Last Updated: January 11, 2024

Table of Contents

INTRODUCTION
Your Consent
Information We Collect
How We Use Your Information
How We Protect Your Information
Our Sharing of Your Information
Additional Information About our Data Collection and Sharing Practices
   Non-U.S. Users
How to Exercise Your Opt-Out Rights
Colorado Consumer Privacy Rights
   Privacy Notice for Colorado Residents
Connecticut Consumer Privacy Rights
   Privacy Notice for Connecticut Residents
Utah Consumer Privacy Rights
Virginia Consumer Privacy Rights
   Right to request access.
   Right to request deletion or correction of your Personal Information.
   Right to be free from discrimination for exercising your rights.
   Right to Opt Out of Sale of Personal Information to Third Parties.
How to Submit a Request For Information to Healthcare:
Authorized Agent Requests:
CALIFORNIA CONSUMER PRIVACY RIGHTS
   Information We Collect and May Disclose
   Access to Specific Information and Data Portability Rights
   Deletion Request Rights
How to Exercise California Access, Data Portability, and Deletion Rights
   Right to Opt-Out
   Use of an Authorized Agent
   Right to Non-Discrimination
Changes to This Policy
Questions?  

INTRODUCTION

The HealthCare, Inc. family of companies (including Pivot Health, Summit Pharmacy, Trust RX, Healthcare Store, and HealthCare.com Insurance Services) (“HealthCare”, “our”, “us” or “we”) understands that you care about how we collect, use, and share information when you interact with our websites, email, social media sites/handles, and other online services (our “Sites and Services”).  Protecting the privacy and security of your personal information is important to us and we value the trust you place in us.  Because we care about your privacy, we maintain appropriate physical, technical and procedural safeguards to protect personal information in compliance with applicable federal and state laws. We also continuously monitor our computer networks and facilities, test our security controls, and regularly review our policies and practices.

This Privacy Policy sets forth your privacy rights and describes how we may collect, protect, use and share personal information including:

  • the types of information we may collect through our Sites and Services
  • how we may use your information
  • how we protect your information
  • the types of information we may share with others and under what circumstances
  • the choices you have regarding our collection, use, and sharing practices

For purposes of this Privacy Policy, personal information means all nonpublic information related to an identified individual but does not include anonymized data or de-identified data that does not identify an individual. Some privacy and data protection laws and standards may refer to some of this nonpublic information as personally identifiable information, sensitive personal data, or protected health information.

PLEASE NOTE the following: 

(1) this Privacy Policy is expressly incorporated by reference into the Terms & Conditions agreement that governs all of our websites [see https://www.healthcare.com/terms ]; and 

(2) Our websites use an “electronic agent” such as Jornaya’s LeadiD solution to automatically and independently establish an electronic record of the contractual agreement by the consumer providing their prior express written consent under the Telephone Consumer Protection Act (TCPA) in compliance with the federal Electronic Signatures in Global and National Commerce Act (“E-Sign Act”, 15 U.S.C. § 7001 et seq.).  “Electronic agent” and “electronic record” are defined in Section 7006 of the E-Sign Act.  

By using our Sites and Services and by submitting your personal Information through our website or to our employees, you expressly consent to this Privacy Policy and to the transfer of and the processing and usage of your personal information by HealthCare and any other third-party service providers for marketing purposes or any other purposes as allowed by law or regulation or as stated in this Privacy Policy. If you do not agree to this Policy, please do not use any portion of our Sites and Services.

By providing your contact information to us, you are consenting to receive communications from us directly, on our website, or through a third party. This includes sending surveys and other research materials, newsletters, offers, and promotions to your email. You may unsubscribe from commercial e-mails from us by clicking unsubscribe in the email or by contacting us at the e-mail address below.

Further, by providing your contact information through the Sites and Services, you are authorizing us to share your Information with our Network Partners and third parties as described in this Privacy Policy. If you do not want communications from our Network Partners, please notify the specific Partner directly.

Whether you are contacted by us, a third party on our behalf or a Network Partner, you agree to be contacted through the use of emails, or, subject to your express opt-in at the time of providing your information, on your landline or mobile phone by live operators, automatic telephone dialing systems, pre-recorded messages, and/or text messages regardless of whether you have placed your name or telephone number on a Do-Not-Call list. You may request to stop receiving calls and text messages by following the opt-out instructions in those messages. Please note that a stop request will only apply to the specific entity to whom such request is directed unless otherwise required by applicable law.

We reserve the right to disclose or share your personal information as permitted or required by law or regulation and when we believe that disclosure is necessary or advisable such as to: (i) protect our rights, property, and safety of HealthCare, our third-party vendors or partners, or other persons; (ii) to comply with a valid and effective subpoena or order issued by a court of competent jurisdiction or other legal process or by law, rule or regulation; or (iii) to pursue available remedies or limit the damages we may sustain.

