I. HOW WE USE YOUR PERSONAL INFORMATION
Protecting your privacy is fundamental to the way Custom Benefits Consultants, Inc. and its subsidiaries (collectively, “we,” “us,” or “our”) conduct business. Although privacy regulations require companies to inform you of their practices regarding the collection and use of your personal information, keeping client information confidential has always been our policy. We have always known that privacy is important to you, and we are committed to safeguarding your personal information. This Privacy Statement explains how we may collect, use and disclose your personal information.
In the course of offering and providing our products and services, it is common for us to receive sensitive information from and about our clients, including financial and business information, some of which constitutes personal information. Generally speaking, personal information is any information that can be used, directly or indirectly, to identify, locate or contact someone. Types of personal information that may be collected includes names, physical addresses, mailing addresses, social security numbers, email addresses, phone numbers, bank account numbers and driver’s license numbers. Under certain circumstances, personal information may also include other information that can reasonably link to a particular person, such as internet protocol (IP) addresses, unique device identification numbers, employment information, medical information and internet activity. However, Custom Benefit Consultants, Inc. does not track individuals by IP address or geolocation information directly, and therefore, any such IP address or geolocation information is anonymized and used only for aggregated site metrics purposes.
Email Opt In
To send periodic emails. We may use the email address to respond to their inquiries, questions, and/or other requests, and to send you Service-related emails (e.g., account verification, changes or updates to features of the Service, technical and security notices). User may receive emails that include company news, updates, related product or service information, etc. If you do not wish to receive promotional emails, you can click the “unsubscribe” button on promotional email communications. Note that you are not permitted to unsubscribe or opt-out of non-promotional messages regarding your account, such as account verification, enrollment updates, change or updates to features of the Service, or technical and security notices.
How We Collect Personal Information
Typically, we receive personal information directly from our clients or their agents in the course of performing our services. For example, clients may provide their personal information to us in order for us to quote or enroll in a qualified benefits plan. And we may collect personal information through services authorized by our clients. For example, many group clients provide employee information as employees are eligible to participate in group-sponsored benefits programs.
We also collect personal information through our various service-focused websites (www.cbcins.com, online.cbcins.com, www.controlsourceinc.com). For example, if you setup an account for portal access on our website (either to quote benefit plans, enroll in benefit plans, or make changes to current enrollments) we will collect information such as your name, email address, username and password, and we will receive any documents you submit through the client portal or benefit center. Our web servers may also collect information from visitors such as IP address, browser type and version, time zone setting, operating system and platform. Some web browsers allow the user to send “do-not-track” signals to websites, but our website does not respond to those signals.
How We Use Personal Information
We use the personal information we collect from you to fulfill the purpose for which you provide it. For example, you may provide us with personal information in order for us to prepare an insurance plan quote, modify a policy, or other service-related activities to your account. We may also use your personal information: (1) to provide you with information, products or services that you request from us; (2) to provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you or as directed by your employer; (3) to carry out our obligations and enforce our rights arising from any contracts entered into between you or your employer and us, including for billing and collections; (4) to improve our website and present its contents to you; (5) for testing, research, analysis and product development; and (6) for any other purpose with your consent.
Disclosure of Personal Information
We may disclose personal information we collect from you: (1) to our subsidiaries and affiliates; (2) to contractors, service providers, and other third parties we use to support our business; (3) to fulfill the purpose for which you provide it; (4) to a buyer or other successor in the event of a sale or transfer of some or all of our business or assets; (5) for any other purpose disclosed by us when you provide the information; (6) to comply with any court order, law or legal process, including responding to any government or regulatory request; (7) to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections; (8) if we believe disclosure is necessary or appropriate to protect the rights, property or safety of us, our clients or others; or (9) with your consent.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access and disclosure. The use of, and access to, your personal information by us is restricted to employees and contractors who need to know that information to provide services to you. We maintain physical, electronic and procedural safeguards to limit access to your nonpublic personal information.
Unfortunately, transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to us through our website or other electronic means. Any electronic transmission of personal information is at your own risk.
Information we collect through cookies and other technology.
We automatically collect certain types of usage information when you visit our website or use our Service. When you visit the Service, we may send one or more cookies — a small text file containing a string of alphanumeric characters — to your computer that uniquely identifies your browser and lets us help you log in faster and enhance your navigation through the site. A cookie may also convey information to us about how you use the Service (e.g., the pages you view, the links you click, how frequently you access the Service, and other actions you take on the Service), and allow us to track your usage of the Service over time. We may collect log file information from your browser or mobile device each time you access the Service. Log file information may include anonymous information such as your web request, Internet Protocol (“IP”) address, browser type, information about your mobile device, referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other such information. We may employ clear gifs (also known as web beacons) which are used to anonymously track the online usage patterns of our Users. In addition, we may also use clear gifs in HTML-based emails sent to our users to track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of the Service. We may also collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for the Service and to understand more about the demographics of our users. These tools collect information sent by your browser or mobile device, including the pages you visit, your use of third party applications, and other information that assists us in analyzing and improving the Service. We may work with third parties to employ technologies, including the application of statistical modeling tools, which attempt to recognize you across multiple devices. Although we do our best to honor the privacy preferences of our visitors, we are not able to respond to Do Not Track signals from your browser at this time.
