Privacy Policy
Last Update/Effective Date: 08/04/2020
Benecard Services, Inc. and its subsidiaries (collectively,
"Benecard", "we", or "our") are committed to respecting the privacy and
security of your personal information. This Privacy Policy describes the
information collected on our website (www.benecardpbf.com),
our BenecardPBF and customers, including EmpiRx Health, mobile applications,
and the member portals that we make available on our own behalf or on behalf of
our customers (collectively, the "Platform"). This Privacy Policy applies
only to the Platform.
Please note any Protected Health
Information collected on the Platform will be used and disclosed only in
accordance with Benecard's Notice of Privacy Practices
as further set forth below.
IF YOU ARE A CALIFORNIA RESIDENT, PLEASE SEE SECTION 12
BELOW FOR ADDITIONAL PROVISIONS THAT MAY APPLY TO YOU.
By using the Platform or by providing your information to
us, you acknowledge the collection, use, and disclosure of your information in
accordance with this Privacy Policy, the Terms of Use,
and any written agreement(s) executed and in effect in connection with any of
our products or services.
We may modify this Privacy Policy at any time. All
changes will be effective immediately upon posting to the Site. Material
changes will be conspicuously posted on the Site or otherwise communicated to
you.
- Protected Health Information.
Benecard's use and disclosure of certain of your information
may be subject to the requirements of the Health Insurance Portability and
Accountability Act of 1996 and its implementing regulations ("HIPAA") and
applicable state law. Any information that you submit to us, or that we
otherwise receive, that constitutes "Protected Health Information," as defined
by HIPAA, is subject to HIPAA and applicable state law. The term "Protected
Health Information" or "PHI" refers to individually identifiable
health information about your past, present or future physical or mental health
or condition, the provision of health care to you or the past, present or
future payment for such care. If any information collected on this Platform
constitutes PHI, then our Notice of Privacy Practices
will apply.
- What Information is Collected by Benecard or its
Service Providers and When
The information we receive and how we use it depends on what
you do when visiting the Platform. The Platform and related services may
require registration for access. As part of registration and related services,
we ask you to provide us certain information about you. You may provide
us and our service providers personal information using the Platform in a
number of ways, for example by entering that information into data fields on
the Platform (e.g., by creating an account, participating in surveys, or
requesting our newsletters) or in communications with us using the contact
information at the end of this Privacy Policy or in the Terms of Use Personal
information includes data that specifically identifies you, such as your name,
email address, mailing address, Social Security number, subscriber
identification number, telephone number, and payment information. Public
information is that information that you make publicly available through your
account or by posting or otherwise communicating via the Platform.
When you use our mobile applications, we may collect your
location information for purposes of tailoring our services for you, such as
recommending a pharmacy close to you. Before we collect your location
information, we will ask for your consent.
Benecard and its service providers also collect certain
non-personal information, data that does not identify you as an individual
person. This information tells us about how people use the Platform so
that we can analyze its effectiveness and provide you with a better web
experience. We collect and use this information through a variety of
technologies, including "cookies" and analysis applications, as discussed
below.
The Benecard servers automatically and temporarily store the
following information in the server log files. This information is provided by
your browser, unless you have deactivated the function.
- IP address of the enquiring computer
- File query by the client
- The http response code
- The Internet page from which you visited us (referrer URL)
- The time of the server query
- The browser type and version
- The operating system used on the enquiring computer
The server log files are not analyzed with respect to
individuals. At no time can this data be attributed to specific individuals.
- Platform Visit Tracking Technologies
The Platform may use "cookies" and other technologies to
help Benecard understand which parts of the Platform are the most popular and
the preferences of the Benecard users. Benecard may also use cookies and other
technologies to study traffic patterns on the Platform, to improve its
functionality and usability as well as to improve the effectiveness of our
communications with users. Benecard may also use cookies to customize your
experience and provide greater convenience to you during your interactions with
the Platform.
A cookie is a unique alphanumeric identifier that websites
use to help identify the number of unique visitors to a website, whether or not
those visitors are repeat visitors, and the source of the visits. Cookies
cannot be executed as code or used to deliver a virus and thus pose no threat
to you. Servers and sites other than the one placing the cookie on your
hard drive cannot read the cookie, and no personal information can be gathered
by other servers from the cookie. If you prefer not to enable cookies or
to disable them, you may do so through your web browser's security
settings. Please note that certain features of the Platform may not be
available once cookies have been disabled.
