En Español

Privacy Policy

Effective Date: January 1, 2023

About this Privacy Policy and Our Commitment to Your Privacy

Rally Health, Inc., including our parent company, Optum, and our subsidiaries such as Real Appeal, Inc. (collectively, "Rally", "we", "us", "our") provides products and services (collectively, the “Services”) that may, among other things, provide you with tools to engage in wellness-related activities, find and price care, and obtain coaching, health condition, and recovery support. We provide this privacy policy (“Privacy Policy”) to outline the information Rally collects from users of the Services (“Users”, “you”) and how we may use and disclose this information. It also describes the choices available to you regarding our use of your information and how you can manage and update this information. All products and services that are governed by this Privacy Policy will include a link to and/or copy of this Privacy Policy on the home page of the applicable website. Some online services offered by or affiliated with Rally may be governed by a separate privacy policy. Undefined capitalized terms used in this Privacy Policy will have the meanings set forth in our Terms of Service or in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as specified below.

Your Acknowledgment of the Applicability of this Privacy Policy by Using the Services

As described in this Privacy Policy, we may use and disclose your information to provide you with products and services and to improve your experience using those products and services. By using the Services, or any other website, online service or mobile application where this Privacy Policy is posted, you acknowledge that we will collect, use, disclose, and store information as described in this Privacy Policy.

Products or Services Covered by this Privacy Policy

We may reference certain types or groupings of Rally products or services in this Privacy Policy where we believe information about those products or services might help you better understand our data collection and use practices related to those products or services.

Our products and services covered by this Privacy Policy include, without limitation:

  • Wellness Tools. “Wellness Tools” refers to our products and services that provide you with the ability to engage in wellness-related activities through our Services (such as participating in challenges, tracking your progress toward achieving various goals and toward accomplishing various missions, accessing resources or programs that may be available to you, interacting with other Users, reviewing articles and other wellness-related content, accessing certain health records, and participating in community or group discussion forums).
  • Find Care and Costs Tools. “Find Care and Cost Tools” refers to our products and services that allow you to search for available healthcare providers and facilities (in or out of your network), review your account balances, coverage, and costs, and facilitate your provider selection.
  • Coaching Tools. “Coaching Tools” refer to our products and services that provide generalized and individualized advice related to certain topics to help you achieve lifestyle goals, e.g. to help you lose weight, quit smoking, or help manage your blood pressure or diabetes. Coaching Tools offered by Rally include Real Appeal, Quit For Life, Living with Diabetes, and Wellness Coaching.
  • Benefits Tools. “Benefits Tools” refers to our products and services that allow you to connect with and access various insurance and other benefits products offered by your employer. These benefits may include, without limitation, Employee Assistance Programs, health, dental, vision, life, accidental death, and long-term disability insurance, financial and legal assistance, benefits related to health savings accounts, as well as related programs, products, and services.
  • One Pass Tools. “One Pass Tools” refers to our One Pass program, which gives you access to a gym network, third-party digital fitness tools, and other offerings.

    Please note that you may not be eligible for all of the products and services covered by this Privacy Policy.

    The Information We Collect

    We will collect information about you (“Information”) in a variety of ways, including directly from you, through automatic means, or from third parties. The Information that is collected depends on how you use the Services.

    Information You Provide to Us

    When you use the Services, you may provide certain information directly to us including where you use the Services to direct and authorize us to obtain information about you from other sources.

    • Wellness Tools

    When you use our Wellness Tools, you may provide us with information about yourself in connection with registering for the Services, responding to our surveys and care checklists, and entering information about yourself in other areas of the Services such as communities and your profile. You may also indirectly provide us with information about yourself if you join or otherwise participate in specific missions, such as missions to manage certain health conditions.

    Our Wellness Tools may also allow you to earn rewards or accolades for meeting certain goals, such as exercising at fitness centers. To help you locate eligible fitness centers, we may request and you may choose to provide us with precise and/or general information regarding the location of your mobile device. Please consult your mobile device for instructions on how to revoke location access permission.

    • Find Care and Costs Tools

    When you use our Find Care and Costs Tools, you may provide us with information related to searches for providers, including provider specialties, provider names, and provider location. We may also collect information about your health plan (including, without limitation, benefits information and information regarding in-network and out-of-network providers).

    • Coaching Tools

    When you use our Coaching Tools, you may provide us with information related to the activity for which you are obtaining coaching or advice to achieve lifestyle or disease management goals and to track your progress in online tools and trackers.

    For example, if you use our Quit For Life program, you may provide us with information about you and your efforts to quit smoking, chewing, and/or vaping. You may also provide us with details on smoking frequency and habits, and steps you’ve taken to quit.

    If you use our Real Appeal program, you may provide us with information about you and your weight loss journey, such as your current and historical weight, weight loss goals, and profile picture.

