Effective Date: September 1, 2020
Updated: February 2, 2021
When you visit the Sites or contact us through our website, we collect your Personal Data as the data controller. When we collect your Personal Data because our Customer has provided you with credentials to use our Platform, we collect your Personal Data as a service provider to the Customer and as a data processor. For more information about our role as a service provider to our Customers, please see the section titled “CoFi Customers” below.
Terms and Conditions.
By accessing or using the Sites in any manner, you also agree to be bound by CoFi’s Terms and Conditions (the “Agreement”), accepted at the time you create your CoFi user account. Please read the Agreement carefully. If you do not accept all of the terms and conditions contained in or incorporated by reference into the Agreement, you cannot use the Sites.
Information We Collect.
We collect information, including personal data, to provide better services to all our Users. We use the term “Personal Data” to refer to any information that identifies or can be used to identify you. Common examples of Personal Data include: full name, email address, digital identity, such as a login name or handle, information about your device, and certain metadata.
When you use our Services, we collect Personal Data in the following ways:
1. Information You Give to Us
• Website Visitors
You may choose to provide us with Personal Data about yourself, including your name, organization name, title, phone number and email address by completing forms on our website. You may also provide us with Personal Data about yourself when you report a problem or have a question about our services.
When you visit our website, we collect certain information automatically, such as your operating system version, browser type, and internet service provider. We also collect information about your interaction with the Services, such as creating or logging into your account, when you use our Site, we automatically collect and store this information in service logs. This includes: details of how you used our Site; Internet protocol address; cookies that uniquely identify your browser, the referring web page and pages visited. We may also collect and process information about your actual location.
• Customer End User
If you are a User of the CoFi platform, you or your employer may provide your contact details, such as an email address, in order for you to access a CoFi account. As part of your business relationship with us, we may also receive financial and Personal Data about you or your company, such as your company’s bank account information and the SSN or EIN of the account administrator. For more information about the types of information we process in our role as a service provider to our Customers, please see the section titled “CoFi Customers” below.
2. Other Information We Obtain from Your Use of Our Services
We also use these technologies to collect and store information when you interact with services from our partners, such as advertising services. These technologies record information about your use of our Sites, including:
• Browser and device data, such as IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons and the language version of the Sites you are visiting;
• Usage data, such as time spent on the Sites, pages visited, links clicked, language preferences, and the pages that led or referred you to our Sites.
We also collect information about your online activities on websites and connected devices over time and across third-party websites, devices, apps and other online features and services. We use Google Analytics on our Sites to help us analyze your use of our Sites and diagnose technical issues.
How We Use Personal Data.
a. Our products and services. We rely upon a number of legal grounds to ensure that our use of your Personal Data is compliant with applicable law. We use Personal Data to facilitate the business relationships we have with our Customers and their Users, to comply with our legal obligations, and to pursue our legitimate business interests.
b. Marketing and events-related communications. We may send you email marketing communications about CoFi products and services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided that we do so in accordance with the consent requirements that are imposed by applicable law. For example, when we collect your business contact details through our participation at trade shows or other events, we may use the information to follow-up with you regarding an event, send you information that you have requested on our products and services and, with your permission, include you on our marketing information campaigns.
We use information collected from cookies and other technologies, to improve your User experience and the overall quality of our services. We may use your Personal Data to see which web pages you visit at our Site, which web site you visited before coming to our Site, and where you go after you leave our Site. We can then develop statistics that help us understand how our visitors use our Site and how to improve it. We may also use the information we obtain about you in other ways for which we provide specific notice at the time of collection.
d. Non-Personal and Aggregate Site Use Information. CoFi may compile and share information collected through its website and platform in aggregated form or in de-identified form so that it cannot reasonably be used to identify an individual (“De-Identified Information”). We may disclose such De-Identified Information publicly and to third parties, for example, in public reports about exercise and activity. CoFi may also disclose De-Identified Information for general research purposes and in research collaborations with third parties, such as universities, hospitals or other laboratories to determine the prevalence of particular conditions among Users or to determine whether a User might be suitable for research or clinical trials. CoFi may also use De-Identified Information for commercial collaborations with private companies for purposes such as product design or enhancement of Services.
