• Effective January 1, 2020

    At Castlight Health, Inc. (“Castlight“), we respect your privacy and take Internet privacy very seriously. In this Privacy Policy, we would like to tell you what personal data we collect, what we use it for and when it may be disclosed.

    By using www.castlighthealth.com/ or https://my.castlighthealth.com/ (including their subpages, collectively, “Castlight Health Corporate Websites“), you are agreeing to Castlight’s Terms of Service (which incorporates this Privacy Policy by reference) and to the practices described in this Privacy Policy, including consenting to the use and disclosure of certain information (including personal information) as outlined in this Privacy Policy. This Privacy Policy only applies to the Castlight Health Corporate Websites.

    If you have questions or complaints regarding our Privacy Policy or privacy practices, you can contact us at Castlight Health, Inc., 150 Spear Street, Suite 400, San Francisco, CA 94105, Attn: Chief Privacy Officer, at privacy@castlighthealth.com , or by calling us at (888) 722-0483.

    1. Information Collection and Use

    • Information Requests (Business to Business). If you wish to request more information about Castlight’s business, you are required to provide contact information such as your name and email address. This information will only be used by Castlight to contact you about our services.
    • Log Files. As with of most websites, Castlight automatically collects and stores in log files the Internet Protocol (IP) address of the computer you are using; the name of the domain and host from which you access the Internet; the browser software you use and your operating system; the date and time you access the service; and the Internet address of the website from which you directly linked to Castlight. We may combine this automatically collected log information with other information we collect about you. Castlight uses this log file information to analyze trends, monitor service traffic and usage patterns for internal marketing and security purposes, and to help make the Castlight Health Corporate Websites more useful.
    • Information from Third Parties. We may receive information about you from third parties. For example, we may supplement the information we collect with outside records or third parties may provide information in connection with a business relationship. If others give us your information, we will only use that information for the specific reason for which it was provided to us.
    • Information from Your Contacts. We may also collect from you information about your contacts. Your disclosure of such information is completely voluntary. When you provide us with information about your contacts, we will only use this information for the specific reason for which it was provided.
    • Survey you to evaluate and improve the Castlight service. If you choose to participate, we will request certain personal information from you. Participation in these surveys is completely voluntary. The requested information typically includes contact information (such as name and business address). We use this information to improve the service accuracy and develop new products. We may use a third party service provider to conduct these surveys or fulfill any prizes associated with campaigns. Unless we give you prior notice and choice, we will not share the personal information you provide through a contest or survey with other third parties for a reason unrelated to the contest or survey.
    • Locator information, which may include your name, email address, physical address, and/or other data that enables someone to personally identify you. Castlight and your Internet Access Provider may use locator information as is necessary to enforce any of the terms of the Castlight Terms of Service .
    • Provide access to gated areas of the Castlight Health Corporate Websites such as for webinars.
    • Operate the Castlight Health Corporate Websites.
    • Provide information as required by law.
    • Update you on Castlight’s services and its benefits.
    • Communicate with you.

    2. Disclosure of Information

    We do not sell your personal information. Unless you have otherwise consented to additional use or disclosure of your personal information, Castlight will only disclose such information to third parties as set forth in this Privacy Policy. We share information for the following reasons:

    • Compliance. We may disclose your personal information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request, subpoena or similar legal process and if Castlight is involved in a merger, acquisition, or sale of all or a portion of its assets. You will be notified via email and/or a prominent notice on the Castlight Health Corporate Websites of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
    • Communications. Certain communications (for example, requests for more information about our available services from prospective customers) are recorded and maintained by Castlight. Castlight considers these communications to be private and will not use or disclose these communications except as provided for in this Privacy Policy, where required by law, or unless you agree to additional use and disclosure of such information.
    • Third Party Websites. If you use Castlight to link to another website, you may decide to disclose personal information on that website. For example, you might provide your contact information to obtain information from another organization. Please be aware that in contacting that website, or in providing information on that website, that third party may obtain personal information about you. This Privacy Policy does not apply when you leave Castlight and go to a third party website from Castlight. We encourage you to be aware when you leave the Castlight Health Corporate Websites and to read the privacy policy of each and every website that collects personal information.
    • Service Providers. We may provide your personal information to companies that provide services to help us with our business activities (e.g. marketing). We may also provide personal information you choose to share with us on our recruiting webpage with third parties who provide recruiting related services to us. These companies are authorized to use your personal information only as necessary to provide these services to us.