    You may also have the ability to link health monitoring devices or wearables (for example, a weight scale, pedometer, blood glucose meter, or blood pressure monitor) to your account, in which case we will collect your device information, information about your use of that device, and information you choose to share via that device. For example, if you utilize a connected scale to track weight and link that device to your account, we may obtain information about your weight. We are not responsible for the collection and use of your information by third-party device providers or operators. However, once they share your device information with us, we will treat it in accordance with this Privacy Policy.

    • Benefits Tools

    When you use our Benefits Tools, you may provide us with information about yourself or your dependents. This may include information to help us recommend benefits and services such as information about your health and financial status and your preferences regarding services and providers of services.

    • One Pass Tools

    When you use our One Pass Tools, to help you locate eligible fitness centers or other providers near you, you may provide information about your location such as your address, city, state, and zip code, or, if you consent, your precise geolocation.

    • Other Information

      You may provide us with additional information through the Services, such as when you participate in a sweepstakes, contest, or any other promotion, participate in one of our consumer surveys, send us any feedback, questions, or comments, contact us through another online platform, like LinkedIn, register for or submit inquiries through one of our B2B or employer-facing sites, or interact with us in any way. We also collect information from you if you apply for a job or inquire about a position with us.

      Information We Collect from Third Parties

      Rally enters into business relationships with business partners including: health plans or health insurers, including, without limitation, employer-sponsored health plans ("Health Plans"), healthcare providers and/or networks of healthcare providers ("Providers"), and companies that contract with Health Plans, Providers, and/or Rally ("Contractors") to make Rally’s products and services available to Users who are patients of such Providers or enrollees, members, or participants of such Health Plans or Contractors. Rally’s business partners such as Providers, Health Plans, and Contractors are collectively referred to in this Privacy Policy as "Rally Partners." When you use the Services, we may collect information about you, directly or indirectly, from or through applicable Rally Partners as well as other Users on the Services. With your consent, we may also collect Information from other third parties. For example:

      When you use our Wellness Tools, Rally Partners may directly or indirectly provide us with information to help confirm your eligibility for services, connect you with applicable services, and help complete your health survey.

      When you use our Find Care and Costs Tools, Rally Partners may directly or indirectly provide us with information to assist with your provider search, such as information related to in-network and out-of-network providers and your available benefits.

      When you use our Coaching Tools, Rally Partners may directly or indirectly provide us with information to help confirm your eligibility for services and connect you with applicable services.

      When you use our Benefits Tools, Rally Partners may directly or indirectly provide us with information about your employment status and eligibility for benefits, and your use of those benefits.

      When you use our One Pass Tools, you will be able to present your member code to access a participating digital fitness provider, gym, fitness location, or other provider within the One Pass network in your selected membership tier (each, a “One Pass Partner”). The One Pass Partner will collect and send to Rally and/or Rally Partners the information required to facilitate the One Pass Program, such as your member code along with information related to your utilization of the One Pass Partner’s services (e.g., gym location and monthly visit count).

      Information that is Automatically Collected

      We and third parties may use automated means to collect information about you, your computer or other device that you used to access the Services, and your use of the Services. These automated means include common technologies such as cookies, tokens, tags, web logs, web beacons, or similar technologies. These technologies help us analyze trends, administer the Services, track Users’ movements around the Services, gather demographic information about our user base as a whole, and otherwise provide you with relevant content (e.g., by gathering your zip or postal code). We may receive reports on an individual as well as aggregated basis based on the use of these technologies by Rally, and any third party vendors acting on Rally's behalf.

      • Cookies and Tracking

      Cookies are small files that websites send to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings on your device. Our Services may use HTTP cookies, HTML5 cookies, and other types of local storage. Cookies may include “single-session cookies” that generally record information during only a single visit to a website and then are erased, and “persistent” cookies that are generally stored on a computer unless or until they are deleted or are set to expire. You may disable cookies by adjusting your browser preferences at any time. Please note, however, that without cookies you may not be able to use all of the features of our Services.

      Our cookies, tokens and similar technologies (collectively, "Tracking Technologies") also are used for administering the Services, including without limitation, for authentication, to remember Users’ settings, to customize the content and layout of the Services for Users, to contact you about the Services, and to improve our internal operations, the content of our Services and our services. Users may be able to control the use of, or reject or disable, some Tracking Technologies at the individual browser level. If you reject or disable Tracking Technologies, you may still use our Services, but your ability to use some features or areas of our Services may be limited. We use Tracking Technologies to identify your device and keep track of your Internet session with our Services. Using these Tracking Technologies, we may automatically end your session on our Services after a period of inactivity (as determined by us in our sole discretion). We also use Tracking Technologies that allow us to recognize your device when you return to the Services within a certain period of time (as determined by us in our sole discretion) and automatically log you back into your account with us. UNLESS YOU AFFIRMATIVELY LOG OUT of your account PRIOR TO YOUR SESSION ENDING (whether by you or by us), YOU WILL BE AUTOMATICALLY LOGGED BACK IN THE NEXT TIME YOU OR ANY USER OF YOUR DEVICE VISITS OUR SITE within the period of time determined by us. If you do not wish to be automatically logged back in when you (or someone using your device) next initiate a session with our Services (using the same device that is being used for your current session), you should log out of your account (i) prior to ending your session, or (ii) if you will be inactive on our Services for more than a few minutes.

