Last updated: October 5th, 2021
Please note that in order to use our apps and websites, you authorize BHS to transfer your personal information across national borders and to other countries where BHS and its partners operate, including the United States. The privacy protections and rights of authorities to access your information in these countries may not be equivalent to those in your country. We will only transfer your personal information to these countries where permitted to do so by law and we will take steps intended to ensure that your personal information continues to receive appropriate protections
If the content or information that you store on BHS apps or websites contains personal information of other individuals, you must be legally permitted to share the personal information with BHS.
Summary of Key Points
- Where your consent is required, we will obtain your permission before (i) sending you news and promotional material about BHS; (ii) accessing information stored on your device relating to your use of, and engagement with, websites and apps (e.g. BHS YouMari, BHS WINS) and crash reports; and (iii) analyzing your content. You can withdraw your consent to such activities at any time by emailing firstname.lastname@example.org.
- This policy explains when we process personal information for our legitimate interests. You can ask us to stop processing this information. Learn more about your rights and how you can exercise them by emailing email@example.com.
- We use your personal information to enable you to register with BHS and to provide you with our websites and apps, and other products or services that you request.
- We provide interactive features that engage with social media sites, such as Facebook. If you use these features, these sites may send us personal information about you.
- There are several places within BHS’s websites and apps that allow you to post comments, upload pictures, or submit content which will be publicly available where you choose to participate in these activities. We also disclose personal information to other companies in the BHS family and with advertising and sales partners consistent with your choices. We also share information with third parties we engage to process personal information on our behalf or when such sharing is required by law, or in certain other situations.
- We transfer your personal information to the US and other countries, which may be outside the country in which you live. We use government-approved contractual clauses such as European Commission approved Standard Contractual Clauses to help protect your personal information.
- BHS websites; web-based services such as YouMari, and web-based aspects of the BHS WINS, (together referred to as "websites");
- Desktop apps and mobile apps (both referred to as "apps") that include a reference to this policy;
- Protected Health Information (PHI) in regards to any health and wellness information associated with an individual; and
- BHS’s marketing, sales, and advertising practices.
Please note that websites and apps provided by some companies acquired by BHS may operate under their own privacy policies until their privacy practices are integrated with BHS's privacy practices.
What information does BHS collect about me?
BHS ID, registration, and customer support
When you register to use a BHS app or website, create a BHS ID, or contact us for support or other offerings, BHS collects information that identifies you. This includes:
- Date of birth;
- Company name;
- Email address;
- Telephone number;
- IP address;
- Mobile Device ID;
- Payment/billing information (where an app or website is 'paid for');
- Eligibility information (e.g., for employer sponsored apps);
- Types of apps and websites of interest;
- Relevant health history and care information related to health and wellness visits; and
- Content of customer support communications.
To help keep our databases current and to provide you the most relevant content and experiences, we may combine information provided by you with information from third party sources, in accordance with applicable law. For example, the size, industry, and other information about the company you work for (where you have provided company name) will be obtained from sources including, professional networking sites and information service providers. We may also collect and receive information from third parties, including partners, and from publicly accessible sources, for purposes that include to detect, prevent, or otherwise address fraud, security or technical issues, as well as to protect against harm to the rights, property or safety of BHS and our employees, our users, children, or the public.
BHS apps and websites
We collect information about how you use our apps and websites, including when you use a desktop app feature that takes you online. Depending on the app or website, this information may be associated with your device or browser or it may be associated with your BHS account. It includes:
- IP address;
- Type of browser and device;
- Webpage that led you to a BHS website;
- Search terms entered into a search engine which lead you to a BHS website;
- Use and navigation of websites and apps (collected through cookies and similar technologies, or by BHS servers when you are logged in to the app or website);
- Analysis of your content (e.g., documents, photos, videos, activity logs, and direct feedback from you) which is sent or received using an online feature of a BHS app or website, or which is stored on BHS servers.
BHS app activation and automatic updates
When you activate your BHS app or when you install updates to the app, we collect information about:
- your device (manufacturer, model, IP address);
- the BHS app (version, date of activation, successful and unsuccessful updates);
- your product serial number (where this is required before you can start using your product).
