(If you are a CA resident, this statement includes your California Privacy Rights)
This updated version is effective as of 2/1/2016.
Welcome to the Silver&Fit® program website (the “Silver&Fit Website”), which is owned and operated by American Specialty Health Incorporated, a Delaware corporation with its corporate office located at 10221 Wateridge Circle, San Diego, CA 92121, on behalf of itself and its subsidiaries (collectively “ASH” or “We”). The Silver&Fit® program is a fitness and healthy aging education program designed for older adults and is provided by American Specialty Health Fitness, Inc., a subsidiary of American Specialty Health Incorporated.
ASH values its users (“you”) and respects your privacy. We are committed to using your information responsibly. Except as expressly otherwise stated in this Privacy Statement, ASH will not share your personal information with third parties without your permission. If you access the Silver&Fit Website through one of ASH’s health plan partners, any information you provide to us on the Silver&Fit Website will be governed by this Privacy Statement.
This Privacy Statement informs users about the Silver&Fit Website information practices, including: what personal information we collect on the Silver&Fit Website; how the personal information is collected; how the personal information will be used; and the choices users have about the collection and use of personal information.
This Privacy Statement, together with the Terms and Conditions, governs your use of the Silver&Fit Website. By using the Silver&Fit Website, you accept and agree to be bound by this Privacy Statement and the Terms and Conditions.
From time to time, we may update and modify this Privacy Statement to accommodate new technology, industry practices, regulatory requirements, or for other purposes. We will provide you with notice if the changes are material and, where required by applicable law, we will obtain your consent. Unless expressly otherwise agreed, all material changes will apply prospectively only. If you have an account on the Silver&Fit Website, we may ask you to affirmatively agree to the changes (e.g., by checking a box or clicking a button) at the time of your next account login on the Silver&Fit Website.
CALIFORNIA DO NOT TRACK DISCLOSURE
ASH does not track Silver&Fit Website users across third party websites, nor does it allow third parties to collect personally identifiable information on the Silver&Fit Website.
CALIFORNIA RESIDENTS: YOUR CALIFORNIA PRIVACY RIGHTS
Under California Civil Code Section 1798.83 (known as the “shine the light” law), California residents have a right to request an information-sharing disclosure from a business to which they have provided personal information and which has disclosed the information to any third party for third-party direct marketing uses in the prior calendar year.
ASH does not knowingly share your personal information with third parties for their direct marketing use without your permission. California residents may send requests for information-sharing disclosure under this law by emailing ASH at HIPAA@ashn.com. Please note that, under this law, we are not required to respond to your request more than once in a calendar year, nor are we required to respond to any requests that are not sent to the above-designated email address.
What information does ASH collect on the Silver&Fit Website?
The types of information collected on the Silver&Fit Website (as further described below) may be considered Protected Health Information (“PHI”) and Personally-Identifiable Information (“PII”). We collect only PHI and PII that is necessary for users to access and use the Silver&Fit program tools and features provided on the Silver&Fit Website (as further described below). Whether or not to provide PHI and PII is your choice, but without providing certain information you will not be able to access and use certain tools and features on the Silver&Fit Website. For example, after you register on the Silver&Fit Website, you have the option to track your progress, and to participate in challenges, by entering certain information about yourself, such as weight, body measurements, health habits, etc. If you choose not to enter such information, you will not be able to track your progress on the Silver&Fit Website.
How does ASH collect information on the Silver&Fit Website?
We collect PHI and PII on the Silver&Fit Website in several ways:
- When you register on the Silver&Fit Website, we collect your name, date of birth, address, e-mail address, home phone number, and credit card information if you are required to pay a copayment prior to enrollment and do so using a credit card.
- If you use the Challenges feature of the Silver&Fit Website, we may collect the date you join the challenge, your current weight and goal weight (within weight challenges), device activity (if you decide to join an activity tracking challenge that utilizes your activity or fitness tracking device) , and healthy eating and healthy habit entries. If you participate in a group Challenge, we will also collect your name, date accepted, invited or declined, and rank within the challenge. If you use the Challenge Chatter feature within Challenges, we may collect social comments between participants, first name, last name and initials).
- If you use the Accountabilities feature of the Silver&Fit Website, we collect the date you send an accountability invitation, your email address, the subject of the invitation and your message content.
- If you use the Connected! feature of the Silver&Fit Website, you allow ASH to record your activity related information, such as steps taken in a day, through your Connected! feature enabled device (such as a Fitbit Zip tracker, or other activity/fitness device). When you use the Connected! feature, your activity information will be transmitted from your device by your device manufacturer, to Validic (a third party data aggregator that we use). After receiving the information from Validic, we will upload the information into your member profile/account on Silver&Fit.com. By using the Connected! feature, you also allow us to receive profile information from your device, if applicable, or from your own input, including gender, birth year, height, weight, and time zone.