      • Web Logs

      In conjunction with the gathering of data through cookies, Web servers may log records such as your device type, operating system type, device advertising identifier, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone where your device is located. The Web server logs also may record the address of the Web page that referred you to our Services, the IP address (and associated city and state or province for the IP address) of the device you use to connect to the Internet, and data about your interaction with our Services, such as which pages you visit.

      • Pixels/Web Beacons

      To control which Web servers collect information by automated means, we may place tags on our Web pages called "Web beacons" (or “pixels”), which are files that link Web pages to particular Web servers and their cookies. We may use pixels for security and fraud-prevention purposes. We also may include Web beacons in e-mail messages to record whether an email has been opened or whether certain links in such email have been clicked. We or third parties also may send instructions to your device using JavaScript or other computer languages to store or gather the sorts of data described above and other details about your interactions with the Services. We may use third party pixels on the Services’ registration and login pages. For example, we may use these pixels to assess your progress in registering for our Services. If you start but fail to complete the registration process, we may also use third party pixels to deliver reminders to complete your registration. We may also use these pixels to deliver notices about new and existing features on our Services. These reminders and notices may appear on other websites, and third parties who provide the pixels may use the information obtained from pixels for their business purposes. To opt out of such use of third party pixels for advertising, please visit http://www.aboutads.info/choices.

      • Online Analytics

      We may use third-party web analytics services on our Services, such as Google or Adobe Analytics. These service providers use the technology described in this “Information that is Automatically Collected” section to help us analyze how Users use the Services, including by noting the third-party Web site from which Users arrive. The information (including your IP address) collected by the technology will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Services. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here. You can also visit the Adobe Digital Marketing Suite to "Opt-Out" of data aggregation and analysis.

      • Additional Technologies on Rallyhealth.com and Other Websites

      Apart from our Wellness Tools and Benefit Tools, respectively, our corporate and other websites such as RallyHealth.com may contain additional technologies such as those described here. Rallyhealth.com includes social media features, such as the Facebook button, and widgets, such as the Share This button or interactive mini-programs that run on the website. These features may collect your Internet Protocol address, which page you are visiting on the Rallyhealth.com website, and may set a cookie to enable the feature to function properly. When you engage with our content on or through social media services or other third party platforms, plug-ins, integrations or applications, you may allow us to have access to certain information in your profile on those services, platforms, plug-ins, integrations or applications. For a description of how social media services and other third party platforms, plug-ins, integrations or applications handle your information, please refer to their respective privacy policies and terms of use, which may permit you to modify your privacy settings.

      On Rallyhealth.com and other websites, we may also allow third party service providers to use cookies and other technologies to collect information and to track browsing activity over time and across third party websites such as web browsers used to read our websites, which websites are referring traffic or linking to the websites, and to deliver targeted advertisements to you on third party websites. We do not control these third party technologies and their use is governed by the privacy policies of third parties using such technologies. For more information about third party advertising networks and similar entities that use these technologies, see http://www.aboutads.info/consumers, and to opt out of such ad networks’ and services’ advertising practices, go to www.aboutads.info/choices and http://www.networkadvertising.org/choices. Once you click the link, you may choose to opt out of such advertising from all participating advertising companies or only advertising provided by specific advertising companies. We do not control these opt-out choices.

      To opt out of Google Analytics for display advertising or customize Google display network ads, you can visit the Google Ads Settings page. Please note that to the extent advertising technology is integrated into the Services, you may still receive advertisements even if you opt out of tailored advertising. In that case, the ads will just not be tailored.

      • Mobile Application Technologies

      Our mobile applications may also collect information specific to use of your mobile device, such as unique device identifiers and, with your consent, precise geolocation information, motion coprocessor data (e.g. recording information such as steps, distance, and elevation), accelerometer data (showing whether you're stationary or moving), and gyroscope data.

      • Collection of information across personal devices and applications

      Sometimes, we (or our service providers) may use the information we collect—for instance, log-in credentials, IP addresses, hashed email addresses, and unique mobile device identifiers—to locate or try to locate the same unique users across multiple browsers or devices (such as smartphones, tablets, or computers), or work with providers that do this, in order to better tailor content, features, and advertising (for Rally Health on other sites), and provide you with a seamless experience across the devices you use to access our Services.

