Strong relationships are built on trust.
At HealthFitness, we want to earn your trust by informing you of the personal information we collect from you, the purposes for which we collect that information, the types of parties we share it with, the measures we take to protect your information, and the rights and choices you have with respect to the information we process about you. We encourage you to read through the privacy notice (“Notice”) to learn more about our privacy practices.
If you have any questions about our privacy practices, you may contact us at the following address:
Health Fitness Corporation
Privacy Request
Attn: Privacy Office
PO Box 7961
Lake Forest, IL 60045-7961
Email: privacyoffice@trustmarkbenefits.com
Privacy Notice
Last Updated: March 1, 2024
PDF version
This Notice is issued on behalf of Health Fitness Corporation* (“HealthFitness”, “we”, “our” “us”) and provides specific information about how we collect, use, share, retain, and protect personal information through the offering of, applying for, and enrolling in “HealthFitness Products”, including the use of our websites or mobile applications. (“Online Platforms”).
Personal information, also known as “personal data” or “personally identifiable information”, is any information about, or that can reasonably be expected to be related to, associated with, or linked directly or indirectly to an identifiable individual. Personal information does not include data that has been rendered in such a way that the individual is not or no longer identifiable.
HealthFitness will only process your personal information for the purposes described within this Notice. We do not sell your personal information to third parties, and we do not allow third parties to use the personal information we provide to them to offer you their products or services.
Depending on where you live, you may have additional rights afforded to you. Please review the U.S. state-specific information and privacy rights or International resident information and privacy rights sections below for more information.
*This Notice does not apply to Trustmark Mutual Holding Company and its subsidiaries, Midtown Health, LLC, or PFT Employee Benefits Solutions, Inc. which have their own privacy notices.
For the purposes of this Notice, “HealthFitness Products” include, but are not limited to:
- Group fitness (in-person or virtual)
- Personal and small group training (in-person or virtual)
- Recreation sports and activities
- Challenges (in-person or virtual)
- Injury prevention and early intervention services, including ergonomics and line-side coaching (on-site, virtual, and digital)
- Treatment with physical, occupational and massage therapy
- Health Coaching (on-site, virtual, and digital)
- Nutrition services (on-site, virtual, and digital)
- Mental health education services
- Benefits advocacy
- Screenings or immunizations
- Education (seminars, meet ups and series classes)
- Wellness services
- Communications about products
- Registering for or participating in events, classes, and other activities offered either directly with HealthFitness or HealthFitness acting as a service provider for your employer, community center, or their authorized representatives (“Clients”). When HealthFitness acts as a service provider, data collection and privacy practices may depend on a Client’s contractual requirements.
This Notice will address the following:
- The categories of personal information we collect
- Purposes for processing personal information
- Sharing your personal information
- Data Retention
- How we protect your personal information
- U.S. state-specific information and privacy rights
- How to submit a privacy rights request under U.S. state law
- International resident information and privacy rights
- Online Platforms and Cookie Policy
- Changes to our Notice
- How to contact us
The categories of personal information we collect
The personal information we collect depends upon things such as the nature of our relationship, the method you communicate with us, and the type of HealthFitness Product you have or use. We only collect personal information as required or permitted by law, and only to the extent necessary to fulfill the purpose for collection.
The tables below describe the categories of personal information that we may collect and that we have collected from individuals in the previous twelve (12) months.
For example, when you engage in our products or services such as apply for, enroll in, and/or participate in HealthFitness Products directly or through a Client.
Category | Categories of Sources | Disclosed for a Business Purpose? | Sold or Shared with Third-Party so They can Market to You? |
Personal identifiers or records.
|
|
Yes | No |
Protected classification characteristics.
|
|
Yes | No |
Commercial information.
|
|
Yes | No |
Internet or other similar network activity.
|
|
Yes | No |
Geolocation data.
|
|
Yes | No |
Sensory data.
|
|
Yes | No |
Professional or employment-related information
|
• Directly from you. • From our Client (i.e., your employer). |
Yes | No |
Health information.
|
|
Yes | No |
For example, when you have a business relationship with us, such as when you interact with us as an employee or contact person of one of our Clients or when you interact with us when providing your services to us as vendor.