The Platform gathers certain information automatically and
stores it in log files. This information includes internet protocol
("IP") addresses, browser type, operating system, internet service provider
("ISP"), referring/exit pages, date/time stamp of access, and clickstream data,
and information about the content you view on the Platform. When you
visit the Platform, the servers automatically log your IP address, the time and
duration of your visit, and the time and duration spent on the pages of the
Platform which you view. If you arrive at the Platform by clicking a paid
advertisement or a link in a communication, then the server will capture
information that tracks your visit from that link. If you arrive at the
Platform by clicking on a non-paid source, such as a search engine result or
link on another website, the server may capture information that tracks your
visit from that source, to the extent available.
Some of our communications to you may contain a
"click-through URL" which links to content on the Platform. When you
click one of these URLs, it passes information through the Benecard web server
before you arrive at the destination web page. Benecard tracks this
click-through data to help determine interest in particular topics and measure
the effectiveness of our communications. If you prefer not to be tracked,
simply avoid clicking text or graphic links in emails you receive from
Benecard.
Certain features of the Platform may use local stored
objects ("Flash cookies") to collect and store information about your
preferences and navigation to, from, and on our website. Flash cookies
are not managed by the same browser settings as are used for browser cookies.
Benecard additionally may use web beacons or pixel tags,
which are tiny invisible graphic images, in the Platform. Web beacons and
pixel tags may be used by Benecard to count users who have visited its webpages
and for related website statistics (for example, recording the popularity of
certain website content and verifying system and server integrity).
If you use different devices (e.g., your smart phone,
laptop, and/or home computer) to access the Platform, we may be provided with
and collect device-specific information, including your hardware model,
operating system version, phone number, approximate
geographic location, and mobile network information.
We may use third-party service providers (e.g., search
engines) to collect and analyze information about use of the Platform.
These service providers may utilize cookies and related technologies to collect
personal information.
- Use of Information
Benecard and its service providers (e.g., payment
processors, and advertising or marketing companies) may use your personal
information to provide our services and to contact you in response to inquiries
you submit. Benecard and its service providers may retain and use your
information for as long as needed for the following purposes:
- to present our Platform and related content to you;
- to provide you with information, products or services that
you request from us;
- to provide you with notices about your account;
- to process your benefits claims;
- in combination with other information for Platform
improvement and marketing and promotional purposes;
- to provide more consistent and personalized services
across the Platform, including to personalize our advertising, marketing,
and promotional efforts;
- to carry out our obligations and enforce our rights
arising from any contracts entered into between you and us, including for
billing and collection;
- to notify you about changes to the Platform or any
products or services we offer or provide though it;
- to allow you to participate in interactive features on the
Platform;
- in any other way we may describe when you provide the
information;
- for any other purpose with your consent.
- When Benecard Discloses Your Information
We do not sell, rent, or loan any of your Personal
Information to any third party for monetary consideration. Regardless, you may notify
us at our designated request address to opt-out of the sale of your
information. Our designated request address for such requests is at privacy.officer@benecard.com.
Please be aware that we will require you to verify your identity before
processing any such request.
We may disclose aggregated information about our users
without restriction. This data cannot be attributed to any specific
individual. Benecard may disclose aggregated user data in order to
describe our services to current and prospective affiliates, and to other third
parties for lawful purposes.
Benecard and its service providers may transfer information
between them for business purposes. For example, our service providers
may handle technical support, payment processing, marketing, advertising
delivery and tracking, or information analysis. We furnish our service
providers the information they need to perform these and other services, and we
work with our service providers to respect and protect your information.
We may also provide your information to our affiliates. The entities with
which we share information may be located in the United States or other
countries.
In the event that Benecard or some of our assets are sold or
transferred or used as security, or to the extent we engage in business
negotiations with our business partners, the information collected on the
Platform may be transferred or shared with third parties as part of that
transaction or negotiation. We may also provide information or provide
access to information to any of our affiliated businesses or to our business
partners.
On rare occasions, we may disclose specific information
without your consent and without notice to you as required to comply with laws
and regulations, or to comply with court orders, subpoenas, or lawful discovery
requests. Information collected from you may also be used to investigate
security breaches or otherwise cooperate with authorities. We may also
share information with companies assisting in fraud protection or investigation.