Please note that any personal information consisting of medical or health related information is shared with our third-party providers solely to perform business, professional or insurance functions on our behalf and as expressly authorized by you. We contractually require any company with whom we share your personal information to exercise reasonable care to secure and protect your personal information against unauthorized access or use.

Information We Collect

We typically collect and share/sell the following information within the preceding 12 months either directly from you or from your authorized representative, third parties, or from our service providers. We collect, store, and encrypt any information you enter on our secure servers. This may include:

  • Basic contact details and identifiers such as real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers;
  • Any personal information described in the California Consumer Records statute (Cal.Civ.Code section 1798.80(e)).
  • Characteristics of protected classifications under California or Federal Law such as age, gender, etc.;
  • Commercial, order and shopping information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
  • Account information including your username, password and security questions for accessing our Sites;
  • Customer support information including the information you choose to include in communications with us, for example, when sending a message through the Services;
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website application or advertisement;
  • Geolocation data;
  • Audio, electronic, visual, or similar information (Please Note: Calls to or from Healthcare are recorded and may be monitored and all interactions you have with our website are recorded);
  • Professional and employment-related information;
  • Inferences drawn from other information;
  • Sensitive Personal Information;

We will retain the above-listed personal information so long as reasonably required and as required by applicable law.

How We Use Your Information

We may use the information we collect, sell, or share for various business or operational purposes in addition to the following purposes:

  • To provide you with our products and services, including to take steps to enter into a contract for sale or services, process payments, fulfill orders, and send service communications;
  • To communicate with you about products or services that may be of interest to you; 
  • To enable additional features on our Services and to provide you with a personalized service;
  • Create custom audiences on social media sites; 
  • To provide you with excellent service and improve our business, including by understanding our customer base and purchasing trends, understanding marketing, and tailoring advertising to you;
  • To detect, investigate, and prevent activities that may violate our policies or be fraudulent or illegal, and to comply with legal requirements regarding the provision of products and services; 

How We Protect Your Information

We use a combination of physical, technical, and administrative safeguards to protect the information we collect through the Sites and Services. In addition to protections required and provided by law, we also contractually require any company with whom we share your personal information to exercise reasonable care to secure and protect your personal information against unauthorized access or use. While we use these precautions to safeguard your information, we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf.  

Our Sharing of Your Information

  • Affiliate companies: We may share or sell your information with other entities for the purpose of allowing them to advertise our products and services to you. When we share information with these affiliates, they will use and process the information consistently with their applicable privacy policy.
  • Network Partners: In submitting an inquiry for a health insurance quote, product, or other service provided through the Site, you agree that HealthCare may sell to or otherwise share your Information with insurance agents, insurance carriers, other insurance service providers, lead aggregators, and other third parties in our network that provide services to our users (collectively, “Network Partners”) to deliver the quotes, products or services you requested. PLEASE NOTE:  the Network Partners with which you are matched may retain or use your Information whether or not you use their services. You should contact these Network Partners directly concerning their privacy and information sharing practices.
  • Service Providers: We engage the following types of vendors to perform functions on our behalf such as: Shopify, billing and collection providers; auditing and accounting firms; professional services consultants; providers of analytics services; security vendors; and IT vendors.
  • Social Media Platforms: Whether you choose to interact with us through social media, your interaction with these programs typically allows the social media company to collect some information about you.  Please visit the social media companies’ respective privacy policies to better understand their data collection practices and controls they make available to you.
  • Companies involved in advertising: We partner with companies that assist us in providing advertising regarding the Services to others who may be interested in the Services. We also partner with other companies who may use cookies to display interest-based advertising to you on the Services. These companies may use technologies on our website to collect or receive information from the Services and elsewhere on the internet and may use that information to provide measurement services and targeted ads. For example, we may use Shopify to support personalized advertising with third-party services.  While we will not share information that identifies you by name with unaffiliated other companies for their own uses, such other companies may, with sufficient data from other sources, be able to personally identify you.
  • Trusted Marketing Partners: We reserve the right to share your data with our trusted third party marketing partners. These partners may market to you, via email or through other channels, various products or services that might be of interest.
  • Other Situations: We may also disclose your information as allowed by law:
    • In response to a subpoena or similar investigative demand, a court order, a request for cooperation from a law enforcement agency, regulatory body, self-regulatory body, or other governmental agency;
    • To respond to any complaint;
    • When we believe disclosure is appropriate in order to investigate, prevent, or take action regarding actual or suspected illegal activity or other wrongdoing;
    • To protect and defend the rights, property, or safety of HealthCare.com and any HealthCare.com Affiliates, our users, our employees, or others; or to enforce our Site’s terms of use or other agreements or policies.
    • In connection with a corporate transaction involving HealthCare.com or any HealthCare.com Affiliate, such as a sale of HealthCare.com or any entity, brand or division thereof, a divestiture, merger, consolidation, asset sale, or bankruptcy.
    • In connection with state and/or federal licensing or other legal requirements. You authorize HealthCare.com to obtain any and all required information from the Network Partners to whom you were matched with in order for HealthCare.com to comply with current laws and regulations as well as with any requests from state or federal regulators.