Category | Categories of Sources | Disclosed for a Business Purpose? | Sold or Shared with Third-Party so They Can Market to You |
Personal identifiers or records.
|
|
Yes | No |
Commercial information.
|
|
Yes | No |
Internet or other similar network activity.
|
|
Yes | No |
Sensory data.
|
|
Yes | No |
Professional or employment-related information.
|
|
Yes | No |
Purposes for processing personal information
As further detailed throughout this Notice, to the extent permitted by applicable law, we may use your personal information for the following purposes:- To operate, manage, and maintain our business including performing necessary and appropriate internal functions such as accounting, auditing, risk management, information technology and security, legal, compliance, and records maintenance.
- To comply with our legal and regulatory obligations, or to respond to a subpoena or court order.
- To fulfill our contractual obligations as a data processor.
- To resolve disputes.
- To help maintain the safety, security, and integrity of our products and services, websites, databases and other technology assets, and business.
- As necessary or appropriate to protect the rights, property, or safety of us, our clients, or others.
- To improve our existing websites, applications, products, and services.
- For the research and development of new products, services, and functionalities.
- To prepare for and complete corporate transactions, such as a merger, acquisition, financing, bankruptcy or other sale of all or a portion of our assets or that of a Trustmark group entity; investments by or in HealthFitness or other Trustmark group entities, or reorganization of assets or operations.
- For our Client contacts, to perform our contractual obligations to your employer, communicate with you and your employer about our products and services, answer questions and other requests from you, provide customer support, and communicate with you and your employer about business opportunities, including new products or services and other information we think may be of interest to you.
- For vendor contacts, to manage our contracts with your employer, to ensure we are receiving products or services appropriately and on terms most beneficial to us, for vendor management purposes, including vendor risk management.
- To facilitate transactions and payments.
- To operate and expand our business activities and evaluate, develop, and improve the quality of our products and services.
- To provide you with HealthFitness Products you requested directly, or under an agreement established with a Client, or reasonably anticipated within the context of our ongoing relationship.
- To provide you with support and to respond to your inquiries or requests, including to investigate and address your concerns.
- To facilitate transactions and payments.
- To verify your identity for security purposes.
- To create, maintain, customize, and secure user accounts on our platforms or applications.
- To tailor and improve our services to you, for analytics, and to improve functionalities.
- To engage in customized outreach regarding products and services you or the Client have requested, are eligible to receive, but are not currently utilizing, or may be of interest to you.
- To ensure your physical safety or otherwise inform health personnel in cases of medical emergency.
- For other purposes for which we obtain your consent.
Sharing your personal information
To the extent permitted by applicable law, we may share your personal information with the following categories of data recipients. We do not share your personal health information with any data recipients without your explicit consent. However, we may share personal health information in cases of emergency, where you are unable to provide consent and the disclosure is necessary to protect your life.
Our Clients
We may share personal information through agreements with Clients who deliver HealthFitness Products. Clients may include your employer, plan sponsors, your community center, or other business entity.
Service providers
We may share personal information with service providers that perform services on our behalf, and with whom we have a contractual relationship and are bound to keep your personal information confidential and use it only for the purposes for which we disclose it to them. We may also share personal information through agreements with our Clients’ service providers.
Fitness or healthcare personnel
We may share personal information with fitness or healthcare personnel in furtherance of HealthFitness Products, or where it is necessary to protect your life.
Authorized parties
We may share personal information with third parties that you affirmatively authorize, or direct us to share with, or as otherwise permitted by law.
Regulatory bodies
We may share personal information with regulators, licensing authorities, law enforcement authorities, or tax authorities.
HealthFitness’ parent company or affiliated companies of Trustmark Benefits
We may share personal information with HealthFitness’ parent company, Trustmark Benefits, or other companies affiliated with Trustmark Benefits.
Successor companies
We may share personal information with another entity acquiring all, or a portion of, our business. The information shared will remain subject to this Notice and the privacy preferences you have expressed to us. However, personal information submitted or collected after a transfer may be subject to a new privacy policy adopted by the successor entity.