We may disclose information about you without your consent
and without notice to you as required to enforce or apply the Terms of Use,
or other agreements, including for billing and collection purposes.
- How Your Information is Protected
Benecard has implemented reasonable physical, technical, and
organizational safeguards to help protect your personal information from
unauthorized access, acquisition, or disclosure, alteration, or destruction.
Although we strive to keep your personal information secure, no safeguards can
be guaranteed to be completely secure, so you should exercise caution when
transferring personal and other sensitive information over the Internet,
including in email communications. Please advise us immediately at the
address listed below of any incident involving the loss of or unauthorized
access to or disclosure of personal information that is in our custody or
control.
If your communication contains sensitive information and you
would prefer not to submit this information online, please contact us at 1-877-920-5740.
- Third-Party Sites
The Platform may contain links to other websites.
Please note that when you click on one of these links, you will leave the Platform
and will be subject to the policies and privacy practices of the other
websites, which may differ significantly. You should review the policies
of other websites you visit. Benecard is not responsible for the content,
technology, security, or practices of linked sites operated by others, or for
your use of linked sites.
- Children's Privacy
The Platform is not aimed at or intended for children.
We do not knowingly collect information from children under the age of thirteen
through the Platform. If we obtain actual knowledge that we have
inadvertently collected personal information from a child under the age of
thirteen, we will delete that information from our records. If you
believe we might have any information from a child under the age of thirteen,
please contact us at privacy.officer@benecard.com.
- Applicable Law
If you access the Platform from outside the United States,
please be aware that personal information may be transferred to, stored in, and
processed in the United States. Certain governmental authorities may not
consider the level of protection of personal information in the United States
to be equivalent to that required by the in other jurisdictions.
- Do Not Track
"Do Not Track" is a privacy setting that you may set in your
web browsers. If turned on, this setting requests that websites not track
information about users. At this time, we do not respond to "Do Not
Track" browser settings or signals.
- Review, Modify, or Delete Your Information
You can review and change your personal information by
contacting your employer's benefits office. You may update your email
address or username by logging onto the Benecard PBF Platform and visiting your
account on www.empirxhealth.benecardpbf.com
or by contacting EmpiRx Health at member.services@benecardpbf.com or
1-877-920-5740.
If you request that your account information be deleted or
if you unsubscribe from communications, we may maintain information about your
transactions or inquiries for future service and recordkeeping purposes.
In some circumstances, a change in or withdrawal of consent may severely limit
our ability to provide you information, products, or services. We may not
accommodate a request to change information if we believe the change would
violate any law or legal requirement or cause the information to be incorrect.
- Updates to this Privacy Policy
Benecard may update this Privacy Policy and the Platform to
reflect material changes in how we collect, use, share, or store your
information, to satisfy legal requirements, or for other business
purposes. You should review this Privacy Policy when you visit the
Platform to understand our current practices. The date at the top of the
page shows when this Privacy Policy was last updated.
We encourage you to refer to this Privacy Policy on an
ongoing basis so that you understand our current practices. You consent
to any changes we make to this Privacy Policy if you continue to use the
Platform after receiving a notice of the change or upon our posting of the new
Privacy Policy on the Platform.
- California Residents
This Section provides additional provisions that apply to
residents of California. In the event of a conflict between this Section and
the remainder of this Policy, this Section shall take precedence for California
residents. In this Section only, any capitalized terms not defined in this
Policy have the meanings set forth in the California Consumer Privacy Act of
2018 (the "CCPA").
Categories of Personal Information. We collect
the categories of Personal Information described in Section 2 of this Policy.
Categories of Sources From Which Personal Information
is Collected. The categories of sources from which your Personal
Information is collected is described in Section 2 of this Policy.
Purposes for Collecting Personal Information.
Our purposes for collecting your Personal Information are described in Section
3 of this Policy.
Categories of Third Parties / Services Providers With
Whom Personal Information is Shared. The categories of third parties
and / or service providers with whom we share your Personal Information are
described in Section 4 of this Policy.
Categories Of Personal Information Sold. In
the last 12 months we have not Sold your personal information and we currently
do not Sell personal information. "Sale" / "Sold" / "Sell"
has the definition set forth in the CCPA.