How We Disclose Personal Data.
CoFi does not sell or rent Personal Data to marketers or unaffiliated third parties. We share your Personal Data with trusted entities, as outlined below.
a. CoFi. We share Personal Data with other CoFi entities in order to provide our Services and for internal administration purposes.
b. Service providers. We share Personal Data with a limited number of our service providers. We have service providers that provide services on our behalf, such as identity verification services, website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, and auditing services. These service providers may need to access Personal Data to perform their services. We authorize such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are located in the United States of America.
c. Business partners. We share Personal Data with third party business partners when this is necessary to provide our Services to our Users. Notably, this includes third party payment processing companies.
f. Compliance and harm prevention. We share Personal Data as we believe necessary: (i) to comply with applicable law, or payment method rules; (ii) to enforce our contractual rights; (iii) to protect the rights, privacy, safety and property of CoFi, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
Your Failure to Provide Personal Data.
Your provision of Personal Data is required in order to use certain parts of our Sites and Services. If you fail to provide such Personal Data, you may not be able to access and use our Services.
Your Rights and Choices.
You have choices regarding our use and disclosure of your Personal Data:
a. Opting out of receiving electronic communications from us. If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our Services.
b. How you can see or change your account Personal Data. If you would like to review, correct, or update Personal Data that you have previously disclosed to us, you may do so by signing in to your CoFi account or by contacting CoFi.
c. Requests to Change or Delete Information. Whenever you use our Services, we aim to provide you with choices about how we use your Personal Data. We also aim to provide you with access to your Personal Data. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. Subject to applicable law, you may obtain a copy of Personal Data we maintain about you or you may update or correct inaccuracies in that information by contacting us. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information. In addition, if you believe that Personal Data we maintain about you is inaccurate, subject to applicable law, you may have the right to request that we correct or amend the information by contacting us as indicated in the How to Contact Us section below. You may update or correct information about yourself by emailing us at privacy@CoFimd.com. If you completely delete all such information, then your account may become deactivated. We may retain an archived copy of your records as required by law, to comply with our contractual or legal obligations, to resolve disputes, to enforce our agreements or for other legitimate business purposes. We may contact you to request that you update your Personal Data on a regular basis to ensure its integrity for the purposes of ongoing data management.
We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse. Your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately.
We retain your Personal Data as long as we are providing the Services to your company. We retain Personal Data after we cease providing Services directly or indirectly to you, even if you close your CoFi account or complete a transaction with a CoFi Customer, to the extent necessary to comply with our legal and regulatory obligations, and for the purpose of fraud monitoring, detection and prevention. We also retain Personal Data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods that we support. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
Direct Marketing and “Do Not Track” Signals.
CoFi does not track its users over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser may include controls to block and delete cookies, web beacons and similar technologies, to allow you to opt out of data collection through those technologies.
California residents are entitled to contact us to request information about whether we have disclosed Personal Data to third parties for the third parties’ direct marketing purposes. Under the California “Shine the Light” law, California residents may opt-out of our disclosure of Personal Data to third parties for their direct marketing purposes. You may choose to opt-out of the sharing of your Personal Data with third parties for marketing purposes. To make such a request you should send (a) an email to privacy@CoFimd.com with the subject heading “California Privacy Rights,” or (b) a letter addressed to CoFi, Inc., 23 Water Street, Suite 301, Holliston, MA 01746. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California privacy rights requirements and only information on covered sharing will be included in our response. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph.
Use by Minors.
The Site and Services are not directed to individuals under the age of thirteen (13). If you are under the age of 13 (or a minor in the jurisdiction in which you are accessing our Sites or Services), do not use the Services, or make purchases via the Services, use any interactive features of the Services, or post any Personal Data to our Sites or submit any Personal Data via the Services. We do not knowingly or intentionally gather Personal Data about children who are under the age of 13. If a child has provided us with Personal Data, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe that we might have any information from a child under age 13 in the applicable jurisdiction, please contact us privacy@CoFimd.com. If we learn that we have inadvertently collected the Personal Data of a child under 13, we will take steps to delete the information as soon as possible and cease the use of that information in accordance with applicable law.