    3. Opting Out or Opting In to Specific Uses of Information

    • If your personal information changes or if you no longer desire information regarding our service, you may correct, update, amend, or ask to have the information removed by emailing privacy@castlighthealth.com or by postal mail at Castlight Health, Inc., 150 Spear Street, Suite 400, San Francisco, CA 94105, Attn: Chief Privacy Officer. We will respond to your request within forty-five (45) days.
    • In certain situations, Castlight has no direct relationship with the individuals whose personal information it processes (e.g. if someone submits your name and email address to refer you for a job posting). An individual who seeks access, or who seeks to correct, update, amend, or delete inaccurate data should direct her query to Castlight. We will respond to requests within forty-five (45) days.
    • Updates and Castlight Service Marketing. Castlight may provide service updates, tips or education, or may promote the Castlight service to you as a prospective customer. You will be able to opt-out of any such email communications at any time. To opt-out of Castlight emails, please click the “unsubscribe” link at the bottom of any email or send an email with the subject line “Unsubscribe” to support@castlighthealth.com .
    • Text Messages. To opt-out of any text messages from Castlight via the text to down the Castlight mobile app on https://my.castlighthealth.com/ , please reply with “unsubscribe” in your message.

    4. Storage and Maintenance of Information

    Castlight will store and maintain your personal information in accordance with this Privacy Policy. We will also retain your information as needed to provide you services and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

    5. Security

    We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure and we cannot guarantee its absolute security. If you have any questions about security on the Castlight Health Corporate Websites, you can contact us at privacy@castlighthealth.com .

    6. Tracking Technologies

    In relation to the Castlight Health Corporate Websites, we may use technologies such as cookies, web beacons, tags, scripts and other storage technologies to collect or receive information. These technologies help us save your preferences, understand how you navigate through the Castlight Health Corporate Websites and improve your experience.

    Cookies: Cookies are small data files that we transfer to your device to collect information about your use of the Castlight Health Corporate Websites. Cookies can be recognized by the website that downloaded them or other websites that use the same cookies. This helps websites know if your browsing device has visited them before. We use both first-party and third-party cookies on the Castlight Health Corporate Websites for the following purposes: to make the Castlight Health Corporate Websites function properly, to improve the Castlight Health Corporate Websites, to track your interaction with the Castlight Health Corporate Websites, to enhance your experience with the Castlight Health Corporate Websites, to remember information you have already provided, to collect information about your activities over time and across third party websites or other online services in order to deliver content tailored to your interests; and to provide a secure browsing experience during your use of the Castlight Health Corporate Websites. The length of time a cookie will stay on your browsing device depends on whether the cookie is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your browsing device until they expire or are deleted. The following types of cookies are used on the Castlight Health Corporate Websites:

    • Strictly Necessary Cookies. These cookies are essential because they enable you to use the Castlight Health Corporate Websites. For example, strictly necessary cookies allow you to access secure areas of the Castlight Health Corporate Websites and for us to provide the Websites. These cookies do not gather information about you for marketing purposes. This category of cookies is essential for the Castlight Health Corporate Websites to work and they cannot be disabled.
    • Functional or Preference Cookies. We use functional cookies to remember your choices so we can tailor the Castlight Health Corporate Websites to provide you with enhanced features and personalized content. For example, these cookies can be used to remember your name or preferences on the Castlight Health Corporate Websites. We do not use functional cookies to target you with online marketing. While these cookies can be disabled, this may result in less functionality during your use of the Castlight Health Corporate Websites.
    • Performance or Analytic Cookies. These cookies collect passive information about how you use the Castlight Health Corporate Websites, including webpages you visit and links you click. We use the information collected by such cookies to improve and optimize the Castlight Health Corporate Websites. We do not use these cookies to target you with online marketing. You can disable these cookies.

