Privacy Policy
Version 3.07
Updated September 2022
Twill Inc. (“Twill,” the “Company,” “we,” or “us”) wants you to be familiar with how we collect, use and disclose information that we collect.
The purpose of this Twill Privacy Policy (“Privacy Policy”) is to explain our data collection and privacy practices when you access Twill services. If you are a Twill client or customer (“Twill Program Client”) through your healthcare provider, health plan sponsor, insurer, pharmaceutical partner or related organization or company (each a “Twill Program Company”), this Privacy Policy is not intended to modify or supersede any privacy policy provided by your Twill Program Company. We handle all information in compliance with applicable laws and in a manner compliant with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), where applicable. Where we receive Protected Health Information in our role as a Business Associate of your healthcare provider, health plan sponsor, insurer or similar obligation, this Twill Privacy Policy does not apply; we will process your information consistent with the obligations in the Business Associate Agreement.
We collect information through:
- Websites we operate from which you are accessing this Privacy Policy (the “Websites”);
- Software applications made available by us for use on or through computers and mobile devices (the “Apps”);
- Our social media pages and apps (collectively, “Social Media Pages”);
- HTML-formatted email messages that we send to you that link to this Privacy Policy or other communications with you; and
- Offline business interactions you have with us.
Collectively, we refer to the Websites, Apps, Social Media Pages, emails as the “Services.” We encourage you to read this Privacy Policy closely as it describes in detail what types of information we collect about our users, how we collect it, how we use the information we collect, how long we keep the information and under what circumstances and with whom the information may be disclosed. This Privacy Policy also describes your rights concerning your personal information and security measures we take to protect your personal information. If you have any questions about this Privacy Policy, please email us at support@twill.health.
TYPES OF INFORMATION WE COLLECT
Remember, if you are a Twill Program Client, this Privacy Policy is not intended to modify or supersede any privacy policy provided by your Twill Program Company.
PERSONAL INFORMATION: Twill may collect personal information in a variety of ways, including:
- Identifiers – Including real name, alias, date of birth, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name or other similar identifiers;
- Demographic information – Including age, gender and other personal information that may be considered a protected classification characteristic under California or federal laws.
- Internet or other electronic network activity information – Including how you interact with the Services and, if you link your information associated with your social media account such as your name, username, email address, gender, profile picture, etc.
- Geolocation data;
- Audio, electronic, visual or similar information; and
- Professional or employment-related information.
PERSONAL HEALTH INFORMATION: We may collect information regarding your physical and mental health, such as information on medications, medical history and other healthcare-related information (“PHI”). This includes PHI which you choose to share in the Services with all of our users or all other users belonging to your Twill Program Company, and PHI which you provide only to us, such as answers in connection with using self-assessment features offered in our Services.
SPONSOR ORGANIZATIONS: If an organization (“Sponsor Organization”), such as your or your partner’s, spouse’s or parent/guardian’s employer, university or health plan, is paying for access to our Services on your behalf, use of our Services may require you to provide additional registration information. This information is collected to confirm your eligibility with the Sponsor Organization. Information collected under these circumstances may include but is not limited to name, email address, date of birth and phone number. This information is required to confirm program or benefit eligibility and prevent insurance and benefit fraud.
HOW WE COLLECT INFORMATION
INFORMATION YOU SHARE WITH US: Directly from you (e.g. when you register for the Services or interact with certain Twill features such as assessments, the artificial intelligence-based (“Al-based”) chatbot named Taylor, the behavioral matrix and click-throughs to third parties within the Services);
INFORMATION WE COLLECT AUTOMATICALLY: From your devices (e.g., when you connect to the Services, your device shares information about you and your session);
INFORMATION YOU DIRECT US TO RECEIVE FROM THIRD PARTIES: For US users, From public databases, where permitted by law, or from third-party private sources, such as data brokers or our business partners.