- If you enroll in a fitness facility through Silver&Fit.com, we may receive your fitness facility location and date of visit information directly from the fitness facility if the facility is in our network and, by enrolling in such a facility for the purpose of participating in the Silver&Fit program, you acknowledge and agree that the facility may provide your visit information to us on your behalf.
- If you use the Contact Us page of the Silver&Fit Website, we collect your name, phone, e-mail address, inquiry type, and comment.
How does ASH use information collected on the Silver&Fit Website?
We use PHI and PII collected on the Silver&Fit Website to enable users to access and use the Silver&Fit program tools and features provided on the Silver&Fit Website. For example:
- If you register on the Silver&Fit Website, we will use your registration information to set up, administer, service, and communicate with you regarding your account. Registration on the Silver&Fit Website is required for users to gain access to special tools and features of the Silver&Fit program, such as Challenges and Accountabilities. When information is submitted while registering/enrolling with the Silver&Fit Website the information can only be seen in a secure location in the My Programs section and a unique User ID is created to coincide with the registration/enrollment information.
- If you use the Challenges feature of the Silver&Fit Website, we will use your information to track your participation and progress in a challenge and to determine if you have met the challenge or won the challenge. If you participate in a group Challenge, we will also incorporate your name and rank within the challenge on the challenge leaderboard.
- If you use the Accountabilities feature of the Silver&Fit Website, we will use your information to communicate with your designated accountability partner and enable such partner to utilize the communication tools of the Accountabilities feature, such as providing daily cheers to encourage you to stay on track and posting encouraging messages via the Challenge Chatter feature.
- If you use the Connected! feature of the Silver&Fit Website, we will record your fitness facility visit and exercise and your other independent activity information over time and will use such recorded information to verify and determine whether you are eligible for applicable incentives or rewards under the Silver&Fit program. Silver&Fit may also disclose your Connected! activity information (such as steps taken over time) to your health plan to assist in the administration of your benefit and/or for incentives, rewards and reimbursement fulfillment purposes only. If you enter your gender, birth year, weight, and height into your Connected! Profile, we may use this information to calculate and display your calorie metrics based on activity reported through your Connected!-enabled device.
- If you enroll in a fitness facility through Silver&Fit.com, we will use your information to process your enrollment and will use your fitness facility location and date of visit information (whether submitted to us directly by you or provided to us on your behalf by the fitness facility) to verify and determine whether you are eligible for applicable rewards under your program
- If you use the Contact Us page of the Silver&Fit Website, we will use your information to process and respond to your inquiries and requests.
Under what circumstances does ASH share user information collected on the Silver&Fit Website with third parties?
ASH may provide your PHI and PII to your employer, health plan, or other entities that have contracted with your employer or health plan to provide you with health-related services on behalf of your employer and/or your health plan. In certain limited situations, ASH may be required to provide your personal information to your employer in order to perform billing, eligibility, and other administrative functions. In these situations, ASH ensures that there are security blocks in place so that personal information is only disclosed to those who perform the benefit administration process described above.
ASH may also share your information with third parties in the following circumstances:
- as reasonably necessary to enable third-party service providers to provide services and support for the operation and maintenance of the Silver&Fit Website;
- as reasonably necessary to comply with law or legal process (including a court or government order or subpoena);
- as reasonably necessary to detect, prevent, or otherwise address fraud, security or technical issues;
- as reasonably necessary to enforce this Privacy Statement or the Terms & Conditions for the Silver&Fit Website;
- as reasonably necessary to protect the rights, property or safety of ASH, ASH users, and/or the public.
In addition, ASH may provide reputable third party vendors with aggregate statistics regarding users, sales, Silver&Fit Website traffic patterns and related site information. The information so provided will not include PHI or PII, meaning there will be no personal information.
How can users opt-out of collection of PHI or PII?
To Opt-Out of providing PHI or PII while using SilverandFit.com, contact Silver&Fit directly using the e-mail address email@example.com or the contact information provided at the end of this Privacy Statement, rather than using the Contact Us form. If you decide to opt-out of a particular feature that asks you to provide PHI or PII, you should not continue with the feature. If you do continue the feature after you decide to opt-out, you may be asked again to provide PHI or PII within the feature. If you already started the feature and then decide to opt-out, Silver&Fit may delete your previous entries within that feature upon request.
Can users access, update and delete their information collected on the Silver&Fit Website?