Data retention
We retain personal information for only as long as is necessary, which may be for the duration of the relevant business relationship to provide you with services, receive services from you or your employer, for our own business purposes, or where required or allowed under applicable law. We may also retain personal information for longer than the duration of the business relationship should we need to retain it to protect ourselves against legal claims, use it for analysis or historical record-keeping, comply with our information management policies and schedules, or as may be permitted or required by applicable laws.
How we protect your personal information
We have implemented physical, technical, and administrative security measures designed to safeguard and protect your data from unauthorized access and use.
The security of your data also depends on you. Where we have given you, or where you have chosen, a password for access to certain parts of our website, you are responsible for keeping this password confidential. Please do not share your password with anyone. If you suspect someone else obtained access to your password, please immediately change it.
No security measures are impenetrable. We cannot guarantee the security of your personal information transmitted to us. If you choose to communicate with us by email, you should be aware that internet email is not secure. We strongly encourage you to use encrypted email when sending sensitive, personal, private and/or confidential information by email. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our websites, systems, or services.
U.S. state-specific information and privacy rights
This privacy policy is intended to comply with all applicable state privacy laws. Depending on your state of residence and/or the type of product you have with us, you may have privacy rights afforded to you.
These include, but are not limited to:- Right to access. To confirm whether we are processing your personal information and request access to it.
- Right to request correction. To correct inaccurate or incomplete personal information held by us.
- Right to request deletion. Subject to certain exceptions, to request we delete your personal information.
- Right to restrict processing. To restrict how we process personal information for purposes such as targeted advertising or profiling.
- Right to request data portability. To receive personal information in a structured format and to transmit that information to another data controller.
- Right to withdraw consent.
- Right to opt-out of profiling or automated decision-making. To opt out of the processing of personal information for profiling or automated decision-making in furtherance of decisions that produce legal or similarly significant effects concerning you.
- Right to appeal. To receive information about denials and contact information for applicable government authorities to submit a complaint.
To protect you and your personal information, we will only respond to requests after reasonably verifying a requestor’s identity or their authority to make the request. To exercise your rights, please use this form.
Please note that certain state privacy laws contain several exemptions and exceptions that apply to our company that may prevent us from honoring your request. Completion and submission of this form does not guarantee that we will fulfill your request.
How to submit a privacy rights request under U.S. state law
You may initiate a privacy rights request under the state law where you reside by using this request form or by contacting us toll-free at 866-816-1727. If you are enjoying our HealthFitness Products through one of our Clients (i.e., your employer, a community center, or their authorized representative), you should submit a privacy rights request through them, and we will assist them with responding to your request.
Verification process. To protect you and your information, we must reasonably verify that you are the person that is the subject of the request. You will be asked to provide us with your full name, the last four digits of your social security number, your birthdate (day and month), your email address, and your mailing address. If the personal information you provide is inadequate based on the sensitivity of the request, we may request additional information from you. The information you provide us with for this purpose will not be further processed. If after a good faith attempt, we cannot reasonably verify your identity, or the authority under which the request is made, we will not be able to fulfill your request.
If allowable under applicable law, and subject to limitations, you may designate an authorized agent to submit a privacy rights request on your behalf. We may request that you provide evidence that establishes the agent’s authority or may ask you and your agent to verify your identity directly with us. We will deny a request from an authorized agent that does not submit evidence that they have been authorized by you to act on your behalf.
Response timing and process. We will confirm receipt of requests within ten (10) business days. We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time or additional information to fulfill your request, we will tell you why.
- If we are unable to fulfill your request, or if we deny your request in whole or in part, we will provide you with an explanation. We may direct you to our general business practices for collecting personal information.
- Under no circumstances will we provide a requestor with a Social Security number, driver’s license number, or other government-issued identification number, financial account numbers, any health insurance or medical identification numbers, any account passwords, or any security questions and answers.
- We will use reasonable security measures when transmitting information to a requestor and will deliver data in a readily useable format.
- We are not required to retain any personal information about you that we collected for a single one-time transaction if we do not retain that information in the ordinary course of business. We are also not required to re-identify or otherwise link data that we do not maintain in a manner that would be considered personal information in the ordinary course of business.
- Where permitted under the law, we may charge you a reasonable fee to process your request.
