Last updated 12/7/2020
Please note any Protected Health Information collected on the Platform will be used and disclosed only in accordance with Benecard’s Notice of Privacy Practices as further set forth below.
IF YOU ARE A CALIFORNIA RESIDENT, PLEASE SEE SECTION 12 BELOW FOR ADDITIONAL PROVISIONS THAT MAY APPLY TO YOU.
1. Protected Health Information.
Benecard’s use and disclosure of certain of your information may be subject to the requirements of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”) and applicable state law. Any information that you submit to us, or that we otherwise receive, that constitutes “Protected Health Information,” as defined by HIPAA, is subject to HIPAA and applicable state law. The term “Protected Health Information” or “PHI” refers to individually identifiable health information about your past, present or future physical or mental health or condition, the provision of health care to you or the past, present or future payment for such care. If any information collected on this Platform constitutes PHI, then our Notice of Privacy Practices will apply.
2. What Information is Collected by Benecard or Service Providers and When
When you use our mobile applications, we may collect your location information for purposes of tailoring our services for you, such as recommending a pharmacy close to you. Before we collect your location information, we will ask for your consent.
Benecard and service providers may also collect certain non-personal information, data that does not identify you as an individual person. This information tells us about how people use the Platform so that we can analyze its effectiveness and provide you with a better web experience. We collect and use this information through a variety of technologies, including “cookies” and analysis applications, as discussed below.
- Server Information
The Benecard servers automatically and temporarily store the following information in the server log files. This information is provided by your browser, unless you have deactivated the function.
- IP address of the enquiring computer
- File query by the client
- The http response code
- The Internet page from which you visited us (referrer URL)
- The time of the server query
- The browser type and version
- The operating system used on the enquiring computer
The server log files are not analyzed with respect to individuals. At no time can this data be attributed to specific individuals.
- Platform Visit Tracking Technologies
A cookie is a unique alphanumeric identifier that websites use to help identify the number of unique visitors to a website, whether or not those visitors are repeat visitors, and the source of the visits. Cookies cannot be executed as code or used to deliver a virus and thus pose no threat to you. Servers and sites other than the one placing the cookie on your hard drive cannot read the cookie, and no personal information can be gathered by other servers from the cookie. If you prefer not to enable cookies or to disable them, you may do so through your web browser’s security settings. Please note that certain features of the Platform may not be available once cookies have been disabled.
The Platform gathers certain information automatically and stores it in log files. This information includes internet protocol (“IP”) addresses, browser type, operating system, internet service provider (“ISP”), referring/exit pages, date/time stamp of access, and clickstream data, and information about the content you view on the Platform. When you visit the Platform, the servers automatically log your IP address, the time and duration of your visit, and the time and duration spent on the pages of the Platform which you view. If you arrive at the Platform by clicking a paid advertisement or a link in a communication, then the server will capture information that tracks your visit from that link. If you arrive at the Platform by clicking on a non-paid source, such as a search engine result or link on another website, the server may capture information that tracks your visit from that source, to the extent available.
Some of our communications to you may contain a “click-through URL” which links to content on the Platform. When you click one of these URLs, it passes information through the Benecard web server before you arrive at the destination web page. Benecard tracks this click-through data to help determine interest in particular topics and measure the effectiveness of our communications. If you prefer not to be tracked, simply avoid clicking text or graphic links in emails you receive from Benecard.
Certain features of the Platform may use local stored objects (“Flash cookies”) to collect and store information about your preferences and navigation to, from, and on our website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
Benecard additionally may use web beacons or pixel tags, which are tiny invisible graphic images, in the Platform. Web beacons and pixel tags may be used by Benecard to count users who have visited its webpages and for related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
- Different Devices
If you use different devices (e.g., your smart phone, laptop, and/or home computer) to access the Platform, we may be provided with and collect device-specific information, including your hardware model, operating system version, phone number, approximate geographic location, and mobile network information.
- Third-Party Analytics
We may use third-party service providers (e.g., search engines) to collect and analyze information about use of the Platform. These service providers may utilize cookies and related technologies to collect personal information.
