East West Administrators Privacy Policy
Updated [Date]
I. Introduction
Welcome to the East West Administrators Privacy Policy (the “Policy”). For purposes of this Policy, the terms “we,” “us,” and “our” refer to East West Administrators and all of its parents, subsidiaries (including DC Risk Solutions) and affiliates. “You” or “your” refers to you, as a user of our services, including any use of our website, www.eastwestadministrators.com (the “Site”), and our software applications, whether operated by us or on our behalf (together, the “Services”). This Policy describes how we collect, share, and secure information. It is important that you read this Policy, together with our Terms of Use and any other notice we may provide to you, so that you understand how and why we are using your Personal Information.
By using our Site or the Services, you consent to the collection and use of this information by East West Administrators and its parents, subsidiaries and affiliates or any successor entity consistent with this Policy. If we decide to change our Policy, we will notify you so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it.
II. Personal Information We Collect:
“Personal Information” means any information about you that can identify you. It does not include data that cannot identify you (anonymous or aggregated data). We collect your Personal Information in the following ways: (a) Information you provide to us voluntarily, (b) Information you provide to us through your use of the Services, and (c) Information we collect from our clients and other third parties or public sources.
Some of the Personal Information we collect may be Protected Health Information (“PHI”) protected under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). East West Administrators is not a “covered entity” under HIPAA. However, we may be a “business associate” (as defined by HIPAA) of an entity from whom we receive your information. For example, we may perform certain services for employers who provide self-funded health plans for their employees or for health insurance companies. In instances where we are a business associate or handling your PHI (and therefore subject to HIPAA requirements) we will comply with the requirements of HIPAA applicable to your data, any terms of the business associate agreement between us and the applicable East West Administrators customer. In the event of a conflict between this Privacy Policy and a business associate agreement that covers your Personal Information, the business associate agreement will control.
A. Information You Voluntarily Provide To Us:
When you interact with us by using our Site and Services, we may collect Personal Information that you voluntarily share with us, such as when you request information about a product or service or register with us via the Site, or attend one of our tradeshows.
This Personal Information includes:
- Identifiers, such as your name, email address, telephone number, company, and zip code;
- Financial Information, such as your account number, and payment card data;
- Commercial Information, such as your purchase history and payments, and other details of products or Services you have purchased from us; and
- Marketing and Communications Information, such as your preferences in how we communicate with you.
B. Information We Get When You Use Our Services:
When you use our Site and Services, we may also collect Personal Information about your user interactions with the Site and Services, detailed below.
- Automated technologies or interactions. As is true of most websites, we receive and store certain types of Personal Information whenever you interact with us online. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. When you access and use our Services from your mobile devices, we receive data from that mobile device. This may include your device ID, location data, IP address and device type. You may manage how your mobile device and mobile browser share location information with us, as well as how your mobile browser handles cookies and related technologies by adjusting your mobile device privacy and security settings. Please refer to instructions provided by your mobile service provider or the manufacturer of your device to learn how to adjust your settings.
- Cookies. In the future, we may also collect Personal information through your use of the Site, which may use tracking software in the form of "cookies" (text files containing unique identification numbers identifying the Internet browser of the visitor, but not necessarily the identity of the visitor). This information is transmitted to us each time our Site is visited, and these cookies allow us to collect and store information such as: (a) the type of Internet browser and operating system a visitor uses; (b) the date, time and duration of the visit to our Site; (c) the Internet address of the website from which a visitor linked to our Site; and (d) the pages visited while on our Site. This enables us to continue to show ads to you across the internet. As always, we respect your privacy and are not collecting any identifiable information through the use of Google's or any other 3rd party remarketing system.
C. Personal Information We Get From Other Sources:
We also get Personal Information from other third parties, including our clients, for whom we act as a Service Provider. The collection, use, and disclosure of Personal Information received from third parties is governed by the privacy policies listed on the website where the information was submitted by the user. Third parties may send their own cookies and pixel tags to you, and may collect information and use it in a way inconsistent with this Policy. Please carefully review these third-party privacy policies to understand how your information may be collected, used and disclosed by these third parties.
- Our Clients. We collect Personal Information from our clients, including medical insurance providers, third party administrators, employer groups, stop loss insurance companies, insurance providers, and accountable health care organizations, to perform medical claim processing services on their behalf. This Personal Information includes certain information that falls under HIPAA, and we will comply with the requirements of HIPAA applicable to your data, as well as any terms of the business associate agreement between us and the applicable client:
- Identifiers such as your Name, Date of Birth, Address, Phone Number, Tax ID Number and Social Security Number;
- Health Information such as your Health Plan Information, Medical Information, Insurance Information, Member Id, SSN, Diagnosis and Procedure Information, Phone number, and Patient Relationship to insured.
