Effective starting: April 14, 2020 (view archived versions)
Nothing in this Policy limits your rights under applicable laws, including your ability, depending on your country of residence, to file a complaint with your local Data Protection Authority.
What Information does League collect about me?
We collect Information about you when you provide it to us, when you use our Platform and when other sources provide it to us, as described below. Please note that for the purpose of clarity and ease, we will refer to Personal Information or Information for all categories mentioned below throughout this Policy.
Personal Information you provide to us
Simply stated, Personal Information is any information about you as an identifiable individual. The Member Information we may collect from you includes:
• Your first and last name, home address and phone number;
• Your gender and date of birth;
• The email address you use to sign-in and communicate with us;
• Other log-in information such as your password;
• Information about your profession including your employee ID, income, role and employment status;
• Your dependents (if any) and their information;
• Information about services and products you buy or sign-up for through League’s Marketplace;
• Information about your participation and performance in Activities and Programs;
• Health rewards that you can earn by participating in qualifying activities;
• Any Information you provide to us while chatting and interacting with the League Concierge, a Marketplace Service Provider or a Customer Care agent;
• The comments and contributions you may make on the Platform;
• Additional information you may provide as you submit queries and requests to us.
Health and Wellness Information (“Health Information”) is data related to your physical and mental health as well as medical history, including symptoms, diagnosis, procedures and outcomes. When using League’s Platform you may provide certain health or health-related information to us. Health Information includes:
• Insurance data such as insurance carrier, plan, group and member ID as well as claim information if you opt in to share this data with League;
• Identifiers connected to your health benefits and group plan membership such as Social Security Numbers (U.S.) and Social Insurance Numbers (Canada);
• Any Health Information you provide to us while chatting and interacting with the League Concierge, a Marketplace Service Provider or a Customer Care agent;
• Health information when you submit a claim towards your benefit spending accounts through the Platform;
• Information about your health, fitness, nutrition and finance provided by you through Health Profile;
• Information about health-related services and products you buy or sign-up for through League’s Marketplace.
Payment Information is data related to your bank account, debit or credit card. We collect your bank account and billing information when you register for the Platform to process your spending account claims or for any payments through League’s Marketplace. By linking your bank account to your League account, you authorize us to submit your Payment Information to the financial institution that will process your employee benefit payment.
Personal Information we get from others
Employment and Benefit Information – We may also get Information about you from other sources. For example, we may get employment information from your Employer or Carrier to enroll you in your health benefits and our Platform. The data set may include your first and last name, employee ID, income, role, employment status and dependent information. The data set depends on what your employer shares with us. While you are a Member and use the Platform, we may receive additional employment or benefit information from your Employer or Carrier. We might add this Information to your account. Please note that we will only use and store the information necessary to enroll you in your benefits and our Platform.
Social Media Account Information – If you create your League account using a social media account (e.g. Google, Facebook) we may also collect Information provided to us by that social media service. This Information may include your name, email address, language preference and profile picture.
Information we collect automatically when you use the Platform
Device and Connection Information – We collect information about your computer, phone, tablet or other devices you use to access the Platform. This Device and Connection Information includes your connection type and settings when you install, access, update or use our Platform. We also collect Information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers and crash data. We use this additional information to enhance the security controls around Platform access and resolve bugs and errors that may exist on the Platform. We use your IP address and/or country preference to approximate your location so we can provide you with a better Platform experience.
How does League collect my Information?
League receives employment information from your employer or insurance carrier so we can set up your profile and prepare your account for enrollment. After that, we collect your Information when you sign-up for League’s Platform and as you submit it through the use of the Platform.
Depending on the Services and integrations you participate in or enable and the Service being offered to you by your employer through the League Platform, we may collect Personal Information through your use of the particular Services and integrations. These integrated services and solutions may have their own and separate consent process required prior to you using them with League.
How does League use my Information?
How we use the Information we collect depends in part on which Services are offered to you, which Services you use, how you use them and any preferences you have communicated to us. Below are the specific purposes for which we use the Information we collect about you.
For enrollment and decision support – We guide you every step of the way so you fully understand your options and choose the best coverage for your needs. To do so, we gather the Information we have received from your employer about you and apply eligibility rules to facilitate your enrollment into your health benefits as well as any other benefit spending accounts offered to you through your employer.
For a personalized digital wallet – We provide you with one easily-accessible place to manage your coverage, dependents and benefit spending accounts.
For processing your claims – If you are being offered additional benefit spending accounts by your employer through the League Platform, you can submit eligible claims online. In order to process these claims and reimburse your bank account, we process the claim information provided to us by you and use the Payment Information we have on file.