3. Use of Information
Benecard and its service providers (e.g., payment processors, and advertising or marketing companies) may use your personal information to provide our services and to contact you in response to inquiries you submit. Benecard and service providers may retain and use your information for as long as needed for the following purposes:
- to present our Platform and related content to you;
- to provide you with information, products or services that you request from us;
- to provide you with notices about your account;
- to process your benefits claims;
- in combination with other information for Platform improvement and marketing and promotional purposes;
- to provide more consistent and personalized services across the Platform, including to personalize our advertising, marketing, and promotional efforts;
- to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
- to notify you about changes to the Platform or any products or services we offer or provide though it;
- to allow you to participate in interactive features on the Platform;
- in any other way we may describe when you provide the information;
- for any other purpose with your consent.
4. When Benecard Discloses Your Information
We do not sell, rent, or loan any of your Personal Information to any third party for monetary consideration. Regardless, you may notify us at our designated request address to opt-out of the sale of your information. Our designated request address for such requests is at email@example.com. Please be aware that we will require you to verify your identity before processing any such request.
We may disclose aggregated information about our users without restriction. This data cannot be attributed to any specific individual. Benecard may disclose aggregated user data in order to describe our services to current and prospective affiliates, and to other third parties for lawful purposes.
Benecard and its service providers may transfer information between them for business purposes. For example, our service providers may handle technical support, payment processing, marketing, advertising delivery and tracking, or information analysis. We furnish our service providers the information they need to perform these and other services, and we work with our service providers to respect and protect your information. We may also provide your information to our affiliates. The entities with which we share information may be located in the United States or other countries.
In the event that Benecard or some of our assets are sold or transferred or used as security, or to the extent we engage in business negotiations with our business partners, the information collected on the Platform may be transferred or shared with third parties as part of that transaction or negotiation. We may also provide information or provide access to information to any of our affiliated businesses or to our business partners.
On rare occasions, we may disclose specific information without your consent and without notice to you as required to comply with laws and regulations, or to comply with court orders, subpoenas, or lawful discovery requests. Information collected from you may also be used to investigate security breaches or otherwise cooperate with authorities. We may also share information with companies assisting in fraud protection or investigation.
5. How Your Information is Protected
Benecard has implemented reasonable physical, technical, and organizational safeguards to help protect your personal information from unauthorized access, acquisition, or disclosure, alteration, or destruction. Although we strive to keep your personal information secure, no safeguards can be guaranteed to be completely secure, so you should exercise caution when transferring personal and other sensitive information over the Internet, including in email communications. Please advise us immediately at the address listed below of any incident involving the loss of or unauthorized access to or disclosure of personal information that is in our custody or control.
If your communication contains sensitive information and you would prefer not to submit this information online, please contact our Privacy Officer at 1-888-328-0421.
6. Third-Party Sites
The Platform may contain links to other websites. Please note that when you click on one of these links, you will leave the Platform and will be subject to the policies and privacy practices of the other websites, which may differ significantly. You should review the policies of other websites you visit. Benecard is not responsible for the content, technology, security, or practices of linked sites operated by others, or for your use of linked sites.
7. Children’s Privacy
The Platform is not aimed at or intended for children. We do not knowingly collect information from children under the age of thirteen through the Platform. If we obtain actual knowledge that we have inadvertently collected personal information from a child under the age of thirteen, we will delete that information from our records. If you believe we might have any information from a child under the age of thirteen, please contact us at firstname.lastname@example.org.
8. Applicable Law
If you access the Platform from outside the United States, please be aware that personal information may be transferred to, stored in, and processed in the United States. Certain governmental authorities may not consider the level of protection of personal information in the United States to be equivalent to that required by the in other jurisdictions.
9. Do Not Track
“Do Not Track” is a privacy setting that you may set in your web browsers. If turned on, this setting requests that websites not track information about users. At this time, we do not respond to “Do Not Track” browser settings or signals.
10. Review, Modify, or Delete Your Information
You can review and change your personal information by contacting your employer’s benefits office. You may update your email address or username by logging onto the BeneCard PBF Platform and visiting your account on www.benecardpbf.com or by contacting BeneCard PBF at email@example.com or 1-877-723-6005.
If you request that your account information be deleted or if you unsubscribe from communications, we may maintain information about your transactions or inquiries for future service and recordkeeping purposes. In some circumstances, a change in or withdrawal of consent may severely limit our ability to provide you information, products, or services. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
12. California Residents
This Section provides additional provisions that apply to residents of California. In the event of a conflict between this Section and the remainder of this Policy, this Section shall take precedence for California residents. In this Section only, any capitalized terms not defined in this Policy have the meanings set forth in the California Consumer Privacy Act of 2018 (the “CCPA“).
Categories of Personal Information. We collect the categories of Personal Information described in Section 2 of this Policy.
