1. THE INFORMATION WE COLLECT, USE AND DISCLOSE
1.1. Personally Identifiable Information We May Collect and How We May Collect the Information
“Personally Identifiable Information” is information that identifies you or that, when combined with other available information, can be used to identify you. Personally Identifiable Information includes, for example, your name, birth date, social security number, telephone number, e-mail address, physical address, and Federally Facilitated Exchange applicant ID or member ID. Personally Identifiable Information also includes your date and place of birth, your mother’s maiden name, and unique device identifiers.
(A) We may collect Personally Identifiable Information in a variety of ways, including when:
· You use the functions or features on the Services, such as when you complete an insurance inquiry form on our website, or authorize us to send you reminders by e-mail or by text message.
· You contact us to request information by sending us an email or sending us a text message. NOTE[TM7] : If you are sending us e-mail through a means other than through our portal[TM8] , please be aware that regular e-mail is not a secure form of communication. This means that people other than us may be able to see a copy of your e-mail. Please do not include your social security number, your birthdate, or any other sensitive information. If you cannot use our portal to communicate with us, please call us instead.
· You register for an account with our Services.
· You register to receive our newsletter, for a webinar, or other service through our Services.
· You pay for services using your credit card or other payment option we make available to you.
· You submit comments to us through a contact form.
· You participate in a survey.
· You authorized a third party with whom you have or had a relationship to provide us information about you. For example, we may receive Personally Identifiable Information about you under an agreement with our business partners, such as CMS and other government agencies, a health insurance issuer, licensed agents, health care providers, third party administrators and other vendors (collectively, “Business Partners”).[TM9]
(B) We may use and disclose Personally Identifiable Information in the following ways:
· To keep a record of your contact information and correspondence and use it to respond to your inquiries, fulfill your requests, and assist you with purchasing a qualified health plan, including, for example:
§ Assist you with application(s) for qualified health plan eligibility;
§ Support qualified health plan selection and enrollment by assisting you with plan selection and plan comparisons;
§ Assist with your application to receive tax credits and cost-sharing reductions for which you may be eligible and facilitate the collection of standardized attestations acknowledging the receipt of the determination for a tax credit and cost-sharing reduction, if applicable; and
§ Assist with filing appeals of eligibility determinations in connection with the Federally Facilitated Exchange.
· To identify you to anyone to whom you contact through the Services.
· To transmit information about you to authorized Business Partners and other third parties, including, for example, transmit your decision to enroll or disenroll in a qualified health plan to the Federally Facilitated Exchange or a qualified health plan, assist you with reporting changes to eligibility status (e.g., adding a dependent), or helping you correct errors in your insurance application.
· To identify you to your employer or employees, as applicable.
· To provide assistance with communicating with your qualified health plan or to facilitate your communication with an insurance agent, a health savings account (“HSA”) vendor, or a healthcare reimbursement account (“HRA”) vendor by, for example, providing the your Personally Identifiable Information to that vendor, its trustee, or administrator, or to an agent so that they can contact you to answer your questions.
· To facilitate payment of the initial premium amount to the appropriate qualified health plan, educate you on insurance affordability programs, and if applicable, providing information on your eligibility for Medicaid or the Children’s Health Insurance Program.
· To send you reminders about your insurance enrollment, including renewal notices, enrollment deadlines, missing application information, and provide you notice of life events that may impact your eligibility, such as when you may no longer be eligible to maintain your current qualified health plan because of age.
· To provide you with appropriate information, materials, and programs to inform and educate you about the use and management of your health information, and services and options offered through the selected qualified health plan or among the available qualified health plan options, including, for example, the availability of an HSA or an HRA.
· We may use survey information for research and quality improvement purposes, including helping us to improve information and services offered through the Services and to assess your satisfaction or resolve your complaints with our Services, your agent, your health plan, or the Federally Facilitated Exchange.
· To carry out our legal responsibilities related to the efficient functions of qualified health plans, as permitted or required by our contractual relationship with qualified health plans.
· To send you administrative information regarding our Services, such as information about our phone support hours, changes to our terms or policies, and updates to our Services.
· To operate our business.
§ Our workforce members and independent contractors may need access to your Personally Identifiable Information to carry out their duties and obligations, such as to provide customer support, respond to your inquiries, and facilitate your communication with Business Partners.
§ Our third-party services providers may need access to your Personally Identifiable Information to carry out their duties and obligations or may receive access by virtue of the type of services they provide to us, including, for example, vendors that provide website hosting and maintenance, data or information storage, information technology and related infrastructure, customer service, email delivery, analytics, fraud prevention, chat, website analytics, website optimization, and other similar services.
