Beyond Blue Holdings, Inc. (BBH, “The Company”) is sensitive to privacy issues with respect to the use of user information provided to us. The Company is committed to maintaining the privacy and confidentiality of the personal information that we collect. For these reasons, we are disclosing to you our practices in gathering and using information that you provide us. This privacy policy relates to data obtained via business services performed for our corporate clients, the BBH website (www.beyondblueholdings.com) and all BBH powered websites.
This policy only covers the Company’s business services practices. Without limitation, this Privacy Policy does not cover data that we collect offline, on businesses, legal entities or on our employees.
If you are a participant using business services on behalf of our client, the following terms are applicable to you:
PII and other pertinent information will be collected when you register for a program sponsored by our Clients and purged as necessary.
The PII you provide is the property of a third party, our client, to whom you have provided the information. Our Client is regarded as the Data Controller and as such, all personal information (PI/PII) is completely accessible to the respective Client, its agents and associated third parties.
With regards to PHI, the Privacy Rule sets the standards for how all PHI should be controlled and defines what information must be protected, who is authorized to access, use or disclose information, what processes must be in place to control the access, use, and disclosure of information, and patient (end customer) rights. The purpose of the Privacy Rule is to protect and enhance the rights of consumers by providing them access to their health information and controlling the inappropriate use of that information. Since some services provided by divisions within the Company give the Company access to personal information that identifies individuals and their eligibility for Medicaid and/or Medicare, the Company is under obligation to protect that information, and the identity of those individuals from improper disclosure.
Each BBH Client has its own privacy statement. By providing your personal information to the Company for use by our Client you consent to the Company providing a copy of your personal information to that Client for collection, processing and any further transfer in accordance with the privacy statement (if any) of that Client. BBH is not responsible for any actions of its clients once the data is provided to them.
Our Clients may have optional third-party service providers that can perform additional functions outside of the standard platform offering where individuals personal information may be shared.
BBH provides the tools necessary for the Client and the Client workforce to manage the Clients collected information/records.
The Company collects PII from and about individuals from the client and client approved websites. This information can be received online, via a mobile device, over the phone or through the mail for the purposes of providing Services from the Company to the Client; facilitating communications between individuals and third-party service providers, and all verifications in relation to services provided by the Company. The Company may only store, transmit, handle or process personal information collected by the Client only for purposes outlined in this Privacy Policy. The Company may only disclose PI/PII to third parties for new purposes or uses only with the prior implicit consent of the Client and only if the individual has previously given permission for new uses. Any individuals refusing to provide personal information or denying or withdrawing consent to use their personal information for services provided by the Company is the responsibility of the Client. Any complaints or questions should be first sent to us by email at privacy@beyondblueholdings.com.
Users can also write to us at:
A Company representative will respond to personal information change requests within 30 days of receiving such requests.
Personal information is collected only with those who have, or are in the process of establishing, a business relationship with the Client and have obtained consent (explicit or implied) to share their personal information (transfer to or from) with the Company and other third parties, only for the purposes for which it was collected. The Company will work with the Client if any requests are submitted to the Company for removal or updates to individual’s personal information. When the Client requests to the Company that information that was previously collected is used for purposes not previously identified in the privacy notice, the Client will be responsible to notify the individual and obtain consent prior to such new use or purpose.
When the Company will use information that was previously collected for purposes not previously identified in the privacy notice, the individual will be notified, and consent will be obtained prior to such new use or purpose. The Company will only disclose Personal Information to third parties for new purposes or uses only with prior implicit or explicit consent of the individual.
The company takes security measures designed to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These measures include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures designed to guard against unauthorized access to systems where we store PII.
We do not share your personal information with third parties other than as follows:
Third Party Verification Services. We may share limited personal information (e.g., address, phone number) with non-BBH entities to assist with identity verification, and to prevent fraud and identity theft. The Company restricts access to PII internally to BBH agents and partners, who need to know that information in order to operate, develop or improve our services. These parties are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
The Company reviews and performs a risk analysis prior to contracting with a third-party that collects, handles, processes, stores or protects personally identifiable information are reliable, operate fairly and lawfully and maintain the controls necessary to meet the terms of the Business Agreements and this policy.
The Company provides copies of the Privacy Policy to third parties that collects, handles, processes, stores or protects personally identifiable information prior to engagement and at least once a year.
The Client is responsible for monitoring and enforcement of security measures in regard to collection of personal information about their data subjects.
The Company maintains controls in attempt to prevent the misuse of personal information by third parties and mitigates, to the extent practicable, any harm caused by the use or disclosure of personal information by a third-party in violations of the privacy policies and procedures and will take remedial action on any third-party that misuses personal information.
