(If you are a CA resident, this statement includes your California Privacy Rights)
Welcome to the Active&Fit® program website (the “Active&Fit Website”), which is owned and operated by American Specialty Health Incorporated, a Delaware corporation with a mailing address of 10221 Wateridge Circle, San Diego, CA 92121, on behalf of itself and its subsidiaries (collectively “ASH” or “We”). The Active&Fit® program is a fitness and health education program, and is provided by American Specialty Health Fitness, Inc., a subsidiary of American Specialty Health Incorporated.
ASH values its users (“you”) and respects your privacy. We are committed to using your information responsibly. Except as expressly otherwise stated in this Privacy Statement, ASH will not share your personal information with third parties without your permission. If you access the Active&Fit Website through one of ASH’s health plan or employer group clients, any information you provide to us on the Active&Fit Website will be governed by this Privacy Statement.
This Privacy Statement informs users about the Active&Fit Website information practices, including: what personal information we collect on the Active&Fit Website; how the personal information is collected; how the personal information will be used; and the choices users have about the collection and use of personal information.
This Privacy Statement, together with the Terms and Conditions, governs your use of the Active&Fit Website. By using the Active&Fit Website, you accept and agree to be bound by this Privacy Statement and the Terms and Conditions.
From time to time, we may update and modify this Privacy Statement to accommodate new technology, industry practices, regulatory requirements, or for other purposes. We will provide you with notice if the changes are material and, where required by applicable law, we will obtain your consent. Unless expressly otherwise agreed, all material changes will apply prospectively only. If you have an account on the Active&Fit Website, we may ask you to affirmatively agree to the changes (e.g., by checking a box or clicking a button) at the time of your next account login on the Active&Fit Website.
CALIFORNIA RESIDENTS: YOUR CALIFORNIA PRIVACY RIGHTS
Under California Civil Code Section 1798.83 (known as the “shine the light” law), California residents have a right to request an information-sharing disclosure from a business to which they have provided personal information and which has disclosed the information to any third party for third-party direct marketing uses in the prior calendar year.
ASH does not knowingly share your personal information with third parties for their direct marketing use without your permission. California residents may send requests for information-sharing disclosure under this law by emailing ASH at HIPAA@ashn.com. Please note that, under this law, we are not required to respond to your request more than once in a calendar year, nor are we required to respond to any requests that are not sent to the above-designated email address.
What kind of information does ActiveandFit.com collect?
- Registering/Enrollment with the Website requires first and last name, date of birth, address, e-mail address, home phone number, and credit card information if you are required to pay a fee prior to enrollment and do so using a credit card. The Active&Fit website uses a third party payment processor, PayPal, to collect and process your credit card information. Active&Fit does not directly collect or maintain your credit card information.
- If you use the Connected! feature of the Active&Fit Website, you allow ASH to record your activity related information, such as steps taken in a day, through your Connected! feature enabled device (such as a Fitbit tracker or other activity/fitness device eligible under the Connected! program). When you use the Connected! feature, your activity information will be transmitted from your device by your device manufacturer, to Validic (a third party data aggregator that we use). After receiving the information from Validic, we will upload the information into your member profile/account on Active&Fit.com. By using the Connected! feature, you allow us to receive this information from your device.
- If you choose a fitness facility through Active&Fit.com, we may receive your chosen fitness facility location information.
- The Contact Us page requires name, phone, e-mail address, inquiry type, and comment.
Why is my information collected?
Your information is used solely to address your requests regarding the Website Registration/Enrollment, to enable you to participate in the Connnected! feature of the Active&Fit website, to select a fitness facility, and to enable use of the Contact Us section of the Active&Fit Website.
If you choose not to provide your information in the initial registration/enrollment process, you will not be able to access or use ActiveandFit.com.
How does Active&Fit use my information?
- If you register on the Active&Fit Website, we will use your registration information to set up, administer, service, and communicate with you regarding your account. Registration on the Active&Fit Website is required for users to gain access to special features of the Active&Fit program, such as Connected! and fitness facility enrollment.
- If you use the Connected! feature of the Active&Fit Website, we will record your exercise and other Connected! registered device activity information over time and will use such recorded information to verify and determine whether you are eligible for applicable incentives or rewards under the Active&Fit program through your sponsored employer group or health plan.
- If you enroll in a fitness facility through Active&Fit.com, we will use your information to process your enrollment.
- If you use the Contact Us page of the Active&Fit Website, we will use your information to process and respond to your inquiries and requests.
Under what circumstances does ASH share user information collected on the Active&Fit Website with third parties?
ASH may provide limited participation and aggregate usage information to your employer’s benefit administrator, health plan, or other entities that have contracted with your employer or health plan to provide you with health-related services on behalf of your employer and/or your health plan. In certain limited situations, ASH may be required to provide some personal information to your plan sponsor in order to perform billing, eligibility, and other administrative functions. In these situations, ASH ensures that there are security protections in place so that personal information is only disclosed to those who perform the benefit administration process described above as permitted by state and federal law, and not used for employment related or benefit underwriting purposes. If you submit credit card information to enroll in the Active&Fit program, Active&Fit engages a third party payment processor, PayPal, to process your payment.
ASH may also share your information with third parties in the following circumstances:
- as reasonably necessary to enable third-party service providers to provide services and support for the operation and maintenance of the Active&Fit Website;
- as reasonably necessary to comply with law or legal process (including a court or government order or subpoena);
- as reasonably necessary to detect, prevent, or otherwise address fraud, security or technical issues;
- as reasonably necessary to enforce this Privacy Statement or the Terms & Conditions for the Active&Fit Website;
- as reasonably necessary to protect the rights, property or safety of ASH, ASH users, and/or the public.
