Limeade Privacy Policy
Effective Date: March 31, 2023
Limeade is committed to making this Privacy Policy available in multiple languages. To change the language, click the button on the top right corner and select your preferred language.
YOUR PRIVACY IS IMPORTANT TO US
Limeade is an immersive employee well-being company that creates healthy employee experiences. Limeade Institute’s science guides its industry-leading software and its own award-winning culture. Today, millions of users in over 100 countries use Limeade solutions to navigate the future of work. By putting well-being at the heart of the employee experience, Limeade reduces burnout and turnover while increasing well-being and engagement — ultimately elevating business performance. This privacy policy explains how Limeade collects, processes, and shares personal data about you. If you have questions about these practices, please contact us using the contact details provided below.
WHEN DOES THIS PRIVACY STATEMENT APPLY?
This Privacy Policy applies to Limeade, Inc. and our controlled affiliates and subsidiaries, Limeade GmbH and Limeade Technologies Inc. (“Limeade”, “our”, or “we”).
WHAT DOES THIS PRIVACY POLICY EXPLAIN?
This privacy policy explains the collection and use of your information from this website www.limeade.com and https://events.limeade.com/limeade-engage (“Websites”) and our sales and customer relationship management services. This privacy policy also covers a suite of products and services (“Limeade Platform”) paid for by your employer (Limeade customer) and provided to its employees, (collectively defined as “Services”).
By using the Services and unless otherwise agreed to with your employer, you consent to Limeade sharing your personal information with your employer.
WHAT PERSONAL INFORMATION DOES LIMEADE COLLECT?
The lawful bases that enable Limeade to collect and process personal data include your consent, necessity for provision of the Services and for operation of our business, to meet our contractual and legal obligations, to protect the security of our systems and our customers, and to fulfill other legitimate interests.
Personal information or personal data means any information used to directly or indirectly identify someone. Personal information may be collected directly from you, your employer, your health benefits provider, or any other third-party data sources that include, but are not limited to:
- first name and last name
- email address
- date of birth
- gender
- any image or photograph
- phone number
- address
- country
- Social Security number
- gender
- hire date
- job title
- health benefits
- health information
- biometric information
- information shared on the Limeade Platform
- well-being and survey data
WHAT INFORMATION IS COLLECTED AUTOMATICALLY?
When you use our Services, some information is collected automatically, that may include the following:
- device information (your device’s model, operating system version, mobile network information, operating system and system settings, your browser type, browser language, Internet Protocol (IP) address, the country and time zone in which your device is located, the Platform pages you viewed and how long you viewed them, and similar identifiers). Limeade may associate some device information with your Limeade account;
- mobile application information (application data and metadata stored on your device when permitted by your operating system settings);
activity or biometric information if you chose to connect a fitness tracker or similar device to the services (such as your steps, athletic or recreational activities, exercise frequency, and/or information about your nutrition such as calorie intake, nutritional statistics, and blood pressure). Also, as further described in the Cookie Notice, our Websites and online services store and retrieve data using cookies set on your device.
WHAT INFORMATION IS OBTAINED FROM OTHER THIRD-PARTY SOURCES?
We may also obtain information from third parties’ sources, including:
- third-party resellers (“Third-Party Resellers") with which we have contracted to resell the Limeade Platform to employers and/or health benefits providers; and
- applications and services, such as social networks, that make users’ information available to others.
We may link together different types of information we obtain from different sources, including linking it to data that identifies you. In such a case, Limeade treats the linked information as personal data and protects it as such. Limeade's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
When you are asked to provide personal data, you may decline. You can also use app or device controls to prevent certain types of automatic data collection where available. If you choose not to provide or allow the collection of information required for certain services, those services may not be available and/or may not function correctly.
HOW DOES LIMEADE USE COOKIES AND OTHER DATA COLLECTION TECHNOLOGY?
We use and may allow others to use cookies and similar technologies (e.g., pixels) to operate our Websites and to help collect data. Please read our Cookie Notice for more information on our use of cookies and how you can control them.