    Other Tracking Technologies. We may also use tracking technologies to collect “clickstream” data, such as the domain name of the service providing you with Internet access, your device type, IP address used to connect your computer to the Internet, your browser type and version, operating system and platform, the average time spent on the Castlight Health Corporate Websites, webpages viewed, content searched for, access times and other relevant statistics, and assign unique identifiers to the device or other credentials you use to access the Castlight Health Corporate Websites for the same purposes.

    Pages of the Castlight Health Corporate Websites and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

    Pages of the Castlight Health Corporate Websites may also use Java scripts, which are code snippets embedded in various parts of websites and applications that facilitate a variety of operations including accelerating the refresh speed of certain functionality or monitoring usage of various online components; entity tags, which are HTTP code mechanisms that allow portions of websites to be stored or “cached” within your browser to accelerate website performance; and HTML5 local storage, which allows data from websites to be stored or “cached” within your browser to store and retrieve data in HTML5 pages when the website is revisited.

    You can control the use of cookies at the individual browser level. If you reject cookies, you may not be able to use some or all portions or functionalities of the Castlight Health Corporate Websites.

    • First Party Cookies: You can enable, disable or delete cookies via your browser settings. To do this, follow the instructions provided by your browser, usually located within the “Help”, “Tools”, or “Edit” settings of your browser. Many browser manufacturers provide helpful information about cookie management, including, but not limited to: Google Chrome; Internet Explorer; Mozilla Firefox; Safari (desktop or mobile); Android Browser, and Opera.
    • Third Party Cookies: Any cookies that are placed on your browsing device by a third party can be managed through your browser (as described above) or by checking the third party’s website for more information about cookie management and how to “opt-out” of receiving cookies from them. Also, most web browsers provide help pages relating to setting cookie preferences. More information may be found for the following browsers here:

      1. Google Chrome
      2. Internet Explorer
      3. Mozilla Firefox
      4. Safari (Desktop)
      5. Safari (Mobile)
      6. Android Browser
      7. Opera
      8. Opera Mobile

    Do Not Track: Some Internet browsers (e.g. Internet Explorer, Mozilla Firefox, and Safari) include the ability to transmit “Do Not Track” or “DNT” signals. Since uniform standards for “DNT” signals have not been adopted, the Castlight Health Corporate Websites currently do not process or respond to “DNT” signals.

    Location Information: You may be able to adjust the settings of your device so that information about your physical location is not sent to us or third-parties by: (a) disabling location services within the device settings; or (b) denying certain websites or mobile applications permission to access location information by changing the relevant preferences and permissions in your mobile device or browser settings. Please note that your location may be derived from your WiFi, Bluetooth, and other device settings. Please see your device settings for more information.

    7. Changes to the Privacy Policy

    Castlight will only use your personal information in the manner described in the Privacy Policy in effect when we collected the information from you. However, we reserve the right to change the terms of this Privacy Policy at any time by posting those changes on our service so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point, we decide to use personally identifiable information in a manner different from that stated at the time it was collected or if we make any changes which materially reduce your rights under this Privacy Policy, we will document such change on the Castlight Health Corporate Websites. We urge you to check here for any updates to this Privacy Policy from time to time.

    8. CALIFORNIA CONSUMER PRIVACY ACT – IMPORTANT NOTICE TO CALIFORNIA RESIDENTS

    This Section 8 applies only to California residents and contains the information that the Californian Consumer Privacy Act of 2018 (“CCPA“) requires us disclose. Any terms defined in the CCPA have the same meaning when used in this Section 8. For purposes of this Section 8 only, “Personal Information” has the meaning given in the CCPA, but excludes information exempted from the scope of the CCPA.