- Third Party Service Providers. We collect Personal Information from service providers on third-party platforms, such as financial processing platforms, payment processors, storage platforms, email platforms, and social media platforms.
- Third Party Marketing Partners. We use Personal Information received from third party data partners for marketing purposes, including partners who host and manage various advertisements and direct marketing and lists where you can request additional information about our Services.
- Google Analytics. We may in the future use third party cookies provided by Google Analytics to assist us in better understanding our website visitors. These cookies collect IP address and usage data, such as the length of time a user spends on a page, the pages a user visits, and the websites a user visits before and after visiting our Site. Based on this information, Google Analytics compiles Aggregate Data about Site traffic and interactions, which we use to offer better user experiences and tools in the future. For more information on Google Analytics, visit https://support.google.com/analytics.
Third Party Cookies. We may in the future engage other third-party Service Providers, including Google, Facebook, LinkedIn, and Hubspot, to serve ads to you about our products and services as you browse the Internet. These third-party Service Providers may use their own cookies tags to track your online activities and purchases in order to deliver targeted advertising based on your interests. You can learn more about Google’s advertising cookies and opt-out options by visiting http://www.google.com/policies/technologies/types/. You can learn more about Facebook’s advertising cookies and opt-out options by visiting https://www.facebook.com/policy/cookies/. You can learn more about LinkedIn’s advertising cookies and opt out options by visiting https://www.linkedin.com/legal/cookie-policy?trk=d_checkpoint_lg_consumerLogin_ft_cookie_policy. You can learn more about Hubspot’s advertising cookies and opt out options by visiting https://legal.hubspot.com/cookie-policy?_ga=2.31922814.1536486394.1595007289-931613180.1595007289.
III. How We Use Your Personal Information:
We will use the Personal Information that you provide us or we collect consistent with the terms of this Policy and comply with the requirements of HIPAA applicable to your data, as well as any terms of the business associate agreement between the applicable client and us. We will primarily use your Personal Information for the business purpose of providing our clients with the products and Services requested. We may also use your Personal Information for the following business purposes:
- To communicate with you in written, electronic, and verbal form;
- To identify you as a user of our system;
- To maintain our service records;
- To verify information;
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, or between us and our clients;
- To provide our clients with invoices and process payments from you for the use of our products or Services;
- For our internal marketing purposes, which include, but are not limited to, sending you material about products, services, updates, etc. that we think may be of interest to you, including special offers and updates, and service related announcements;
- To customize the advertising and content you see;
- To provide you with customer service or technical support;
- To verify your identity when necessary;
- To improve and optimize our services;
- To develop new products and services;
- To protect our interests, including establishing, exercising and defending legal rights and claims;
- As necessary to comply with legal requirements, to enforce the terms of our Terms of Service or Use Agreements, to prevent fraud, to co-operate with law enforcement and regulatory authorities, and to stop other prohibited, illegal, or harmful activities;
- To notify you of changes to the Site, Services, this Policy, or other information we think you will find valuable;
- For purposes disclosed at the time you provide your information or as otherwise set forth in this Policy.
IV. How We Share Your Personal Information:
We will only share your Personal Information with third parties in the ways that are described in this Policy in order to provide you with the Services.
- Under HIPAA: We may disclose your Personal Information and/or PHI to entities subject to HIPAA (“covered entities” or “business associates”). Covered entities include, for example, health care providers such as doctors and dentists. Covered entities are also insurance providers and health plans, which may include health plans sponsored by your employer and which may be administered by other employees of your employer. Business associates include third parties that require access to PHI to help us provide the Service. In the United States, these entities are subject to HIPAA, and HIPAA requires covered entities and business associates to safeguard your Personal Information in accordance with all applicable state and federal laws and regulations. We disclose your PHI only in accordance with HIPAA and with the express opt-in consent you provide to our clients. We disclose your PHI only in accordance with HIPAA and with the express opt-in consent you provide to our clients.
- Third Party Marketing Partners. We contract with third party marketing companies, including Salesforce, to send you marketing communications after your interacting with our Site or sharing your information with us at a tradeshow.
- Third Party Service Providers. We also use Service Providers to perform certain services on our behalf, such as payment processing, tracking website activity and analytics, and performing other administrative services. We may provide them with access to Personal Information to carry out the services they are performing for you or for us. These Service Providers required to protect and secure your Personal Information with appropriate controls. Third-party analytics providers and other Service Providers may set and access their own tracking technologies on your device and they may otherwise collect or have access to information, potentially including Personal Information, about you.
- Affiliates. We may share Personal Information with our parent companies, subsidiaries, or affiliates, who may use your Personal Information for purposes consistent with this Policy.
