Posted date: July 19, 2023 Effective Date: January 1, 2023
Please note any Protected Health Information collected on the Platform will be used and disclosed only in accordance with Benecard’s Notice of Privacy Practices as further set forth below.
IF YOU ARE A CALIFORNIA RESIDENT, PLEASE SEE SECTION 14 BELOW FOR ADDITIONAL PROVISIONS THAT MAY APPLY TO YOU.
- Protected Health Information.
Benecard’s use and disclosure of your information may be subject to the requirements of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”) and applicable state law. Any information that you submit to us, or that we otherwise receive, that constitutes “Protected Health Information,” as defined by HIPAA, is subject to HIPAA and applicable state law. The term “Protected Health Information” or “PHI” refers to individually identifiable health information about your past, present or future physical or mental health or condition, the provision of health care to you or the past, present or future payment for such care. If any information collected on this Platform constitutes PHI, then our Notice of Privacy Practices will apply. Information collected is retained for a minimum of ten (10) years, in accordance with our document retention policy and applicable federal and state law.
- What Information is Collected by Benecard or its Service Providers and When
When you use our mobile applications, we may collect your location information for purposes of tailoring our services for you, such as recommending a pharmacy close to you. Before we collect your location information, we will ask for your consent.
Benecard and its service providers also collect certain non-personal information, data that does not identify you as an individual person. This information tells us about how people use the Platform so that we can analyze its effectiveness and provide you with a better web experience. We collect and use this information through a variety of technologies, including “cookies” and analysis applications, as discussed below.
Server Information. The Benecard servers automatically and temporarily store the following information in the server log files. This information is provided by your browser, unless you have deactivated the function:
- IP address of the enquiring computer
- File query by the client
- The http response code
- The Internet page from which you visited us (referrer URL)
- The time of the server query
- The browser type and version
- The operating system used on the enquiring computer
The server log files are not analyzed with respect to individuals. At no time can this data be attributed to specific individuals.
The Platform gathers certain information automatically and stores it in log files. This information includes internet protocol (“IP”) addresses, browser type, operating system, internet service provider (“ISP”), referring/exit pages, date/time stamp of access, and clickstream data, and information about the content you view on the Platform. When you visit the Platform, the servers automatically log your IP address, the time and duration of your visit, and the time and duration spent on the pages of the Platform which you view. If you arrive at the Platform by clicking a paid advertisement or a link in a communication, then the server will capture information that tracks your visit from that link. If you arrive at the Platform by clicking on a non-paid source, such as a search engine result or link on another website, the server may capture information that tracks your visit from that source to the extent available.
Certain features of the Platform may use local stored objects (“Flash cookies”) to collect and store information about your preferences and navigation to, from, and on our website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
Benecard additionally may use web beacons or pixel tags, which are tiny invisible graphic images, in the Platform. Web beacons and pixel tags may be used by Benecard to count users who have visited its webpages and for related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Different Devices. If you use different devices (e.g., your smart phone, laptop, and/or home computer) to access the Platform, we may be provided with and collect device-specific information, including your hardware model, operating system version, phone number, approximate geographic location, and mobile network information.
Third-Party Analytics. We may use third-party service providers (e.g., search engines) to collect and analyze information about use of the Platform. These service providers may utilize cookies and related technologies to collect personal information.
We use three primary types of cookies:
- Functional Cookies – These cookies support the use of the website and enable certain features to enhance your experience. For example, functional cookies remember your selections as you move from page to page.
- Performance Cookies – These cookies collect information needed to support the website and our applications and allow us to identify problems and improve the website – for example, performance cookies may provide us with information about how you came to our website and how you navigate through our website.
- Targeting Cookies – These cookies may be used to collect information from you to help us improve our products and services and to serve you with targeted advertisements that we believe are relevant for you.
Clear GIFs (a.k.a. web beacons, web bugs or pixel tags), are tiny graphics with a unique identifier, similar in function to cookies. Clear GIFs are embedded invisibly on web pages. We may use clear GIFs, in connection with our website to, among other things, track the activities of visitors, help us manage content, and compile statistics about usage of the website. We and our third-party service providers also use clear GIFs in HTML emails to our client, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Some of our communications to you may contain a “click-through URL” which links to content on our website or mobile application. When you click one of these URLs, it passes information through the Benecard web server before you arrive at the destination webpage. Benecard tracks this click-through data to help determine interest in particular topics and measure the effectiveness of our communications. If you prefer not to be tracked, simply avoid clicking text or graphic links in emails you receive from Benecard.