      How We Use Information Collected

      We and third-party vendors acting on our behalf, may use the information that we collect through our Services for a variety of purposes, including to:

      • Register you for an account, log you into the Services, authenticate your identity, where applicable, and otherwise enable your access to and use of the Services;
      • Fulfill any request you make;
      • Send you authentication codes or otherwise contact you for multi-factor authentication of your identity;
      • Communicate with you (including, without limitation, via email and/or mobile push notifications);
      • Administer, or fulfill rewards when you participate in any contests, sweepstakes, auctions, or other rewardable activities;
      • Connect you with and provide you with information about Rally or Rally Partners’ services, providers of services, rewards, resources or programs to which you may have access, including coaching, disease management, or other health-related services or wellness programs;
      • Provide you with content, including, without limitation, generating recommendations (such as recommended activities, services, benefits, or rewards), and processing your preferences and requests;
      • Generate results in the Provider Search Tool and Benefits Tools;
      • Facilitate your provider selection, provide you with cost estimates, and provide you with benefits information;
      • Facilitate communications between healthcare providers and their patients;
      • Analyze, customize, and personalize the Services, including through the delivery of tailored content and communications;
      • Resolve disputes and/or troubleshoot problems including by logging into your account to troubleshoot problems or otherwise help you navigate the Services;
      • Verify your compliance with your obligations in our Terms of Service or other Rally policies;
      • Process any job applications or inquiries about jobs with us, including assessing your qualifications for a particular opening you’ve applied for or any other opportunities at Rally;
      • Improve the quality of the Services; and
      • Provide services as directed by you or provided for herein.

      Except where prohibited by law, and only to the extent permitted by Rally’s agreements with applicable Rally Partners, we may also use your Information in connection with any other services we make available to you.

      Creation and Use of Combined Data, De-Identified Data, and Aggregated Data

      As permitted by law and by Rally’s agreements with applicable Rally Partners, Rally, and any third party vendors acting on Rally’s behalf, may aggregate and/or de-identify your Information and/or combine your Information with other information maintained or available to Rally and use or disclose such information as follows:

      • We may use aggregated or combined data to communicate with you about our products and services and disclose such aggregated or combined data to Rally Partners in connection with providing the Services.
      • We may also use and disclose de-identified data, de-identified aggregated data, and/or de-identified combined data for improving our products and services, conducting analytics such as evaluating our Services and developing additional benefits, programs, and services, and disclosing to Rally Partners for analytics purposes.

      How We Protect Your Information

      The security of your Information is important to us. We follow security standards to protect the Information submitted to us from loss, interference, misuse, unauthorized access, disclosure, alteration or destruction, both during transmission and once we receive it. These safeguards vary based on the sensitivity of the Information that we collect, process and store and the current state of technology. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. We also maintain procedures to help ensure that such data is reliable for its intended use and is accurate, complete and current. If you have any questions about data security and integrity on our Services, you can contact us at info@werally.com.

      Be Sure to Log Off When Using Public or Third Party Computers

      As described above, we use Tracking Technologies that automatically log you back into your account with us unless you affirmatively log out of your account prior to your session ending (or prior to our Services "timing out" – i.e. our ending your session automatically after a period of inactivity as determined by us in our sole discretion). If you log into the Services using a public computer or device, or a computer or device that belongs to or is shared with another person, you should affirmatively log out of your account. Otherwise, the next user of that computer or device may be able to access your account and your Information in your account if your session has not ended.

      Your Use of Persistent Login

      If you choose to use a persistent log-in in your account, for example, by having our Services remember your user email address and/or password, others may be able to access Information through your device. If you are concerned about the unauthorized use or disclosure of Information via persistent login, you should elect to not use the persistent log-in feature.

      How We Share Information

      We may disclose your Information in the following circumstances.

        Disclosures to Service Providers and Rally Partners

        Rally, and third party vendors acting on our behalf, may disclose your Information to Rally Partners, third party service providers, or vendors acting on our behalf for the purpose of providing the Services and related services to you or other Users, including, without limitation, registering you to use the Services (e.g., authenticating your identity), logging you into the Services, providing you with information you have requested through the Services or related services, administering and providing rewards, if offered, related to your use of the Services, connecting you with resources and other services (e.g., coaching services), and, for any Services that require you to pay a fee, processing your payment and managing your subscription. Third party service providers or vendors acting on our behalf are authorized to use your Information to provide us services or as required by law, and they are also permitted to aggregate or de-identify your Information such that it is not identifiable to you.