Categories of Sources From Which Personal Information is Collected. The categories of sources from which your Personal Information is collected is described in Section 2 of this Policy.
Purposes for Collecting Personal Information. Our purposes for collecting your Personal Information are described in Section 3 of this Policy.
Categories of Third Parties / Services Providers With Whom Personal Information is Shared. The categories of third parties and / or service providers with whom we share your Personal Information are described in Section 4 of this Policy.
Categories Of Personal Information Sold. In the last 12 months we have not Sold your personal information and we currently do not Sell personal information. “Sale” / “Sold” / “Sell” has the definition set forth in the CCPA.
Categories of Personal Information Disclosed for a Business Purpose. In the last 12 months we disclosed the categories of personal Information set forth in Section 2 of this Policy for our Business Purposes, where “Business Purposes” has the definition set forth in the CCPA. See the section above titled “Categories of Personal Information We Collect” for more detail on the type of personal information in each category.
Right to Request Disclosure. You have the right to request disclosure of any of the following: (a) the categories of Personal Information we collected from you in the prior 12-month period, (b) the categories of sources from which the Personal Information was collected, (c) the Business Purpose or Commercial Purpose for collecting or Selling your Personal Information, (d) the categories of Personal Information we Sold or disclosed for a Business Purpose in the last 12 months and (e) for each category of Personal Information Sold or disclosed, the categories of third parties with whom we shared such Personal Information.
Right to Request Access. You have the right to request access to the specific pieces of Personal Information we collected from you in the prior 12-month period (i.e. “data portability”).
Right to Request Deletion. You have a right to request that we delete Personal Information we collected from you.
Right to Opt-Out of the Sale. California law provides you the right to request to opt out of the Sale of Personal Information. However, at this time we do not “Sell” Personal Information as contemplated by CCPA. To our knowledge, we have not sold any Personal Information of an individual under the age of 16 years of age.
How to Exercise Your Request Rights. You must provide sufficient information to allow us to reasonably verify you are the person about whom we collected Personal Information, and you must describe your request with sufficient detail to allow us to properly understand, evaluate, and respond to your request. To exercise your California rights described in this Section, you may submit your request to us by contacting us at any of the following:
Who May Exercise Your Rights? You may only make a request to exercise your rights on behalf of yourself or the child for whom you are the parent or legal guardian. In addition, you may authorize an agent to exercise your rights on your behalf, if you provide the agent with written signed permission. Any legal entity acting as your agent must be registered with the Secretary of State to do business in the State of California. If an authorized agent contacts us to exercise the above rights, we will need to verify their identity as well as your identity. We will also require proof of your signed authorization to the agent to submit your request on your behalf as well as to submit the particular request made to us, unless the agent holds a lawful Power of Attorney under California probate laws, in which case we will require evidence of such Power of Attorney.
We may deny a request from an authorized agent if we do not have proof that they are authorized by you to act on your behalf.
When We Will Respond. We will try to respond to your request for access or deletion within 45 days. If we require additional time, we will inform you of the reason and extension period.
How We Will Respond. Once we receive your request, we will contact you to confirm receipt of your request. We may also request that you provide us with additional information to allow us to verify your identity, the identity of the person that is the subject of the Personal Information you have requested (if other than you), and the authenticity of your request. The information we may request may vary depending on the Personal Information we already have in our systems. Certain types of requests, such as a request to access, may require additional verification to ensure you are who you say you are as we are subject to higher standards of authentication with respect to such requests. We consider various factors when determining how to verify your identity, such as the sensitivity and value of the data, risk of harm, likelihood of fraud, etc.
If you have used an agent to make your request, we will also need to verify the identity of the agent.
We may require a signed declaration under penalty of perjury to verify the identity of the data subject or that of your agent, if applicable.
We may deny your request as permitted or as required by law, if we are unable to verify your identity or the authenticity of the request, or if an agent makes the request on your behalf, if we are unable to verify their identity or proof of their authorization. We will inform you of the reason we are unable to comply with your request.
For data portability requests, we will select a format to provide your personal information to you.
We may charge a fee to process or respond to your request if it is excessive, repetitive, or manifestly unfounded.
Non-Discrimination. California residents have the right to not receive discriminatory treatment for exercising any of their rights under the CCPA.
13. Contact Us
Benecard Services, LLC
Attn: Privacy Officer
28000 Spanish Wells Boulevard
Bonita Springs, FL 34135