BenefitsApp Data Privacy

BenefitApp, a HealthBenefitApp LLC product, recognizes privacy is important to you and our clients. We want you to be familiar with how we collect, use and disclose data. As such, we list below the documents we sign with Benefits Administrators (our clients) to fulfill our obligations to maintain data security and privacy. 
 

By accessing the BenefitsApp website and using the services offered, the User acknowledges having read and understood this General Policy on the protection of personal data, as well as the practices for collecting consent, collecting and processing data, information described in this document.

In general, you can visit our Website without having to send us any Data. However, in order to be able to provide you with certain services, BenefitsApp may ask you to provide certain Data.

This Privacy Policy applies to all data processing collected through our website accessible at www.BenefitsApp.com and accessble when using the BenefitsApp mobile app.

Personal Data – hereinafter referred to as “the Data” – means any information relating to an identified or identifiable natural person – hereinafter referred to as “data subject”.

This Policy sets out the principles and guidelines for the protection of your Personal Data and is intended, among other things, to inform you of:

  •     The Personal Data collected by BenefitsApp and the reasons for this collection,
  •     The way in which these Personal Data are used,
  •     Your rights in Personal Data concerning you

Table of Contents

  1. Presentation of the company
  2. Intellectual Property of our site
  3. Contact Information
  4. Appointment of a DPO-DPD at the CNIL
  5. Collection and Use of Collected Data
  6. Data Retention Period
  7. Categories of recipient of your data
  8. Data Transfer
  9. Fair interest of our treatments
  10. Information on minors under 15
  11. Reminder of your rights defined by the RGPD Regulation
  12. Exercise of rights
  13. Cookies policy of our web site
  14. Measures taken for the protection of personal data
  15. Data Breach
  16. Applicable law and jurisdiction
  17. Modification of this Data Protection Policy

1.) Presentation of the company

BenefitsApp is a product of the company HealthBenefitApp LLC (referred to herein as BenefitsApp for purposes of this Privacy Statement). BenefitsApp provides an native mobile app platform for communication of benefits information between benefits administrators and eligbile members. It enables administrator teams to create notification campaigns that reinforce member engagement, usage, and retention. It integrates authorized third party companies and shares limited data with those companies to provide enhanced benefits to eligibile members.

The company, BenefitsApp, is committed to comply with all legal obligations regarding the protection of personal data. This Privacy Policy is intended to inform you of our privacy choices and practices, as well as the options you may have for how your data is collected online and how they are collected, and are used.

In accordance with general data protection regulations, BenefitsApp undertakes to:

  •     Treat only fair and lawfully collected data;
  •     Treat the collected data only for specified, explicit and legitimate purposes;
  •     Treat only the relevant and relevant data that are not excessive in relation to the purpose of      the processing
  •     Take all necessary precautions to preserve the security of the data, in particular to prevent        them from being deformed, altered, damaged;
  •     Do not communicate this data to third parties outside the scope of the BenefitsApp       product.

Conscious of the fact that the provision of information online implies a great mark of trust on the part of the users, we consider this trust with the utmost seriousness and make a major priority of the security and the confidentiality of the personal data that is provide by your Benefits Administrator or when you use our product.

2.) Intellectual Property of our product

The content of our product, the general structure, the tree structure, the textual contents, the animated images or not and the logos of which the site is composed are the exclusive property of the company BenefitsApp. Any representation, total or partial, of this site or its content, on any medium, for a collective or professional use, even internally in the company, by any process whatsoever, without the express prior written permission the company BenefitsApp is prohibited.

3.) Contact Information

Wesbite: https://www.BenefitsApp.com

Contact Email: privacy@benefitsapp.com

Headquarters: 3355 Keswick Road, Suite 105, Baltimore MD 21211

HQ Reception: +1-410-207-3863

4.) Collection and Use of Collected Data

Only personal data that is useful for the registration and implementatin of our product are collected and hosted by BenefitsApp. Personal data is collected from Benefits Administrators, and upon member registration and use of the BenefitsApp. 

Legal Basis of our data processing

We are entitled to process your data from the moment you explicitly register to use the BenefitsApp mobile app and then thereafter. As a registered use, you agree to the End User Terms and Conditions found under “My Profile” within the BenefitsApp. 