        Additional Disclosures with Your Consent

        With your consent outside of this Privacy Policy, we or a Rally Partner may share your Information with third parties or allow them to collect information from the Services in some ways not specifically described in this Privacy Policy. For example, we may ask for, and you may provide, a HIPAA Authorization to enable us to share certain information with third parties, such as your employer’s incentive provider. You may also be provided with an opportunity to use services provided by third parties, e.g. telemedicine services. To streamline your login or registration for such services, we may share certain information with these third parties. Certain features of the Services make it possible for you to share Information with other users. If you choose to share information with others through our services, that information is not confidential. We cannot control how others will use the information you make available to others.

        Safety, Security and Compliance with Law

        Your Information and the contents of your communications through the Services may be disclosed to third parties as required by law, such as to comply with a subpoena or similar legal process, or when we reasonably believe disclosure is necessary to protect our rights (including to enforce our Terms), protect your safety or the safety of others, investigate fraud, report improper or unlawful activity, or respond to a government request.

        Subsidiaries and Affiliated Companies

        Except where prohibited by law or precluded by contract, we may share your Information with any subsidiaries or other affiliated companies under common control with Rally for the purposes set out in this Privacy Policy.

        Sale, Merger or Similar Transaction

        We may share your Information in connection with any proposed or actual merger, reorganization, a sale of some or all our assets, a financing or acquisition of all or a portion of our business by another company, or to a receiver, trustee or successor in interest in bankruptcy, in which case such company may continue to process your Information as set forth in this Privacy Policy (except where prohibited by law) or otherwise with your consent.

        Aggregate/De-Identified Information

        We may create and share Aggregate/De-identified information about use of the Services, such as by creating reports on usage trends.

        Hashed Information Used for Delivering Advertising on Other Sites

        We also may create and share with third parties a hashed version of Information, such as your email address and content that you share publicly when using the services (e.g., user-generated content), solely in non-human readable form for purposes of delivering advertising on other sites.

        Uses and Disclosures as Required or Permitted by Law, Including for Research, Health Care Operations, and Public Health

        To the extent not prohibited by law or precluded by Rally’s agreements with the applicable Rally Partner, Rally, and any third party vendors acting on Rally’s behalf, may use and disclose your Information: (a) as required or permitted by law, including, where applicable, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), which may include disclosures to the applicable Rally Partner; (b) for Research purposes; (c) for purposes of Health Care Operations of the applicable Rally Partner; and (d) for Public Health, as each is defined and in accordance with HIPAA.

        Sharing of Data Specific to Benefits Tools

        In order to facilitate your connection with benefits available to you using our Benefits Tools, when you use the Benefits Tools to connect with a provider of benefits, we may share Information about you with the applicable provider of the benefits.

        Sharing of Data Specific to Coaching Tools

        If you use our Coaching Tools, we may provide certain information to your coach to better personalize the services available through the Coaching Tools. For example, if you participate in the Real Appeal Program, we may provide your Real Appeal coach with information from your use of our Wellness Tools, such as the type and amount of physical activity you have engaged in. If you participate in our Quit For Life Program, we may provide your Quit For Life coach with information about your progress, such as methods you’ve used to defeat cravings. We may also share certain information from your use of Coaching Tools to facilitate payment for your access to or use of the Coaching Tools.

        Information Automatically Added When Printing and/or Downloading Your Personal Health Record Using Blue Button in our Wellness Tools

        Printouts and/or downloads of your personal health record from our Wellness Tools using Blue Button will identify you by automatically adding your: 1) real name; 2) date of birth; and 3) gender. You should not print and/or download using Blue Button if you do not want this information to be displayed on the printout or download. If you proceed to print or download using Blue Button, you are accepting that this information will be automatically included and displayed on your printout or download.

        Third Party Websites and Services

        Our Services may contain links that enable you to visit or use other third party websites, resources or programs. However, we do not have control over the other websites, resources, or programs that you choose to visit, so this Privacy Policy does not apply to information collected or that you provide while visiting such other websites, resources, or programs. You should refer to the privacy policies, if any, applicable to the other websites, resources, or programs.

        Our Data Retention Practices

        Personal data will be retained only for so long as reasonably necessary for the purposes set out above, considering criteria such as applicable rules on statute of limitations and at least the duration of your use of our Services. Information may persist in copies made for backup and business continuity purposes for additional time.

        Your Choices

        Choices Regarding Accessing, Updating, and Deleting Information

        You may update and/or delete certain Information by logging into the Services and updating your account. To access, review, update and/or delete certain Information, you may also contact us at info@werally.com. If you wish to have your account deactivated, you may contact us at info@werally.com. We will respond to your request within a reasonable and lawful timeframe under the circumstances of your request. We may request you provide us with information necessary to confirm your identity before responding to your request.

        Certain Information is necessary in order for us to provide the Services; therefore, if you delete such necessary Information you will not be able to use the Services or receive the related services. Please note that even though you may deactivate your account or request the deletion of your Information, we may be required (by law or otherwise, such as to prevent fraud, resolve disputes, or troubleshoot problems) to retain this information. We may also keep a copy of your Information to protect our legal rights, such as in connection with your use of the Services or your agreement to our Terms of Service, as permitted or required by applicable law.