Emails we send you may include a technology (called a web beacon tells BHS whether you have received or opened the email, or clicked a link in the email. If you do not want us to collect this information, you can opt out of receiving BHS marketing emails by clicking “unsubscribe”, or similar language, located at the bottom of all automated emails.
BHS online advertising
- Which ads are displayed;
- Which ads are clicked on; and
- Where the ad was displayed.
Buttons, tools, and content from other companies
BHS social networking pages and social sign-on services
You can sign into some BHS apps or websites using a social networking account, such as a Facebook account. Where you give appropriate permissions, we will receive information about you from your social networking account, such as name, location, and basic demographic information.
BHS has its own pages on many social networking sites (for example, the BHS® team’s Facebook page). We will collect information which you have made publicly available on your social networking account, such as name and interests in our products and services, when you interact with our social networking pages. The social networking sites may provide statistics and insights to BHS which help us understand the types of actions that people take on our pages. Where applicable, BHS and social media site(s) have entered into an arrangement which determines our respective responsibilities.
BHS acting on your behalf
In certain instances, BHS is acting only on your behalf for personal information collected and processed by our services (for example, for the address book contacts shared by users when entering recipient information). In such cases, BHS is acting only on your instructions in order to facilitate the service requested by you, and you will be responsible for the information shared. In these instances, we will inform you through in-app notifications or other in-time communications.
How does BHS use the information it collects about me, and what are the legal bases for these uses?
BHS uses the information we collect about you for the following purposes:
- To fulfill a contract, or take steps linked to a contract: this is relevant where you register to use a BHS app or website (whether paid, or as a free trial). This includes:
- Providing you with the BHS websites and apps for which you have registered, and any other services or products that you have requested;
- Verifying your identity;
- Processing payments;
- Sending you necessary communications (for example, related to payments or expiration of your subscription); and
- Providing customer service or support.
- As required by BHS to conduct our business and pursue our legitimate interests, in particular:
- Providing you with the BHS websites and apps for which you have registered and any other products and services you have requested;
- Analyzing your use and measuring effectiveness of our websites and apps to better understand how they are being used so we can improve them and engage and retain users;
- Sending you information about BHS products and services, special offers and similar information, and sharing your information with third parties for their own marketing purposes (where your consent is not required);
- Analyzing your use of our websites and apps, your content, and your interaction with our communications, to tailor and customize the website or app, and marketing communications (where your consent is not required);
- Analyzing your content through techniques such as machine learning in order to improve our services and the user experience (where your consent is not required);
- Diagnosing problems in our apps and websites;
- Detecting, preventing, or otherwise addressing fraud, security or technical issues, as well as protecting against harm to the rights, property or safety of BHS, our users, or the public;
- Conducting surveys and market research about our customers, their interests, the effectiveness of our marketing campaigns, and customer satisfaction (unless we need consent to undertake such surveys, in which case we will only do this with your permission);
- Investigating and responding to any comments or complaints that you may send us;
- Checking the validity of the sort code, account number and card number you submit if you use a credit or debit card for payment, in order to prevent payment fraud (we use third parties for this – see “Does BHS share my personal information?” below);
- Sharing account information registered under a business email address with employers for account migration purposes;
- If we merge with or are acquired by another company, sell a BHS website, app, or business unit, or if all or a substantial portion of our assets are acquired by another company, your information will likely be disclosed to our advisers and any prospective purchaser's advisers and will be one of the assets that is transferred to the new owner; and
- In connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of information in connection with government agency requests, legal process, or litigation).
Where we process your information based on legitimate interests, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.
- Where required, when you give BHS your consent or otherwise consistent with your choices:
- Sending you information about BHS products and services, special offers and similar information, and sharing your information with third parties for their own marketing purposes;
- Placing cookies and using similar technologies on our websites, on our apps and in email communications, in accordance with our Cookies Policy and the information provided to you when those technologies are used;
- Accessing information stored on your device relating to your use of, and engagement with, websites and apps (e.g., BHS YouMari and WINS) and crash reports;
- Accessing information stored on your device which you allow us to receive through device-based settings (e.g., photos, location, and camera) in order to provide certain functionality within our apps and websites; and
- Analyzing your content using techniques such as machine learning in order to improve our services and the user experience.
