Go365 Notice of Privacy Practices

How we protect your personal information

This notice explains how information about you may be used and shared. Please carefully look over this communication.

Keeping your personal information private is important. You don’t need to do anything unless you have a complaint.

We’re glad that you are part of the Go365® program. We want you to know that we will protect your personal information and keep it private.

This notice explains how Go365 protects your personal information. It also explains how your information is used. There are times when we may need to share your personal information. This notice explains why we may need to do this for legal reasons. We follow these rules about using and sharing your personal information. We will also let you know if any of these rules change.

We can change the rules for using and sharing personal information at any time. If the rules change, it will be for all personal information, even any information we have before the change was made. When we make a significant change in the rules, we will change this notice and let you know. Any changes to the rules for using or sharing personal information will be for everyone in the Go365 program.

What is personal information?

Personal information is health information and any information that identifies you; like your name, address, telephone number, and email address. This information also includes any personal and health information about your physical or mental health, which is created or received by a healthcare provider or Go365. We protect all of this information, whether it is spoken, written down, or part of an electronic record.

How does Go365 protect my information?

There are laws to protect your information. Go365 must follow these laws. We also take these steps to keep your information private:

  • We limit who can see your information to only those who need to see it.
  • We limit how we use your information, and share it only when there is a good reason.
  • We let you know how we use or share your information.
  • Everyone who works for Go365 is trained on how to protect your information.
  • Organizations that contract with Go365 to help us deliver the program are required to follow similar rules as Go365 to protect your information as required by state and federal laws.

How does Go365 use and share my information?

Go365 may use and/or share your information with you or someone who has the legal right to act for you, and where required by law.

If you are a Medicare member, or have a fully insured Humana health plan with your Go365 program, you will be required to make a choice to consent or decline to share your Go365 data with your Humana health plan. You can change your decision to consent or decline at any time via the Preferences section of the Go365 or Humana website Account Settings.

If this consent is not presented to you, then you are not eligible to share your Go365 data with a Humana health plan.

Go365 can also use or share your information:

  • For rewards including Points, Bucks and HealthyFood savings, if applicable.
  • For your Go365 experience to give you feedback and tools to help you reach your wellness goals. This may include outreach by Go365 based on responses that you provide to us when completing your Health Assessment or risks identified from the results of your Health Assessment or Go365 biometric screening, if applicable.
  • For contacting members who have requested outreach by a representative of Go365 or Humana Wellness.
  • For the Go365 program, including your program enrollment, answering your questions and requests for services, handling complaints, and for making the Go365 program better.
  • With your employer or program sponsor when you enroll or disenroll from the Go365 program. We may share your personal health information with your employer or program sponsor as part of a summary report, as long as it does not include your name or any other information that identifies you.
    • We will share information with your employer that indicates your level of participation in the Go365 program without including your personal health information.
    • We will share information with your employer regarding invalid events or other submissions for rewards.
    • We will not share your personal health information with your employer or program sponsor unless you tell us that we can.
    • With your permission, we will share information with the employer who sponsors your Go365 program that indicates your eligibility for certain incentives the employer may offer, if applicable.
  • To contact you with information about other program benefits and services.
  • With your family, domestic partner and friends if you are unavailable to communicate, such as in an emergency.
  • For law enforcement purposes, to military authorities and as otherwise required by law.
  • For compliance programs.
  • With your health insurance plan for clinical health/disease management programs and other programs that may help Go365 members manage or improve their health.
  • To avert a serious and imminent threat to your health or safety or the health or safety of others.

Will Go365 use my information in any other way?

If we need to use your information in any way that we have not explained in this notice, Go365 will ask for your written permission before using or sharing your information. You may end your permission at any time by telling us in writing. We will not use or share your information for any reason not described in this notice without your permission.

What does Go365 do with my information when I am no longer a program participant?

Your information may continue to be used as described in this notice even when you are no longer in the Go365 program. If you leave the program, we will keep your information for a period of time as required by law. After that, we will destroy your information in a way that continues to protect your privacy.

