Privacy Policy

Chinese (Traditional TW)
Chinese (Traditional HK)
Chinese (Simplified)
Flemish (BE)
Vietnamese
Urdu (PK)
Ukrainian
Turkish
Thai
Tamil
Swahili
Swedish (SE)
Serbian
Slovenian
Slovak
Sinhala (LK)
Russian
Romanian
Portuguese (PT)
Portuguese (BR)
Polish
Norwegian
Dutch
Malay
Marathi
Macedonian
Latvian
Lithuanian
Korean
Kannada
Khmer
Kazakh
Georgian
Japanese
Italian
Icelandic
Indonesian
Armenian (AM)
Hungarian
Haitian Creole
Croatian
Hindi
Hebrew
French (CA)
French
Filipino
Finnish
Estonian
Spanish (Latin America)
Greek
German
Danish
Czech
Bengali
Bulgarian
Belarusian
Arabic
English (Global)
English (US)
English (Global)

SPRING HEALTH GLOBAL PRIVACY NOTICE

Introduction

Spring Care, Inc and its subsidiaries and affiliates, doing business as Spring Health (collectively, Spring, Spring Health, we, us, or our), take your privacy very seriously and want you to be familiar with how we collect, use, and disclose information and do so in accordance with applicable laws. Please read this Privacy Notice and any other privacy notices we may provide on specific occasions carefully, as it is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your information. If you do not agree with our privacy practices, please do not provide us with personal information, use our Services, or access our websites, mobile applications, or other platforms.

The processing activities may be more limited in some jurisdictions due to the restrictions of their laws. For example, the laws of a particular country may limit the types of personal information we can collect or the manner in which we process that personal information. In those instances, we may adjust our internal policies and/or practices to adapt to the requirements of local law.

For transparency, Spring Care, Inc. is the parent company of the Spring Health organization and operates the services directly and through its subsidiaries and affiliates, including Spring Care Limited (Ireland). All entities operate under the Spring Health brand. Depending on your location and the Services you use, your information may be processed by Spring Care, Inc. or one of its subsidiaries or affiliates. Unless otherwise specified, references in this Privacy Notice to “Spring” or “Spring Health” refer to Spring Care, Inc. and its subsidiaries and affiliates.

Scope of this Privacy Notice

General Scope. This Privacy Notice (“Notice”) describes how Spring Health uses, and discloses personal information collected via our websites, our mobile applications, any customer specific websites and/or landing pages, including “micro-sites” set up for our customers, Compass (our Electronic Health Record platform) , sessions and phone calls with our Providers, including Care Navigators, Care Support, Crisis Lines, and any other online or offline offering (collectively, the “Services”).

Amendments and Updates. We may amend this privacy notice from time to time to keep it up to date with legal requirements and the way we operate our business. We will post those changes prominently, so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. Please regularly check these pages for the latest version of this privacy notice.

You might find external links to third party websites on our sites. This privacy notice does not apply to your use of a third party site. This privacy notice does not apply to any services that are provided through our extended network or a third party.

Our contact details

Please contact our Data Protection Officer

By email: dpo@springhealth.com

By mail: 60 Madison Avenue, New York, New York 10010

Information we collect

Personal data also called personal information is any information that alone, or in combination with other information that Spring Health has, or is likely to have access to, can or does identify you.

The categories of personal information we collect depend on how you interact with us or use our Services and the requirements of applicable law. We collect information that you provide to us, information we obtain automatically when you use our Services, information from other sources such as your Employer, and third-party services and organisations, as described below.

MEMBERS

Registering as a Member and receiving Services.

  • Types of Information we collect about Members

If you register as a member, we may collect information from you including your name, address, location, email address, phone number, username, password, and demographic information such as your gender and date of birth.

Sensitive Information such as race, ethnicity, religious affiliations, sexual orientation and/or pronouns may be collected if you choose to disclose such information.

Information about your mood, mental state, health and wellbeing, including indications about your overall mood and daily habits, information on your mental wellbeing, daily habits, activity levels, daily nutrition and eating habits as well as information about your personal, family and social life is collected when you complete assessments, as well as in our provision of the Services, including other information you directly give to us, your Provider, Care Navigator, or Care Support Team.