On other occasions where we ask you for consent, we will use the information for the purposes which we explain at that time. Where we rely on consent to process information, you can withdraw your consent to such activities at any time.
- For legal reasons:
- Responding to requests by government or law enforcement authorities conducting an investigation.
- To detect, prevent, or otherwise address fraud, security or technical issues and software piracy (e.g., to confirm that software is genuine and properly licensed), helping to protect you as well as BHS.
Where this processing and these disclosures are not strictly required by law, BHS may rely on its legitimate interests and those of third parties described above.
Does BHS share my personal information?
Sharing with other Data Controllers
We will share your personal information within the BHS family of companies for the purposes identified above.
Sharing for Fraud Prevention, Safety and Security Purposes
We will share personal information with companies, organizations or individuals outside of BHS if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to detect, prevent, or otherwise address fraud, security or technical issues, as well as to protect against harm to the rights, property or safety of BHS and our employees, our users, children, or the public as required or permitted by law.
Other Information Sharing
BHS may also share your personal information:
- When you agree to the sharing;
- When we have a good faith belief that we are required to provide information in response to a subpoena, court order, or other applicable law or legal, or to respond to an emergency involving the danger of death or serious bodily harm;
- If we merge with or are acquired by another company, sell a BHS website, app, or business unit, or if all or a substantial portion of our assets are acquired by another company, your information will likely be disclosed to our advisers and any prospective purchaser's advisers and will be one of the assets that is transferred to the new owner.
We may share or publish aggregate information that doesn’t specifically identify you, such as statistical information about visitors to our websites or statistical information about how customers use the BHS website or application.
Is my personal information displayed anywhere on BHS’s websites or applications?
There are several places within BHS’s websites and apps that allow you to post comments, upload pictures, or submit content for others to see. Sometimes you can limit who can see what you share, but there are some places where what you share can be seen by the general public or other users of the app or website. Please be careful when you share your personal information. Do not share anything you wouldn’t want publicly known unless you are sure you are posting it within an app or website that allows you to control who sees what you post. Please note that when you post messages on certain user forums on our websites and app, your email address or name and/or profile photo may be included and displayed with your message.
To remove content you have shared on our websites and apps, please use the same app or website feature you used to share the content. If another user invites you to participate in shared viewing, editing, or commenting of content, you may be able to delete your contributions, but usually the user who invited you has full control.
Is my personal information secure?
We work hard to protect your personal information. We employ administrative, technical, and physical security controls where appropriate, such as encryption, 2-step verification, and strict contractual obligations for employees and contractors.
Protected Health Information and Ownership of Work Product.
Protected Health Information. It is further acknowledged and agreed by both parties that BHS is a “business associate” and “service provider” under the federal Health Insurance Portability and Accountability Act of 1996 P.L. 104-19 (“HIPAA”) and 11 NYCRR Parts 420 and 421 in connection with the services provided. BHS agrees to execute a Business Associate Agreement. BHS further agrees that it shall comply with all applicable requirements thereunder regarding Protected Health Information (PHI). PHI refers to any individually identifiable member health information that BHS receives or that it creates or receives in connection with BHS’s performance of the services. PHI shall include: name, address, identification number, medical history, medical treatment or payment for the provision of medical treatment. Compliance with HIPAA and 11 NYCRR Parts 420 and 421 shall include but not be limited to the following:
BHS may use or disclose PHI only as permitted, except that BHS may use and disclose PHI for the proper management and administration of BHS or to carry out the legal responsibilities of BHS.
BHS will use appropriate safeguards to prevent the use or disclosure of PHI.
BHS will report any use or disclosure of PHI not provided for by this Policy of which it becomes aware.
BHS will ensure that any agent of BHS, including a subcontractor or employee of BHS, to whom it provides PHI received from or created or received by BHS, agrees to the same restrictions and conditions that apply to BHS with respect to such information.
BHS will, upon request, make available PHI to the extent required to provide an accounting of disclosures by BHS to any external entities.