Some web browsers (including Safari, Internet Explorer, Firefox, and Chrome) incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have their online activity and behavior tracked. If a website that responds to a DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many website operators, including Limeade, do not respond to DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described in our Cookie Notice.
HOW DOES LIMEADE USE PERSONAL DATA?
Limeade uses personal data collected from you, your employer, or third parties for the purposes described in this Privacy Policy or as otherwise disclosed to you. For example, we use personal data to:
- identify you for the use of the Limeade Platform, provide support, and respond to your questions;
- help you use the Limeade Platform, such as to complete well-being assessments and surveys, track rewards, and participate in activities;
- allow connection of a third-party device like a fitness tracker or similar device for use with the Limeade Platform;
- provide and deliver the Services (including securing, troubleshooting, improving, and personalizing those Services);
- share with third-party well-being providers (“Third-Party Well-Being Providers”) to enable them to administer the activities that your employer selects and that you choose when you use the Limeade Platform;
- operate our business (including by improving our internal operations, securing our systems, and detecting fraudulent or illegal activity);
- provide reasonable security measures to protect your personal information;
- manage your employer’s vendor or customer account at Limeade and process payments;
- communicate with you about our products and services; and
- develop new services, functionality, features, and products.
Limeade may aggregate information collected though the Services and remove identifiers so that the information neither identifies nor can be used to identify an individual who uses the Services (“Aggregated Data”). Because it cannot be used to identify any specific individual, Aggregated Data is not considered “personal data.”
HOW DOES LIMEADE SHARE INFORMATION?
Limeade may share your personal data in connection with providing services to the Limeade Platform.
- Third-Party Well-Being Providers. Where your employer selects a third party to provide well-being or related services to you through the Limeade Platform as part of its agreement with Limeade, Limeade may disclose relevant personal data such as your name and contact information to those third-party well-being providers (“Third-Party Well-Being Providers”) to enable them to contact you to offer their services in support of your health and wellness goals.
- Activities on the Limeade Platform. To administer the activities that your employer selects and that you choose when you use the Limeade Platform (“Partner Activities”), we may share relevant personal data. If you accept services offered by a Third-Party Well-being Provider or participate in a Partner Activity, you may be asked to agree to their terms and conditions or enter into another agreement. When you do so, you are making your agreement with the Third-Party Well-being Provider, not with Limeade.
- Employers. At the request of your employer, Limeade may disclose relevant personal data solely for the purpose of administering your benefits.
- Health Plans. At your employer’s direction, Limeade may disclose relevant personal data (some of which may be sensitive health information) collected in connection with the Limeade Platform to your health plan or group health plan.
- Required by Law. We may share personal data in response to lawful requests by public authorities to meet national security or law enforcement requirements.
- Sale, Merger, or Acquisition of Assets. Your information may be transferred to relevant parties in the event of a sale, transfer, liquidation, merger, acquisition, consolidation, or other change of control transaction of substantially all of the assets of your employer company.
- Consent. By use of our products, Services, and Websites described in this Privacy Policy, you consent that Limeade may disclose your personal information in the ways listed above.
Limeade Services. Limeade also shares personal data collected via the Services as follows:
- Limeade shares personal data with its subsidiaries and with third-party service providers that perform services on behalf of Limeade (e.g., web hosting, translations, collaboration and communication tools, payment services, customer relationship management, or data storage or analysis). Any third party with which we share personal data must agree to safeguard it in substantially the same manner as described herein and in accordance with all applicable laws.
- Limeade may share personal data with relevant third parties if Limeade is involved in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, or other change of ownership or control (in whole or in part), but your data will remain protected as described herein.
- When an employer or health plan purchases the Limeade Platform through an entity other than Limeade, we may share personal data collected in the context of the Limeade Services with that entity (a “Third-Party Reseller”) to enable them to provide their services, to administer your benefits, or as otherwise permitted by law. This does not mean that we resell any portion of your personal data for any purpose — we do not.
Limeade will share personal data when you consent to such sharing. If you choose to disclose personal data in group messaging or similar public or semi-public areas of the Services, the data could be collected and used without your or our knowledge by other individuals who access the Services.