Categories of Personal Information Disclosed for a
Business Purpose. In the last 12 months we disclosed the
categories of personal Information set forth in Section 2 of this Policy for
our Business Purposes, where "Business Purposes" has the definition set forth
in the CCPA. See the section above titled "Categories of Personal Information
We Collect" for more detail on the type of personal information in each
category.
Right to Request Disclosure. You have the
right to request disclosure of any of the following: (a) the categories of
Personal Information we collected from you in the prior 12-month period, (b)
the categories of sources from which the Personal Information was collected,
(c) the Business Purpose or Commercial Purpose for collecting or Selling your
Personal Information, (d) the categories of Personal Information we Sold or
disclosed for a Business Purpose in the last 12 months and (e) for each
category of Personal Information Sold or disclosed, the categories of third
parties with whom we shared such Personal Information.
Right to Request Access. You have the right
to request access to the specific pieces of Personal Information we collected
from you in the prior 12-month period (i.e. "data portability").
Right to Request Deletion. You have a right
to request that we delete Personal Information we collected from you.
Right to Opt-Out of the Sale. California law
provides you the right to request to opt out of the Sale of Personal
Information. However, at this time we do not "Sell" Personal Information as
contemplated by CCPA. To our knowledge, we have not sold any Personal
Information of an individual under the age of 16 years of age.
How to Exercise Your Request Rights. You
must provide sufficient information to allow us to reasonably verify you are
the person about whom we collected Personal Information, and you must describe
your request with sufficient detail to allow us to properly understand,
evaluate, and respond to your request. To exercise your California rights
described in this Section, you may submit your request to us by contacting us
at any of the following:
1-877-920-5740
privacy.officer@benecard.com
Who May Exercise Your Rights? You may only
make a request to exercise your rights on behalf of yourself or the child for whom
you are the parent or legal guardian. In addition, you may authorize an agent
to exercise your rights on your behalf, if you provide the agent with written
signed permission. Any legal entity acting as your agent must be registered
with the Secretary of State to do business in the State of California. If an
authorized agent contacts us to exercise the above rights, we will need to
verify their identity as well as your identity. We will also require proof of
your signed authorization to the agent to submit your request on your behalf as
well as to submit the particular request made to us, unless the agent holds a
lawful Power of Attorney under California probate laws, in which case we will
require evidence of such Power of Attorney.
We may deny a request from an authorized agent if we do not
have proof that they are authorized by you to act on your behalf.
When We Will Respond. We will try to respond to your
request for access or deletion within 45 days. If we require additional time,
we will inform you of the reason and extension period.
How We Will Respond. Once we receive your request,
we will contact you to confirm receipt of your request. We may also request
that you provide us with additional information to allow us to verify your
identity, the identity of the person that is the subject of the Personal
Information you have requested (if other than you), and the authenticity of
your request. The information we may request may vary depending on the Personal
Information we already have in our systems. Certain types of requests, such as
a request to access, may require additional verification to ensure you are who
you say you are as we are subject to higher standards of authentication with
respect to such requests. We consider various factors when determining how to
verify your identity, such as the sensitivity and value of the data, risk of
harm, likelihood of fraud, etc.
If you have used an agent to make your request, we will also
need to verify the identity of the agent.
We may require a signed declaration under penalty of perjury
to verify the identity of the data subject or that of your agent, if
applicable.
We may deny your request as permitted or as required by law,
if we are unable to verify your identity or the authenticity of the request, or
if an agent makes the request on your behalf, if we are unable to verify their
identity or proof of their authorization. We will inform you of the reason we
are unable to comply with your request.
For data portability requests, we will select a format to
provide your personal information to you.
We may charge a fee to process or respond to your request if
it is excessive, repetitive, or manifestly unfounded.
Non-Discrimination. California residents have the
right to not receive discriminatory treatment for exercising any of their
rights under the CCPA.
- Contact Us
If you have questions or comments about this Privacy Policy
or the Platform, please contact us using the information below.
Benecard Services, Inc.
Attn: Legal Department
1200 Route 46 West
Clifton, NJ 07013]
Email: privacy.officer@benecard.com
Customer Service: 1-877-920-5740 or member.services@benecardpbf.com
|