Last Updated: October 31, 2022
Table Of Contents
- Information We Collect
- The Technologies We Use for Automatic Data Collection
- How We Use the Information Collected
- How We Share Information
- Your Failure to Provide Personal Data
- Our Retention of Your Personal Data
- Your Choices and Accessing, Updating or Deleting Your Personal Data
- Your Rights With Respect to Personal Data
- Changing or Deleting Your Information
- Our Opt-in/Opt-out Policy
- Your Ad Choices
- Third Party Links
- International Transfers
- How We Protect Personal Data
- Direct Marketing and “Do Not Track” Signals
- HIPAA Notice of Privacy Practices
- How to Contact Us
Information We Collect
We collect information, including personal data, to provide better services to all our Users. We use the term “Personal Data” to refer to any information that identifies or can be used to identify you. Common examples of Personal Data include: full name, email address, digital identity, such as a login name or handle, information about your device, certain metadata, health information, and medical insurance information. When you use our Sites and Services, we collect Personal Data in the following ways:
1. Information You Give to Us
You may choose to provide us with Personal Data, including your name, organization name, title, address, phone number, and email address by completing forms on our website, such as when you request information about our Services, for User support, or to register for a program.
The Sites and Services offer interactive and social features that permit you to submit content and communicate with us. You may provide Personal Data to us when you post information in these interactive and social features. Please note that your postings in these social and community forums of the Sites and Services may be publicly accessible or accessible to other Users.
• Mobile Application
In some cases, certain information is required when creating an account to use our Services on the mobile application, such as your name, email address and password.
In addition, in order to improve your experience with the Services, you may choose to provide additional information such as your gender, birth date, ethnicity, weight, height, insurance provider, physical activity, eating habits, health goals, diet preferences, sleep tracking data, and other health information, such as heart rate, blood pressure, and glucose level. Additional information may be collected if you allow Lark to collect data using Apple HealthKit or Google Fit on your mobile device.
Lark provides real-time chat-based digital coaching and health-related information to our users via our mobile application. We collect information via your interactions with the digital coach, such as physical activity, eating habits, mood, and weight, in order to help you set and track your progress toward achieving health-related goals.
In connection with the use of the Services, your mobile device may collect certain data points like activity and sleep habits. When your device syncs with Lark’s application, certain data recorded on your device is transferred from your device to our servers.
You may also provide us with Personal Data about yourself when you report a problem or have a question about our Services or provide our third-party service provider with payment method information for the purchase of Service subscriptions.
• Communications with a Live Coach
2. Information We Obtain from Your Use of Our Services
We collect certain information automatically, such as your operating system version, browser type, and internet service provider. We also collect information about Users’ interactions with the Services, such as a User creating or logging into their account, or opening or interacting with the Services on their mobile device. When you use our Site and Services, we automatically collect and store certain information in service logs and sometimes in our databases. This includes: details of how you used our Site and Services, internet protocol address, cookies that uniquely identify your browser, and the referring web page and pages visited. We may also collect and process information about your location. The information we collect automatically is statistical data and may or may not include Personal Data, but we may maintain it or associate it with Personal Data that we collect in other ways or receive from third parties.
• Location Data
Lark may collect information about your general location and, with your permission, your precise GPS location when you use our Site and Services. Some features within our application may only function upon confirmation of your location, and therefore such features will not be available if you choose not to provide your location data to us. Please configure your mobile device and web browser to review or revoke location access permission.
• Device ID
When using our Services, we or our service provider may collect your unique device ID. We may use such information for internal purposes and to provide you a better experience, such as to troubleshoot application problems you may experience. We may associate device ID with Personal Data you provide to us. You may learn more about and opt out of any anonymous device ID collection via the privacy settings available within your mobile device.
Summary of Information Collected
Below is a list of the types of information we collect:
We obtain the categories of Personal Data listed above from the following categories of sources:
- Directly from our Users or their agents (such as their employer or health insurance company). For example, name, email address, and other information that helps us communicate with Users so that we can invite Users to participate in our Services or determine a User’s eligibility for particular benefits. Indirectly from our Users or their agents. For example, through information we collect from our Users in the course of providing Services to them via our mobile application.