Traffic Data. We automatically track and collect general log information when you visit our website, including your: (a) Internet Protocol (IP) address; (b) domain server; (c) operating system; and (d) type of web browser; and I the pages you visit on our website (collectively “Traffic Data“). Traffic Data does not personally identify you. We use the Traffic Data to report aggregated website activity and to better understand the needs of our users so we can make informed decisions regarding the content and design of our website. We may collect Traffic Data through various technologies including, but not limited to, cookies, IP addresses, and clear GIFs (Graphics Interchange Format, a software technology also known as a pixel tag.
In the month preceding the Last Updated date of this Policy, we have collected or received the following categories of Personal Information about consumers:
|A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name.
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80I).
|A name, address, telephone number, education, employment. Some personal information included in this category may overlap with other categories.
|C. Protected classification characteristics under California or federal law.
|Age (40 years or older), race, color, ancestry, national origin, religion or creed, marital status, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), veteran or military status.
|D. Commercial information.
|Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|E. Biometric information.
|Genetic, physiological, behavioral, and biological characteristics, such as DNA sequences, fingerprints, facial geometry, voiceprints, iris or retina scans, and sleep, health or exercise data.
|F. Internet or other similar network activity.
|Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
|G. Geolocation data.
|Physical location or movements.
|H. Sensory data.
|Audio, electronic, visual, thermal, olfactory, or similar information.
|I. Professional or employment-related information.
|Current or past job history or performance evaluations.
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
|Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
|K. Inferences drawn from other personal information.
|Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
|Sensitive Personal Information (Cal. Civ. Code §1798.100 et seq.)
- Use of Information
Benecard and its service providers (e.g., payment processors, and advertising or marketing companies) may use your personal information to provide our services and to contact you in response to inquiries you submit. Benecard and its service providers may retain and use your information for as long as needed for the following purposes:
- to confirm eligibility and enroll new members and/or employer clients
- to present our Platform and related content to you
- to provide you with information, products or services that you request from us
- to provide you with notices about your account
- to process and pay claims for your benefits;
- in combination with other information for Platform improvement and marketing and promotional purposes
- to provide more consistent and personalized services across the Platform, including to personalize our advertising, marketing, and promotional efforts
- to carry out our obligations and enforce our rights arising from any contracts entered between you and us, including for billing and collection
- to notify you about changes to the Platform or any products or services we offer or provide though it
- to allow you to participate in interactive features on the Platform
- to diagnose and fix problems with our website
- to secure our website or mobile application, and to prevent or detect criminal, unlawful, or harassing actions or conduct
- to provide any required reporting to governmental or regulator entities
- in any other way we may describe when you provide the information
- if you apply for a job, to verify previous employment and to conduct background checks (as permitted by law)
- for any other purpose with your consent.
- When Benecard Discloses Your Information
We do not sell, rent, or loan any of your Personal Information to any third party for monetary consideration. Regardless, you may notify us at our designated request address to opt-out of the sale of your information. Our designated request address for such requests is firstname.lastname@example.org. Please be aware that we will require you to verify your identity before processing any such request.
We may disclose aggregated information about our users without restriction. This data cannot be attributed to any specific individual. Benecard may disclose aggregated user data in order to describe our services to current and prospective affiliates, and to other third parties for lawful purposes.
We may share your Personal Information as follows:
- Employer Clients. We may share Personal Information of subscribers and claims-related data with our employer clients that have self-funded benefits plans.
- Insurance Carriers. We share Personal Information of subscribers and patients with insurance carriers.
- Service Providers. We may disclose Personal Information to third party vendors, contractors or agents who perform functions on our behalf or on our employer clients’ behalf (“Service Providers”). For example, we may contract with Service Providers to provide certain services, such as providing data storage and management, analytics services, marketing services, employee benefits services, payroll services, or payment services. We only provide Service Providers with Personal Information necessary for them to perform these services on our behalf. Each Service Provider must agree to use commercially reasonable security procedures and practices, appropriate to the nature of the information involved, to protect your Personal Information from unauthorized acquisition, access, use, or disclosure. Service Providers may only use the Personal Information they obtain from us or collect on our behalf to provide services to us.
- Auditors. We may disclose Personal Information to our auditors or the auditors of our employer clients.
- Affiliates. We may share contact information of our employer clients, benefits brokers, and benefits advisors with our affiliates.
