Corporate Privacy Policy


1. Introduction

Beyond Blue Holdings, Inc. (BBH) is sensitive to privacy issues with respect to the use of user information provided to us. BBH is committed to maintaining the privacy and confidentiality of the personal information that we collect. For these reasons, we are disclosing to you our practices in gathering and using information that you provide us.

This privacy policy relates to data obtained via business services performed for our corporate clients, the BBH website (www.beyondblueholdings.com) and BBH powered websites.

1.1 Categories of Who Is Covered in this Privacy Statement

  • If you are a User of our Hosted Programs, please see the section “Business Services Programs” below for information on our Business Services practices with respect to data about you.
  • If you are a visitor to the portions of the BBH Website or a BBH-Powered Website that can be accessed without a password (our “Public Website”), please see the section “Public Website Privacy” with respect to data about you. We refer to you as a “Public Website Visitor”.

1.2 What Is Not Covered in this Privacy Policy

We cover only our business services practices in this Privacy Policy. Without limitation, this Privacy Policy does not cover data that we collect offline, on businesses or legal entities or on our employees.

1.3 Definitions

  • Personal Identifiable Information (“PII”) means data that is about, or relates to, an identified or identifiable individual, can be linked to that individual, and is recorded. Personal data may include, among other things, an individual’s name, address, phone number, e-mail address, social security or national health insurance or an equivalent number. For further clarity, the term “PII” does not include data that pertains to a specific individual, but from which that individual cannot reasonably be identified. Unless otherwise indicated, references herein to PII include sensitive PII (as defined below).
  • “Sensitive PII” means data that is a subset of PII that indicates an individual’s medical or health condition, racial or ethnic origin, political opinions, religion, union membership, sexual orientation, or actual or alleged criminal activity.
  • Protected Health Information (“PHI”) is information that is a subset of health information, including demographic information. PHI is created or received by a health-care provider, health plan, employer or health-care clearinghouse; and it relates to the past, present or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present or future payment for the provision of health care to an individual. Perhaps most importantly, PHI is information that either obviously identifies an individual; or that provides for a reasonable basis to believe it can be used to identify the individual. Examples of individually identifiable information include patient name, address, and date of birth, age, medical record number, phone number, fax number, and email address.
  • “Users” has the meaning of Participants in our Business Services Practices and Public Website Visitors. A “User” means any individual who has access through the use of a password to a BBH Website or BBH Powered Website, including buyers of BBH Services, participants of programs provided through the BBH Website or BBH Powered Website, and employees and agents of corporate clients and Suppliers.
  • Business Services performed for our clients is defined in our contracts with our Clients.
  • A “BBH Powered Website” means a website not owned by BBH, but which has a license from BBH to utilize certain BBH technologies.


2. Business Services Programs

If you are a participant using BBH on behalf of our client, the following terms are applicable to you:

2.1 General Information

PII and other pertinent information will be collected when you register for a program managed by BBH and regularly purged as necessary.

The PII you provide is the property of a third party, our client, to whom you have provided the information. The third party provider is regarded as the Data Controller.

All such personal information (PI/PII) is completely accessible to the respective provider and its agents.

With regards to PHI, the Privacy Rule sets the standards for how all PHI should be controlled and defines what information must be protected, who is authorized to access, use or disclose information, what processes must be in place to control the access, use, and disclosure of information, and patient rights. The purpose of the Privacy Rule is to protect and enhance the rights of consumers by providing them access to their health information and controlling the inappropriate use of that information. Although BBH has access to very limited data that is PHI (i.e., it does not have access to actual medical records), since BBH has access to personal information that identifies individuals and that identifies them as being eligible for Medicaid and/or Medicare, BBH is under obligation to protect that information, and the identity of those individuals from improper disclosure.

More detailed information on how we manage PHI is contained in our HIPAA Policy.

Each BBH provider has its own privacy statement. By providing your personal information to BBH for use by a provider you consent to BBH providing a copy of your personal information to that provider for collection, processing and any further transfer in accordance with the privacy statement (if any) of that third party provider. BBH is not responsible for any actions of its clients once the data is provided to them.

2.2 Notice

BBH collects PII from and about individuals via the BBH application and can be received online, via a mobile device, over the phone or through the mail for the purposes of providing BBH Services; facilitating communications between you and third party service providers, our marketing activities; and all verifications in relation to services provided by BBH.