For Customer Care services – Through the Platform you have immediate live chat support for all your benefit-related questions. To answer your request and to provide you with personalized recommendations, our agents access your Personal Information on file and may ask you to provide us with additional Information. Additional Information requested or provided by you may contain Health Information.
For immediate, expert health and wellness guidance – We provide health and wellness-related guidance and navigational support through live chat with Health Concierge. To answer your request and to provide you with personalized guidance, League’s Concierges access your Personal Information on file and may ask you to give them additional information including Health Information.
For creation of your personalized health profile – As a Member of League’s Platform you have access to a central place for your health information, personal progress on health and wellness programs, earned rewards and any Device and Third Party App integrations. League uses Personal Information and Health Information you provided to us to help you understand your health risks and long-term outcomes and how you can use your benefits and programs to improve your overall health and wellbeing.
For health and wellness assessments – You may have access to League’s health assessment (“Health Profile”). Through a number of questions, the Health Profile assesses your wellbeing across a number of dimensions. You don’t have to complete the Health Profile if you don’t want to share this information with us.
For processing your orders and to facilitate bookings and communications with a Service Provider – Through League’s Marketplace we provide you with offers and discounts on products and services that support better health, fitness and wellbeing. When you buy products or sign-up for services through the Marketplace, we access your Personal Information including your benefit spending accounts and Payment Information. League needs access to this Information to process your order and payments and facilitate communication between you and the Service Provider.
For safety, security and compliance – We use information about you and your Platform use to identify you as a member of our Platform, verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Platform policies.
To provide the Platform and personalize your experience – We use Information about you to provide the Platform to you, to enhance the security controls around Platform access and resolve bugs and errors. We may also use your Information to verify your geographic location. We may use your geographic location data to personalize your experience in the Platform, to recommend content and to see whether the information you request is available in your location.
For research and development – We’re always looking for ways to make our Platform smarter, faster, secure, integrated and useful to you. We use collective learnings about how people use our Platform and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Platform.
To market, promote and drive engagement – If you give your consent, we use your Information to send newsletters, surveys, offers and promotional materials that may be of interest to you and tailored to your individual health and wellness goals. You can opt out of receiving such messages from League by following the opt-out instructions in these messages. If you opt out, we may still send you non-commercial electronic messages, such as messages about your account or our ongoing business relations. Please note that League does not sell or share your Information to third parties for their marketing purposes.
How League shares Information we collect
We may share your Information with third parties so we can provide our services to you. If we need to share your Information with third parties, we will limit the Information to the minimum amount necessary to ensure the provision and quality of the Services we offer you. We share your Information with third parties as follows:
Contractors – We may disclose your Personal Information with contractors that work on our behalf and assist us in providing and supporting the services we offer.
Third Party Providers – We share Information with third parties that help us operate, provide, improve, integrate, customize and support our Platform and Services we offer to you such as:
• Cloud hosting services;
• Customer service platform;
• Credit card processing;
• Health concierge;
• Connector services and data integration.
If a Third Party Provider needs to access Information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your Information. Our Third Party Providers undergo a thorough security and privacy review as a part of the evaluation process and then regular SOC1, SOC2 and/or ISO/IEC 27001 audit reviews thereafter. In the event these audits have material findings that present risks to League or our clients, we work closely with the vendor to track their remediation efforts until the issue has been resolved.
Insurance Carriers – We’ll automatically feed your benefits elections and status/profile updates to your Insurance Carriers for faster, more accurate enrollment and to determine eligibility. When you reach out to us for support about your eligibility or coverage, we may share this Information with your Insurance Carriers on your behalf.
Service Providers – We may share your information with Service Providers you choose through the League Platform including our Marketplace. When you book an appointment and buy a product through the Platform, we automatically provide your first and last name as well as a Service or product description to the Service Provider. We want everyone to feel safe and cared for when they visit League Marketplace or use a Service Provider offered through the Platform. So before we admit any new Service Providers, we thoroughly review their practices to make sure they’re in line with our standards. We also regularly review our Service Providers to make sure they stay compliant.
Devices and Third Party Apps – You may choose to add new functionality and Information to your account by connecting Devices and Third Party Apps to your account. If you do, you may give these Devices and Third Party Apps access to your account and Information about you like your name and email address, and any content you choose to use in connection with those apps and devices. Device and Third Party App policies and procedures are not controlled by us, and this Policy does not cover how Devices and Third Party Apps use your Information. We encourage you to review the privacy policies of third parties before connecting to or using their applications or services to learn more about their privacy and information handling practices. If you object to Information about you being shared with these third parties, please disable the device or app within your League account settings.