- Please note, we may not be able to fulfill your request to delete your personal information if it falls within a legal exception, including, but not limited to retaining such information to:
- Comply with federal, state, or local laws, rules, or regulations.
- Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities.
- Investigate, establish, exercise, prepare for, or defend legal claims.
- Provide a product or service specifically requested by you; perform a contract to which you are a party, including fulfilling the terms of a written warranty, or take steps at the request of you prior to entering into a contract.
- Prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities or any illegal activity, preserve the integrity or security of systems or investigate, report, or prosecute those responsible for any such action.
- Identify and repair technical errors that impair existing or intended functionality.
- Perform internal operations that are reasonably aligned with your expectations based on your existing relationship with us.
International resident information and privacy rights
Depending on where you live, you may have additional rights afforded to you. To protect you and your personal information, we will only respond to requests after reasonably verifying a requestor’s identity or their authority to make the request. To exercise your rights, please use this form.
Changes to this Notice
We may change, update, or modify this Notice from time to time. If we make changes to this Notice, we will revise the Last Updated date identified at the top of the first page. Any changes will become effective upon our posting of the revised Notice on our websites.Online Platforms and Cookies Policy
This Policy applies to certain privacy practices while using our websites and mobile applications (“Online Platforms”). It includes the use of technologies such as cookies, beacons, tags, or similar tracking technologies (collectively, “cookies”) to collect information from individuals when using Online Platforms.
What is a cookie? Cookies are small text files placed on your browser, device, or the page you are viewing, that enables the cookie owner to recognize the device when it visits websites or uses online services.
- Session cookies are temporary bits of information that are erased once you exit your web browser window, or otherwise turn your computer off. Session cookies are used to improve navigation on websites and to collect aggregate statistical information. Trustmark websites use session cookies.
- Persistent cookies are more permanent bits of information that are placed on the hard drive of your computer and stay there unless you delete the cookie. Persistent cookies store information on your computer for several purposes, such as retrieving certain information you have previously provided (for example, passwords), helping to determine what areas of the website visitors find most valuable, and customizing the website based on your preferences. Trustmark websites use persistent cookies.
Most browsers allow you to control cookies through their settings preferences. However, if you limit the ability of websites to set cookies, you may worsen your overall user experience, since it will no longer be personalized to you. It may also stop you from saving customized settings like login information.
Why we use cookies. Trustmark uses cookies in a range of ways to improve your experience on our website(s), including:
- keeping you signed in,
- to allow for single sign on,
- understanding how you use our website, and
- improving your experience when you use our website.
Cookie choices. If you visit our websites, you consent to our use third-party cookies such as Google Analytics, which uses cookies to collect non-personally identifiable information. Google Analytics uses cookies to track visitors, providing reports about website trends without identifying individual visitors.
If you use our mobile applications, you consent to our use of Azure Application Insights, which uses telemetry data, including IP addresses to track visitors, providing reports about mobile usage, and performance trends without identifying individual visitors.
We use information received from Google Analytics and Azure Application Insights as aggregate data to help us maintain and improve our websites and mobile applications. We do not send such information to other third parties. You can opt out of Google Analytics without affecting how you visit our websites. For more information on opting out of Google Analytics tracking across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
Do not track. Some web browsers and mobile operating systems offer a “Do Not Track” setting you can activate to signal your preference not to have data about your online browsing activities monitored and collected. Currently, our Online Platforms may not recognize “Do Not Track” signals.
Children’s online privacy. We do not knowingly collect personal information online or otherwise from any person under the age of 18, and we do not offer, otherwise market or direct our products or services to any person under the age of 18. If you suspect that we have collected personal information from a person under the age of 18, please contact us.
Privacy policies and notices of other sites. Our Online Platforms may link to and from third-party websites. If you click on a link to another website, that third party’s privacy policy/notice will apply to your use of their website. We do not have control over the content or operation of these third-party sites. We recommend that you review all third parties’ terms of use agreements and privacy policies before using their websites, goods, or services.
How to contact us
If you have any questions about this Notice or the ways in which we collect or use your personal information, please contact us at:
Privacy Officer
Privacy Request
Trustmark Companies
P.O. Box 7961
Lake Forest, IL 60045-7961
Email: privacyoffice@trustmarkbenefits.com