  • How we collect the information about Members

Communicating with Us. If you communicate with us by email, phone, text, chat, or within our websites, or our app, we will collect personal information from you, such as your name, contact information, and information you provide within your communication to us.

Recorded Phone Calls. Phone calls to us including to our Care Navigators, Customer Support, and Crisis Lines are recorded for quality of care purposes. You have the right to ask that your phone call not be recorded.

From Third Parties. We may get information about you from other sources, such as your Employer, Benefit Sponsor, Rewards Programs, or third-party Providers. We may combine the information that we collect with data obtained from third parties or through our Services. Additionally, you may also be able to access your account by signing on through various third-party services.

PROVIDERS and JOB APPLICANTS

  • Types of information we collect about Providers and Job Applicants

If you register as a Provider, or apply for a job opening, we may collect information from you including your name, photo, email address, phone number, postal address, date of birth, National ID or social insurance number, Tax Identification number, your bank account information to receive payment, copies of your identification, and information about your education, employment history and experience, and practice, including licensure information. We may also collect optional sensitive information including your race, disability status, and sexual orientation if you choose to provide it.

  • How we collect the information about Providers and Job Applicants

Spring Health may collect information about you directly from you and from publicly available sources, including any social media platforms such as LinkedIn, public websites, and public agencies.

For more information on our data practices with regard to Providers, refer to our Provider Policy Manual (available within the Provider Portal).

ALL SERVICE USERS

  • Type of Information we collect about All Service Users

General Website Use Data

“Other Information” is any information that does not reveal your specific identity or does not directly relate to an individual, such as:

Browser and device information

App usage data

Information collected through cookies, pixel tags, and other technologies

General demographic information

Aggregated information

If we are required to treat Other Information as Personal Data under applicable law, then we may use it for the purposes for which we use and disclose Personal Data as detailed in this Notice.

CONSENT TO COLLECTION AND PROCESSING OF HEALTH DATA

This paragraph describes Spring Health’s collection and processing of your health data provided through a combination of your use of our Services including engagement with our websites, mobile apps, mental health providers, care team, and/or your responses to the Spring Health Questionnaire relating to your physical and/or mental health (“Health Information”).

By using the Services Agree, you give explicit consent to the collection and processing of your Health Information and agree and understand that:

  1. Your Health Information will be used to provide you with the Services.
  2. Your Health Information will be accessed by your Care Team including any and all of your Spring Health Providers who provide you with Services, Care Navigators, and Care Support Representatives.
  3. Your Health Information will be used for our internal management and business purposes, such as data analysis, developing new services, enhancing, improving or modifying services, and identifying usage trends.
  4. Your Health Information will be used for audits, fraud monitoring, and prevention.
  5. The processing of your Health Information may include the disclosure of anonymized, and aggregated statistical information to your employer and/or other third parties by Spring Health.
  6. If you participate in a Rewards Program, your Health Information will be used to enable your rewards.
  7. Your Health Information will be used for billing, payment, and claims.
  8. Your Health Information will be transferred and processed in the United States.

You understand that Health Information is sensitive information, and that you are not obligated to consent to this processing. If you do not consent, you may not be able to access certain services that are offered by Spring Health. You understand that you can exercise your rights to (i) access your personal information; (ii) rectify/erase your personal information; (iii) restrict the processing of your personal information; and (iv) withdraw your consent for processing your personal information.

You may withdraw your consent by emailing privacy@springhealth.com

  • How we collect information about All Service Users

We and our third party service providers may collect Information about All Service Users in a variety of ways, including:

Through your browser or device: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using. We use this information to ensure that the Services function properly.

Through your use of the Apps: When you download and use the Apps, we and our service providers may track and collect usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.

Using pixel tags and other similar technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of users of the Services (including email recipients), and compile statistics about usage of the Services and response rates.

Analytics: We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to https://www.google.com/policies/privacy, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

IP Address: Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Services. We may also derive your approximate location from your IP address.

Geolocation Data: We may collect the physical location of your device by, for example, using satellite, cell phone tower or WiFi signals. We may use your device’s physical location to provide you with personalised location-based services and content. You may be permitted to allow or deny such use, but, if you do, we may not be able to provide you with the applicable personalised services and content.

