Good2BeBack (G2BB, LLC) Privacy Policy

Please Read Carefully

This Online Privacy Policy describes the information G2BB LLC, and its affiliates, authorized service providers, and agents (collectively, the “Company” “us” or “we” or “our”) collect in connection with your use of the Good2BeBack, G2BB, or COMPLETE Health Pass websites (collectively, the “Site”), mobile applications (the “App”), and all other Good2BeBack-related services (the “Services”), how we use and share that information, and the privacy choices we offer.

You have downloaded the App and registered with Good2BeBack for your personal use of the App and your use with one or more Sponsors and/or Projects who you may elect to “join” using the functionality of the App or the Site:

  • Sponsor. As described in the Terms of Service, you may elect to be associated with your employer, educational institution, or other specified sponsor (a “Sponsor” via the Link Me functionality) in the App or Site if such potential Sponsor is a Good2BeBack participating Sponsor. If you previously downloaded the App and registered with Good2BeBack for your use with one particular Sponsor (whether your employer or school), you are continuing to use the Services with your previously associated Sponsor until such time as you (if permitted by your Sponsor) or your Sponsor chooses to disassociate such connection. After disassociation (“unlink”) with a Sponsor you may continue to use the App with other Sponsors, Projects, and Good2BeBack Participating Businesses selected by you.
     

This policy applies to information that we collect when:

  • you access the App, Site, or Services; and

  • you access the Site not through or logged into your Good2BeBack account, including if you are accessing the Site without having registered with Good2BeBack.
     

Use of this App is not a healthcare benefit and is not the provision of healthcare services.

Changes to this Online Privacy Policy

We may change this Online Privacy Policy from time to time. If we make changes, we will notify you by posting the updated policy on our Site and revising the “Last Updated” date below. We encourage you to review this Online Privacy Policy whenever you use the Services to stay informed about our information practices and ways you can help protect your privacy.

Confidentiality of Medical Information

If your Sponsor has subscribed for certain lab testing reporting services, then in using the App, Site, or Services, you may be directed to visit a healthcare provider for lab testing or take a home test provided by a testing laboratory (each a “Lab Test” and such provider or testing laboratory, a “Testing Lab”). Certain health information that you disclose to the Testing Lab may be protected health information or, for a provider at your educational institution’s facility, subject to educational privacy laws. Please review the provider’s HIPAA Notice of Privacy Practices or your Sponsor’s Annual Notification of Rights under the Family Educational Rights and Privacy Act (“FERPA”) to learn more about their privacy practices regarding your health information. However, once your health information, such as lab results and diagnosis, is disclosed to us, our Site, or our Services, that information will no longer be protected by HIPAA.

Use of App, Site, and Services

Your access to and use of the App, Site, and Services are subject to, and conditioned upon, certain terms and conditions as set forth in our Terms of Use, in which this Online Privacy Policy is hereby incorporated by reference.

 

Collection of Information

Information We Collect About You

We collect information about you when you use our App, Site, and Services, which may include:

  • Your Account Registration Information.

    • Your name;

    • your email address that you choose to be associated with your account (as opposed to an email address that we may collect with respect to a specific Sponsor as described below); and

    • your phone number;

    • your address;

    • your gender (if you choose to disclose it);

    • your DOB;

    • Your ID type, number and expiration date.

  • Sponsor Registration Information. When you associate with a Sponsor in the App or on the Site, you may be required to enter certain information applicable to such Sponsor (“Sponsor Registration Information”) such as:

    • your work or school email address associated with such Sponsor;

    • your worksite or campus location; and

    • your employee or student ID (which identifies you to your Sponsor and which your Sponsor may have provided to you to enter into Good2BeBack when associating with the Sponsor).

 

Alternatively, we may collect some or all Sponsor Registration Information from the Sponsor and/or the Sponsor may directly update such Sponsor Registration Information with Good2BeBack from time to time.

If you choose to disassociate from Sponsor in Good2BeBack, or Sponsor chooses to disassociate from you in Good2BeBack, then you will no longer have access to Sponsor Registration Information. We may continue to provide Sponsor access to or delete such Sponsor Registration Information and historical infectious disease symptom information, test results or vaccination information (described below under “Sharing of Information”) collected during that period, in Sponsor’s discretion.