HOW WE MAY USE PERSONAL INFORMATION
- PROVIDING THE SERVICES:
- To provide the Services’ functionality to you, such as arranging access to your registered account and providing you with customer service;
- To respond to your inquiries and fulfill your requests, when you contact us via one of our online contact forms or otherwise, for example, when you send us questions, suggestions, compliments or complaints, or when you request other information about our Services;-To verify your information and provide related customer service;
- To send you administrative information, such as changes to our terms, conditions and policies; and
- To allow you to send messages to another person through the Services.
For processing your personal information for the above purposes we rely on the necessity to process your personal information for the establishment and performance of the Twill, Inc. Terms and Conditions; to the extent we process your PHI for the above purposes and where required applicable data protection laws, such as where you use our Services from the EEA/EU or UK, we rely on your consent which we ask for when you register for your account. You can withdraw your consent anytime with effect for the future by contacting support@twill.health; however, please note that, since processing your PHI is necessary for the provision of the Services, if you do not provide or withdraw your consent you cannot use our Services.
- PROVIDING YOU WITH INFORMATION ABOUT OUR NEW SERVICES AND/OR MARKETING MATERIALS AND FACILITATE SOCIAL SHARING:
- To send you marketing related emails with information about our services, new products and other company news.
Where required applicable data protection laws, such as where you use our Services from the EEA/EU or UK, we rely on your consent for processing your data for sending email marketing which we ask for when you register for your account. You can withdraw your consent(s) anytime with effect for the future by contacting support@twill.health, or by clicking on the 'unsubscribe' link at the end of the email marketing communication.
IMPROVING OUR SERVICES: We may use your personal information to the extent necessary for the purposes of our legitimates interests in improving our services.
PROVIDING PERSONALIZED SERVICES: We may use your personal information to the extent necessary for the purposes of our legitimate interests in better understanding your interests and preferences so we can personalize our interactions with you and provide you with information and/or offers tailored to your interests.
AGGREGATING AND/OR ANONYMIZING PERSONAL INFORMATION: We may aggregate and/or anonymize personal information that it will no longer be considered personal information. To the extent we aggregate and anonymize your PHI and where required by applicable data protection laws we rely on your consent which we ask for when you register for your account.
ACCOMPLISHING OUR BUSINESS PURPOSES: We may further use your personal information to the extent necessary for the purposes of our legitimate interests in achieving the following objectives:
- For data analysis to, for example, improve our efficiency;
- For audits to verify that our internal processes function as intended and to address legal, regulatory or contractual requirements;
- For fraud prevention and security monitoring to, for example, detect and prevent cyberattacks and identity theft;
- For developing new products and services;
- For enhancing, improving, repairing, maintaining or modifying our current products and services, as well as undertaking quality and safety assurance measures;
- For identifying usage trends; For determining the effectiveness of our promotional campaigns.
Unless explicitly mentioned the processing purposes listed in this Privacy Policy do not involve the use of your PHI in identifiable form.
DISCLOSURE OF PERSONAL INFORMATION
AFFILIATES: We may share your data (excluding your PHI in identifiable form) with our affiliates for the purposes described in this Privacy Policy. Note, however, that Twill does NOT sell personal information to third parties.
PARTNERS: We may share your data (excluding your PHI in identifiable form) with other companies, such as companies with whom we jointly offer products and services.
THIRD PARTY SERVICE PROVIDERS: We may share personal information with certain service providers whose services and solutions complement, facilitate and enhance our own. These include hosting and server services, communications and content delivery networks (CDNs), data and cybersecurity services, performance measurement services, data optimization and marketing services, content providers and our legal and financial advisors. Such service providers may have access to personal information according to their particular roles and purposes.
INFORMATION YOU SHARE: Twill enables you to share your personal information with others, including healthcare providers, friends and contacts via social media, our app or other platforms. Please use caution when sharing your personal information with others. The information you share will be shared according to your instructions and actions, and we have no control over what happens with your information once you share it with others.
OTHER USES AND DISCLOSURES OF PERSONAL INFORMATION
APPLICABLE LAW: We may share personal information to comply with applicable law and regulations, which may include laws outside your country of residence.
TRANSACTION, LIQUIDATION: We may share personal information with third parties in connection with a transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business, or in the event of a bankruptcy or related or similar proceedings.