If you have an active account on the Silver&Fit Website, you can log into your account to view your account information. Members may update and correct their PHI or PII by submitting a written request to ASH using the “Member Request to Amend Protected Health Information” form which form is available pon request through the contact information at the end of this Privacy Statement. Failure to fully complete all sections of the form may result in the form being returned to you. Response to the request for amendment will be issued within 30 days of receipt of the completed form. However, we may obtain one 30-day extension by sending the member a written notice stating the reason for the delay and the expected date of the response. We may deny the member’s amendment request under the following circumstances:
- The PHI or PII is accurate and complete.
- The request for amendment was made verbally.
- The request does not state a reason for the amendment
- We did not create the PHI or PII, unless the originator is not available to act on the request.
NOTE: Except as expressly otherwise stated in this Privacy Statement, and except where applicable law provides otherwise, PHI and PII collected on the Silver&Fit Website cannot be deleted or removed from ASH’s database and will be retained for a minimum of 10 years in accordance with ASH’s record retention policy. User accounts, however, may be disabled upon written request, using the contact information at the end of this Privacy Statement.
How can users opt-out of receiving communications from ASH?
If you have provided your email address, postal address, and/or telephone number to ASH, you may opt out of receiving marketing/promotional communications from ASH by contacting ASH as described at the end of this Privacy Statement. To stop receiving marketing/promotional communications via email, you can also use the “unsubscribe” link contained in a marketing/promotional email you have previously received from ASH. Please note that email unsubscribe requests may take up to 30 days to process once received.
For users who have requested to be removed from our email, postal mail, and/or telephone contact lists, once their requests are processed, ASH will maintain an internal do-not-contact list to ensure that the request is honored.
NOTE: Your opt-out regarding our marketing/promotional communications will not stop communications from ASH of a transactional nature or as required by law (e.g., communications regarding your account or a purchase, request or inquiry you have made with ASH, notices regarding material changes to the Silver&Fit Website or its information practices, notices regarding an actual or suspected security breach that affects your information stored by or for ASH, etc.).
How does ASH protect the privacy of minors?
ASH is concerned about the safety of children when they use the Internet. The Silver&Fit Website is not intended for use by persons under the age of majority (e.g., under the age of 18 in California). If ASH becomes aware that a user is under the age of 18 and has provided personal information to ASH without prior parental consent, ASH will remove all information provided by such underage user from its database.
For more information on how to manage cookies, visit http://www.aboutcookies.org/.
To manage Adobe Local Shared Objects (also known as LSOs or Flash cookies), visit http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html.
We may also use “web beacons”– which can be included in web pages or in emails for reporting and analytic purposes, such as counting users who have visited a web page and/or tracking usage patterns. We do not gather personal information of any kind via this activity. Web beacons cannot be declined when delivered via a regular web page. However, web beacons can be refused when delivered via email. If you do not wish to receive web beacons via email, refuse HTML (select Text only) emails via your email.
How does ASH safeguard user information?
In order to maintain the confidentiality of and safeguard the security of users’ PHI and PII, ASH enforces strict company-wide policies regarding privacy, security, and confidentiality.
ASH has an organizational commitment to protecting privacy and security. All employees who work on the Silver&Fit Website are made aware of security policies and practices through employee orientation and annual refresher training. PHI and PII is secured in an isolated database with tightly restricted access. Employees authorized to view this information are authenticated prior to gaining such access. ASH reviews web security on an ongoing basis. In addition to daily security administration and response activities, the Silver&Fit Website undergoes an overall security review on an annual basis.
The Silver&Fit Website uses Secure Sockets Layer (SSL) technology to protect the security of on-line order information, including credit card information. PayPal’s PayFlow Pro is utilized as the payment processor and is PCI compliant. ASH only maintains permissible cardholder data as per PCI-DSS, which is stored using AES-256 bit encryption. Users will see an unbroken key or a closed lock (depending on the browser used) in the lower left-hand corner of the browser window when SSL is active and the server is secure. The URL line of the browser will also contain "https" instead of "http".
Some versions of browsers and some firewalls don't permit communication through secure servers. In that case, users will not have the ability to connect to the server and therefore won't have the ability to place an order through an unsecure connection. Orders can be made over the phone by calling (877) 330-2746 if access to the secure server cannot be accomplished.
What is the Silver&Fit Website’s advertising policy?
ASH does not allow third-party advertising on the Silver&Fit Website.
What is the Silver&Fit Website’s policy regarding links to other websites and services?
How can users contact ASH?
Questions and requests may be submitted through the Contact Us page of the Silver&Fit Website, or using the following contact information:
Silver&Fit Customer Service
P.O. Box 509117
San Diego, CA 92150-9117
(877) 427-4788, 5:00am to 6:00pm, Monday through Friday (except for federal holidays).
We will endeavor to respond to your questions and requests within 10 business days from the date of receipt.