How can I get a copy of this notice?

You can get a copy of this privacy notice by downloading or printing this form from the web or by contacting:

  • Go365 Privacy Office
  • P.O. Box 1438
  • Louisville, KY 40202-1438

What should I do if I believe my privacy has been violated?

If you believe your privacy has been violated in any way, you may file a complaint by contacting:

  • Go365 Privacy Office
  • P.O. Box 1438
  • Louisville, KY 40202-1438

How to get help in another language

Go365 has free help for members who don’t speak English or need extra help. Call the number on the back of your Go365 or Humana member ID card to contact Customer Care for help in any language that you need.

Privacy Policy Last Updated: 06/30/2020

This Privacy Policy explains how Go365, LLC (“Go365”, “we”, “us” and “our”) collects information based on your interactions with us, our website and mobile application. This Policy applies to Go365’s collection and use of California residents’ Personal Information, including where such use or collection may be governed by the California Consumer Privacy Act (CCPA). Where exceptions to the CCPA apply to a request you submit, we will provide you with an explanation as to why.

  • I. Personal Information Collected in the Past 12 Months

    We collect, process and store various types of Personal Information. For purposes of this Policy “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It does not include de-identified or aggregate information, or public information lawfully available from governmental records.

    The following list describes the categories of Personal Information covered by this Policy that we may have collected in the past 12 months and, for each category, where and why we collected it, and the categories of entities with which we shared the Personal Information.

    Categories of Consumers’ Personal Information (PI) Collected:

    • Category A – Identifiers /Demographics
      Examples: Name, postal address, Internet Protocol address, email address, Social Security number, or other similar identifiers
    • Category B – Protected classification characteristics under California or federal law Examples: age (over 40); sex/gender (including pregnancy, and/or related medical conditions); gender identity or gender expression; marital status
    • Category C – Commercial information
      Examples: records of products or services purchased, Go365 Mall, HealthyFoods Program
    • Category D – Internet or other electronic network activity information, including browsing and search history
      Examples: Access history and information on your interaction with our application. See Go365 Internet Privacy Statement
    • Category E – Employment-related information
      Examples: Employer information, employee ID number
    • Category F – Biometric Information
      Examples: Fingerprints, biometric data from labs and physicians
    • Category G – Geolocation Data
      Examples: Information derived from IP address information, GPS tracking on devices, Beacon check-ins
    • Category H – Audio, electronic, visual, thermal, olfactory, or similar information
      Examples: Apps and devices
    • Category I – Inferences drawn from any of the information identified in this subdivision to create a health risk profile reflecting the consumer’s health risks and activities to mitigate these risks
    • Category J – Activities related to program engagement and earning rewards

    Purpose of Collection

    • Provision of services to clients and potential clients, such as to process transactions, maintain account(s), respond to inquiries, particularly as relates to our wellness programs (“provision of services”)
    • Business operations, such as processing program data, and; managing administrative matters such as auditing customer transactions; Developing, maintaining, provisioning or upgrading networks, services or devices; conducting analytics to determine how to improve our services and develop new ones (“Business operations”)
    • Managing and responding to legal and regulatory requirements and requests, such as responding to court orders and legal investigations (“legal and regulatory requirements”)
    • Security, crime, and fraud prevention, such as protecting our systems and networks from unauthorized access and attacks, securing our facilities and personnel, verifying identities (“security and crime prevention”)
    • Marketing purposes – offering [our] services to you
    • Operating our websites and mobile application

    We obtain the categories of personal information listed above from the following categories of sources:

    • Go365’s clients, enrollees, prospective clients, or their representatives.
    • Information collected automatically through our websites or mobile applications, including through cookies
    • Publicly available sources
    • Cookies

    Categories of Personal Information We Have Disclosed for a Business Purpose

    In the past 12 months, we have disclosed the following categories of Personal Information for business purposes:

    • Category A: Identifiers/ Demographics
    • Category B: Protected classification characteristics under California or federal law.
    • Category C: Commercial information.
    • Category D: Internet or other electronic network activity information, including browsing and search history
    • Category E: Professional or employment-related information
    • Category F: Biometric Information.
    • Category G: Geolocation Data
    • Category H: Audio, electronic, visual, thermal, olfactory, or similar information
    • Category I: Inferences drawn from any of the information identified in this subdivision to create a health risk profile reflecting the consumer’s health risks and activities to mitigate these risks.
    • Category J: Activities related to program engagement and earning rewards

    Categories of Third Parties with Whom Personal Information was Shared:

    • Humana’s affiliates
    • Service providers
    • Research institutions
    • Other third parties as directed by our clients
    • Regulators

    Categories of Personal Information We Have Sold

    We have not sold any Personal Information in the past 12 months.

    Additional Information about How We Collect and Share your Personal Information

    With respect to each of the categories of data above, we may also collect and share Personal Information with third parties to comply with legal obligations; when we believe in good faith that an applicable law requires it; at the request of governmental authorities or other third parties conducting an investigation; to detect and protect against fraud, or any technical or security vulnerabilities; to respond to an emergency; or otherwise to protect the rights, property, safety, or security of our business, third parties, visitors to our websites and mobile apps, or the public. We may also share Personal Information with any person to whom we transfer any of our rights or obligations under any agreement, or in connection with a sale, merger or consolidation of our business or other transfer of our assets, whether voluntarily or by operation of law, or who is otherwise deemed to be our successor or transferee.

  • II. Personal Information We Will Continue to Collect About You and Why

    We will continue to collect the same categories of Personal Information listed above, for the same purposes. If this should change, we will issue an updated Privacy Notice.

    Rights Related to Personal Information Held by Us

    Your Right to Request Disclosure of Information We Collect And Share About You

    We are committed to ensuring that you know what Personal Information we collect. To that end, you can ask us for the categories and specific pieces of your Personal Information that we’ve collected about you in the 12 months prior to our receipt of your request.

    If you ask us for information about the categories of Personal Information we’ve collected, for each identified category, you may receive the following information:

    • The categories of sources from which your Personal Information was collected.
    • The business or commercial purposes for collecting your Personal Information.

    We are also committed to ensuring that you know what information we share about you. Thus, if you ask us for information about the categories of Personal Information we’ve collected, for each identified category, you may receive the following additional information:

    • The categories of third parties to which we’ve sold that Personal Information, and the business or commercial purpose for doing so.
    • The categories of Personal Information that we’ve shared with service providers who provide services for us.

    Our responses to any of these requests will cover the 12-month period preceding our receipt of the request.

    Your Right to Request the Deletion of Personal Information We Have Collected From You

    Upon your request, we will delete the Personal Information we have collected about you, except for situations where specific information is necessary for us to: provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us.

    California Shine the Light

    Residents of the State of California, under certain provisions of the California Civil Code, have the right to request from companies conducting business in California a list of all third parties to which the company has disclosed certain personally identifiable information as defined under California law during the preceding year for third-party direct marketing purposes. You are limited to one request per calendar year. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. You may request the information in writing by contacting the Humana Privacy Office, PO Box 1438, Louisville, KY 40202.

    Our Commitment to Honoring Your Rights

    We are committed to providing you with control over your Personal Information. If you exercise any of the rights explained in this Privacy Policy, we will continue to treat you fairly.

  • III. Non-Discrimination

    We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights.

  • IV. Exercising Your Rights and How We Will Respond

    To exercise any of the rights above, or to ask a question, contact us by calling the number on the back of your Humana or Go365 ID card or use the contact details set out at the end of this Privacy Policy.

    For requests for access or deletion, we will first acknowledge receipt of your request within 10 days of receipt of your request. We provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request in certain jurisdictions or under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.

    We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations.

    In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.

  • V. Verification of Identity – Access or Deletion Requests

    Requests for Specific Pieces of Personal Information

    We will ask you for at least three pieces of Personal Information and endeavour to match those to information we maintain about you. Additionally, we require that you provide a declaration attesting to your identity, signed under penalty of perjury.