- Business Transfers. If we are acquired by, or merged with, another entity, if substantially all of our assets are transferred to another entity, or as part of a bankruptcy proceeding, or if we are evaluating or in negotiations with respect to any such transaction, we may transfer, or make available, the Personal Information we have collected from you to the other entity or resulting legal entity.
- Legal Process. On rare occasions, we also may disclose the Personal Information we collect from you: a government investigation, a judicial proceeding, a court order, or other legal process (such as in response to a subpoena); or to respond to discovery requests or present evidence in a legal proceeding in which we are involved. Information collected may also be used to investigate security breaches or otherwise corporate with the authorities. Additionally, we may also share information with companies assisting in fraud protection or investigation.
- Aggregated and De-Identified Information. We may share aggregate or de-identified Personal Information with our service providers and/or affiliated companies for marketing, advertising, research, or similar purposes.
- Regulators. We may disclose the Personal Information we collect to comply with applicable laws and regulations, to provide required reports to regulators, and to respond to inquiries or investigations by regulators.
- Job Applications. If you apply for a job position, some of your Personal Information may be shared with third parties in order to confirm your education, work history, and references, and to obtain background checks and credit reports if permitted by law.
- How Your Information is Protected
Benecard has implemented reasonable physical, technical, and organizational safeguards to help protect your personal information from unauthorized access, acquisition, or disclosure, alteration, or destruction. Although we strive to keep your personal information secure, no safeguards can be guaranteed to be completely secure and we cannot guarantee that unauthorized access, theft, or loss of data will not occur. Thus, you should exercise caution when transferring personal and other sensitive information over the internet, including in email communications.
Please advise us immediately at email@example.com or at the address listed below of any incident involving the loss of or unauthorized access to or disclosure of personal information that is in our custody or control. If your communication contains sensitive information and you would prefer not to submit this information online, please contact us at 1-877-920-5740.
- Third-Party Sites
The Platform may contain links to other websites. Please note that when you click on one of these links, you will leave the Platform and will be subject to the policies and privacy practices of the other websites, which may differ significantly. You should review the policies of other websites you visit to make sure you understand the information that they may collect, use, and share. Benecard is not responsible for the content, technology, security, or practices of linked sites operated by others, or for your use of linked sites. Please review third parties’ privacy policies before providing any Personal Information to them.
We me no representation or warranties, expressed or implied, regarding the content of any of these linked websites or platforms. WE EXPRESSLY DISCLAIM ANY AND ALL LIABILITY FOR YOUR INTERACTION WITH SUCH THIRD-PARTY WEBSITES OR PLATFORMS.
- Children’s Privacy
The Platform is not aimed at or intended for children under the age of thirteen (13). We do not knowingly collect information from children under the age of thirteen through the Platform. If we obtain actual knowledge that we have inadvertently collected personal information from a child under the age of thirteen, we will delete that information from our records. If you believe we might have any information from a child under the age of thirteen or that your child has provided personal identifiable information without your consent, please contact us at firstname.lastname@example.org.
Please note that emancipated minors and minors, under applicable law, are treated the same as adults for purposes of collection and access to health information.
- Applicable Law
If you access the Platform from outside the United States, please be aware that by using our Platform in this manner, you are consenting that your personal information may be transferred to, stored in, and processed in the United States. Certain governmental authorities may not consider the level of protection of personal information in the United States to be .
- Do Not Track
“Do Not Track” is a privacy setting that you may set in your web browsers. If turned on, this setting requests that websites not track information about users. Currently, we do not respond to “Do Not Track” browser settings or signals.
- Review, Modify, or Delete Your Information
You can review and change your personal information by contacting your employer’s benefits office. You may update your email address or username by logging onto the Benecard PBF Platform and visiting your account on www.benecardpbf.com or by contacting Benecard PBF at email@example.com or 1-877-920-5740.
If you request that your account information, be deleted or if you unsubscribe from communications, we may maintain information about your transactions or inquiries for future service and recordkeeping purposes. In some circumstances, a change in or withdrawal of consent may severely limit our ability to provide you information, products, or services. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
- Choice of Law, Jurisdiction, and Venue
- California Residents
This Section provides additional provisions that apply to residents of California. In the event of a conflict between this Section and the remainder of this Policy, this Section shall take precedence for California residents. The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA) (effective January 1, 2023). California’s “Shine the Light” law, and the California Online Privacy Protection Act provide consumers who are California residents with specific rights regarding their Personal Information.