  • Symptom Responses and Status.

    • ongoing Symptom Responses, for COVID-19 or Other Infectious Diseases,

    • whether you are “cleared” by Good2BeBack for purposes of returning to work or school based solely on your Symptom Responses and any Test Results and

    • if you are in a self-quarantine period at home under the Sponsor’s protocols, then the remaining number of days in such quarantine period.

  • Lab Tests. In addition, if you input lab test results yourself or if your Sponsor subscribes to integrated lab tests, and you take such a Lab Test, we may collect lab results from you or the Testing Lab.

  • Device Information. We may automatically collect certain information about the computer or devices (including mobile devices) that you use to access the Services. For example, we may collect and analyze information such as (a) operating system and the state or country from which you accessed the App, Site, or Services and, when you access the Site, IP address, browser type, and browser language; and (b) information related to the ways in which you interact with the App, Site, or Services, such as: referring and exit pages and URLs, platform type, the number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the App, Site, or Services, the frequency of your use of the App, Site, or Services, error logs, and other similar information. We also may use third-party website analytics services in connection with the App, Site, or Services, including, for example, to register mouse clicks, mouse movements, scrolling activity and text that you type into the website or mobile application. These website analytics services only collect limited personal information, such as IP address. Such Personal Information may only be used by these vendors to perform analytics services for us. We use the information collected from these services to help make the website easier to use.
     

Use of Information

We use the information that we collect for the following purposes:

  • For the purposes for which you provided the information, including to share Symptoms, Test Results and/or Vaccination information pertaining to any Infectious Disease and related information with the Sponsor(s), and Good2BeBack Participating Business you choose to join and share such information as described below under Sharing of Information;

  • To provide, maintain, administer, improve, or expand the App, Site, or Services;

  • To contact you when necessary or requested in performing the Services;

  • To customize and tailor your experience of the App, Site, or Services;

  • To send you news and information about the App, Site, or Services, including Projects that may be of interest to you;

  • To track and analyze trends and usage in connection with the App, Site, or Services;

  • To better understand who uses the App, Site, or Services and how we can deliver a better user experience;

  • To use statistical information that we collect in any way permitted by law;

  • To prevent, detect, and investigate security breaches, fraud, and other potentially illegal or prohibited activities;

  • To enforce the legal terms that govern your use of the App, Site, or Services;

  • To generate aggregate or de-identified data (that is not personally identifiable) and use such aggregate or de-identified data as described below;

  • To administer and troubleshoot the App, Site, or Services; and

  • For any other purpose disclosed to you in connection with the App, Site, or Services.

 

We may use third-party service providers to process and store personal information. The Good2BeBack platform production environment that is used to provide you the Services operates solely on our or our vendors’ servers located in the United States.

 

Aggregate or De-identified Data

We may generate or derive aggregate and/or anonymized, non-personally identifiable information from information collected by the App, Site, or Services or via other means so that the information is not intended to identify you. We may use and disclose such non-personally identifiable information:

  • to provide the Services, keep the Services secure and up to date, and improve the Services; in each case, in accordance with applicable laws and regulations.

 

Sharing of Information

We may share personal information about you as follows:

  • Shared with Sponsors. We may share the following information with your Sponsor to support your and your Sponsor’s decision-making, including regarding ready-to-work or return-to-school status:

    • Your name;

    • your email address that you choose to be associated with your account (as opposed to an email address that we may collect with respect to a specific Sponsor as described below); and

    • your phone number;

    • your address;

    • your gender (if you choose to disclose it);

    • your DOB;

    • Your ID type, number and expiration date.

    • Your ongoing Infectious Disease symptoms, test results, and/or vaccination statuses;

 

Symptom, test results and vaccination status information such as but not limited to:

  • when you made such Infectious Disease symptom self-attestations (or whether you have not);

  • when you have added any Infectious Disease test results;

  • when you have added any Infectious Disease vaccine information

  • whether you are “cleared” by Good2BeBack for purposes of returning to work based solely on your Symptom Check Responses and any Test Results (determined in part based on Center for Disease Control guidelines); and

  • if you are in a self-quarantine period at home under your Sponsor’s protocols, then the remaining number of days in such quarantine period.