PUBLIC AND GOVERNMENT AUTHORITIES, LAW ENFORCEMENT: Where permitted or required by applicable data protection laws, we may disclose your personal information pursuant to a legal request or in compliance with applicable laws, if we have good faith belief that the law requires us to do so, with or without notice to you.
PROTECTING RIGHTS AND SAFETY: Where permitted or required by law, we may share your personal information with others if we believe in good faith that it will help protect the rights, property or personal safety of Twill, any of our users or any member of the general public, with or without notice to you.
YOUR CHOICES REGARDING PERSONAL INFORMATION
EMAIL AND SMS MESSAGING: We may use your email address or phone number to send you messages, such as feature changes and special offers. Where necessary by applicable laws, such as if you are in the EEA/EU or UK, we send such messages only if you provided your prior consent. If you do not want to receive such notifications, you may opt-out or change your preferences by contacting our support team at support@twill.health. Subject to regulatory requirements, opting out may prevent you from receiving notification including notices regarding updates, improvements or offers. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing related emails from us, we may still send you important administrative messages, from which you cannot opt out.
MARKETING: We give you choices regarding our use and disclosure of your personal information for marketing purposes.
ACCESS, CHANGE, OR DELETE YOUR PERSONAL INFORMATION
If you would like to request to access, correct, update, suppress, restrict or delete personal information, object to or opt out of the processing of personal information, or if you would like to request a copy of your personal information for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you may contact us per the “Contact Us” section below. We will respond to your request consistent with applicable law.
In your request, please clarify what personal information you would like to have changed or whether you would like to have your personal information suppressed from our database. We may need to verify your identity before implementing your request. We will comply with your request to the extent required by applicable law. If you are a California resident, please refer to the “Information for California Residents” section at the end of this Privacy Policy for more information about the requests you may make under California law. If you are in the EEA, EU or UK, please refer to the “Information for Users in the EEA, EU and UK” section at the end of this Privacy Policy.
THIRD-PARTY WEBSITES
This Website may contain links to third-party owned and/or operated websites. Twill is not responsible for the privacy practices or the content of such websites. Third-party websites have separate privacy and data collection practices, and Twill has no responsibility or liability relating to them.
HOW WE ADVERTISE
We use third-party advertising companies to serve advertisements regarding goods and services that may interest you when you access and use the Services and other websites or online services. You may receive advertisements based on information relating to your access to and use of the Services and other websites or online services on any of your devices, as well as on information received from third parties. These companies place or recognize a unique cookie on your browser (including through the use of pixel tags). They also use these technologies, along with information they collect about your online use, to recognize you across the devices you use, such as mobile phone and laptop.
HOW NOT TO RECEIVE ONLINE ADVERTISING
For more information about this practice and how to opt out, please visit http://optout.aboutads.info/#/ and http://optout.networkadvertising.org/#/. You also may download the AppChoices app at https://www.aboutads.info/appchoices specifically for mobile.
HOW WE MAY USE COOKIES AND OTHER TRACKING TECHNOLOGIES
When providing our Services, we may use cookies and similar tracking technologies for the purposes set out below. These technologies can track web activity over time and across third-party services. Cookies and local storage may be set and accessed on your computer. Upon your first visit to the Website and Services, a cookie or local storage may be sent to your device that uniquely identifies your browser. (Cookies and local storage are small files containing a string of characters sent to your computer's browser and stored on your device when you visit a website. Many web-based services use cookies to provide useful features for their users. Each website can send its own cookie to your browser. Most browsers are initially set up to accept cookies.) If you do not want cookies, you may set your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you reject cookies, you will not be able to sign into or take full advantage of our Services. Additionally, if you clear all cookies on your browser at any point after setting your browser to refuse all cookies or indicate when a cookie is being sent, you will need to reset your browser to refuse all cookies or indicate when a cookie is being sent. Learn more about cookies at http://www.allaboutcookies.org/ and https://www.youronlinechoices.com/uk.