Right to Information. Subject to certain limits, you may ask us to provide the following information for the twelve-month period preceding your request:
- The categories of Personal Information we collect about you;
- The categories of sources from which the Personal Information was collected;
- The business or commercial purpose for collecting the Personal Information;
- The categories of third parties with whom we share the Personal Information;
- If we shared or disclosed Personal Information for business purpose, a list of the disclosures including the Personal Information categories that each category of recipient received; and
- The specific pieces of Personal Information we collected about you.
Right of Correction. You have the right to ask us to correct inaccurate Personal Information, taking into account the nature of the personal information and the purposes of the processing of the personal information.
Right to Delete. You have the right to ask us to delete any Personal Information that we have collected about you, subject to certain limitations as set forth under CCPA. Your deletion request may be denied if the information is necessary to:
- Complete transactions for which the personal information was collected
- Fulfill warranty terms or product recall
- Provide a good or service requested by the consumer, reasonably anticipated by the consumer within the context of an ongoing business relationship with the consumer, or otherwise perform a contract with the consumer
- Help ensure security and integrity to the extent use of the consumer’s personal information is reasonably necessary and proportionate
- Debug to identify and repair errors that impair existing intended functionality
- Exercise free speech or another right provided by law
- Comply with the California Electronic Communications Privacy Act
- Engage in public or peer-review scientific, historical, or statistical research if the consumer has provided informed consent
- To enable solely internal uses that are reasonably aligned with consumer expectations
- Comply with legal obligations (such as record retention requirements under HIPAA or applicable federal or state law)
Right of Portability. You have the right to request your personal information by mail or electronically without charge and in readily usable format that allows you to transmit the information from one entity to another entity without hindrance.
Right to Opt-Out. You have the right to direct us to not share your personal information, unless sharing is necessary to, among other things, provide a good or service you requested, take actions reasonably anticipated in the context of business relationship with you, perform a contract we have with you, detect and protect against security incidents or illegal activity, exercise a right provided for by law, or comply with a legal obligation under HIPAA or applicable state law.
Right to Limit Use and Disclosure. You have the right to direct that, if we collect sensitive personal information, we limit its use of your sensitive personal information to that use, which is:
- Necessary to perform the service or provide the goods reasonably expected by an average consumer who requests those goods or service
- Necessary for business purposes including:
- Ensuring security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes
- Short-term, transient use provided that the consumer’s personal information is not disclosed to another third party and is not used to build a profile about the consumer
- Servicing accounts, providing customer service, fulfilling order, and other similar services on behalf of the business
- Undertaking activities to verify or maintain or enhance the quality of safety of a service or device owned by the business
Right to Nondiscrimination or Retaliation. We will not discriminate or retaliate against you if you exercise your privacy rights under California law, including by:
- Denying you goods or services.
- Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Providing you a different level of quality of goods or services.
- Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, the CCPA permits us to offer you certain financial incentives that can result in different prices, rates, or quality levels, which are related to your Personal Information’s value. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time. At this time, we do not offer any financial incentives in exchange for Personal Information.
Submission of Requests Regarding Your Rights. If you are a California resident, you may submit a request regarding any of the rights outlined above by:
Calling us at 1-888-907-0070 (TDD: 888-907-0020) and ask to speak with the privacy officer.
Emailing us at firstname.lastname@example.org – please provide your name, telephone number, and type of request (that is, a request for categories of information, a request for specific pieces of information, and/or request to correct, delete, opt-out, etc.).
To protect your privacy and security, we will also take reasonable steps to verify your identity before providing your Personal Information and before deleting your information, only you or someone legally authorized to act on your behalf may make a verifiable request related to your Personal Information. If you want to authorize someone else to make a request on your behalf, please contact us at email@example.com and provide your name, telephone number, the name of the person you want to authorize to make a request, and the type of request the person is authorized to make (that is, a request for categories of information, a request for specific pieces of information, and/or request to delete). We will contact you if we need more information.
We may deny your request as permitted or as required by law, if we are unable to verify your identity or the authenticity of the request, or if an agent makes the request on your behalf, if we are unable to verify their identity or proof of their authorization. We will inform you of the reason(s) we are unable to comply with your request(s).
Response to Requests.
We do not charge a fee to respond to your request unless it is excessive, repetitive (more than twice in a twelve-month period), or manifestly unfounded. We generally will respond to your request within forty-five days (45) of its receipt. If more time is needed to respond, we will inform you of the reason(s) and the extension period, which may take up to an additional forty-five (45) days, to respond.
Benecard Services, LLC
3131 Princeton Pike
Building 5, Suite 105
Lawrenceville, NJ 08648
Customer Service: 1-877-920-5740 or firstname.lastname@example.org