 

If you elect to disassociate from a Sponsor in Good2BeBack using the functionality in the App, or if your Sponsor elects to disassociate from you in Good2BeBack, then we will cease providing any newly collected information collected from you to the Sponsor after the date of such disassociation, but we may continue to provide the Sponsor historical information described above collected prior to such disassociation.

  • Shared with Good2BeBack Participating Businesses. When and if made available in the Service, we may enable you to, solely in your discretion:

    • Visually show the “Good2BeBack Allowed” screen on your App to a participating Good2BeBack business or person who requests evidence of your health status (a “Good2BeBack Participating Sponsor or Business”); and/or

    • otherwise electronically transfer your current health status and related health status information, including, if any, recent Lab Test results to such Good2BeBack Participating Business.

  • With third-party service providers to provide, maintain, and improve the App, Site, or Services, including service providers who access information about you to perform services on our behalf;

  • In connection with, or during the negotiation of, any merger, sale of company stock or assets, financing, acquisition, divestiture or dissolution of all or a portion of our business (but only under non-disclosure and confidentiality agreements and protections);

  • If we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request; to enforce applicable user agreements or policies; to protect the security or integrity of the App, Site, or Services; and to protect us, our users or the public from harm or illegal activities;

  • We may also share your personal information in other ways with your consent; and

  • We may also share aggregated and/or anonymized, non-personally identifiable information with third parties as described above under Aggregate or Anonymous Data.
     

Security

We take reasonable measures, including administrative, technical, and physical safeguards, to help protect personal information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, Company cannot ensure or warrant the security of any information you transmit to us or from our App, Site, Services, or other online products or services, and you do so at your own risk.

 

To protect our users’ personal information (PI), Good2BeBack servers are configured using encrypted Amazon Web Services (AWS) for data that is both in motion and at rest and all public access is blocked via secure firewalls.  At each login (web app and mobile apps) all system users must have a valid user name and password and must enter a two-factor authentication code in order to complete their login.  Email attachments are password protected PDF files that require users to enter a separate, customized password to access them.  Access logs are available for System Administrators, which provide information as to who accessed user PI / PHI, and when. 

 

Data Retention

Good2BeBack retains personal information (PI) for “as long as necessary” to (a) provide our services; (b) comply with legal obligations; (c) resolve disputes; and (d) enforce the terms of customer agreements.  The term “as long as necessary” is defined as: “while a user’s account is active and there have been no deletion requests; however, if a user’s account is inactive for a period of one year, then Good2BeBack will permanently delete the user’s data."

 

Data Deletion

When you terminate your Good2BeBack account, you may request that we remove from our databases any personal information we maintain about you. You may request removal of your personal information as described in this paragraph by contacting us via email at wecare@good2beback.com, and we will honor your request, except that we may retain limited information so we can comply with your request not to be contacted in the future.  Upon receipt of your email, your data will be deleted within 30 days unless we must comply with aforementioned reasons in our Data Retention section of this privacy policy.

 

Your Privacy Choices

How You Can Access and Update Your Information

You may update or correct information about yourself at any time or by emailing us at wecare@good2beback.com

 

Cookies

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject cookies; however, the App, Site, or Services may not function properly if you do so.

 

Links to Other Websites

The App, Site, or Services may contain links to other websites and those websites may not follow the same privacy practices as Company. We are not responsible for the privacy practices of third-party websites. We encourage you to read the privacy policies of such third parties to learn more about their privacy practices.

 

Children

Company does not knowingly collect or maintain personally identifiable information from persons under 13 years of age unless your Sponsor is a K-12 school and we have obtained the consent of such school or school district (or parent, as applicable). If you are under 13 years of age, then please do not use the App, Site, or Services, unless your school or school district asks you to. If Company learns that personally identifiable information of persons under 13 years of age has been collected without consent of the student’s school or school district, then Company will take the appropriate steps to delete this information. To make such a request, please contact us at wecare@good2beback.com    

 

Your California Privacy Rights

If you are a California resident, please review the following additional privacy disclosures under the California Consumer Privacy Act of 2018 (CCPA).