    If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of the denial. Additionally, we will treat the request as one seeking disclosure of the categories of Personal Information we have collected about you and endeavour to verify your identity using the less-stringent standards applicable to such requests.

    Requests for Categories of Personal Information Collected About You

    We will ask you for at least two pieces of Personal Information and endeavour to match those to information we maintain about you.

    If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of our denial.

    Requests for Deletion of Personal Information We Have Collected From You

    We will ask you for at least two pieces of Personal Information and endeavour to match those to information we maintain about you.

    If we are unable to verify your identity with the degree of certainty required before providing you with the information requested, we will notify you to explain the basis of our denial.

    Authorized Agents

    You may designate an agent to submit requests on your behalf. The agent can be a natural person or a business entity that is registered with the California Secretary of State.

    If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our agent verification process. You will be required to verify your identity by providing us with certain Personal Information as described above, depending on whether you hold an account with us or not and the nature of the information your require, which we will endeavour to match the information submitted to information we maintain about you. Additionally, we will require that you provide us with written confirmation that you have authorized the agent to act on your behalf, and the scope of that authorization. The agent will be required to provide us with proof of the agency relationship, which may be a declaration attesting to the agent’s identity and authorization by you to act on their behalf, signed under penalty of perjury. If the agent is a business entity, it will also need to submit evidence that it is registered and in good standing with the California Secretary of State. Information to identify and verify your agent can be submitted through the same mechanism and at the same time that you submit information to verify your identity.

    Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with California law pertaining to powers of attorney.

    Requests for Household Information

    There may be some types of Personal Information that can be associated with a household (a group of people living together in a single dwelling). Requests for access or deletion of household Personal Information must be made by each member of the household. We will verify each member of the household using the verification criteria explained above.

    If we are unable to verify the identity of each household member with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of our denial.

  • VI. How We Protect Personal Information

    We implement and maintain reasonable security appropriate to the nature of the personal information that we collect, use, retain, transfer or otherwise process. Our reasonable security program is implemented and maintained in accordance with applicable law and relevant standards as outlined in the report issued by the California Attorney General in February 2016, available at https://oag.ca.gov/sites/all/files/agweb/pdfs/dbr/2016-data-breach-report.pdf. Specifically, among other safeguards, our reasonable security program implements and maintains all 20 of the Center for Internet Security’s Critical Security Controls for Effective Cyber Defense identified in Appendix A of the California Attorney General Report. As noted in that report, “there is no perfect security,” and reasonable security is a process that involves risk management rather than risk elimination. While we are committed to developing, implementing, maintaining, monitoring and updating a reasonable information security program, no such program can be perfect; in other words, all risk cannot reasonably be eliminated. Data security incidents and breaches can occur due to vulnerabilities, criminal exploits or other factors that cannot reasonably be prevented. Accordingly, while our reasonable security program is designed to manage data security risks and thus help prevent data security incidents and breaches, it cannot be assumed that the occurrence of any given incident or breach results from our failure to implement and maintain reasonable security.

  • VII. Do Not Track Signals

    We do not respond to browser or do not track signals.

  • VIII. Consumers Under 18 Years Old

    We may collect Personal Information about a child under 18 years old, if the Parent has provided personal information to us on behalf of a minor child.

  • IX. Changes to This Policy

    We will review and update this Policy as required to keep current with rules and regulations, new technologies and security standards. We will post those changes on the website or update the Privacy Policy modification date below. In certain cases and if the changes are material, you will be notified via email or a notice on our website.

  • X. Accessibility

    We are committed to ensuring that our communications are accessible to people with disabilities. To make accessibility-related requests or report barriers, please see Go365 Accessibility Resources.

  • XI. Contact us

    If there are any questions regarding this Privacy Policy or to request a copy of this Privacy Policy in another format you may contact us using the information below.

    Go365 Privacy Office
    P.O. Box 1438
    Louisville, KY 40202-1438
    1-866-861-2762

    Privacyoffice@humana.com