAA or the ARRA extensions. Our privacy rules ensure that the data you enter is protected and private – since Observations of Daily Living data is not shared with sponsoring companies or other related entities, except as provided below.
  2. Personal Activity, Health Metrics, and Privacy
    In addition to activity data, Provider offers participants the ability to enter personal health metrics including nutrition, hydration, weight, resting heart rate, location information, and mood. This personal health data entered into Provider is always private to the individual participant, with the exception of activity data (i.e. steps and activities converted to steps). Program administrators (defined as: program sponsor or Provider’s client) cannot access, download, or view this personal health information, nor is it visible or accessible to other participants on the site. Some program administrators may choose to turn one or more health tracking features off, so that participants are limited strictly to daily step/activity entries. Program Administrators may have access to the following information:
  • Name (if required in registration)
  • Username
  • Email address
  • Registration date
  • Last login date
  • Step Data
  • Activity data (from activity converter)
  • Self-entered location data (e.g.: branch office or address)
  • Participant answers to pop up questions posted on this site
  • Type of device linked (if any) and last sync time/date from device
  • Challenges that the participant does
  • Team(s) participant is on
    1. While daily activities (converted to step equivalent) and steps are visible to others within each portal instance (Company X portal, for example), participants can choose privacy settings for individual journal postings. This enables users to choose on a daily basis whether their posts are private, visible to designated friends, or visible to other program participants.
    2. Activity and step entries are considered “public” information (within the context of your specific program) and are used to tally individual and team results in challenge events and competitions. In this case, “public” means other participants and administrator(s) logged into the private program, not the internet at large. This is similar to athletic events or contests where information about participant performance is available to other participants and interested parties.
  1. Your Choices for Limiting Use and Disclosure of Your Personal Information
    You have the choice at any time to opt out of personal communications. Additional options for reducing the use of your information depend on the terms of Provider’s engagement with the client, likely your company or organization. For more information about limiting use of your personal information by the organization that contracted for Provider’s services on your behalf, please contact that organization directly. If you do not know how to contact that organization, please contact support@walkertracker.com and we will do our best to assist you.
  1. Sub-Processors
    Provider uses sub-processors in order to deliver our services, and Provider ascertains that sub-processors conform to all applicable privacy and security laws. A list of our current Sub-Processors is available upon request by sending an email to support@walkertracker.com, or online at Walker Tracker Sub-processors.
  1. EU Data Transfer
    Walker Tracker complies with the  obligations of a data processor as outlined in Article 28 of the General Data Protection Regulation 2016/679.  Walker Tracker commits to resolve complaints about our collection or use of your personal data.  EU individuals with inquiries or complaints regarding our policy should first contact Walker Tracker at: privacy@walkertracker.com or by mail at: Walker Tracker PO Box 15111, Portland, OR 97293.
  2. Dispute Resolution
    If Provider maintains your personally identifiable information, you may direct any inquiries or complaints concerning our compliance to privacy@walkertracker.com, or in the U.S., European Union, the United Kingdom, or Switzerland by regular mail as indicated below.  Provider shall respond within 45 days.  If your complaint cannot be resolved through Provider’s internal processes, Provider will cooperate with JAMS pursuant to the JAMS International Mediation Rules, available on the JAMS website at www.jamsadr.com/international‑mediation‑rules.  JAMS mediation may be commenced as provided for in the relevant JAMS rules.  The mediator may propose any appropriate remedy.

Questions
Any questions about this Privacy Policy should be addressed to privacy@walkertracker.com or by mail at: Walker Tracker PO Box 15111, Portland, OR 97293.

Last Updated: 1/5/2021