Last updated: September 30, 2016
EU-U.S. Privacy Shield
RedBrick participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. RedBrick is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.
RedBrick is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. RedBrick complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, RedBrick is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, RedBrick may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data-use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute-resolution procedures have been exhausted.
U.S.-Swiss Safe Harbor Framework
RedBrick complies with the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from Switzerland. RedBrick has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. To learn more about the Safe Harbor program, and to view RedBrick’s certification, please visit https://safeharbor.export.gov/swisslist.aspx.
We collect your Personal Information to determine your eligibility for our Services (as defined below), to provide you with our Services and to tailor our Services for you. Information may include Personal Information like your name, address, gender, health habit information such as how much you exercise, biometric screening values such as your cholesterol measurement, your health goals, and information about how your health habits change as a result of the Service you experience.
The use of information collected through our service shall be limited to the purpose of providing the Service for which the Sponsor has engaged RedBrick.
RedBrick collects information under the direction of its Sponsors. If you are a Participant of one of our Sponsors and would no longer like to be contacted by the Sponsor, please contact the Sponsor directly.
RedBrick contracts with “Sponsors” to provide certain “Services” to eligible “Participants.” A Sponsor may be a health insurance company, an employer-sponsored health plan, or another organization that is concerned about your health and well-being. Our “Services” revolve around providing a health and wellness program, which involves assessing the impact behaviors and habits may have on eligible Participants’ general health. The Services cover many different aspects and areas including general health information, nutrition, exercise, personal care and other similar content. We provide eligible Participants with tools and information to help make healthy lifestyle choices.
We collect information about you from multiple sources.
Directly from You:
From Your Sponsor
From Our Partners
From Your Healthcare or Insurance Provider
We may receive information about you from other sources including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us analyze our records to better evaluate the effectiveness of our services.
Examples of the types of Personal Information that may be obtained from public sources or purchased from third parties and combined with information we already have about you:
We collect, create and use Personal Information and Protected Health Information about you, as well as Non-Personal Information.
Personal Information includes both information that can specifically identify you and information about you that may be combined with identifying information. For example, Personal Information includes:
RedBrick never asks for your credit card number. If anyone calls claiming to be RedBrick asking for your credit card number, please contact us using the information at the bottom of this notice.
Protected Health Information
Protected Health Information is a special category of Personal Information defined and protected by Health Insurance Portability and Accountability Act of 1996 (HIPAA), a federal law within the United States. Protected Health Information includes individually identifiable information, like your name, combined with medical or health insurance–related information that is collected or maintained on behalf of your health insurance provider or your medical provider.
Non-Personal Information is information we create or collect about your visit to our website that is not specific to you or does not identify you. For example, Non-Personal Information includes:
As is true of most websites, we gather certain information automatically and store it. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.
Our website and web portal are not configured to respond to do-not-track settings in your browser.
We retain your information as needed to provide our Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
We store your information in the United States in one of our data centers.
Your Access to Your Personal Information
You may access your own Personal Information and information about your participation in our Services through our secure, password-protected web portal. You may also request a copy of the Personal Information we have on file for you by contacting us using the information at the bottom of this notice.
Sharing Information With Healthcare Providers
We may share your Personal Information with your healthcare providers and any clinics or organized healthcare organizations with whom they are associated, such as an Accountable Care Organization (ACO).
Sharing Information With Other Participants
Your Sponsor may arrange for us to create a wellness-based contest between you and other participants. If you choose to participate in those contests, we may share limited information about you with other participants. The type of information will be limited to information that is relevant for the contest. For example, in a contest based on number of steps taken, other participants may see your name, that you have registered to participate in the contest, and that you have taken a certain number of steps. In these situations, your Personal Information will not be available unless you choose to register for the contest.
Sharing Information With Our Business Partners
We enter into agreements with our business partners to assist us in providing you with our Services. These business partners are authorized to use your Personal Information only as necessary to provide these Services. We require these business partners to protect your Personal Information and to comply with applicable laws or regulations.
Sharing Information With Sponsors
Under U.S. laws, we may share Protected Health Information with Sponsors for plan administration purposes and coordination of your care.
Sharing Information With Your Employer
We will not share your individually identifiable Protected Health Information with your employer for employment-related purposes. Your employer will only have access to the information needed to plan and deliver health programs.
Sharing Information for Marketing Purposes
We do not sell and will not give your Personal Information to any other entity for any marketing purpose. We may use your Personal Information to communicate with you about our Services that are available to you as a benefit under your health plan.
Sharing Information to Meet Legal Requirements
We will not share Personal Information with a third party without prior authorization, except (i) in compliance with law, regulation or other legal processes (ii) to protect the rights, property or safety of us or others, (iii) in emergency situations, and (iv) in the event that we or substantially all of our assets are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, consolidation or liquidation, in which case Personal Information may be one of the transferred assets.
You have the ability to “opt out” of communications from us or our partners if you wish, but this will limit our ability to support you when or if you have questions. It will also limit our ability to provide you with important updates from us, and potentially your Sponsor, about changes or deadlines in your programs.
If you would prefer not to receive any communications from RedBrick Health, please call your designated 800 number and let the support specialist know you would like to opt out of communications.
You may have additional rights with respect to Protected Health Information as may be explained in your Sponsor’s Notice of Privacy Practices. Contact your Sponsor for a copy of that Notice.
RedBrick acknowledges that you have the right to access your Personal Information.
Upon request, we will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Information. We will also provide you with a copy of the Personal Information we have on file for you. To request this information, please contact us using the contact information at the bottom of this notice.
You may review your Personal Information on our web portal or review the copy of information you receive from us. If you notice any errors, you may contact us using the contact information provided at the bottom of this notice, and request that we correct your Personal Information. If we determine that the information is inaccurate and we are the source of the error, we will try to correct the information. We will respond to your request within a reasonable time frame. Because we collect information about you from a variety of sources, we may ask you to contact the source of the information to correct the information. For example, we may not be able to correct information received from a Sync Partner or as part of a laboratory test result received from your healthcare provider. In some circumstances, we may need to ask you to contact your Sponsor directly to correct, amend or delete inaccurate Personal Information.
Our website offers publicly accessible blogs or community forums. If you choose to participate in these blogs or community forums, be aware that any information you provide in these areas may be read, collected and used by others who access them.
Contact us to request removal of your Personal Information from our blog. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to do so.
We deliver our Services over the Internet, and no transaction over the Internet can be totally secure. We do, however, implement industry-standard security measures including physical, administrative and technical safeguards. We protect your Personal Information transmitted over the Internet using Secure Socket Layer (SSL) technology. We also restrict access to your Personal Information to our authorized employees, our agents and certain of our authorized partners responsible for providing our Services.
The website is not intended for use by children under the age of 13. We will not knowingly collect any Personal Information from persons under the age of 13. If you are the legal guardian of a child under the age of 13 and think that we have inappropriately collected Personal Information from this child, please contact us.
RedBrick Health Corporation
Attn: Privacy Officer
510 Marquette Avenue South
Minneapolis, MN 55402