The Company will maintain a record of detected and reported unauthorized disclosures of personal information that is reviewed annually for completeness, accuracy, and timeliness.
It is the responsibility of the Client and the Client workforce to ensure the quality of information collected prior to storage within our system. The Company is not responsible for the quality of information collected by the Client within our system prior, during, or after storage within our system.
The Company takes reasonable steps to ensure that PII collected and processed within the system remains as reliable, accurate, complete, current and relevant as possible for the purposes for which it was collected.
Consistent with any applicable client commitments, the Company does not retain PI/PII/PHI longer than necessary to fulfill the stated business purposes unless a law or regulation specifically requires otherwise.
Consistent with any applicable client commitments and government regulations, the Company maintains processes that captures, identifies and flags PI/PII/PHI for destruction in a manner that data becomes entirely unreadable (destroyed/anonymized or redacted) and unable to be reconstructed/reconstituted, thereby preventing information loss, theft, misuse, or unauthorized access.
Consistent with any applicable Client commitments, the Company will permit Users upon their request to access their PII to:
Requests for access or updates to personal information may be denied or limited by the Company if providing such access is unreasonably burdensome, expensive under the circumstances or if in giving such access would violate another person's rights. If denied or limited, the Company will inform the individual of the denial, and reason for denial. It is the individual’s right to challenge any denial.
The Company will conduct an annual self-assessment to ensure that this Privacy Policy is published and disseminated within BBH and on its website and that it conforms to these principles. In addition, the Company has deployed internal processes to monitor compliance with these principles and to address all questions or complaints from the Clients or Data Subjects. Users may raise any concerns or complaints regarding their PII directly with the Company by first contacting us by email at privacy@beyondblueholdings.com.
Users can also write to us at:
If a User raises such a concern or complaint, the Company will investigate the matter and attempt to resolve all issues to the satisfaction of the individual raising the concern or complaint.
If there is a breach of information, the Company will abide by all federal and state regulations.
Your use of BBH Websites or Services signifies your acceptance of this Privacy Statement. If you do not agree or are not comfortable with any policy described in this Privacy Statement, your remedies are to discontinue your use of the relevant website or to follow instructions described elsewhere in this Privacy Statement.
We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here and by means of a notice on our home page, your program website, another appropriate place or by email.
We occasionally post customer testimonials on our web sites which may contain Personally Identifiable Information such as the customer's name. We obtain the customer's consent prior to posting any testimonials.
The security of your personal information is important to us. When you enter sensitive information (such as credit card or social security numbers) within services provided on behalf of our clients, the information is encrypted using secure socket layer technology (SSL) when in transit. When we store your information in databases or in files, we utilize advanced encryption technologies to ensure extremely high levels of data protection.
We follow generally accepted industry standards to protect personal information submitted to us (both during transmission and at rest). No method of transmission over the Internet, or method of electronic storage, however, is 100% secure. Therefore, while we use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
If you have questions or concerns regarding this Privacy Statement, you should first contact us by email at privacy@beyondblueholdings.com.
You can also write to us at:
A Company representative will respond to personal information change requests within 30 days of receiving such requests.
When you first visit one of our Sites, we may ask that you take certain action and may request and/or require further information about you, including, but not limited to, your name, your employer’s name, address, telephone and facsimile number, email address and other identity and contact information.
If you choose not to supply the information, we may be unable to provide you with the services we make available to other users of and visitors to our website. When you submit any personally identifiable information over this website, the Company will (i) use the information for the purposes described at the time of submission (for example, your name, address, telephone number, and e-mail) and (ii) may use the information to contact you to make you aware of other services of interest. Of course, if you want to remain completely anonymous, you're still free to take advantage of the publicly available content on our website without registration.
BBH allows Users from whom it collects PII the opportunity to choose not to allow the Company to disclose his or her PII to a third party or to use it for a purpose incompatible with the purpose for which it was originally collected (the “opt-out” rights). For Sensitive PII, BBH requires such User to affirmatively choose to allow for the data is to be disclosed to a third party or used for a purpose other than its original purpose (the “opt-in” choice).
Users desiring to exercise their opt-out rights should first contact us by email at opt-out@beyondblueholdings
Users can also write to us at:
The information we collect from and about you may be used in the following ways, among others: to fulfill requests; to provide you with information about offers we believe you will find useful; or to notify you of updated information, changes to the Sites, or new products and services that we think might be beneficial to you. We also may combine information you have provided to us in communications offline with the information you have given us online, to, among other things, provide a more customized experience for visits to the Sites. All data is retained for at least the minimum time required by law.