        Choices Regarding Communications From Rally

        You can decline promotional communications at the point information is requested or, by following the unsubscribe instructions on communications sent to you. You can also contact us as described in the “How to Contact Us” section below. However, even if you opt out of such communications, you may continue to receive other transactional, relationship, and/or administrative communications from or through Rally that are important or related to your Rally account or the products and services you are using (for example, a notice that there has been a change in one of your services).

        Please also note that you, not Rally, have control over certain settings for how communications such as emails and push notifications are displayed on your devices, and the settings you select will affect how Rally’s communications are displayed (e.g., whether they are visible on a locked screen and whether a preview of message content is displayed).

        You may initiate communications with us via email, or you may request that we communicate with you via email. By doing so, you are acknowledging and accepting the risks associated with using unencrypted email to communicate with us, particularly where you request communications that may include health information about you or others. If you do not agree, please do not request sensitive information via emails.

        Certain Choices in our Wellness Tools

        • Wellness Tools: Your Rally Nickname

        When you register to use our Wellness Tools, Rally requires that you choose a display name (a "Nickname") that will be visible to other Users of the Wellness Tools as it will appear on your profile page and when you post information in public areas of our Wellness Tools, through our desktop application and/or through associated mobile applications. Please be careful when you choose your Nickname. If you choose a Nickname that reveals your name or identity, you may disclose your identifiable Information to other Users as a result. We may disclose your Nickname in a public area of the Wellness Tools if you win a reward or contest on our Services or make a donation or participate in an auction, where applicable, on our Services. Additionally, notwithstanding the above, in limited cases, we may provide your Nickname to your Health Insurer (defined below) for the limited purpose of permitting your Health Insurer to connect you with coaching or related services.

        • Wellness Tools: Your Profile

        As a part of our Wellness Tools, each User has a profile page that is associated with their Nickname and that is viewable by other Users. Your profile will also automatically include the avatar you have chosen, your gender, and the names of other Users (identified by their Nicknames) with whom you "connect" on the Services. When completing your profile, you may at any time choose to additionally include and make visible to others: (i) your state or province of residence (which is generated automatically if you choose to enter your zip or postal code into your profile); and (ii) any other information you choose to include, such as a free text introductory statement. If you choose to enter health information or other information in your profile that is visible to other Users, please remember that other Rally Users can view the information in your profile.

        • Wellness Tools: Public Areas of the Services

        Rally provides public areas of our Wellness Tools, such as communities, challenges, and discussions associated with missions, that operate as a public or community forum within the Services in which Users can choose to share information with other Users. For example, by participating in a public challenge, private challenge, or team or other challenge, information such as your Nickname and your activity levels (e.g., your distance traveled (or similar information) and your ranking), can be viewed by other Users. You acknowledge and accept that if you share Information in public areas of the Services, the Services may display this Information to other Users and other Users may view that information in association with your profile and any publicly visible information contained in your profile. You should not enter any information you feel uncomfortable sharing publicly into public areas of the Services such as communities. To request removal of your Information from an area of the Services that operates as a public or community forum, contact us at info@werally.com, and provide us with a description of the content and the particular forum in which the content is located. In some cases, we may not be able to remove your Information, in which case we will let you know if we are unable to do so and why.

        • Wellness Tools: Exchange of Direct Messages with Other Users and Other Resources (Within the Services) and Group Chats

        As part of our Wellness Tools, Rally may allow Users to: (i) send direct messages on the Services to other Users and other resources; and (ii) receive direct messages on the Services from other Users and other resources; and (iii) send direct messages in a group chat setting with one or more other Users. Information you disclose in such situations may be viewed, copied, used, and redistributed by the participants in these communications. You may also be given the ability to use your name in place of your Nickname for these communications. In all cases, we encourage you to use care when considering including sensitive personal information in your messages, such as social security numbers, health information, financial account information, passwords, or your contact information.

        Certain Choices in Our Coaching Tools

        Certain Coaching Tools, such as the Real Appeal Program, may allow you to upload a photograph of yourself. If you upload a photo, your Real Appeal coach will be able to view the photo. You may replace the photo with another photo of yourself by accessing your Real Appeal account settings.

        Choices Regarding Cookies & Analytics

        Cookies & Analytics. You can opt out of certain cookie-related and analytics processing by following the instructions in our Cookies Notice above.

        Choices for Nevada Residents

        Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online.

        We do not engage in such activity; however, if you are a Nevada resident who has purchased or leased goods or services from us, you may submit a request to opt out of any potential future sales under Nevada law by submitting a request at info@werally.com or visiting https://helpcenter.werally.com/rally/s/contactsupport. Please note we will take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.