For residents of the European Economic Area (EEA), Limeade will disclose personal data only when permitted to do so under applicable European and European Union (EU) member states’ national data protection laws and regulations.
Please note that some of our products include references or links to products provided by third parties whose privacy practices differ from ours. If you provide personal data to any of those third parties, or consent to our sharing personal data with them, that data is governed by their privacy statements.
HOW DOES LIMEADE PROTECT PERSONAL DATA?
Limeade takes reasonable and appropriate precautions to protect information that we collect and process, but no system or electronic data transmission is completely secure. We expect that you will use appropriate security measures to protect your personal data when using our Services.
You are responsible for maintaining the security of your account credentials for the Platform. Please use a strong password, never share your password with anyone, and do not use the same password with other sites or accounts. Limeade will treat access to the Platform through your account credentials as if authorized by you. If we become aware of an unauthorized access or disclosure that affects the security of your personal data, we will provide you or your employer with notice as required by applicable law.
WHAT IS THE TIME PERIOD FOR WHICH LIMEADE RETAINS PERSONAL DATA?
We retain personal data only as long as is necessary to fulfill the legitimate business need for which the personal data is collected (such as to provide you with the Services). We may retain the data for a longer period to comply with legal obligations (e.g., tax, accounting), to resolve disputes, to enforce agreements, or other, similar purposes.
The criteria we use to determine how long to retain your personal data include:
- the length of time for which we have an ongoing relationship with you and provide services to you (for example, for as long as you have an account with us or keep using the Services);
- whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period before we can delete them);
- whether retention is advisable considering our legal position (such as for statutes of limitations, litigation, or regulatory investigations).
When Limeade no longer has a legitimate business need to process your personal data, we follow our information governance procedures and either delete your personal data or render it impossible to use to identify you. If we cannot delete or de-identify your personal data, then we will archive and protect it from any further use until deletion or de-identification is possible.
WHAT ARE YOUR CHOICES ABOUT PERSONAL DATA?
If you would like to make a request to review, update, or delete personal data about you (if these rights are available to you by applicable law), please contact us at privacy@limeade.com. However, to the extent permitted by law, we reserve the right to decline requests where permitted by law or where we are unable to authenticate you as the person to whom the data relates. Please note that we often need to retain certain data for reasons such as recordkeeping and/or to complete any transaction that you began prior to requesting a change or deletion. Our databases and other records may have residual data which will not be removed. When another entity is the data controller (such as your employer when you use the Platform), Limeade will refer your request to the third-party data controller and/or provide you with the information you need to contact the data controller directly.
You can choose whether to receive promotional communications from us by email, SMS, physical mail, or telephone. If you receive promotional email or SMS messages from us and would like to stop, you can do so by following the directions in those messages. These choices do not apply to mandatory services communications that are part of certain of our products, or to surveys or other informational communications that may have their own unsubscribe method.
See the Cookies Notice for choices about cookies and other analytics and advertising controls.
WHEN IS LIMEADE A DATA PROCESSOR OR DATA CONTROLLER OF YOUR PERSONAL INFORMATION?
Under some data protection laws, the person or entity that controls the purposes and means of processing personal data is known as a data controller and a person or entity that processes data on behalf of the data controller is known as a data processor.
When you use the Limeade Platform made available to you by your employer (or health benefits provider), Limeade is providing services to, or on behalf of, your employer and your employer is a data controller, whereas Limeade is a data processor. This applies to any processing of personal data through the Limeade Platform.
If you have questions about the processing of your personal data through the Limeade Platform, you should consult the privacy policy of your employer and direct any inquiries to your employer (or health benefits provider).
Where Limeade collects personal data outside of the Limeade Platform (such as when you visit Limeade Websites), Limeade is the data controller. If you have a question about how your data is used when Limeade is the data controller or processor, please contact Limeade using the contact details at the bottom of this Privacy Policy.
WHAT ARE YOUR EUROPEAN DATA PROTECTION RIGHTS?