- Directly and indirectly from activity on our websites (lark.com). For example, from website usage details that are collected automatically via cookies.
- From third parties that assist us in providing certain transactions and services (e.g. subscription payment processing, if applicable).
The Technologies We Use for Automatic Data Collection
We and our partners use various technologies to collect and store information when you visit one of our services, such as information about your browser or device. The Cookies and similar technologies that we may use for automatic data collection may include:
2. Web Beacons. Pages of our Sites or Services or our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count Users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
3. Website Logging Tools. Clickstream data is information collected via website logging tools by our computers when you request web pages from the Sites. Clickstream data may include information such as the page served, the time spent viewing the page, source of the request, type of browser making the request, the preceding page viewed and similar information. Clickstream data permits us to analyze how visitors arrive at the Sites, what type of content is popular, what type of visitors in the aggregate are interested in particular kinds of content on the Sites.
4. Mobile Device Identifiers and SDKs. A mobile SDK is the mobile app version of a web beacon (see “Web Beacons” above). The SDK is a bit of computer code that app developers can include in their apps to enable ads to be shown, data to be collected, and related services or analytics to be performed.
5. Additional Technologies: Network Advertisers and other Advertising.
HOW WE USE THE INFORMATION COLLECTED
We and third-party vendors acting on our behalf, may use the information that we collect through our Sites and Services for a variety of purposes, including:
- To present, operate or improve the Sites and Services, including data analysis and testing;
- To inform you about Services and products available from Lark;
- To contact you for the purpose of rendering the Services (such as wellness coaching) and improving User outcomes related to the same;
- To authorize access to our Sites and Services;
- To provide, maintain, administer or expand the Services, perform business analysis, or for other internal purposes to support, improve or enhance our business, the Sites and Services, and other products and services we offer;
- To offer and administer programs, including for payment processing;
- To personalize the Services to your goals and customize or tailor your experience of the Services, which may include sending customized messages;
- To communicate about, and administer your participation in, special programs, surveys, voting polls, contests, online campaigns, online programs, promotions, and to deliver pertinent emails and Site features;
- To secure our Services, including to authenticate Users;
- To use statistical information that we collect in any way permitted by law, including from third parties;
- To respond to and support Users regarding their use of the Sites and Services;
- To comply with all applicable legal requirements and protect our Users;
- To investigate and enforce our Terms and Conditions and other Lark policies including possible violations, fraud, and/or attempts to harm our Users;
- To resolve disputes;
- To otherwise fulfill the purpose for which the information was provided;
- To process job applications or inquiries about jobs with Lark.
We use Google Fit and Apple Health Kit data (heart rate, blood glucose, blood pressure, body measurements, physical activity, and location data), and similar data collected from devices and activity trackers that you choose to connect to our Services, to assist with coaching our members so that they can maintain a healthy lifestyle. Lark may also collect data from third party sources (such as publicly available data) and combine this with other data that Lark maintains for purposes of learning more about social determinants of health in a particular region.
Except where prohibited by law, and only to the extent permitted by Lark’s agreements with applicable Lark Partners, we may also use your Information, including Personal Data, in connection with any other services we make available to you.
How We Share Information
We may disclose your information in the following circumstances:
Disclosures to Service Providers and Lark Partners
Lark, and third party vendors acting on our behalf, may disclose your Personal Data to Lark Partners, third party service providers, or vendors acting on our behalf, for the purpose of providing the Sites and Services and related services to you or other Users, including, without limitation, determining eligibility, registering you to use the Services (i.e. authenticating your identity), logging you into the Services, providing you with information you have requested through the Services or related services, connecting you with resources and other benefits, filing of medical claims, shipping devices to you (such as weight scales), scheduling coaching appointments and, for any Services that require you to pay a fee, processing your payment and managing your subscription, as well as for Lark Partners’ administration of benefits. Third party service providers or vendors acting on our behalf are authorized to use your Information to provide services to Lark or as required by law, and they are also permitted to aggregate or de-identify your Information, including Personal Data, such that it does not personally identify you.