Information We Get from Interactive Features. We may collect personal information that you submit or make available through our interactive features (e.g., messaging and chat features, commenting functionalities, forums, blogs, and social media pages). Any personal information you elect to make publicly available on our Services, such as posting comments on our blog page, will be available to others. Any information you provide on the public sections of these features will be considered “public”, unless otherwise required by applicable law, and is not subject to all of the privacy protections referenced herein.

Information we receive from third parties in each case where permissible and in accordance with applicable law

Sometimes we collect your personal information from third parties such as from your insurance or healthcare provider, our joint marketing partners, agencies, marketing agencies, market research companies, our suppliers, contractors, partners or consultants, and group companies.

Where We Store and Process Personal Data

Spring Health operates globally and therefore personal data may need to be transferred to countries outside of where the personal data was originally collected. For example, because we are headquartered in the United States, personal data collected in other countries is routinely transferred to the United States for processing. We transfer personal data from the European Economic Area, the United Kingdom, and Switzerland to other countries, some of which have not yet been determined by the European Commission and/or the Swiss Federal Council to have an adequate level of data protection. For example, their laws may not guarantee you the same rights, or there may not be a privacy supervisory authority there that is capable of addressing your complaints. When we engage in such transfers, we use a variety of legal mechanisms, including contracts such as the standard contractual clauses published by the European Commission under Commission Implementing Decision 2021/914, to help protect your rights and enable these protections to travel with your data.

We may also transfer personal data when (i) you have consented to disclosure abroad; (ii) it is necessary for the conclusion or performance of a contract; (iii) it is necessary to safeguard an overriding public interest or to establish, exercise, or enforce legal rights; (iv) it is necessary to protect the life or the physical integrity of you or another person, and it is not possible to obtain your consent within a reasonable time; (v) you have made the data generally accessible and have not explicitly prohibited processing; or (vi) the data originates from a statutory register to which we have legitimate access.

Spring Health complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the SwissU.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Spring Health has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Spring Health has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Spring Health commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. As further explained in the DPF Principles, binding arbitration is available to address residual complaints not resolved by other means. Spring Health is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

In the context of an onward transfer, Spring Health has responsibility for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent on our behalf. Spring Health remains liable under the DPF if our agent processes such personal information in a manner inconsistent with the DPF, unless Spring Health can prove that we are not responsible for the event giving rise to the damage.

How We Use Your Personal Information

Spring Health only processes (i.e., uses) your personal information when the law allows us to, that is, when we have a legal basis for processing.

We typically use your personal data to provide you with our Services, offer you services, communicate with you, deliver advertising and marketing, or to conduct other business operations, such as using data to improve and personalise your experiences. Examples of how we may use the personal data we collect include to:

Help establish and verify the identity and eligibility of users;

Open, maintain, administer, and manage profiles and accounts for registered users;

To personalise your experience of the Services, for example, by presenting Questionnaires (Assessments) and their results and recommending Providers and Services that may be a good fit for you;

Keep internal records about our business, customers, suppliers, contractors, partners and prospects. To respond to inquiries, fulfil requests, and send communications that are requested.

To send administrative information, for example, information regarding the Services and changes to our terms, conditions and policies.

For our internal management and business purposes, such as data analysis, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage trends. Provide and improve our products and services including customer support and service delivery

Provide, deliver, operate and maintain the Services and other products and services that you request, including those from our selected partners; to comply with legal process; to respond to requests from public and government authorities, including public and government authorities outside your country of residence;

To enable your rewards if you participate in a Rewards Program through a third party.

For such other purposes as you may consent or as may be authorised or required by applicable law.

We use aggregated, de-identified clinical data to provide our customers with insight into how their employees are using our Services.

Our Lawful basis for using your personal information

We need your personal information to conduct our business and provide you with our website and services. Most commonly we will use your personal information in the following circumstances:

Where you have consented before the processing.

Where we need to perform a contract, we are about to enter or have entered with you.

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Where we need to comply with a legal or regulatory obligation.

We will only collect, process and/or use the personal information where we are satisfied that we have an appropriate legal basis to do so.

Sharing your personal information

We disclose your information to third parties as described below.