We are authorized and entitled to process your data upon signing a Business Associate Agreement with your Benefits Administrator. The Business Associate Agreement provides for the confidentiality, security and availability of certain Protected Health Information that may be received by BenefitsApp from or on behalf of its clients. The Agreement is intended to provide that such protected health information will be used or disclosed by the Business Associate only in a manner that is consistent with the applicable provisions of federal regulations (the “Administrative Simplification Regulations”) issued pursuant to the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and this Agreement shall be interpreted accordingly.  This Agreement also is intended to satisfy certain requirements of the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), included in the American Recovery and Reinvestment Act of 2009 (“ARRA”), when and as they become applicable to BenefitsApp or its clients and this Agreement shall be interpreted accordingly.

Data Collection Purpose

BenefitsApp collects and processes personal data including:

  •     To enable to communication of benefits between Benefits Administrators and eligible       members,
  •     To contact you regarding benefits information or the use of the BenefitsApp,
  •     For the registration and management of the BenefitsApp app,
  •     For the targeting messaging individually or as a segment of all BenefitsApp users,
  •     To manage the options of your use of BenefitsApp,
  •     To provide the requested contractual services,
  •     If necessary, to offer additional or optional services until a possible opposition on your part.

Categories of collected data

We refrain, with regard to personal information that you entrust to us, from any indirect collection, from any indirect use, and in a general way, from any act likely to infringe on your private life or your reputation.

BenefitsApp thus ensures to collect only data strictly necessary for the declared purpose of the various treatments implemented by the company. The following data is collected for the purposes of the services provided by the company:

  • Last name and first name
  • Company
  • Phone Number
  • E-mail address
  • Birthdate
  • Language Preference
  • Additional Benefits Data from your Benefits Administrator as governed by the Business Associate Agreement. 

During the exchanges concerning the projects of the company, various Personal Data may be collected with the prior and informed consent of the interested persons, for the sole needs of the treatment of the projects of the company.

5.) Data Retention Period

The company BenefitsApp, in accordance with the legislation in force, will keep the Personal Data only for the duration necessary for the treatment. 

Concerning the treatment and the follow-up of the candidatures, the company BenefitsApp, in the respect of the legislation in force, will delete the data of the candidates within a maximum delay of one year after the last contact.

Concerning the communication and management of contact requests, the company BenefitsApp, in accordance with the legislation in force, will delete the data of its interlocutors within a maximum of three years after the last contact.

The personal data of the clients and prospects involved will be kept in active database for a maximum of three years, after the end of the contractual relationship for the clients, or the last incoming contact for the prospects, in accordance with the law.

For employees, the texts have variable durations for the preservation of certain data. (Employment contracts, URSSAF, pension funds, etc.) without prejudice to the legal obligations of conservation or limitation periods.

Beyond this period, the data may be anonymized and kept for exclusively statistical purposes and will not give rise to any exploitation of any nature whatsoever.

6.) Categories of Recipient of your Data

The Data collected is for internal use within BenefitsApp and strictly limited to the most appropriate teams to process the request made. However, we may share the Data collected with our technical service providers for the purposes described above.

We strictly require our partners to always act in accordance with applicable data protection laws and to pay special attention to the confidentiality of such Data. In application of the regulations in force, any subcontractor who could process personal data on behalf of BenefitsApp undertakes in particular to:

  •     Treat the data only for the one or more purpose (s) that is / are the subject of the          subcontracting,
  •     Process the data according to the instructions of BenefitsApp,
  •     Guarantee the confidentiality and security of the Data.

The recipients of your data are:

Internally:

  •     The management of our company,
  •     The administrative staff
  •     The persons in charge of the commercial follow-up through the person in contact with your Benefits Administrator

Externally:

  • The subcontractors for hosting the data
  • SALESFORCE.com: External collaborators for hosting data and the BenefitsApp product,
  • PARDOT.com: In the context of its commercial relations, with its partners

BenefitsApp may also disclose or transfer your personal data to third parties in the following particular circumstances:

  • By law, in the context of legal proceedings, litigation and / or a request from public authorities in your country of residence or otherwise;
  • Disclosure is necessary for national security, law enforcement or other public purpose purposes;
  • In the event of strategic partnership, restructuring, sale, merger or sale, to the relevant third party.

7.) Data Transfer

In the event that your Data is transferred outside BenefitsApp systems, we make sure that personal data is transferred to those recognized as offering an equivalent level of protection.

8.) Mobile App Tags and Cookies policy of our web site

When you browse our website, we collect certain information using cookies.