To support our Services, we may use one or more of the following cookie and tracking technologies for the purposes set forth below:
- TYPES OF TRACKING TECHNOLOGIES AND PURPOSES:
- Analytics and Performance Cookies – To collect information about how and when our Services are accessed. We use this information to help operate our Services more efficiently, to gather broad demographic information and monitor activity levels. Note that we also use Google Analytics for this purpose. Google Analytics uses its own cookies. Learn about Google Analytics cookies here and Google’s own privacy policy here. You can prevent the use of Google Analytics relating to your use of our Services by downloading and installing the browser plugin available here: Google Analytics Opt-out Browser Add-on
- Essential Cookies – To provide our Services to you. For example, essential cookies allow you to log into secure Services areas and help load content quickly. Without these cookies, Services you requested could not be provided.
- Functionality Cookies – To allow our Services to remember your user choices, such language preferences, login details, polls you voted in, poll results and any other customizable parts of our Services.
- Social Media Cookies – Used when you share information from our Services to your social media account(s). This may include selecting “share” or “like” from our Services platform or engaging with our content on our social media accounts. The social network will record that you have done this.
- Pixel Tags – These small graphic files allow us and third parties to monitor and collect data about your visit, such as the IP address of the computer that downloaded the page where the tag appears, how long you remained on the page, which browser you used to get there, and the identification number of any cookie previously placed by that server on your computer. We may use pixel tags provided by us or by third party advertisers, service providers and ad networks in combination with our cookies to provide offers and information of interest to you. Pixel tags also may enable ad networks to serve you targeted advertisements.
For more information, please visit https://allaboutdnt.com/.
If you are accessing our Websites and/or Apps from the EEA/EU or UK please refer to our Cookie Policy for more information
CHILDREN
Twill is committed to children's privacy. Twill does not knowingly permit any person under 16 years of age to register directly for our Services. If Twill learns that personal information of persons under 16 years of age has been collected on the Website or through the Services without parental consent, then we will take appropriate steps to remove the information or maintain and use such information (in accordance with the other provisions of this Privacy Policy) in order to notify and obtain consent from the parent/guardian and/or for other purposes permitted under applicable law. If you are a parent or guardian and discover that your child under the age of 16 has a registered account with the Services without your consent, please alert Twill at support@twill.health to either provide consent, request that we change your child’s account settings, or request that Twill remove the child’s personal information. Please provide the child’s name, address and email address.
RETENTION PERIOD
We will keep your personal information for as long as your user account is active so you can access your information and our Services.
We may continue to retain your personal information after you deactivate your user account or stop using Twill, as reasonably necessary to comply with our legal obligations, to resolve disputes regarding our users, enforce our agreements or protect our legitimate interests, consistent with applicable law.
SECURITY
We seek to use reasonable organizational, technical and administrative measures to protect personal information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us by emailing support@twill.health.
ADDITIONAL INFORMATION FOR USERS OUTSIDE THE USA
The Services are operated in the United States of America. If you are located in another jurisdiction, please be aware that information you provide to us and that we otherwise collect about you as explained in this Privacy Policy may be transferred to, stored and processed in the USA. No transfer of any data will occur without pursuing the appropriate safeguards, including standard contractual clauses approved by the European Commission, and all necessary measures to provide adequate protection as required by applicable data protection law. Insofar as we disclose your information with affiliates, partners and third party service providers (as described above in the section “DISCLOSURE OF PERSONAL INFORMATION”) which are located in the USA or other countries outside your jurisdiction which do not provide a level of data protection as considered adequate to your jurisdiction, where necessary, we have implemented appropriate safeguards and supplementary measures according to applicable data protection laws, including, for the EEA/EU and the UK, the execution of standard contractual clauses approved by the European Commission/ICO with the respective recipients, ensuring that the data processed by such recipients is adequately protected. For more information on the recipients and third countries concerned, the safeguards implemented, and for obtaining a copy of these safeguards, please contact us.
To request to limit the use and disclosure of your personal information, please submit a written request to support@twill.health. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Twill is committed to resolving complaints about your privacy and our collection or use of your personal information transferred to the USA pursuant to applicable data protection law.