Your Providers: If you seek care, treatment or other services, your Provider and Care Support Team will have access to the personal information that you have provided to Spring Health including the results of your assessment in order to provide you with the Services.

Your Employer: To the extent permitted under applicable laws, we may provide necessary data to your Benefit Sponsor to enable them to manage, administer and evaluate the services. Unless permitted under applicable laws or authorised by you, we will not disclose any of the information you provide in intake forms, assessments or sessions with Providers to your Employer.

Service Providers: We disclose your personal information to our third-party service providers, such as IT services, payment processors, customer service providers, and other vendors that support our provision of the Services. These service providers will be subject to contractual obligations to implement appropriate technical and security measures to safeguard the personal data, and to process the personal data only as instructed.

Data Sharing for Employer-Directed Services: We disclose your personal information to our third-party service providers, such as IT services, payment processors, customer service providers, data warehouses and other vendors that support our provision of the Services. Spring Health will disclose personal data to data warehouses on the specific instructions from your employer. A core function of the service involves securely storing and processing data in a centralized data warehouse. The primary purpose of this data warehousing activity is to make aggregated, anonymized, or deidentified data available to relevant stakeholders.

This de-identified data is used exclusively for strategic, non-individual purposes, including but not limited to:

  1. Supporting analytics to identify population health and recovery trends;
  2. Facilitating research and performance improvement in the Services offered;
  3. Analyzing treatment outcomes over time to enhance service effectiveness; and
  4. Conducting cost of care analytics to manage and optimize expenditures.

We confirm that any sharing or use of data for these purposes strictly follows industry-best practices for deidentification and is conducted in full compliance with applicable data protection laws, including legally required safeguards (such as Standard Contractual Clauses) for any necessary international data transfers. Your individual data privacy is protected, and these analyses cannot be used to identify or take action against any specific individual.

Service providers will be subject to contractual obligations to implement appropriate technical and security measures to safeguard the personal data, and to process the personal data only as instructed.

Tax Obligations and Data Sharing: Please be advised that the Services provided by Spring Health may be considered a taxable benefit under the laws of your local jurisdiction. To ensure compliance with applicable tax regulations, Spring Health may be required to share certain information with your employer or with relevant tax authorities. This includes providing documentation on a personally identifiable basis that reports your utilization of the Services and the corresponding monetary value of those Services. This information is shared solely for the purpose of accurate tax reporting and fulfilling legal obligations related to your employment benefits.

De-identified and Aggregated Information: We may share de-identified and aggregated information (such as de-identified usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with third parties who help us understand the usage patterns for certain Services and those of our partners. Spring Health may also share with your Spring Health Benefit Sponsor the outcomes and impact of the Services, which would consist solely of de-identified and aggregated data or analytics. To the extent that Spring Health uses artificial intelligence or machine learning on the data we collect, Spring Health shall only use non-personally identifiable information for these purposes. Non-personally identifiable information may be stored indefinitely.

Advertising Partners: With your consent, we may disclose your personal information to third-party advertising partners. These third party advertising partners may include Technologies and other tracking tools on our corporate website Spring Health.com to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising” or “personalised advertising.” Note that advertising technologies are not used on sites where clients login to access our Services and/or search for care.

Disclosures to Protect Us and Others: We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate: to comply with law enforcement or national security requests and legal process, such as a court order or subpoena; when required by health oversight agencies for legally authorised health oversight activities; to protect your, our or others’ rights, property, or safety, including to protect the security or integrity of the Services and any facilities or equipment used to make the Services available; to enforce our policies or contracts; to collect amounts owed to us or any Spring Health Provider; or to assist with an investigation or prosecution of suspected or actual illegal activity or in an emergency.

How long we retain your personal information.

Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Under some circumstances we may anonymize or de-identify your personal data so that it can no longer be associated with you. We reserve the right to use such anonymous and/or de-identified data for any legitimate business purpose without further notice to you or your consent.

In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information.

As our operations are conducted from the US, all personal information that we collect is used and stored in the US, is subject to US laws, and may be subject to disclosure to US governments, courts or law enforcement or regulatory agencies pursuant to those laws.

If you are offered and accept employment with Spring Health, the personal data we collected during the application and recruitment process will become part of your employment record and we may use it in connection with your employment consistent with our employee personal data policies.