PI does not include:

  • De-identified or aggregated consumer information

  • Publicly available information from government records

  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data

  • PI covered by other privacy laws, including: The Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA), the California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994

 

Categories of Sources of PI

We obtain the categories of PI listed above from:

  • You or your authorized agent,

  • Service providers,

  • Our affiliates,

  • Publicly available information, or

  • Activity on our apps and websites

The collections from these sources can occur online, in person, paper or other electronic means.

 

Why We Collect PI
We collect your PI for one or more of the following business purposes:

  • To communicate with you

  • To personalize services for you

  • To perform analytics and to improve our products

  • To protect someone’s health, safety, or welfare

  • To provide information to your Sponsor as described above

  • As otherwise necessary or useful for us to conduct our business, so long as such use is permitted by law

 

In the preceding twelve (12) months, we have not sold any PI.
Third parties are not allowed to use or disclose your PI other than as specified in our contract and as permitted by law.

If we seek to use your PI for a materially different purpose than we previously disclosed in this notice, we will notify you and will not use your PI for this new purpose without your explicit consent.

 

Your Rights

  1. You have the right to request that we disclose certain information to you about our collection and use of your PI over the preceding twelve (12) months prior to your request. Once we receive and confirm your verifiable consumer request, we will disclose to you:

    • What PI we collect about you

    • Where and from whom we collect PI about you

    • Our business purpose for collecting PI about you

    • The types of third parties with whom we share your PI

    • The specific pieces of PI we collect about you (however, we will not disclose your actual Social Security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an account password, or security questions and answers)

    • The types of PI that we disclosed about you for a business purpose, and the categories of third parties to whom we disclosed your PI

  2. You have the right to be informed about the PI that we collect about you at or before we collect it. This is that notice.

  3. You have the right to request that we delete any[Office1]  PI about you that we have. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why.

  4. You will not be discriminated against or penalized for exercising your CCPA rights to your PI. We will honor your rights, and unless permitted by the CCPA, we will not:

    • Deny you services,

    • Charge you different prices or rates for services,

    • Impose penalties, or

    • Provide you with a different level or quality of services.

 

How to Exercise Your Rights

  • You can submit requests for information about your PI by calling us at  800-458-4020 or emailing us at wecare@good2beback.com

  • You may be required to submit proof of your identity for these requests to be processed.

  • We will not be able to comply with your request if we are unable to confirm your identity.

  • You may designate an authorized agent to make a request on your behalf subject to proof of identity and authorization.

 

Timing

  • Our responses to any of your requests for the information described above will be limited to information that we have collected in the preceding twelve (12) months before our receipt of your verified request.

  • You will receive our response to your request within 45 days of your request, unless we provide you with notice that it will take more than 45 days to respond (in that case, we won’t take more than 90 days to respond).

 

No Rights of Third Parties

This Online Privacy Policy does not create rights enforceable by third parties.

 

How to Contact Us

Please contact us with any questions or concerns regarding this Online Privacy Policy at:

Good2BeBack (G2BB, LLC)
800-458-4020
wecare@good2beback.com

 

Last updated on February 19, 2021.

© 2021 G2BB, LLC. All rights reserved.

 

The Good2BeBack app (aka COMPLETE Health Pass) and its administrative portal are not intended to provide medical advice to the Sponsor or its employees or students, and the Sponsor is solely responsible for seeking independent advice and making, in its own judgment, a determination of what the Sponsor’s own return-to-work or return-to-campus policies and practices will be. Good2BeBack is designed as a means for the Sponsor to administer such policies and practices, but not as a recommendation of what those policies and practices should be. Good2BeBack relies on self-reported data supplemented, when such functionality is subscribed for, by the results of third-party tests, and does not provide any relevant data when the employee or student is asymptomatic with no symptoms of illness and there are no test results (beyond the absence of self-reported symptoms).