· To a third-party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, including a bankruptcy action, provided that, pursuant to our agreement with CMS, such transfer is permitted by CMS and the State of Florida Office of Insurance Regulation, or any other applicable state where we may be licensed to provide insurance services.
· Use it in any way that you expressly authorize, provided such use is permitted by CMS and other applicable law.
· Other functions substantially similar to those enumerated above and such other functions that may be approved by CMS in writing from time to time, including, to extent we are not precluded by our agreement with CMS or other applicable law, for our business purposes, such as improving or modifying our Services, identifying usage trends, and expanding our service and business offerings.
· As we believe to be necessary or appropriate, but only to the extent permitted by CMS and other applicable law: (1) to comply with legal process; (2) to respond to requests from public and government authorities; (3) to enforce our terms and conditions or other applicable contracts; (4) to protect our operations and those of the Federally Facilitated Exchange against, for example, security threats, fraud or other malicious activity; (5) to protect our rights, privacy, safety or property, or that of you or others using the Services; and (6) to allow us to pursue available remedies or limit the damages that we may sustain.
(C) Personally Identifiable Information and Third Party Data Sources
We may obtain your Personally Identifiable Information from affiliated entities, publicly available databases, and other independent third-party sources (“Third Party Data Sources”), and add it to our contact database for marketing and sales purposes and to combine it with other information that we have collected or obtained from you otherwise. This may include your phone number, email address, title, or employer.
To the extent we use Third Party Data Sources, we will only do so (1) to the extent we are not precluded by our agreement with CMS or applicable law, or (2) if you authorize us to do so by, for example, using one of our other websites that is not sending data to the Federally Facilitated Marketplace or by providing us with an affirmative written consent such as checking an applicable consent box or verbal consent when you speak with your agent.
(D) Personally Identifiable Information and Marketing
T[TM10] o the extent not precluded by CMS or other applicable law, we may use Personally Identifiable Information that we received from you or about you to send you marketing communications and promotional material about other products and services. If you demonstrate an interest in a particular product or service, by, for example, affirmatively clicking on a link about the product or service, and we have your contact information, we may follow-up and send you an email or initiate communication with you about this product or service, and may periodically send you additional information and news. You may opt-out of receiving these communications at any time by clicking on the unsubscribe link in the particular email or by following the opt-out option(s) provided for in the applicable communication.
We may also disclose your Personally Identifiable Information to our third-party service providers that provide marketing related services, including, for example, companies providing lead scoring, retargeting, direct marketing campaign, and other similar services. To the extent we do disclose your Personally Identifiable Information in connection with such services, we will only do so pursuant to binding contractual obligations requiring such third parties to maintain the privacy and security of your Personally Identifiable Information.
1.2. Other Information We May Collect
“Other Information” is any information that does not reveal your specific identity or does not directly relate to an individual, including, for example: (1) computer or device connection information, such as browser type and version, operating system type and version, device information, and other technical identifiers; (2) information collected through cookies and other technologies; (3) demographic information and other information provided by you such as race/ethnicity, student status, or household income; or (4) aggregated information, such as usage history and search history.
If we combine Other Information with Personally Identifiable Information, the combined information will be treated as Personally Identifiable Information for as long as it remains combined.
(A) How We May Collect Other Information
We, and our third-party service providers, may collect Other Information in a variety of ways, including:
· Through your browser or mobile device: Certain information is automatically collected by most browsers or through your mobile device, such as your computer type, screen resolution, operating system name and version, device manufacturer and model, language, and Internet browser type and version.
· IP address: Your IP Address is a number that is automatically assigned to the computer that you are using by your Internet service provider (“ISP”). An IP Address may be identified and logged automatically in our server log files, those of our website hosting vendor, a vendor providing us with website analytics services, or other similar services we may run on our Services whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited.
· Analytics tools and third party services: We may use analytics tools and other third party services, such as Google Analytics, to collect information about use of our Services. These tools and technologies may collect and analyze different types of information, including cookies, IP addresses, device identifiers, referring and exit URLs, onsite behavior and usage information, feature use metrics and statistics, and other similar information.
· By aggregating information: Aggregated Personally Identifiable Information does not personally identify you or any other user of the Services. We may aggregate information for a variety of reasons, for example, to calculate the percentage of our users that live in a particular state, who live in a particular area code, to perform trending analysis, to monitor which features are most popular on our Services, for product development ideas, for technical administration of our Services and similar uses.
(B) How We May Use and Disclose Other Information
In addition to the examples we provided in Section 1.2(A) above, we may use and disclose Other Information for any purpose, except where we are required to do otherwise under our agreement with CMS or under applicable law. If we are required to treat Other Information, such as IP addresses or other similar identifiers, as Personally Identifiable Information under our agreement with CMS or under applicable law, then, unless otherwise prohibited by our agreement with CMS or under applicable law, we may use it as described in “How We May Collect Other Information” section above, as well as for all the purposes for which we use and disclose Personally Identifiable Information, but we will treat these identifiers as Personally Identifiable Information.