• CoFi Customer Information. We collect information about individuals within our CoFi Customer organization (“Customer Information”). Customer Information may include information related to the Customer’s account, name, work email address, work phone number, job title or similar kinds of information. We use Customer Information to support the Customer account, maintain our business relationship with the Customer, respond to Customer inquiries, or perform accounting functions. CoFi Customers may update Personal Data and passwords by logging into the CoFi Platform and updating their account. CoFi Customer may contact CoFi support in order to delete their Personal Data. In some cases, we may not be able to delete Customer Information, and in such cases we will tell you why.
• Information about our Customers’ Contacts. We collect information about any contacts, such as practice groups, employees, insured parties, and others, that may be uploaded into the CoFi Platform (“Information about our Customers’ Contacts”). Information about our Customers’ Contacts may include name, e-mail address, phone number, job title, or similar kinds of information. We use Information about our Customers’ Contacts for the purposes of providing Services to such contacts. CoFi Customers may update or delete Information about their contacts in the CoFi Platform. CoFi Customers may also contact CoFi support in order to update and delete such information. In some cases, we may not be able to delete such information, and in such cases we will tell you why.
• Archival Information. We collect User information for archival purposes on behalf of, and as directed by, our CoFi Customers for the purpose of improving health management. This information may include User Personal Data, User communications, among other forms of data or electronic communications (“Archival Information”). Our CoFi Customer’s privacy policies or practices apply to Archival Information, the purposes for which the CoFi Customer collects Archival Information, how the CoFi Customer may use Archival Information and what choices the individual may have with respect to Archival Information. Individuals must contact the applicable CoFi Customer in order to correct, amend, or delete their information, or to opt out of any collection, uses or disclosure of their information by our CoFi Customer.
• Automatically Collected Information. We collect information automatically about how our CoFi Customer use our services (“Automatically Collected Information”). We do this via data collection technologies such as cookies, web beacons, gifs or other tracking technologies. We collect this information in order to monitor, support and improve our services or to provide CoFi Customers with certain customized features. We may use Automatically Collected Information to tell us how our CoFi Customer s use our services, to improve our services or develop new products, services or features. We may combine this information with other information we collect.
We treat Customer Information, Information about our Customer’s Contacts, Archival Information and Automatically Collected Information as the confidential and proprietary information of our CoFi Customer, subject to the terms of the CoFi Terms and Conditions and any other service agreement between CoFi and the Customer. We do not share Customer Information, Information about our Customer’s Contacts, Archival Information or Automatically Collected Information with third parties unless directed to do so by our Customer, as may be necessary to provide services to the Customer, to our advisors, affiliates, representatives, agents, service providers, in connection with a business transaction (such as a merger or sale), as allowed under the terms of our agreement with our Customer, or in response to a court order, subpoena, warrant or to comply with a legal requirement or to cooperate with an investigation. We may disclose Customer Information, Information about our Customer’s Contacts, Archival Information or Automatically Collected Information for the aforementioned reasons, or in order to protect our rights or the rights of our affiliates, CoFi Customer, business partners or service providers.
We will retain Customer Information we process on behalf of our CoFi Customers for as long as needed to provide services to our Customer, or for the period of time requested by a particular Customer.
Links To Other Websites.
The Services may provide the ability to connect to other websites. These websites may operate independently from us and may have their own privacy notices or policies, which we strongly suggest you review. If any linked website is not owned or controlled by us, we are not responsible for its content, any use of the website or the privacy practices of the operator of the website. Our inclusion of links to such websites does not imply any endorsement of the material on such websites or any association with their operators. Further, it is up to the User to take precautions to ensure that whatever links the User selects or software the User downloads (whether from this Site or other websites) is free of such items as viruses, worms, trojan horses, defects and other items of a destructive nature. These websites and services may have their own privacy policies, which the User will be subject to upon linking to the third party's website. CoFi strongly recommends that each User review the third party's terms and policies.
How to Contact Us.
Via e-mail: privacy@CoFimd.com
By writing to us:
23 Water Street, Suite 301
Holliston, MA 01746