A cookie is a text file saved on your device’s hard drive, such as when you visit a site or read an email. A cookie identifies the device on which it is registered, during the period of validity of the consent, which can not exceed 13 months.

Cookies are managed by your internet browser and only the issuer of a cookie may read or modify the information contained therein.

BenefitsApp uses Mobile App Tagging:

  • They allow us to ensure a smoother operation of the App. (eg recording your favorite language).
  • They allow us to know how many visitors use the BenefitsApp, and understand what use of our App is made.
  • They also allow us to know which pages are preferred by our users.

We use 4 types of cookies:

  • Operating Cookies (WordPress): They allow us to ensure a smoother operation of the site. (eg recording your favorite language). They are required to enjoy the best browsing experience.
  • Audience Measurement Cookies (Google Analytics): They allow us to know how many visitors come to our website, and understand what use of our website is made. They also allow us to know which pages are preferred by our visitors.
  • Social Network Cookies (Linkedin, Twitter): These allow us to know how many times and by whom are shared our contents on social networks.
  • We have no control over the processes used by these social networks to collect information relating to your browsing on Our Site. We invite you to consult the privacy policies of these social networks to know for what purposes (including advertising) they use the navigation information they collect through these application buttons. These privacy policies must include information about how to manage your preferences on your social networking account.
  • Marketing Cookies (Pardot): They allow us to know the number of people who opened our emailings and clicked on its links. For customers, they allow them to not have to re-enter their personal data in marketing forms.

You can at any time choose to enable or disable cookies by going to the “Cookies” page located in the footer menu You can also disable and / or delete cookies from your computer, tablet or mobile phone by managing your browser settings.

9.) Measures taken for the protection of personal data

BenefitsApp has taken steps to prevent any personal data breach, including:

  • Appointment of a Data Protection Officer at BenefitsApp
  • Awareness of the teams on the protection of personal data
  • Audit and mapping of the processing of personal data carried out within the company and its subcontractors
  • Security audit of the information system
  • Implementation of a general data protection policy

10.) Data Breach

In the event that we become aware of an illegal access to your personal data corresponding to a treatment for which we are responsible, we undertake to notify you of the incident as soon as possible if it meets a legal requirement as defined in our Business Associate Agreement.

11.) Applicable Law and Jurisdiction

Our website and our activity are governed by United States laws. In the event of litigation resulting from your use of our websites or its activity, the Maryland courts will be exclusively used.

12.) Modification of this Data Protection Policy

The company BenefitsApp reserves the right to modify this Privacy Policy at any time, for example to take into account new data collected, changes to our treatments or our purposes, but also to bring us into compliance in case changes in certain legislative and regulatory provisions, particularly with regard to the Business Associate Agreement. We encourage you to check this document regularly to keep you informed of any changes. However, in the event of a substantial change in our data privacy policy, you will be notified when connecting to the site or using the BenefitsApp.

This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with the BenefitsApp.

All BenefitsApps require at least some device permissions. For example, a BenefitsApp will always require push message permissions to enable push messages in the app, geolocation permissions for allowing geo-based push messages, data storage permissions to save images in the cache, and internet permissions to download updates, to name a few. It is not possible to change these BenefitsApp permissions. They are required based on the possible features/functions of the BenefitsApp platform. These permissions are not uncommon for most apps. Please note that BenefitsApp does not, under any circumstances, share information with a third-party unless required to do so by law.

Any information collected by the BenefitsApp is private and only available to your Benefit Manager.

All BenefitsApp administration is maintained in secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all information you supply is encrypted via Secure Socket Layer (SSL) technology.

We do not use cookies for tracking purposes on the BenefitsApp mobile apps. Cookies may be used for storage of user credentials for ease of access to benefit information or to third party websites. BenefitsApp uses the Pardot Marketing System on its website for marketing of its services to employers and partners.

We offer links and integrations with third-party products and services to enhance the user benefit of BenefitsApp. This may include access to user portals provided by health care providers, or employee portals, or deeper integrations with our partners. For all integration partners, we require they comply with our privacy policies. For provider or employee portals, please refer to their Privacy Policy.

If there are any questions regarding this privacy policy, you may contact us at:

Privacy Administrator
BenefitsApp
P.O. Box 4830 3355 Keswick Road,
Suite 105 Baltimore Maryland 21211
Email: privacy@benefitsapp.com
Phone: 800-631-9268