2. CALIFORNIA DO NOT TRACK NOTICE[TM11]
We do not track you over time[TM12] and across third party websites to provide targeted advertising and therefore do not respond to Do Not Track (“DNT”) signals.
Some of the third parties that may have content embedded on our Services, such as social networking connectors (e.g., Facebook, Twitter) or advertising services (e.g., Google Adsense) set cookies in your browser as well as obtain information about the fact that a web browser visited the Services from a certain IP address. These services may track you across third party websites. Please read the privacy policies of these third party companies to learn how they respond to DNT signals.[TM13]
3. HOW WE COMMUNICATE WITH YOU
We may communicate with you through various means including:
· Sending you e-mail at the e-mail address that you provide by, for example, responding to your e-mail inquiry;
· Calling you at the phone number that you provide by, for example, returning a phone message that you left for customer service;
· Sending you text messages, such as premium payment reminders, at the cellular phone that you provide; and
· Sending you letters at the address that you provide.
You understand that standard telephone minute and text charges may apply.
We and our service providers will not use autodialed or prerecorded message calls or texts to contact you for marketing purposes at the telephone number(s) you designate unless we receive your prior express written consent.
You do not have to consent to receive autodialed or prerecorded message calls or texts to receive services from us. Where we are required to obtain your consent for such communications, you may choose to revoke you consent by contacting us using one of the contact options located on our Contact Us page[TM14] and informing us of your preferences.[TM15]
4. OUR COMMITMENT TO DATA SECURITY
We care about your privacy and in offering our Services, we are required to comply with all applicable federal laws, including the standards established under 45 C.F.R. § 155.220(c) and (d) and standards established under 45 C.F.R. § 155.260 to protect the privacy and security of personally identifiable information.
4.1. Our General Security Practices
We use commercially reasonable administrative, physical and technical controls designed to protect the Personally Identifiable Information you provide to us or that we receive about you from unauthorized access, loss, misuse, disclosure, alteration, and destruction.
On our website, we use encryption technology, such as Secure Sockets Layer (“SSL”) to send some communication through the website. For example, when transmitting your information to the Federally Facilitated Exchanges, we use SSL to protect your Personally Identifiable Information during data transport. Similarly, when you register for an account with us, we use SSL to protect the Personally Identifiable Information you transmit to us.
Other communication on the website may be transmitted through the standard HTTP protocol and may be delivered using regular e-mail. Information sent over HTTP is not encrypted. Regular e-mail, while convenient, also poses several risks (e.g., e-mail is not a secure form of communication, is unreliable, can be forwarded, and so forth). We cannot guarantee the security of the information sent through such means, nor can we guarantee that information you supply to us through these means will not be intercepted while being transmitted to us. Please do not send any sensitive information (such as your social security number), confidential information or otherwise protected information through such unsecured means. If you cannot use our portal[TM16] to communicate with us, please call us at the phone number provided on our Contact Us page [TM17] instead.
To determine if a page on our website is delivered using SSL, look for the applicable notice in your browser (e.g., a “lock” icon) or check that the url for the page begins with “https”.
4.2. Your Obligations
While we use commercially reasonable administrative, physical and technical controls designed to protect the Personally Identifiable Information, no security controls are perfect.
Security is also not a one-person job. You must also take reasonable measures to protect your information by, for example:
· Securing your computer and mobile device.
· Using an antivirus software on your computer and mobile device.
· Using a firewall on your computer.
· Changing default passwords on your router, Wi-Fi device, or other similar Internet or network connection device.
· Using secured Wi-Fi. For example, the Wi-Fi at your local coffee shop, mall, or any public facility is generally not secured. If you are in doubt, please do not use it with the Services. You may find additional information on security your wireless network at the Federal Trade Commission website here[TM18] .
· Use strong passwords. You can find additional information on creating strong passwords from the Electronic Frontier Foundation website here[TM19] .
To learn more about ways to secure your information online, please visit the Federal Trade Commission website for additional security tips[TM20] .
If you have reason to believe that your interaction with us has been compromised, please notify us immediately of the problem by contacting us using the means on our Contact Us page[TM21] .
5. THIRD PARTY SERVICES AND LINKS
We are not responsible for the collection, usage and disclosure policies and practices of other organizations, such as your Internet service provider or wireless carrier.