In circumstances where we may use your personal data, the processing of personal data about you is subject to European Union or United Kingdom data protection law such as the General Data Protection Regulation (GDPR). You have certain rights with respect to that data, namely:
- Right to Access and Be Informed. You have the right to know how your personal information is being used and to request a copy of your personal information.
- Right to Rectification. You have the right to correct data that we store about you that is inaccurate or incomplete.
- Right to Erasure. In certain circumstances you have the right to erase the data we may hold about you.
- Right to Data Portability. You have the right to transfer or receive a copy of the personal data in a usable and portable format.
- Right to Object. If the processing of personal data is based on your consent, you can withdraw consent for future processing at any time.
- Right to Restrict Processing. Where certain conditions apply, you have the right to restrict the processing of your data for direct marketing purposes.
- Complaint. You can lodge a complaint at a competent data protection supervisory authority.
- France Residents. For residents of France, you can send us specific instructions regarding the use of your data after your death.
To exercise any of these rights, or to contact our Data Protection Officer, including: (i) if you would like to review, update, restrict, or delete personal data about you; or (ii) if you would like to receive an electronic copy of your personal data for the purposes of transmitting it to another company (if these rights are available to you by law), please contact us at privacy@limeade.com. When another entity is the data controller (such as your employer when you use the Platform), Limeade will refer your request to the third-party data controller and/or provide you with the information you need to contact the data controller directly.
To the extent permitted by applicable law, we reserve the right to charge a fee or decline requests: (i) that are unreasonable or excessive; (ii) where providing the data would be prohibited by law or could adversely affect the privacy or other rights of another person; or (iii) where we are unable to authenticate you as the person to whom the data relates. Also, please note that we often need to retain certain data for reasons such as recordkeeping and/or to complete any transaction that you began prior to requesting a change or deletion of your data. Also, our databases and other records may have residual data which will not be removed.
When you contact Limeade about accessing, updating, restricting, or deleting your personal data, Limeade will ask you for information to verify your identity. In your request, please clearly identify the personal data that is the subject of your inquiry. We will comply with your request as soon as reasonably practicable.
WHAT ARE YOUR CALIFORNIA PRIVACY RIGHTS?
If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (the “CCPA”) and the California Privacy Rights Amendment (the “CPRA”), you have certain rights with respect to that information and we are committed to compliance. Under the CCPA, you may have the right to make certain requests:
Right to Know. You have the right to request that we disclose to you the personal information that we have collected about you. You also have the right to request additional information about our collection, use, disclosure, or sale of such personal information Please note that we have provided much of this information in this Privacy Policy.
Right to Data Correction. In addition to the Right to Know, the CPRA now allows you the right to correct factual errors in any personal information that we may have collected about you.
Right to Request Deletion. The CCPA also provides Californian residents the right to request that we delete personal information under certain circumstances, subject to a number of exceptions. These exceptions to deletion include when information is: (1) needed to complete the transaction for which it was collected or to provide goods or services requested by the consumer; (2) used in the context of the business relationship with the consumer; (3) required to perform a contract; (4) used to detect security incidents and protect against malicious, fraudulent, or illegal activity; (5) needed to engage in scientific, historical, or statistical research in the public interest; (6) used solely for internal uses that are reasonably aligned with the expectations of the consumer; or (7) required to comply with a legal obligation or applicable laws.
Right to Opt Out. Limeade does not sell your data for advertising or any other purposes and has not done so in the past 12 months. This being so, we do not offer an opt-out to the sale of personal data.
Right Not to Sell. Note that, although Limeade does not sell and has not sold personal information, we have disclosed personal information for business purposes as described in the “How Does Limeade Share Information?” section of this Privacy Policy. The CCPA defines “business purposes” broadly; and because we use service providers for a number of business purposes that require access to our systems that hold personal information (such as supplying cloud data storage, maintaining the security of our systems, and providing customer support), in the past 12 months, as authorized by your employer, we may have disclosed for business purposes data from each of the categories of personal information that we maintain.