Any complaints or questions should be first sent to us by email at ­
privacy@beyondblueholdings@vmbc.com. Users can also write to us at Attention:

Director of Coordination Services

BBH

US Headquarters

1 Columbia, Suite 250

Aliso Viejo, CA, 92656 USA

BBH will respond to personal information change requests within 30 days of receiving such requests.

2.3 Security

BBH takes security measures designed to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These measures include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures designed to guard against unauthorized access to systems where we store PII.

BBH restricts access to PII internally to BBH agents and partners, who need to know that information in order to operate, develop or improve our services. These parties are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

2.4 Onward Transfer to Third Parties

BBH may disclose PII to a third party, other than our client, if (a) BBH has received the applicable User’s permission to make the disclosure, (b) the disclosure is necessary to meet national security, public interest, or law enforcement requirements or (c) allowed by a law that creates conflicting obligations for BBH or that explicitly authorizes disclosure (except that we will limit such disclosure to the extent necessary.

2.5 Data Integrity

BBH takes reasonable steps to ensure that PII is reliable, accurate, complete, current and relevant for the purposes for which it was collected.

2.6 Data Retention & Disposal

Consistent with any applicable client commitments, BBH does not retain PI/PII/PHI longer than necessary to fulfill the stated business purposes unless a law or regulation specifically requires otherwise.

Consistent with any applicable client commitments and government regulations, BBH disposes of PI/PII/PHI in a manner that data becomes entirely unreadable and unable to be reconstructed/reconstituted, thereby preventing information loss, theft, misuse, or unauthorized access.

2.7 Access

Consistent with any applicable client commitments, BBH will permit Users upon their request to access their PII and correct any erroneous information. The User may need to provide sufficient identifying information, such as name, address, birth date, and social security or national health insurance or an equivalent number. Such access may be denied or limited by BBH if providing such access is unreasonably burdensome, expensive under the circumstances or if in giving such access would violate another person’s rights. In some circumstances, BBH may charge a reasonable fee for access to PII. Users can contact the BBH customer services team at info@beyondblueholdings.com to request access to change personal information.

2.8 Enforcement

BBH will conduct an annual self-assessment to ensure that this Statement is published and disseminated within BBH and on its website and that it conforms to the Principles. In addition, BBH has deployed internal processes to monitor BBH compliance with the Principles and to address all questions or complaints.

Users may raise any concerns or complaints regarding their PII directly with BBH by first contacting us by email at privacy@beyondblueholdings.com. Users can also write to us at Attention:

Director of Coordination Services

BBH

US Headquarters

1 Columbia, Suite 250

Aliso Viejo, CA, 92656 USA

If a User raises such a concern or complaint, BBH will investigate the matter and attempt to resolve all issues to the satisfaction of the individual raising the concern or complaint.

If there is a breach of information, BBH will abide by all federal and state regulations.

3. Public Website Privacy

3.1 Your Use of the Website/Services Implies Your Consent

Your use of BBH Websites or Services signifies your acceptance of this Privacy Statement. If you do not agree or are not comfortable with any policy described in this Privacy Statement, your remedies are to discontinue your use of the relevant website or to follow instructions described elsewhere in this Privacy Statement.

3.2 Changes in this Privacy Statement

We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here and by means of a notice on our home page, your program website, another appropriate place or by email.

3.3 Testimonials

We post customer testimonials on our web sites which may contain personally identifiable information such as the customer’s name. We obtain the customer’s consent prior to posting such testimonial.

3.4 Security of Data

The security of your personal information is important to us. When you enter sensitive information (such as credit card or social security numbers) on our registration or order forms, we encrypt that information using secure socket layer technology (SSL). When we store your information in databases or in flat files, we utilize encryption technologies to ensure extremely high levels of data protection.

We follow generally accepted industry standards to protect personal information submitted to us (both during transmission and once we receive it). No method of transmission over the Internet, or method of electronic storage, however, is 100% secure. Therefore, while we use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

3.5 How You Can Contact Us

If you have questions or concerns regarding this Privacy Statement, you should first contact us by email at privacy@beyondblueholdings.com. You can also write to us at Attention:

Director of Coordination Services

BBH

US Headquarters

1 Columbia, Suite 250

Aliso Viejo, CA, 92656 USA

BBH will respond to personal information change requests within 30 days of receiving such requests.