        International Transfers of Personal Data

        As set out above, the Services are hosted in the United States. Also, the Rally personnel and some of the third-party vendors to whom we disclose personal data (as set out above) may be located in the United States and other countries, including in countries that may not provide the same level of data protection as your home country. We take steps to ensure that recipients of your personal data are bound to duties of confidentiality and we implement measures such as standard data protection contractual clauses to ensure that any transferred personal data remains protected and secure. A copy of these clauses can be obtained by contacting us as specified in the “How to Contact Us” section of this Privacy Policy.

        California Do-Not-Track Disclosure Requirements

        We are committed to providing you with meaningful choices about the information collected on our Services for third-party purposes. However, we do not recognize or respond to browser-initiated Do Not Track signals, as the Internet industry is currently still working on Do Not Track standards, implementations, and solutions.

        Your California Privacy Rights

        If you are a California resident, you may have certain rights. For more information, please see the Supplemental Privacy Notice for California Residents below.

        Children (applies only to U.S. Users)

        Except as explicitly stated in this section of the Privacy Policy below, the Services are not directed to children under the age of 18, and children under the age of 18 years of age are not eligible to use the Services. Protecting the privacy of children is very important to us. Except as explicitly described below, we do not collect Information from people we actually know are under 18 years of age, and no part of the Services are designed to attract people under 18 years of age. If we later learn that an individual has provided us with their information through the Services in violation of this provision, we will take steps to remove that User’s Information from our databases and to prevent the User from utilizing the Services.

        The Wellness, Find Care and Costs Tools, and the Quit For Life Program’s online services, if offered, are not directed to children under the age of 13, and children under the age of 13 years of age are not eligible to use the Wellness, Find Care and Costs Tools, and the Quit For Life Program’s online services. Protecting the privacy of children is very important to us. Through the Wellness, Find Care and Costs Tools, and the Quit For Life Program’s online services, we do not collect Information from people we actually know are under 13 years of age, and no part of the Wellness, Find Care and Costs Tools, and the Quit For Life Program’s online services is designed to attract people under 13 years of age. If we later learn that an individual has provided us with their information through the Wellness, Find Care and Costs Tools, and the Quit For Life Program’s online services and they are under 13 years of age, we will take steps to remove that User's Information from our databases and to prevent the User from utilizing the Wellness, Find Care and Costs Tools, and the Quit For Life Program’s online services.

        We may allow parents or guardians to provide consent for their children under 13 to use the Quit For Life Program’s services made available by telephone.

        Modifications to this Privacy Policy

        From time to time, we may update this Privacy Policy to reflect changes to our information practices. If we make changes to this Privacy Policy, they will be reflected in an updated Privacy Policy that will be posted on the Services, and all changes will be effective upon such posting or upon any later date specified by us in writing. We encourage you to periodically review this page for the latest information on our privacy practices. You can determine when this Privacy Policy was last revised by referring to the "Effective Date" legend at the top of this Privacy Policy. By continuing to use the Services or any services following the effective date of any updated Privacy Policy, you understand the applicability of the terms and conditions of such updated Privacy Policy.

        HIPAA Notice of Privacy Practices

        Certain of our Services may also be subject to separate HIPAA Notices of Privacy Practices

        • Real Appeal - To read more about Real Appeal’s privacy practices regarding health and medical information under HIPAA, please visit https://realappeal.com/hipaa-notice-of-privacy-practices.
        • Quit For Life – To read more about Quit For Life’s privacy practices regarding health and medical information under HIPAA, please visit https://www.rallyhealth.com/corporate/quitforlife/noticeofprivacypractices.
        • Benefits Tools - The administration of your Benefits Tools (including Employee Assistance Programs) follows the privacy practices set forth in your health plan's HIPAA Notice of Privacy Practices. Please contact your plan for a copy of its HIPAA Notice of Privacy Practices.

        How to Contact Us

        Please read this Privacy Policy carefully. If you have questions or complaints regarding our Privacy Policy or privacy practices, please contact us at: Attn: Privacy Office, Rally Health, Inc. 11000 Optum Circle, Eden Prairie, MN 55344, or privacy@optum.com.

        Supplemental Privacy Notice for California Residents

        This Supplemental Privacy Notice supplements the information in our Privacy Policy above, and applies solely to California residents. It applies to personal information we collect on or through the Services and through other means (such as information collected offline, in person, and over the telephone). It does not apply to personal information not subject to the California Consumer Privacy Act/California Privacy Rights Act, such as personal information subject to HIPAA.

        Summary of Information We Collect

        California law requires us to disclose information regarding the categories of personal information that we have collected about California consumers, the categories of sources from which the information was collected, the business or commercial purposes (as those terms are defined by applicable law) for which the information was collected, and the categories of parties with whom we share personal information.