If you are unsuccessful, your personal information will be kept for the duration of the application process plus a reasonable period of time after confirmation that your application was unsuccessful to allow us to record the reasons for our decision in relation to your application. We may also retain your personal information to consider you for other suitable openings within Spring Health in the future.

If you would like to opt out from Spring Health’s Notice of retaining your information for the purposes of considering you for other suitable openings, please email privacy@springhealth.com we will securely destroy your personal data in accordance with our document retention Notice and applicable laws and regulations.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section below. We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law.

As our operations are conducted from the US, all Personal Information that we collect is used and stored in the US, and may be subject to disclosure to US governments, courts or law enforcement or regulatory agencies.

Your rights

Please see more details about your rights in the table below. We have one month to respond to you or as otherwise required by local law.

Right to be Informed

We have a legal obligation to provide you with concise, transparent, intelligible, and easily accessible information about your personal information and our use of it.

Right of Access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information. When you request this data, this is known as making a data subject access request (DSAR). In most cases, this will be free of charge; however, in some limited circumstances, for example repeated requests for further copies, we may apply an administration fee.

Right to Data Portability

You have the right to request a copy of the personal data you have provided to us in a structured, commonly used, readable format Where technically feasible, you may also request that we transmit this data directly to another data controller of your choice. This right applies specifically to personal data processed based on your consent or for the performance of a contract, and where the processing is carried out by automated means.

Right of Rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete rectification information you think is incomplete. This right always applies.

Right to erasure

You have the right to ask us to erase your personal information in certain circumstances. We have the right to refuse to comply with a request for erasure if we are processing the Personal Data for one of the following reasons:

  • To comply with a legal obligation.
  • To perform a task in the public interest or exercise official authority.
  • For archiving purposes in the public interest, scientific research, historical research or statistical purposes.
  • For the exercise or defence of legal claims.

Right to restriction of processing

You may ask us to stop processing your Personal Data. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies, you may exercise the right to restrict processing:

  • The accuracy of the Personal Data is contested.
  • Processing of the Personal Data is unlawful.
  • We no longer need the Personal Data for processing, but the Personal Data is required for part of a legal process.
  • The right to object has been exercised and processing is restricted pending a decision on the status of the processing.

Right to object to processing

You have the right to object to processing in certain circumstances. You can also object if the processing is for a task carried out in the public interest, the exercise of official authority vested in you, or your legitimate interests (or those of a third party).

This right only applies if we are processing information based on your consent or for the performance of a contract and the processing is automated.

In certain circumstances you may also have the right to object to the processing of your personal data.

If personal data covered by this Privacy Notice is to be used for a new purpose that is materially different from that for which the personal data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party in a manner not specified in this Policy, Spring Health will provide you with an opportunity to choose whether to have your personal data so used or disclosed. Requests to opt out of such uses or disclosures of your personal data should be sent to us at privacy@springhealth.com

Certain personal data, such as information about medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, is considered "Sensitive Information." Spring Health will not use Sensitive Personal for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless Spring Health has received your affirmative and explicit consent (opt-in).

The application of these and any other privacy rights you may have depends on applicable data protection law and if you would like more information about your specific rights under data protection law in your jurisdiction and how to exercise those rights, please contact us at:privacy@springhealth.com

We may request specific information from you to help us confirm your identity, verify your rights, and respond to your request, including to provide you with the personal data that we hold about you, if applicable.

Applicable law may allow or require us to deny your request, or we may have destroyed, erased, or made your personal data anonymous or de-identified in accordance with our record retention obligations and practices.

Your Privacy Choices. You have a number of choices you can make regarding your personal information, including as follows:

Email Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and the Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to our Terms or this Privacy Notice).

Text Messages. You may opt out of receiving text messages from us at any time by following the instructions in the text message/replying “STOP” to a text message you have received from us, by updating your communications preferences within your Spring Health profile, or by contacting us as described below.

Mobile Devices. We may send you push notifications through our mobile application. You may opt out from receiving these push notifications by changing the settings on your mobile device.

Cookies and Interest-Based Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your browser or devices preferences, as they permit. However, if you adjust your preferences, the Services may not work properly or certain features may not be available. Please note that cookie-based opt-outs may not be effective on mobile applications. However, you may opt-out of personalised advertisements on some mobile applications by following the instructions for Android, iOS and others.