3.6 Information We Collect

When you first visit one of our Sites, we may ask that you take certain action and may request and/or require further information about you, including, but not limited to, your name, your employer’s name, address, telephone and facsimile number, email address and other identity and contact information.

If you choose not to supply the information, we may be unable to provide you with the services we make available to other users of and visitors to our website. When you submit any personally identifiable information over this website, BBH will use the information for the purposes described at the time you submit it (for example, your name, address, telephone number, and e-mail) and (ii) may use the information to contact you to make you aware of other services of interest. Of course, if you want to remain completely anonymous, you’re still free to take advantage of the publicly available content on our website without registration.

BBH gives Users from whom it collects PII the opportunity to choose not to allow BBH to disclose his or her PII to a third party or to use it for a purpose incompatible with the purpose for which it was originally collected (the “opt-out” rights). For Sensitive PII, BBH requires such User to affirmatively choose to allow for the data is to be disclosed to a third party or used for a purpose other than its original purpose (the “opt-in” choice).

Users desiring to exercise their opt-out rights should first contact us by email at
opt-out@beyondblueholdings.com. Users can also write to us at Attention:

Director of Coordination Services

BBH

US Headquarters

1 Columbia, Suite 250

Aliso Viejo, CA, 92656 USA

3.7 How We Use the Collected Information

The information we collect from and about you may be used in the following ways, among others: to fulfill requests; to provide you with information about offers we believe you will find useful; or to notify you of updated information, changes to the Sites, or new products and services that we think might be beneficial to you. We also may combine information you have provided to us in communications offline with the information you have given us online, to, among other things, provide a more customized experience for visits to the Sites. All data is retained for at least the minimum time required by law.

3.8 Information We Share

We do not share your personal information with third parties other than as follows:

  • Service Providers. We may share personal information with third parties who perform services on our behalf.
  • Third Party Verification Services. We may share limited personal information (e.g., address, phone number) with non-BBH entities to assist with identity verification, and to prevent fraud and identity theft.

3.9 Choice

BBH gives Users from whom it collects PII the opportunity to choose not to allow BBH to disclose his or her PII to a third party or to use it for a purpose incompatible with the purpose for which it was originally collected (the “opt-out” rights). For Sensitive PII, BBH requires such User to affirmatively choose to allow for the data is to be disclosed to a third party or used for a purpose other than its original purpose (the “opt-in” choice).

Users desiring to exercise their opt-out rights should first contact us by email at
opt-out@beyondblueholdings.com. Users can also write to us at Attention:

Director of Coordination Services

BBH

US Headquarters

1 Columbia, Suite 250

Aliso Viejo, CA, 92656 USA

3.10 Onward Transfer to Third Parties

BBH may disclose PII to a third party if (a) BBH has received the applicable User’s permission to make the disclosure, (b) the disclosure is necessary to meet national security, public interest, or law enforcement requirements, (c) allowed by a law that creates conflicting obligations for BBH or that explicitly authorizes disclosure (except that we will limit such disclosure to the extent necessary), or (d) the Principals allow for other exceptions provided that it is applied to other Users equally.

3.11 Public Website Privacy Statement

This section describes how BBH uses and disseminates information collected about Public Website Visitors through our Public Website; it does not cover any other data processing activities.

3.12 We Won’t Collect Any Information about Public Website Visitors.

We use cookies and various traffic tracking technologies to monitor the use of our Public Websites. We collect such data related to Internet Protocol (“IP”) addresses, browser type, and cookies, but do not link it to any personally identifiable information (such as names and email addresses) that you may submit to us through other means.

3.13 Use of Cookies

A “cookie” is a small text file containing information that a web browser transfers to your computer’s hard disk for record-keeping purposes. On the Public Websites, we may use cookies to analyze our site traffic patterns, but, except as described above, we link cookies only to IP addresses and not any personally identifiable information about Public Website Visitors.

4. Privacy Policy Review & Update Policy

This document is subject to the annual document review process incorporated by the BBH IT department. Covered in this annual review is identifying new or changed privacy related laws and regulations, identifying inconsistencies or conflicts with customer commitments and ensuring updates as needed to bring policy into alignment with all IT & Business procedures.