- Business Transactions. In the event that we, or any portion of our assets, are acquired or we undergo another transaction in our business, your information may be transferred to the acquiring company or other entity surviving such transaction.
- Law Enforcement. We may report to law enforcement agencies any activities that we reasonably believe to be unlawful, or that we reasonably believe may aid a law enforcement investigation into unlawful activity. In addition, we reserve the right to release your information to law enforcement agencies if we determine, in our sole judgment, that either you have violated our policies, or the release of your information may protect the rights, property, or safety of us or another person.
- Legal Process. Subject to applicable law, we may disclose information about you (i) if we are required to do so by law, regulation or legal process, such as a subpoena; (ii) in response to requests by government entities, such as law enforcement authorities; (iii) when we believe disclosure is necessary or appropriate to prevent physical, financial or other harm, injury or loss; or (iv) in connection with an investigation of suspected or actual unlawful activity.
- Aggregated Data. We may provide aggregate statistics about our customers, sales, traffic patterns and related site information to reputable third-party vendors, but these statistics will include no personally identifying information.
Sales of Personal Information Like most companies, we allow certain third party advertising partners to place tracking technology such as cookies and pixels on our websites. This technology allows these advertising partners to receive information about your activities on our website, which is then associated with your browser or device. These companies may use this data to serve you more relevant ads as you browse the internet. Under some state laws, sharing data for online advertising may be considered a “sale” of information. Except for this limited sharing, East West Administrators does not sell any of your information, including for monetary consideration.
V. Links to Third Party Websites:
Our Site contains links to other websites. East West Administrators and our parents and affiliates are not responsible for the privacy practices or the content of such web sites. We will not pass your information along to the linked site; however, we cannot protect your information if you provide information to that site. The third party websites may have their own terms of service, privacy policies or other policies and ask you to agree to the same. Be sure to review any available policies before submitting personally identifiable information to a third-party application or otherwise interacting with it and exercise caution in connection with these applications. We have no control over, and cannot and do not assume responsibility for, the content, privacy policies or practices of such websites or the companies that own them.
We endeavor to incorporate reasonable safeguards to help protect and secure your Personal Information. To that end, we have put in place various security procedures and technical and organizational measures to safeguard your personal information. We follow industry-standard practices in order to protect the data we collect. As security risks and technical and organizational industry standards evolve, we review, refine and upgrade our security posture as appropriate. However, no data transmission over the intranet, mobile network, wireless transmission, or electronic storage of information can be guaranteed to be 100% secure. Therefore, we cannot guarantee its absolute security. It may be possible for third parties to intercept or access transmission or private communications unlawfully. Any such transmission is done at your own risk.
VI. How We Protect Your Personal Information:
We have implemented policies and procedures designed to secure your Personal Information and PHI from accidental loss and from unauthorized access, use, alteration, and disclosure. East West Administrators uses a combination of physical, electronic, and procedural safeguards in accordance with applicable Federal and State laws. Data transfer, storage, and integrity are secured and transmitted via secure encryption technology, regular data backups, and key code authentication. East West Administrators utilizes Transport Layer Security (TLS) encryption that meets Federal Information Processing Standards (FIPS) to provide the most secure connection between your computer and our web site. With respect to your PHI, East West Administrators limits access to only those who need your PHI to provide the Services.
We endeavor to incorporate reasonable safeguards to help protect and secure your Personal Information. To that end, we have put in place various security procedures and technical and organizational measures to safeguard your personal information. We follow industry-standard practices in order to protect the data we collect. As security risks and technical and organizational industry standards evolve, we review, refine and upgrade our security posture as appropriate. However, no data transmission over the intranet, mobile network, wireless transmission, or electronic storage of information can be guaranteed to be 100% secure. Therefore, we cannot guarantee its absolute security. It may be possible for third parties to intercept or access transmission or private communications unlawfully. Any such transmission is done at your own risk.
VII. Children
Our Site and Services are not directed to children under 16 years of age and we do not provide services to children, or knowingly collect or solicit personal information from children under 16 years of age.
VIII. Changes to This Privacy Notice
East West Administrators may modify or update this Policy from time to time. We encourage you to revisit this page often to remain fully informed of our Policy or you can contact us at any time to obtain the latest copy of this Policy. Where changes to this Privacy will have a fundamental impact on the nature of how we collect, use, or share your data, East West Administrators will give advance notice of such changes.
IX. Questions About This Policy
For questions or comments regarding our Policy, please contact us via email at: sales@integratedpayorsolutions.com
You can also mail us at the following postal address: 4304 18th Street, PO Box 14817, San Francisco, CA 94114.