Security and Compliance with Law. Your Information and the contents of your communications through the Sites and Services may be disclosed to third parties as required by law, such as to comply with a subpoena or similar legal process, or when we reasonably believe disclosure is necessary to protect our rights (including to enforce our Terms and Conditions), protect your safety or the safety of others, investigate fraud, report improper or unlawful activity, or respond to a government request.
Non-Personal and Aggregate Site and Services Use Information. Lark may compile and share your Information in aggregated form (i.e., in a manner that would not personally identify you) or in de-identified form so that it cannot reasonably be used to identify an individual (“De-Identified Information”). We may disclose such De-Identified Information publicly and to third parties, for example, in public reports about exercise and activity, or to Lark Partners under agreement with us. Lark may also disclose De-Identified Information for general research purposes and in research collaborations with third parties, such as universities, hospitals or other laboratories to determine the prevalence of particular conditions among Users or to determine whether a User might be suitable for research or clinical trials. Lark may also use De-Identified Information for commercial collaborations with private companies for purposes such as product design or enhancement of Services.
Uses and Disclosures Permitted by Law, Including for Health Care Operations, Public Health, and Research. To the extent not prohibited by law or precluded by Lark’s agreements with the applicable Lark Partner, Lark, and any third party vendors acting on Lark’s behalf, may use and disclose your Personal Data: (a) as required or permitted by law, including, where applicable, HIPAA, which may include disclosures to the applicable Lark Partner; (b) for Research purposes; (c) for purposes of Health Care Operations of the applicable Lark Partner; and (d) for Public Health, as each is defined and in accordance with HIPAA.
Your Failure to Provide Personal Data
Your provision of Personal Data is required in order to use certain parts of our Services and our programs. If you fail to provide such Personal Data, you may not be able to access and use our Services and/or our programs, or parts of our Services and/or our programs.
Our Retention of Your Personal Data
We may retain your Personal Data for a period of time consistent with the original purpose for collection. For example, we keep your Personal Data for no longer than reasonably necessary for your use of our programs and Services and for a reasonable period afterward. We may retain your Personal Data even after your business relationship with us ends, if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our Terms and Conditions, in copies made for backup and business continuity purposes, or to fulfill your request to “unsubscribe” from further messages from us. We will retain De-Identified information after your account has been closed.
Your Choices and Accessing, Updating, or Deleting Your Personal Data
Subject to applicable law, you may request to access, update, correct, or delete the information we maintain about you by contacting us at firstname.lastname@example.org.
Your Rights With Respect to Personal Data
You may have certain rights relating to your Personal Data, subject to local data protection law. We aim to provide you with choices about how we use your Personal Data. Subject to applicable law, you may obtain a copy of the Personal Data that we maintain about you. In addition, if you believe that Personal Data we maintain about you is inaccurate, subject to applicable law, you may have the right to request that we correct or amend the information by contacting us as indicated in the “How to Contact Us” section below. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information.
Privacy Rights Specific to California Residents
Under the California Consumer Privacy Act, California residents have specific rights regarding their Personal Data. This section describes Californians’ rights and explains how California residents can exercise those rights.
Below we further outline specific rights which California residents may have under the California Consumer Privacy Act.
- Right to Access Your Data. You have the right to request that we disclose certain information to you about our collection, use and disclosure of your Personal Data over the past twelve (12) months. Any disclosures we provide will only cover the 12-month period preceding the receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
- Right to Data Portability. You have the right to a “portable” copy of your Personal Data that you have submitted to us. Generally, this means you have a right to request that we move, copy or transmit your Personal Data stored on our servers or information technology environment to another service provider’s servers or information technology environment.
- Right to Delete Your Data. You have the right to request that we delete any of your Personal Data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Data from our records, unless an exception applies.
- Right to Non-Discrimination for the Exercise of Your Privacy Rights. You have the right not to receive discriminatory treatment by us for exercising your privacy rights conferred by the California Consumer Privacy Act.