The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada. Please note you must separately opt out in each browser and on each device.

Protection of Children’s Personal Data

We are committed to protecting the privacy of children who use our Services. We do not knowingly collect personal data from children under the age of 16 without obtaining parental consent. If you are under 16 years of age, then please do not use or access our Services at any time without the consent of your parent or legal guardian.

Our Services include online Services that may be used to facilitate mental healthcare for a child. Children under the age of 16 cannot directly register for Spring Health Services; we require that all child accounts be created by a parent or legal guardian, and associated with the parent or legal guardian’s account. During the account registration process, the parent or legal guardian can create a child’s account by providing certain information about the child, such as name, date of birth, and email address.

Consent

In those cases where processing is based on consent, and subject to applicable local law which provides otherwise, you have the right to withdraw your consent at any time by contacting us at: privacy@springhealth.com This will not affect the validity of the processing prior to the withdrawal of consent.

Data Controller

Spring Health, Inc. is the data controller. Located at 60 Madison Avenue, New York, New York 10010.

Complaints

If you have any concerns or would like to make a complaint about how your personal data is being processed by Spring Health (or third parties as described above), or how your complaint has been handled, you have the right to lodge a complaint directly with the relevant supervisory authority and Spring Health’s Data Protection Officer at dpo@springhealth.com

Further information for EEA, UK residents

EU Representative

Spring Health has appointed a data protection representative in the European Union, IT Governance Europe Limited who can be contacted at: eurep@itgovernance.eu.

Our UK Representative

Spring Health has appointed a data protection representative in the United Kingdom IT Governance Europe Limited who can be contacted at: eurep@itgovernance.eu.

Complaints to the Regulator

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Spring Health commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Spring Health at: dpo@springhealth.com.

The details of European supervisory authorities can be found here: Our Members | European Data Protection Board (europa.eu)

The supervisory authority in the UK is the ICO, which may be contacted at https://ico.org.uk/concerns or by telephone on 0303 123 1113.

Addendum for Quebec

The parties have expressly requested and required that this Privacy Notice and all other related documents be drawn up in the English language. Les parties conviennent et exigent expressément que cette politique ainsi que tous les documents qui s’y rapportent soient rédigés en anglais.

Supplementary Privacy Notice for China

This China Notice provides additional information about personal data processing as required by the China Personal Information Protection Law and its implementing rules and regulations (“Applicable Chinese Law”). In case of any inconsistencies between the Privacy Notice and the China Notice, this China Notice prevails.

With respect to this China Notice, "Personal Data" means "Personal Information" as defined under Applicable Chinese Law. Personal Data is any electronic or otherwise recorded information related to identified or identifiable natural persons, excluding anonymized data.

Personal Data that We Process

We may process the following data:

Information needed to confirm eligibility for Services and register as a Member which may include your Name, email address, address, date of birth, and phone number.

Categories of information relating to all Service Users as described in the Privacy Notice above.

Why We Process Personal Data

We process your Personal Data under a lawful basis of processing as provided by Applicable Chinese Law. We collect and use Personal Data for the following purposes:

Comply with requirements and applicable laws;

Administering your Membership or other commitments we have made to you; General business management and operations.

We will adopt strict security measures when processing sensitive Personal Data.

Services in China are provided as part of our extended network through our local partner.

Your Rights to Your Personal Data

We respect your rights under Applicable Chinese Law. Under lawful circumstances, you may copy, consult, correct, complete, and delete your Personal Data. In certain circumstances, we may be unable to respond to your request to exercise your personal rights due to legal requirements, administrative regulations, or other legitimate purposes of processing Personal Data. You may exercise your rights at privacy@springhealth.com

Cross-Border Transfer of Personal Data

Spring Health operates globally. In order to administer your account and connect you to Services in China, fulfil legal obligations, and for other lawful purposes, Spring Health may transfer Personal Data collected from you outside of China, for example, the U.S. where Spring Health is headquartered. When your Personal Data is transferred outside of China, we will ensure that the transfer complies with Applicable Chinese Law and will implement appropriate and necessary measures to provide an equivalent level of data protection in accordance with Applicable Chinese Law.