If BHS receives a request, made on behalf of the Secretary of the Department of Health and Human Services, that BHS make its internal practices, books, and records relating to the use and disclosure of PHI available to the Secretary of the Department of Health and Human Services for purposes of determining compliance with the HIPAA Privacy Rule, then BHS will promptly comply with the request; provided, however, that this provision shall not apply in the event a court of competent jurisdiction determines, in response to a challenge raised by, that the HIPAA provision requiring the inclusion of this provision is unenforceable or invalid.
Upon knowledge of a material breach by BHS, you shall provide an opportunity for BHS to cure the breach within 45 days or end the violation.
Upon termination of this engagement for any reason, if feasible, BHS will return or destroy all PHI received or created or received by BHS that BHS still maintains in any form and retain no copies of such information within 45 days of termination. If such return or destruction is not feasible, BHS will extend the protections to the information retained and limit further uses and disclosures to those purposes that make the return or destruction of the information infeasible. This provision shall apply to PHI that is in the possession of subcontractors or agents of BHS.
Where does BHS store my personal information?
Your personal information and files are stored on BHS’s servers and the servers of companies we hire to provide services to us.
Does BHS transfer my personal information across national borders?
The main locations where we process your personal information are in the US, but we also transfer personal information to all other countries in the world where our apps, and other products or services are available. We carry out these transfers in compliance with applicable laws – for example, by putting data transfer agreements in place to help protect your personal information.
The information above applies to BHS users who are consumers.
What rights do I have in respect of my personal information and how can I exercise these rights?
Under the law of some jurisdictions, you may have the right to ask us for a copy of your personal information; to correct, delete or restrict (stop any active) processing of your personal information; and to obtain the personal information you provide to us for a contract or with your consent in a structured, machine-readable format, and to ask us to share (port) this information to another controller.
In addition, you can object to the processing of your personal information in some circumstances (such as where we are using the information for direct marketing).
These rights may be limited, for example, if fulfilling your request would reveal personal information about another person, or if you ask us to delete information which we are required by law to keep or which we need to defend claims against us. In addition, most web browsers have a “Do Not Track” feature that lets you tell websites you do not want to have your online activities tracked. Currently, there is not an accepted standard on how companies should respond to web browsers’ “Do Not Track” signals. Accordingly, our apps and websites do not currently recognize or respond to “Do Not Track” browser signals.
To exercise any of these rights (including deactivating your BHS ID account), you can get in touch with us – or our data protection officer. Additionally, many of our websites and apps allow you to edit your personal information by accessing the "my account," "my profile," or a similar feature of the app or website you are using. Likewise, you can delete files or photos you have stored in our websites and apps by logging in and using the deletion functions that are available.
To register with BHS, to create a BHS ID, and to use some BHS websites, apps, products or services, the provision of some information is mandatory: if relevant information is not provided, then we will not be able to administer a BHS account to you, or provide you with the websites, apps, products or services requested. All other provision of your information is optional. Providing optional information will help us offer you a better experience, such as more personalized or tailored content or offerings.
What rights do I have if I am a California consumer?
In addition to the rights above, see California Consumer Privacy Rights for additional information at the bottom of this document.
Withdrawing consent or otherwise objecting to direct marketing
The BHS family of companies and companies we hire to help market our websites and apps on our behalf may use your information to provide you with information and offers related to BHS.
Where we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your information for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time by:
- updating your preferences in your BHS ID profile;
- updating your preferences in your specific website or app accounts;
- clicking the unsubscribe link at the bottom of our marketing emails; or
How long does BHS retain my information?
When you register for an account and create a BHS ID, we process and keep most personal information we have about you for as long as you are an active user of our products, services or apps. When you close your account, we begin deleting certain personal information that we no longer have a business reason to retain, such as your hashed password and your tokenized payment account data. However, we typically retain personal information related to our contract and business transactions with you for ten years after your last interaction with us.
Where we process personal information for marketing purposes or with your consent, we process the information until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a permanent record of the fact that you have asked us not to send you direct marketing or to process your information so that we can respect your request in future.
Who can I contact with questions or concerns?
If you have a privacy question, concern, or request, please contact us at firstname.lastname@example.org.