In addition, ASH may provide reputable third party vendors with aggregate statistics regarding user participation, Active&Fit Website traffic patterns and related site information. The information so provided will not include individually identifiable information, meaning there will be no personal information.
How can users opt-out of collection of my information?
To Opt-Out of providing personal information while using ActiveandFit.com, contact Active&Fit directly using the e-mail address firstname.lastname@example.org or the contact information provided at the end of this Privacy Statement, rather than using the Contact Us form. If you decide to opt-out of a particular feature that asks you to provide your information, you should not continue with the feature. If you do continue the feature after you decide to opt-out, you may be asked again to provide your information within the feature.
Can users disable their accounts and delete their information collected on the Active&Fit Website?
Except as expressly otherwise stated in this Privacy Statement, and except where applicable law provides otherwise, personal information collected on the Active&Fit Website cannot be deleted or removed from ASH’s database and will be retained for a minimum of 10 years in accordance with ASH’s record retention policy. User accounts, however, may be disabled upon written request, using the contact information at the end of this Privacy Statement.
How can users opt-out of receiving communications from ASH?
If you have provided your email address, postal address, and/or telephone number to ASH, you may opt out of receiving marketing/promotional communications from ASH by contacting ASH as described at the end of this Privacy Statement. To stop receiving marketing/promotional communications via email, you can also use the “unsubscribe” link contained in a marketing/promotional email you have previously received from ASH. Please note that email unsubscribe requests may take up to 30 days to process once received.
For users who have requested to be removed from our email, postal mail, and/or telephone contact lists, once their requests are processed, ASH will maintain an internal do-not-contact list to ensure that the request is honored.
NOTE: Your opt-out regarding our marketing/promotional communications will not stop communications from ASH of a transactional nature or as required by law (e.g., communications regarding your account or a purchase, request or inquiry you have made with ASH, notices regarding material changes to the Active&Fit Website or its information practices, notices regarding an actual or suspected security breach that affects your information stored by or for ASH, etc.).
How does ASH protect the privacy of minors?
ASH is concerned about the safety of children when they use the Internet. The Active&Fit Website is not intended for use by persons under the age of majority (e.g., under the age of 18 in California). If ASH becomes aware that a user is under the age of 18 and has provided personal information to ASH without prior parental consent, ASH will remove all information provided by such underage user from its database.
For more information on how to manage cookies, visit http://www.aboutcookies.org/.
To manage Adobe Local Shared Objects (also known as LSOs or Flash cookies), visit http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html.
We may also use “web beacons”– which can be included in web pages or in emails for reporting and analytic purposes, such as counting users who have visited a web page and/or tracking usage patterns. We do not gather personal information of any kind via this activity. Web beacons cannot be declined when delivered via a regular web page. However, web beacons can be refused when delivered via email. If you do not wish to receive web beacons via email, refuse HTML (select Text only) emails via your email.
How does ASH safeguard user information?
In order to maintain the confidentiality of and safeguard the security of users’ personal information, ASH enforces strict company-wide policies regarding privacy, security, and confidentiality.
ASH has an organizational commitment to protecting privacy and security. All employees who work on the Active&Fit Website are made aware of security policies and practices through employee orientation and annual refresher training. Personal information is secured in an isolated database with tightly restricted access. Employees authorized to view this information are authenticated prior to gaining such access. ASH reviews web security on an ongoing basis. In addition to daily security administration and response activities, the Active&Fit Website undergoes an overall security review on an annual basis.
The Active&Fit Website uses Secure Sockets Layer (SSL) technology to protect the security of on-line order information, including credit card information. PayPal’s PayFlow Pro is utilized as the payment processor and is PCI compliant. ASH only maintains permissible cardholder data as per PCI-DSS, which is stored using AES-256 bit encryption. Users will see an unbroken key or a closed lock (depending on the browser used) in the lower left-hand corner of the browser window when SSL is active and the server is secure. The URL line of the browser will also contain "https" instead of "http".
Some versions of browsers and some firewalls don't permit communication through secure servers. In that case, users will not have the ability to connect to the server and therefore won't have the ability to place an order through an unsecure connection. Orders can be made over the phone by calling (877) 330-2746 if access to the secure server cannot be accomplished.
What is the Active&Fit Website’s policy regarding links to other websites and services?
Amazon.com Website Link
NOTE: Active&Fit is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. This means that Active&Fit may earn advertising fees based on your purchases on the Amazon.com Website once you click on the Amazon.com link from the Active&Fit Website.
Active&Fit will not share individually identifiable health information with Amazon or any other third party in connection with use of the Amazon feature.
For more on Links, please see the Terms and Conditions of this Website.
How can users contact ASH?
Questions and requests may be submitted through the Contact Us page of the Active&Fit Website, or using the following contact information:
Active&Fit Customer Service
P.O. Box 509117
San Diego, CA 92150-9117
(877) 427-4788, 5:00am to 6:00pm, Monday through Friday (except for federal holidays).
Privacy and Security Contact Information
ASH has a designated Privacy Officer and an Information Security Officer to oversee our privacy and security programs. You may direct questions about these programs to these individuals by either calling (877) 427-4766 or emailing HIPAA@ashn.com.
Use of this Website is governed by the Active&Fit Terms and Conditions.