Exercising Your Rights
If you are a California resident who chooses to exercise your rights, you can:
- Submit a request via email at: email@example.com ; or
- Call 650-381-9225 to submit your request.
You may also designate an agent to exercise your privacy rights on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government issued identification.
Our Response to Your Request
Upon receiving your request, we will confirm receipt of your request by sending you an email. To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the Information. In some instances, such as a request to delete Personal Data, we may first separately confirm that you would like for us to in fact delete your Personal Data before acting on your request.
We will respond to your request within forty-five (45) days. If we require more time, we will inform you of the reason and extension period in writing. If you have an account with Lark, we will deliver our written response to that account. If you do not have an account with Lark, we will deliver our written response by mail or electronically, at your option.
In some cases our ability to uphold these rights for you may depend upon our obligations to process Personal Data for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, listed below, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
Please note that even though you may request the deletion of your Personal Data, we may be required (by law or otherwise, such as to prevent fraud, resolve disputes, or troubleshoot problems) to retain this information.
Changing or Deleting Your Information
You may update or correct information about yourself by making changes to your profile by emailing us at firstname.lastname@example.org. If you completely delete all such information, then your account may become deactivated. We may retain an archived copy of your records as required by law, to comply with our legal obligations, to resolve disputes, to enforce our agreements or for other legitimate business purposes.
We may contact you to request that you update your Information on a regular basis to ensure its integrity for the purposes of ongoing data management.
Our Opt-in/Opt-out Policy
We currently provide the following opt-out opportunities:
- At any time, you can follow a link provided in offers, newsletters or other email messages (except for e-commerce confirmation or service notice emails) received from us or a Lark Partner to unsubscribe from communications.
Your Ad Choices
Third Party Links
The Services are hosted in the United States. Certain Lark personnel, Lark Partners, and some of the third-party service providers to whom we disclose Information (as set forth above) may be located in the United States and other countries, including in countries that may not provide the same level of data protection as your home country. We take steps to ensure that recipients of your Information are bound to duties of confidentiality and we implement measures such as data protection contractual clauses to ensure that any transferred Information remains protected and secure.
How We Protect Personal Data
Lark maintains administrative, technical and physical safeguards designed to protect Users’ Information against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. These safeguards vary based on the sensitivity of the Information that we collect, process and store and the current state of technology. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. We also maintain procedures to help ensure that such data is reliable for its intended use and is accurate, complete and current. If Lark’s third-party payment processor collects payment information in connection with your purchase of a subscription to our Mobile App or Services, that information will only be used to complete the task for which the payment information was offered.
The Site and Services are not intended for use by children and the majority of our Services are only offered to members of participating health plans who are 18 years of age or older. We do not intentionally gather Personal Data about visitors who are under the age of 13. If a child has provided us with Personal Data, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe that we might have any information from a child under the age of 13, please contact us at email@example.com. If we learn that we have inadvertently collected the Personal Data of a child under the minimum age depending on jurisdiction, we will take steps to delete the information as soon as possible and prevent that User from utilizing our Services.
Direct Marketing and “Do Not Track” Signals
Lark does not respond to Do Not Track (DNT) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser may include controls to block and delete cookies, web beacons and similar technologies, to allow you to opt out of data collection through those technologies.
California residents are entitled to contact us to request information about whether we have disclosed Personal Data to third parties for the third parties’ direct marketing purposes. Lark does not disclose Personal Data to third parties for their direct marketing purposes. California users may request further information about our compliance with this law by emailing us at firstname.lastname@example.org.
HIPAA Notice of Privacy Practices
Certain of our Services may also be subject to separate HIPAA Notices of Privacy Practices. To read more about Lark’s privacy practices regarding health and medical information under HIPAA, please visit https://www.lark.com/hipaa-notice-of-privacy-practices
How to Contact Us
Send email to: email@example.com
Send mail to our address:
Lark Technologies, Inc.
Attn: Legal Department
2570 El Camino Real
Mountain View, California 94040