Law Enforcement, Governmental Authorities and Agencies – We may disclose information we have collected from and about you – including Personal Information – if we believe in good faith that it’s necessary to:
• comply with relevant laws or to respond to subpoenas or warrants served toon us;
• protect and defend our rights or property, our Customers, our Suppliers, or other third parties; or
• in certain situations, abide by lawful requests by public authorities to disclosure of Personal Information, including to meet national security or law enforcement requirements.
Merger, Sales and Acquisition – In the event that we (a) undergo reorganization or (b) that League is sold to a third party, any Personal Information we hold about you may be transferred to the re-organized entity or third party, in accordance with applicable laws and regulations. If an acquisition like this occurs, the new entity will continue to use your Personal Information within the limits of this Policy, to continue delivering your service.
Is my Personal Information and other data secure?
At League, we take security and privacy very seriously. We’re committed to protecting your data, and our highest priority is keeping your sensitive information – especially your personal health information – safe. We follow strict security and compliance standards not only because we need to meet specific regulations, but because we consider it one of the most important things we can do for you.
Security is at the heart of every process and every technology we use across all our teams at League. The League Platform is regularly audited to make sure it complies with security, availability and confidentiality requirements for managing client data.
Communication with League should always be done through the League Platform where the information is encrypted. While League makes every effort to secure all communications within our control and in our Platform, please be advised that no method of delivery is absolutely secure and any communication of Personal Information may be accidentally or deliberately intercepted by third parties. No company, including League, can fully eliminate security risks associated with your Information. While we strive to protect your Information, we cannot guarantee its security.
To help protect yourself and your Information, choose a unique password for our Platforms and do not use a password that you would use on any other website or online service. You are responsible for the security of your Information that you transmit to us or view, download or otherwise access when using public or otherwise unsecured networks. If you use a mobile device to accept your authorization code, you should have the ability to remotely wipe the phone in the event that your device is lost or stolen.
Who at League has access to my Information?
Your Personal Information is maintained on League’s infrastructure or those of third-party providers. For that reason, League employees and contractors have access to your Information so we can provide you with quality services, including Member support and Health Concierge services. Our employees and contractors are obligated to respect the confidentiality of your Personal Information and are only authorized to access your Information as necessary to provide you with Services or support.
In the event that we (a) undergo reorganization or (b) that League is sold to a third party, any Personal Information we hold about you may be transferred to the re-organized entity or third party, in accordance with applicable laws and regulations. In the event of an acquisition, the new entity will continue to use your Personal Information within the limits of this Policy, to continue delivering your service.
Can I correct or update my Information?
Yes. If your Personal Information changes over time or you realize your Information is outdated or incorrect, you have a right to be able to update or correct it. You may update or correct the Information by changing it right in the Platform. If you aren’t able to update or correct the Information right in your account, you can reach out to us through the Chat function in the Platform. You can also contact us at firstname.lastname@example.org to request that we update or correct the Information for you. We will respond to your request within a reasonable timeframe.
Can I find out what Information League has collected about me?
Yes. All our Members, no matter where they live, except in specific circumstances identified by local laws, have a legal right to access the Information we have collected about them and an account of its use and disclosure. You can request a copy of all the Information and data we hold about you. We’ll give you a copy of the data in a standard format through a secure channel. To make this request, reach out to us at email@example.com. We will respond to your request within a reasonable timeframe.
For California residents – In accordance with the California Civil Code Section 1798.83, you may contact us at the address below to request certain information about the disclosure of Personal Information to third parties for their direct marketing purposes.
Can my Information be deleted?
Please note that we may not be able to delete your Information without also deleting your Member account. You may terminate your account at any time by submitting a deletion request to firstname.lastname@example.org. Once your account is terminated, you will no longer be able to access or use your health and wellness benefit accounts offered through the League Platform as well as Programs and Services.
Please note that we will only retain your Personal Information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To figure out the appropriate retention period for Personal Information, we consider the amount, nature and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, the applicable legal requirements, and regulatory retention periods.
Can I request that League restrict processing for some of my Information?
Because of the type of Services we offer, we can’t accommodate requests to restrict the processing of certain sets of Information. You, however, will be able to limit the Information added to your profile based on your use of Services and participation in Programs, the Devices and Third Party Apps you connect to your account and the consent you provide for any data sharing practices. If you want us to stop processing parts of your Information, you can request that all data be deleted through the process above. You can also limit the Personal Information provided to us as you participate in the Services and programs offered to you.
If you have connected any Devices or Third Party Apps, you can manage the data sharing and processing setting for each of them through your League account.