When you access our Service by or through a mobile device, we may receive or collect and store a unique identification numbers associated with your device or our mobile application (including, for example, a UDID, Unique ID for Advertisers (“IDFA”), Google Ad ID, or Windows Advertising ID), mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, phone number, and, depending on your mobile device settings, your geographical location data, including GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your mobile device
We use or may use the data collected through cookies, log file, device identifiers, location data and clear gifs information to:
- remember information so that you will not have to re-enter it during your visit or the next time you visit the site;
- provide custom, personalized content and information, including targeted content and advertising;
- provide and monitor the effectiveness of our Service;
- monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our website and our Service;
- diagnose or fix technology problems; and
- otherwise to plan for and enhance our service.
Third Party Tracking and Online Advertising:
We may share with, or we may permit third party online advertising networks, social media companies and other third party services, to collect, information about your use of our website over time so that they may play or display ads that may be relevant to your interests on our Site as well as on other websites or apps, or on other devices you may use. Typically, the information we share is provided through cookies or similar tracking technologies, which recognize the device you are using and collect information, including hashed data, click stream information, browser type, time and date you visited the site, and other information. This information is used to display targeted ads on or through our Site or on other websites or apps, including on Facebook. We or the online advertising networks use this information to make the advertisements you see online more relevant to your interests. You may be able to “opt out” of the collection of information through cookies or other tracking technology by actively managing the settings on your browser or mobile device, though, depending on your mobile device you may not be able to control tracking technologies through your mobile device settings. Please refer to your browser’s or mobile device’s technical information for instructions on how to delete and/or disable cookies, and other tracking/recording tools. You may also be able to limit interest-based advertising through the settings on your mobile device by selecting “limit ad tracking” (iOS) or “opt-out of interest based ads” (Android). To learn more about interest-based advertising and how you may be able to opt-out of some of this advertising, you may wish to visit the Network Advertising Initiative’s online resources, at http://www.networkadvertising.org/choices ), and/or the DAA’s resources at www.aboutads.info/choices , and you may also adjust your ad preferences through your Facebook settings. You may also be able to opt-out of some – but not all – interest-based ads served by mobile ad networks by visiting http://youradchoices.com/appchoices and downloading the mobile AppChoices app. If you have questions about data collection policies of our marketing partner RollWorks please visit this link. If you have any questions about opting out of the collection of cookies and other tracking/recording tools, you can contact us directly at email@example.com .
II. THIRD PARTY WEBSITES
Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website's own terms and policies.
Through the course of using any Custom Benefit Consultant electronic system, you may be directed to an external resource not managed by the company, to fulfill services not directly managed by or provided by the company. In these cases, information you provide through these external resources is not housed by or managed by Custom Benefit Consultants. The Company therefore will not be liable for any data entered into or stored in systems not directly controlled by or managed by Custom Benefit Consultants, Inc.
This Privacy Statement does not restrict our collection, use or disclosure of any aggregated information or information that does not identify, or cannot be reasonably linked to, any individual. However, any such non-personal information will not be sold for direct marketing purposes.
Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
|A real name, alias, postal address, unique personal identifier, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
|B. Personal information categories referenced in State Legislation in select states.
|A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
|C. Protected classification characteristics under specific states or federal law.
|Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
|D. Commercial information.
|Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|E. Biometric information.
|Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
|F. Internet or other similar network activity.
|Browsing history, IP Address, Geolocation data, search history, information on a consumer's interaction with a website, application, or advertisement.
|G. Geolocation data.
|Physical location or movements.
|H. Sensory data.
|Audio, electronic, visual, thermal, olfactory, or similar information.
|I. Professional or employment-related information.
|Current or past job history.
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
|Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
|K. Inferences drawn from other personal information.
|Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Personal information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information excluded from the scope of state or federal legislation, such as:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data, or any similar state-specific legislation in specific states that have passed such legislation;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from our clients or their agents. For example, from documents that our clients provide to us related to the services for which they engage us.
- Indirectly from our clients or their agents. For example, through information we collect from our clients in the course of providing services to them.
- Directly and indirectly from activity on our websites (*.cbcins.com or *.controlsourceinc.com). For example, from submissions through our website portal or website usage details collected automatically.