6. CHOICES, ACCESS, CORRECTIONS, AND DATA RETENTION
We strive to give you control of how you use our Services and how we interact with you. You have certain rights when using our Services:
· Right to amend, correct, substitute, or delete Personally Identifiable Information: You may request that we amend, correct, substitute, or delete Personally Identifiable Information that we maintain or store about you if you believe that it is not accurate, timely, complete, relevant, or necessary to accomplish our Services. To do so, please contact us using one of the Contact Us means listed on our contact page[TM22] and let us know what you need. We may require that you submit your request in writing, provide evidence of your legal or personal authority to access, receive notification of, or seek amendment, correction, substitution, or deletion of the Personally Identifiable Information, and provide a copy of legally permissible identification (such as your driver’s license or school identification card). We may not be able to or permitted to grant your request because, for example, the requested information is no longer available, cannot be modified or deleted using commercially reasonable means, or we did not originate the information. To the extent permissible under applicable law, we may charge you to make any requested changes before making any such change. If we deny your request, we will provide you an explanation for this denial and your appeal options, if any. We will respond to your request within no more than 10 working days of receipt.
· Right to obtain a list of the disclosures: You may submit a written request for a list of our disclosures of your Personally Identifiable Information to third parties. We are not required, however, to inform you of disclosures we made to the following: (1) our workforce members (which includes, for example, our employees, agents, contractors, subcontractors, and representatives who use Personally Identifiable Information in the performance of their duties), (2) that are necessary to perform our services, (3) made more than 10 years prior to your request, (4) for which the Personally Identifiable Information record no longer exists. To the extent permissible under applicable law, we may charge you to produce an accounting of disclosures.
· Right not to provide information: You can choose not to provide us with any information, or not to respond to certain questions. However, if you wish to obtain access to certain content, ask us a question, apply for products or services, or to take advantage of certain features of our Services, you may be required to provide certain information, such as your zip code, number of dependents, and other information as indicated in the relevant form.
· Right to revoke your authorization: If you have given to us an authorization to use or disclose your Personally Identifiable Information in a specific manner, you have the right to revoke that authorization, at any time, by contacting us using one of the means set forth on our Contact Us page[TM23] . Your revocation will not impact any information that we already used or disclosed about you. If you revoke your authorization, we may no longer be able to deliver you with the Services.
· Right to request restrictions on our use or disclosure of Personally Identifiable Information: You have the right to request restrictions on how we may use or disclose your Personally Identifiable Information, limiting our use solely to providing you with assistance in applying for a qualified health plan or for fulfill our obligations specified in the relevant agreement. If you restrict how we may use your Personally Identifiable Information, we may no longer be able to deliver you with all of the Services. To do so, please contact us using one of the Contact Us means listed on our contact page[TM24] and let us know what you need. We may require that you submit your request in writing and provide verification of your identity and authority.
· Right to block cookies: You can choose to block cookies using the applicable technical means available in your browser. If you refuse to accept cookies from our Services, you may not be able to access certain portions of the website or use certain features.
· Right to block marketing communications: To the extent not prohibited by our agreement with CMS or other applicable law, we may use your Personally Identifiable Information for marketing purposes such as to provide you the newsletters to which you subscribed or to advise you of changes and additions to our services. You may opt-out of receiving these marketing messages by selecting the appropriate unsubscribe option included in the notice.
We may, from time to time, send you electronic notices regarding security, privacy and other administrative issues related to your usage of the Services. Because this information is important to your interaction with us, you cannot opt-out from receiving administrative messages.
You may update the information you provide to us through the Services. To change your information, contact us using one of the means listed on our Contact Us page[TM25] .
We will retain your information for as long as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements.
7. USE OF SERVICES BY MINORS
We do not knowingly collect Personally Identifiable Information from individuals under the age of 13 and the Services are not directed to individuals under the age of 13. We request that these individuals not use the Services.
8. INTERNATIONAL VISITORS
The Services are controlled and operated from the United States, and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. If any material on the Services is contrary to the laws of the place where you are when you access them, then we ask you not to use the Services. You are responsible for informing yourself of the laws of your jurisdiction and complying with them.
By using the Services, you consent to the transfer of information to the United States, which may have different and less restrictive data protection rules than those of your country.
10. PERFORMANCE, GOVERNING LAW, AND JURISDICTION
12. SEVERABILITY AND WAIVER
13. HOW TO CONTACT US AND HOW TO FILE A COMPLAINT
Should you have a complaint that you believe is not being adequately resolved through customer service, you may file a complaint with our headquarters office. You will not be penalized or denied services for filing a complaint. To file a privacy complaint with us, please contact headquarters:
Attn: Privacy Officer
8000 NW 7 Street, Ste. 200
Miami, FL 33126
You may also file a complaint with our Federal regulator:
Department of Health and Human Services
Centers for Medicare and Medicaid Service
Center for Consumer Information & Insurance Oversight
200 Independence Avenue SW
Washington, DC 20201
Secretary of the Department of Health and Human Services
Office of Civil Rights