        Except for the information we collect as a Business Associate and subject to the Health Insurance Portability and Accountability Act of 1996 (for which we describe our privacy practices above) or other applicable exception, we or our service providers may collect the below categories of information for business or commercial purposes (as those terms are defined in applicable law):

        • Identifiers and Personal Information Categories (such as account information, name, email address, mailing address, insurance policy number, or phone number);
        • Commercial information (such as transaction data);
        • Protected Classification Characteristics and Sensitive Information (such as age, gender, marital status, and health information);
        • Financial data (such as financial status);
        • Internet or other network or device activity (such as IP address, unique device, advertising, and app identifiers, browsing history or other usage data);
        • Location information (such as general location, and, if you provide permission, precise GPS location);
        • Sensory information (such as audio recordings if you call our customer service);
        • Inference data about you; and
        • Professional or Employment Information (such as your current employer)
        • Other information that identifies or can be reasonably associated with you (such as user generated content).

        We collect the categories of personal information identified above from the following sources: (1) directly from you; (2) through your use of the Services; (3) affiliates; and (4) third parties such as information received from our vendors and other users who, for example, may refer you to use the Services.

        As explained above, we collect the categories of personal information identified above for the following business and commercial purposes:

        • Providing the Services (e.g., account servicing and maintenance, administering and fulfilling rewards, customer service, facilitating payment, analytics, and communication about the Services);
        • Our or our service provider’s operational purposes;
        • Auditing consumer interactions on our site;
        • Detecting, protecting against, and prosecuting security incidents and fraudulent or illegal activity;
        • Bug detection and error reporting;
        • Customizing content that we or our service providers display on the Services;
        • Improving our existing Services and developing new services (e.g., by conducting research to develop new products or features) ;
        • Other uses that advance our commercial or economic interests, such as communicating with you about relevant products and services available to you from third party partners;
        • Other uses about which we notify you.

        Examples of these types of uses are identified below and discussed more generally in our main privacy policy. We may also use the below categories of personal information for compliance with applicable laws and regulations, and we may combine the information we collect (“aggregate”) or remove pieces of information (“de-identify”) to limit or prevent identification of any particular user or device.

        We describe our information sharing practices in the Privacy Policy above. In the previous twelve months, we may have shared certain categories of personal information with third parties, as that term is defined in the California Consumer Privacy Act, for business purposes. For example, if you direct us in the Benefits Tools to connect you with a provider of benefits, we may share (1) identifiers, such as your name; and (2) other information that identifies you, such as your eligibility to receive advice from a financial or legal advisor.

        We only process Sensitive Personal Data to render services or offer products to you, and we do not share your personal information for cross-context behavioral advertising.

        Rights

        If you are a California resident, you may have certain rights. California law may permit you to request that we:

        • Provide you the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.
        • Provide access to and/or a copy of certain information we hold about you.
        • Delete certain information we have about you.
        • Correct certain information we have about you.
        • If we use your sensitive information for purposes other than to render services or offer products to you, you will have the right to request that we limit the processing of your sensitive.

        You may have the right to receive information about the financial incentives that we offer to you (if any). You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law. We need certain types of information so that we can provide the Services to you. If you ask us to delete it, you may no longer be able to access or use the Services.

        If you would like to exercise any of these rights, please submit a request at info@werally.com or visit https://helpcenter.werally.com/rally/s/contactsupport. You will be required to verify your identity before we fulfill your request. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.

        California law sets forth certain obligations for businesses that “sell” personal information. Based on the definition of “sell” under California privacy law , we do not believe we engage in such activity and have not engaged in such activity in the past twelve months.

        Metrics

        California law may require us to compile metrics for the previous calendar year regarding consumer requests and responses. If required by applicable law, we will update this section after the CCPA has been in effect for a calendar year.

        California Shine the Light

        California law permits customers of Rally Health who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please write us:

        Rally Health, Inc.

        11000 Optum Circle
        Eden Prairie, MN 55344

        email: info@werally.com.

        We will provide a list of the categories of personal information, if any, disclosed to third parties during the immediately preceding calendar year for third-party direct marketing purposes, along with the names and addresses of these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email or postal address specified above. You should put "California Privacy Rights" in the subject line and in your request. You must provide us with specific information regarding yourself so that we can accurately respond to the request.

        Additional California Rights

        If you are a California resident under the age of 18 and are a registered User of our Services, you may request that we remove from our Services any content you post to our Services that can be accessed by any other User (whether registered or not). Please note that any content that is removed from our Services may still remain on our servers and in our systems. To request removal of content under this provision, please send an email to info@werally.com and provide us with a description of the content and the location of the content on our Services, and any other information we may require in order to consider your request. Please note that removal of content under this provision does not ensure complete or comprehensive removal of the content or information posted on the Services by you.