ADDITIONAL INFORMATION FOR USERS IN THE EEA, EU and UK
If you are in the European Economic Area (EEA), European Union (EU) or United Kingdom (UK), your personal information may be protected by the European Union General Data Protection Regulation or the United Kingdom Data Protection Act (collectively, “European Privacy Laws”). For individuals whose Personal Information is protected by the European Privacy Laws, please know that Twill, Inc. is the data controller responsible for the collection, use, and disclosure of your Personal Information under this Privacy Statement.
If your Personal Information is protected by the European Privacy Laws, you may have the following rights in relation to your Personal Information:
- The right to access: You have the right to request from us a copy of the Personal Information we hold about you.
- The right to rectification: You have the right to request that we correct any Personal Information about you that is inaccurate, and to request that we complete the Personal Information we hold about you where you believe it is incomplete.
- The right to erasure: You have the right to request that we erase your Personal Information, under certain conditions. In the event of an erasure request, we may retain a copy of your Personal Information for our record keeping purposes and to avoid entering your Personal Information in our systems after your request.
- The right to restrict processing: You have the right to request that we restrict the processing of your Personal Information, under certain conditions.
- The right to object to processing: You have the right to object to our processing of your Personal Information, under certain conditions, and you have an unconditional right to object to the processing of your Personal Information for direct marketing purposes.
- The right to data portability: You have the right to request that we transfer the Personal Information we have collected about you to another organization, or directly to you, under certain conditions. You can also request a copy of your Personal Information in a structured, common, and machine-readable format.
- The right to withdraw consent: Where we rely on your consent to process your Personal Information, you have the right to withdraw that consent at any time. Your withdrawal of consent does not impact the lawfulness of our processing up to the point of consent withdrawal.
- The right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or significantly affects you in a similar way, if the legal requirements are not met. An automated decision making process is not carried out by Twill.
- The right to make a complaint to your data protection regulator. Here is a list of the data protection regulatory authorities in the EU: https://edpb.europa.eu/about-edpb/board/members_en.
Please note that there are exceptions to the various rights listed above. As an example, in certain circumstances we may have a legal obligation to retain some of your Personal Information.
You can submit requests to exercise these rights by emailing support@twill.health. We try to respond to all legitimate requests within one month or quicker if legally required to do so. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information or to exercise any of your other rights. This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
If you would like to submit a complaint regarding our practices in relation to your Personal Information, please email our Data Protection Officer at support@twill.health. We will reply to your complaint as soon as we can. Our EU representative for data protection purposes is Rickert Rechtsanwaltsgesellschaft mbH. If you would like to contact our representative, please e-mail datenschutz@rickert.net, or send a letter to: Kaiserplatz 7-9, 53113 Bonn, Germany.
INFORMATION FOR CALIFORNIA RESIDENTS
California law provides specific privacy rights related to your personal information. These rights include the rights to know, delete, opt out of sale, and to not be discriminated against for exercising your rights. Please note that we do not sell personal information. You or your authorized agent may submit a request by contacting us via email at support@twill.health Note that we require individuals to identify themselves and the information requested to be accessed or updated before we will process such requests. We will comply with your request as soon as reasonably practicable, including by verifying your request by comparing the information you provide against the information we have on file. However, we may maintain personal information where exceptions to your rights apply. We will not discriminate against you based on your exercise of the above-listed choices.
CHANGES TO THIS PRIVACY POLICY
Twill reserves the right to change or update this Privacy Policy at any time by posting a notice on the Website. We also will notify users via email and/or any other reasonable means acceptable under state and federal law.
CONTACT US
If you have any questions or comments about this Privacy Policy, please email our Data Protection Officer at support@twill.health or send a letter to: Twill, Inc., 114 Fifth Ave, Floor 10, New York, NY 10011, USA. To reach a Twill representative in the European Union, contact Rickert Rechtsanwaltsgesellschaft mbH via email at datenschutz@rickert.net or send a letter to Kaiserplatz 7-9, 53113 Bonn, Germany.