    This Section 8 describes Castlight’s collection, use and sharing practices in relation to Personal Information of California residents during the twelve (12) months preceding the effective date of this notice, and informs California residents of their rights with respect to that Personal Information.

    Below is a summary of the “Personal Information” categories, as identified and defined by the CCPA (see California Civil Code section 1798.140 (o)), that Castlight collects, the reason Castlight collects your Personal Information, where Castlight obtains your Personal Information, and the parties with whom Castlight may share your Personal Information.

    Information We Collect

    The Castlight Companies collect the following categories of Personal Information about you when you visit or use the Complete Sites:

    • Identifiers such as a name, contact information, and online identifiers, such as device IP address and identification numbers associated with your devices;
    • Commercial information such as name, contact information, title, the types of Castlight services an prospective (business) customer is interested in purchasing and communications with prospective (business) customers;
    • Internet or other electronic information regarding your browsing history, search history, the webpage visited before you came to the Castlight Health Corporate Websites, length of visit and number of page views, click-stream data, locale preferences, your mobile carrier, date and time stamps associated with transactions, and system configuration information; and
    • Your geolocation, to the extent you have configured your device to permit us to collect such information.

    We generally do not collect financial information, inferences, protected classifications, education-related information, physical description, biometric information, sensory information or medical information.

    Sources of, Use of, and Sharing of Personal Information

    We describe the sources from which we collect this information and the business and commercial purposes for which we collect this information in the section above entitled Information Collection and Use. The CCPA defines a “business purpose” as the use of Personal Information for the business’s operational purposes, or other notified purposes, provided the use of Personal Information is reasonably necessary and proportionate to achieve the operational purpose for which the Personal Information was collected or another operational purpose that is compatible with the context in which the Personal Information was collected.

    For information about the categories of third parties with whom we may share your Personal Information please see the section above entitled “Disclosure of Information“.

    Your Rights and Choices

    • As a California resident, you have rights in relation to your Personal Information; however, your rights are subject to certain exceptions. For instance, we cannot disclose specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the Personal Information, your account with us or the security of our network systems.
    • You may exercise your California privacy rights to know, access and deletion by emailing privacy@castlighthealth.com . Please note that we will need to confirm your identity and California residency to process your requests to exercise your rights to know, access or delete your Personal Information. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
      • Right Against Discrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions. We will not discriminate against you for exercising your right to know, access, deletion or to opt-out of sales.
      • Right to Know. You have the right to request the following information about how we have collected and used your Personal Information during the past twelve (12) months:
        • The categories of Personal Information that we have collected.
        • The categories of sources from which we collected Personal Information.
        • The business or commercial purpose for collecting and/or selling Personal Information.
        • The categories of third parties with whom we share Personal Information.
        • Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third party recipient.
        • Whether we have sold your Personal Information, and if so, the categories of Personal Information received by each category of third party recipient.
      • Right to Access. You have the right to request a copy of the specific Personal Information we collected about you during the twelve (12) months before your request.
      • Right to Deletion. You have the right to request a copy of the specific Personal Information we collected about you during the twelve (12) months before your request.
      • Right to Opt-Out of Sales. You have the right to opt-out of having your Personal Information sold. In the last twelve (12) months, we shared certain identifiers to our advertising partners for retargeting relevant advertisements. Under the CCPA, such sharing may be considered a “sale” of Personal Information. As of the effective date of this Policy, we no longer share certain identifiers with our advertising partners for retargeting advertisements, and we do not sell your Personal Information.

      In addition, California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of Personal Information to third-parties for their direct marketing purposes. To make such a request, you can contact us by emailing privacy@castlighthealth.com, or by postal mail at Castlight Health, Inc., 150 Spear Street, Suite 400, San Francisco, CA 94105, Attn: Chief Privacy Officer.