If you’ve provided your consent for additional data sharing, you can withdraw your consent at any time. To do so, please reach out to us through the Chat function in the Platform or by contacting email@example.com.
If you provide your consent, we use your Information to send newsletters, surveys, offers and promotional materials that may be of interest to you and tailored to your individual health and wellness goals. You may opt out of receiving such messages from League by following the opt out instructions in these messages. If you opt out, we may still send you non-commercial electronic messages, such as messages about your account or our ongoing business relations.
Where is my Information being transferred?
League is headquartered in Canada, has an office in the United States, and uses Third Party Providers in other countries. Your Personal Information may be transferred to the United States or other locations outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. League takes appropriate steps to protect your privacy and implement reasonable security measures to protect your Personal Information in storage and transmission. We also enter into contracts with our Third Party Providers that require them to treat Personal Information in a way that’s consistent with this Policy.
I am an EU resident – What do I need to know?
This is for residents of the European Union (“EU”) including the European Economic Area (“EEA”) countries of Iceland, Liechtenstein, Norway and, where applicable, Switzerland. Our processing of Personal Information of Members who are in the EU is governed by the General Data Protection Regulation (“GDPR”). The GDPR requires us to give you certain information about your data and rights:
Data Controller – League is the data controller of Personal Information provided to, or collected by or for, our Platform and Services. But we may act as a data processor on behalf of your employer for Personal Information that we process on their behalf when providing the Platform and Services.
Legal basis for processing – We only use your Information as permitted by law. We are required to inform you of the legal basis of our processing of your Personal Information, which are described in this Policy. If you have questions about the legal basis of how we process your Information, reach out to us at firstname.lastname@example.org.
- Enrollment and decision support
- Personalized digital wallet
- Processing your claims
- Customer Care services
- Expert health and wellness guidance
- Creation of your personalized health profile
- Health and wellness assessments
- Processing your orders and to facilitate bookings and communications with a Service Provider
- Providing the Platform and personalizing your experience
- Safety, security and compliance
- Research and development
- Marketing, promoting and driving engagement
Legal Basis for Processing
- This processing is necessary to the fulfillment of our contracts with employers.
- This processing is necessary to the legitimate interests of League
Cross-Border Data Transfer – Whenever we transfer your personal information out of the EU to countries not deemed by the European Commission to provide an adequate level of protection, the transfer will be based on one of the following safeguards recognized by the European Commission as providing adequate protection for Personal Information:
Use for new purposes – We may use your Personal Information for reasons not described in this Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your Personal Information for an unrelated purpose, we will notify you and explain the legal basis.
Contracts approved by the European Commission which impose data protection obligations on the parties to the transfer. For details, see European Commission Model contracts for the transfer of Personal Information to third countries.
For transfers to Third Party Providers in the United States, ensuring they participate in the EU-US Privacy Shield Framework.
Please reach out to us if you want more information on the specific mechanism we use when transferring your Personal Information out of the EU.
Your rights to access, correct, restrict or delete your Personal Information and object to processing – You have the right to request access to your Personal Information, to have your Information corrected, restricted or deleted, and to object to our processing of your Personal Information. You also have the right of data portability, which means that you can request that we provide you (or a third party you designate) with a transferable copy of the Personal Information that you have provided to us. Your rights may be subject to various limitations under the GDPR. If you wish to exercise any of these rights, or if you have any concerns about our processing of your Personal Information, please contact us in any of the ways listed in the section “Contact Us” below.
Right to Lodge a Complaint with a Supervisory Authority – You have the right to file a complaint about our processing of your Personal Information with your national (or in some countries, regional) data protection authority.The EU Commission has a list here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Privacy of Minors
Individuals under the age of eighteen (18) should not transfer any Personal Information to us. We will neither intentionally ask for Information of users under the age of eighteen, nor process their Personal Information.
Additional notice to residents of the United States: We do not intentionally collect or maintain Information from visitors of the website or Platform who are under thirteen (13) years old.
If you’d rather file an anonymous complaint, you can do so through our whistleblower hotline provided by an independent Third Party Provider. You always have the option to remain completely anonymous. Complaints can be made 24/7/365 through one of the following channels:
Phone – 1-866-921-6714 (toll free number in North America)
Email – email@example.com
Web Portal – https://www.integritycounts.ca/org/league
Fax – 1-604-926-5668
Mail – PO Box 91880, West Vancouver, British Columbia V7V 4S4 Canada
For EU Residents – To lodge a complaint with a supervisory authority under the GDPR, please see “I am an EU resident – What do I need to know?” above.
Attention: Privacy Officer – Information Security & Privacy
225 King St W, Suite 800, Toronto, Ontario M5V3C6