- From third-parties that interact with us in connection with the services we perform. For example, from a third party administrator regarding premium deductions or payroll deductions for programs in which you may participate.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:
- To fulfill or meet the reason for which the information is provided. For example, if you provide us with personal information in order for us to prepare a tax return, we will use that information to prepare the return and submit it to the applicable taxing authorities.
- To provide you with information, products or services that you request from us.
- To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
- To improve our website and present its contents to you.
- For testing, research, analysis and product development.
- As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in state legislation enacted in specific states.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: Customer Records personal information categories.
Category C: Protected classification characteristics under certain states or federal law.
Category I: Professional or employment-related information.
We disclose your personal information for a business purpose to the following categories of third parties:
- Our affiliates.
- Service providers.
- Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
In the preceding twelve (12) months, we have not sold any personal information.
III. OTHER LEGAL TERMS
By submitting an application, you represent that you have permission from all of the people whose information is on the application to both submit their information to the Site, and receive any communications about their eligibility and enrollment.
We are authorized to collect the information on this form and any supporting documentation, including social security numbers, under the Patient Protection and Affordable Care Act (Public Law No. 111-148), as amended by the Health Care and Education Reconciliation Act of 2010 (Public Law No. 111-152), and the Social Security Act.
We need the information provided about you and the other individuals listed on this form to determine eligibility for:
- enrollment in a qualified health plan through the Federal Health Insurance Marketplace,
- insurance affordability programs (such as Medicaid, CHIP, advanced payment of the premium tax credits, and cost sharing reductions), and
- certifications of exemption from the individual responsibility requirement.
As part of that process, we will verify the information provided on the form, communicate with you or your authorized representative, and eventually provide the information to the health plan you select so that they can enroll any eligible individuals in a qualified health plan or insurance affordability program. We will also use the information provided as part of the ongoing operation of the Site, including activities such as verifying continued eligibility for all programs, processing appeals, reporting on and managing the insurance affordability programs for eligible individuals, performing oversight and quality control activities, combatting fraud, and responding to any concerns about the security or confidentiality of the information.
While providing the requested information (including social security numbers) is voluntary, failing to provide it may delay or prevent your ability to obtain health coverage through the Site, advanced payment of the premium tax credits, cost sharing reductions, or an exemption from the shared responsibility payment. If you don’t have an exemption from the shared responsibility payment and you don’t maintain qualifying health coverage for three months or longer during the year, you may be subject to a penalty. If you don’t provide correct information on this form or knowingly and willfully provide false or fraudulent information, you may be subject to a penalty and other law enforcement action.
In order to verify and process applications, determine eligibility, and operate the Site, we will need to share selected information that we receive outside of CMS, including to:
- Federal agencies, (such as the Internal Revenue Service, Social Security Administration and Department of Homeland Security), state agencies (such as Medicaid or CHIP) or local government agencies. We may use the information you provide in computer matching programs with any of these groups to make eligibility determinations, to verify continued eligibility for enrollment in a qualified health plan or Federal benefit programs, or to process appeals of eligibility determinations. Information provided by applicants won’t be used for immigration enforcement purposes;
- Other verification sources including consumer reporting agencies;
- Employers identified on applications for eligibility determinations;
- Applicants/enrollees, and authorized representatives of applicants/enrollees;
- Agents, Brokers, and issuers of Qualified Health Plans, as applicable;
- Costco Health Insurance Marketplace contractors engaged to perform a function for the Site; and
- Anyone else as required by law or allowed under the Privacy Act System of Records Notice associated with this collection (CMS Health Insurance Exchanges System (HIX), CMS System No. 09-70-0560, as amended, 78 Federal Register, 8538, March 6, 2013, and 78 Federal Register, 32256, May 29, 2013).
IV. YOUR RIGHTS AND CHOICES
Certain state legislation allows consumers who reside in those specific states with specific rights regarding their personal information. This section describes your state legislated rights and explains how to exercise those rights, if your state has enacted such legislation.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we disclosed your personal information for a business purpose,
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with other state or federal legislation that requires such information be retained.
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
- Calling us at 800.309.9029.
- Visiting cbcins.com/CCPA
Only you or a person registered with the Secretary of State of your primary state of residence that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to contact you to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your state legislated rights. Unless permitted by state or federal legislation, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
We will post any changes we make to this Privacy Statement on our website. If we make material changes to how we treat personal information we collect from you, such updates will be reflected in the updated privacy statement available on the company’s public website. The date this Privacy Statement was last revised is identified above. To ensure you are aware of the most current privacy notices and any updates, it is advised to periodically visit this Privacy Statement on our website to check for any changes.
VI. CONTACT INFORMATION
If you have any questions or comments about this notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
CBC Health Insurance Marketplace
Custom Benefit Consultants, Inc.
Attn: Brandon Russell, Vice President of Operations and Technology
300 S. Fourth St., Suite 700
Las Vegas, NV 89101