We do not share your personal information with third parties other than as follows:
The information we store, process and protect within our system boundaries is the property of our customers. We do not manage or maintain the content provided, nor do we ensure the quality of the information provided to our systems.
BBH allows Users from whom it collects PII the opportunity to choose not to allow the Company to disclose his or her PII to a third party or to use it for a purpose incompatible with the purpose for which it was originally collected (the “opt-out” rights). For Sensitive PII, BBH requires such User to affirmatively choose to allow for the data is to be disclosed to a third party or used for a purpose other than its original purpose (the “opt-in” choice).
Users desiring to exercise their opt-out rights should first contact us by email atopt-out@beyondblueholdings.com.
Users can also write to us at Attention:
Personal information is collected only with those who have, are interested in, or are in the process of requesting information on, or establishing a business relationship with the Company and have obtained consent (explicit or implied).
The Company will ensure the individual has obtained consent to share their personal information (transfer to or from) with Third Parties before doing so.
The Company will work with individuals who request removal of, or updates to, their personal information as allowed by business requirements or relevant Laws & Regulations.
When the Company intends to use personal information that was previously collected for purposes not previously identified in the privacy notice, the individual will be notified, and consent will be obtained prior to such new use or purpose.
The Company will maintain documentation of explicit consent for the collection, use, or disclosure of personal information on the public websites.
The Company may disclose PII to a third party if (a) the Company has received the applicable User's permission to make the disclosure, (b) the disclosure is necessary to meet national security, public interest, or law enforcement requirements, (c) allowed by a law that creates conflicting obligations for the Company or that explicitly authorizes disclosure (except that we will limit such disclosure to the extent necessary), or (d) the Principals allow for other exceptions provided that it is applied to other Users equally.
The Company may only disclose PI/PII to third parties for new purposes or uses only with the prior implicit or explicit consent of the individual.
This section describes how the Company uses and disseminates information collected about Public Website Visitors through our Public Website; it does not cover any other data processing activities.
A “cookie” is a small text file containing information that a web browser transfers to your computer's hard disk for record-keeping purposes. On the Public Websites, we may use cookies to analyze our site traffic patterns, except as described above, we link cookies only to IP addresses and not any personally identifiable information about Public Website Visitors.
For an overview on the security of the Emerios Platform, click here.
If you believe that someone at our company, or any companies that we partner with, have violated any of these policies or have been involved in any instances of fraud, abuse or waste, that would affect our company, it is imperative that we are notified by one of the following measures:
We contract with a third party to manage these reports, so any information you provide will be submitted in a completely anonymous fashion. Your contact information will never be provided to us without your consent.
Under CCPA, businesses that process these requests must publish information about them. For the calendar year 2022 (January 1 to December 31), Emerios has processed 0 access, 0 limiting, 0 deletion, and 0 do not sell requests.
The following are our lifetime totals:
January 2020 – December 2023 | |
---|---|
Access Requests | |
Total Number of Access Requests received | 0 |
Total number of Access Requests complied (in whole or in part) | 0 |
Total number of Access Requests denied | 0 |
Limiting Requests | |
Total number of requests to limit data to minimum necessary received | 0 |
Total number of requests to limit data to minimum necessary complied (in whole or in part) | 0 |
Total number of requests to limit data to minimum necessary | 0 |
January 2020 – December 2023 | |
---|---|
Deletion Requests | |
Total number of Deletion Requests received | 0 |
Total number of Deletion Requests complied (in whole or in part) | 0 |
Total number of Deletion Requests denied | 0 |
Do Not Sell (DNS) Requests | |
Total number of DNS Requests received | 0 |
Total number of DNS Requests complied (in whole or in part) | 0 |
Total number of DNS Requests denied | 0 |
Average Days to Respond | |
Average number of days to respond to Access Requests | N/A – 0 Requests received |
Average number of days to respond to Deletion Requests | N/A – 0 Requests received |
Average number of days to respond to DNS Requests | N/A – 0 Requests received |
Emerios currently does not provide services to clients or clients customers for use outside of the United States of America. It also does not collect information on persons with a non-United States address, including within our CRM platform.
Under GDPR, businesses that process these requests must publish information about them. For the calendar year 2023 (January 1 to December 31), Emerios has processed 0 access, 0 limiting, 0 deletion, and 0 do not sell requests, 0 investigations. The following are our lifetime totals for GDPR requests: 0 access, 0 limiting, 0 deletion, and 0 do not sell requests, 1 investigation (closed with no negative finding).
As of 10/18/2022, the Emerios website is blocked from viewing in the EU and other regions where Emerios does not operate or support.
All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. Visit www.emerios.com/legals/sms-policy for more information on text messaging.