California residents may make a request under the CCPA/CPRA or a request for further information about our compliance with these laws by emailing privacy@limeade.com. To provide or delete specific pieces of personal information, we will need to verify your identity to the degree of certainty required by law. We will verify your request by requiring you to provide information necessary to verify your account. Further, you may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA and CPRA. Before accepting such a request from an agent, we will require the agent to provide proof that you have authorized it to act on your behalf, and we may need you to verify your identity directly with us. Finally, because Limeade acts as a services provider to other businesses (such as your employer when you use the Platform), Limeade may refer your request to the relevant business and/or provide you with the information you need to contact the business directly.
WHAT ARE YOUR COLORADO PRIVACY LAW RIGHTS?
Similar to the CCPA, the Colorado Privacy Law establishes certain data privacy rights for Colorado residents. Rights included in both laws are: 1) the right to opt out of the processing of personal data; 2) the right to access and delete personal information; 3) the right to be informed of data collection; 4) the right to correct personal data; and 5) the right to opt out of behavioral advertising.
Unlike the CCPA, the CPA does not contemplate a private right of action. The CCPA contains a limited private right of action when a California resident "nonencrypted and nonredacted personal information" is subject to theft or disclosure because of a failure to maintain reasonable security measures. CPA enforcement is left to the Colorado Attorney General's Office and the respective district attorney offices of Colorado, whereas California vests enforcement authority solely in the California Attorney General.
Colorado residents may make a request related to the right to the CPA or a request for further information about our compliance with the CPA by emailing privacy@limeade.com.
ARE CHILDREN ALLOWED TO USE OUR SERVICES?
The Limeade Platform is not designed for, marketed to, or intended for use by children. Protecting the privacy of children is especially important to Limeade. Limeade’s Services and the Limeade Platform are designed for adult users aged 18 and over. Limeade does not knowingly collect personal information from children under the age of 13. Please contact us immediately if you have reason to believe that Limeade collected personal information from children under the age of 13; this information will be removed.
WHERE IS PERSONAL DATA STORED AND PROCESSED?
The personal data that we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers maintain facilities. Currently, we primarily use data centers in the United States. We choose these storage location(s) to help us operate efficiently and improve performance. The location of the data does not change how we process your personal data or our compliance with this Privacy Policy and applicable law.
We transfer personal data from the EEA, the UK, and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections. The standard contractual clauses approved by the European are available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
To learn more about the European Commission’s decisions on the adequacy of personal data protections, please visit https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
DO WE USE THE EU–U.S. / SWISS–U.S. PRIVACY SHIELDS?
We also participate in the EU–U.S. and Swiss–U.S. Privacy Shield Frameworks. Although the EU–U.S. Privacy Shield has been ruled invalid as a legal basis for data transfers to the United States, we continue to comply with the Privacy Shield Principles with respect to personal data transferred from the EEA, the UK, and Switzerland to the United States in reliance on the Privacy Shield. Our controlled U.S. subsidiaries, as identified in our self-certification submission, also adhere to the Privacy Shield Principles. We use other valid mechanisms such as the Standard Contractual Clauses, as approved by the European Commission or other competent authorities, to ensure compliance with lawful transfer of a person’s data from the EEA, the UK, and Switzerland to the United States.
CHANGES TO THE PRIVACY POLICY
The Effective Date is set forth at the top of this Privacy Policy. If we change this Privacy Policy, we will post the updated Privacy Policy and its Effective Date on this page. If we make material changes that reduce your privacy rights, we will notify you in advance by sending you an email and/or by posting a notice in the Services.
HOW CAN YOU CONTACT LIMEADE?
If you have any questions, comments, or concerns for Limeade or our Data Protection Officer, please contact us through our Customer Support Team at support@limeade.com or write to us at:
Limeade, Inc.
Attention: Data Protection Officer
10885 N.E. 4th St., Suite 400
Bellevue, WA 98004
USA
privacy@limeade.com
If you are in the European Union, you may also contact our EU office at:
Limeade GmbH
Poststr. 1
26122 Oldenburg
Germany
+ 49 441 99848 0
In situations where there is a conflict between this Privacy Policy in English and its translation in other languages, this English version prevails: https://limeade.com/privacy.aspx