In the preceding 12 months, we have “sold” or “shared” (as those terms are defined in applicable law) personal information for the purpose of engaging in advertising and marketing activities as follows:

Category of Personal DataCategories of recipients to whom we may disclose personal dataCategories of third parties to whom we may disclose data for “targeted advertising”
Identifiers such as basic contact details and certain order and account information
  • Our subsidiaries and affiliatesBusiness and marketing partnersGovernment entities including regulatory agencies and law enforcement
Advertising networks
Commercial information such as records of products or services purchased and shopping information
  • Our subsidiaries and affiliatesBusiness and marketing partnersGovernment entities including regulatory agencies and law enforcement
Internet or other similar network activity, such as usage data
  • Our subsidiaries and affiliatesBusiness and marketing partnersGovernment entities including regulatory agencies and law enforcement
Advertising networks
Geolocation information
  • Our subsidiaries and affiliatesGovernment entities including regulatory agencies and law enforcement
Advertising networks
Photographic and video information
  • Government entities including regulatory agencies and law enforcement
n/a
Professional or employment related information
  • Government entities including regulatory agencies and law enforcement
n/a
Sensitive data
  • Government entities including regulatory agencies and law enforcement
n/a

Additional Information About our Data Collection and Sharing Practices

Sharing of Aggregated Data: 

We may analyze aggregated, de-identified data and share these analyses at our discretion, including with marketing agencies, media agencies and analytics providers. These other companies will not be able to relate this data to identifiable individuals.

Data Collected From You About Others: 

If you decide to invite others to the Site, we will collect your and the other person’s names, email addresses, and/or phone numbers in order to send an email or text message and follow up with the other person. You hereby agree that you will obtain the other person’s consent to this before giving us their contact information. You hereby agree not to send us the contact information of any legal minor. We will inform any other person you invite that you gave us his or her information in the invitation email.

Change of Ownership or Corporate Organization: 

We may transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this Policy.

Cross-border Transfer of Data: 

If you use our Services outside of the United States, you understand that we may collect, process, and store your information in the United States and other countries. The laws in the U.S. regarding information may be different from the laws of your state or country. Any such transfers will comply with safeguards as required by relevant law. By using the Services, you consent to the collection, international transfer, storage, and processing of your data.

Our Practices Regarding Information Belonging to Children: 

We do not knowingly collect, use or disclose personally identifiable information (“PII”) from anyone under 13 years of age. If we determine upon collection that a user is under this age, we will not use or maintain his/her PII without their parent/guardian’s consent. If we become aware that we have unknowingly collected PII from a child under the age of 13, we will make reasonable and diligent efforts to delete such information from our records.

Cookies:  

Like many websites, our Sites and Services use a technology called Cookies. Like many websites, we use Cookies on our Site. For specific information about the Cookies that we use related to powering our store with Shopify, see Shopify Cookie Policy at https://www.shopify.com/legal/cookies . We use Cookies to power and improve our Site and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve and optimize the Services). We may also permit third parties and services providers to use Cookies on our Site to better tailor the services, products and advertising on our Site and other websites.

Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies through your browser controls. Please keep in mind that removing or blocking Cookies can negatively impact your user experience and may cause some of the Services, including certain features and general functionality, to work incorrectly or no longer be available. Additionally, blocking Cookies may not completely prevent how we share information with third parties such as our advertising partners.

Do-Not-Track signals:  

Some browsers may have a “do not track” feature that could allow you to tell websites that you do not want to have your online activities tracked. Our Sites and Services do not respond to “Do Not Track” signals.

Non-U.S. Users  

Our Sites and Services are not intended for use by persons outside of the United States. This Privacy Policy applies when you interact with us through our services. It also applies anywhere in the U.S. where it is linked. It does not apply to websites and mobile applications of third parties who may connect to or from our Sites and Services; please review the privacy policies on those websites and applications directly to understand their privacy practices. We are not responsible for the content of third-party websites and applications that we do not own or control. Healthcare has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third-party websites.

How to Exercise Your Opt-Out Rights

If at any time you do not wish to receive communications, including advertising from us, you may opt-out by following the instructions included in any communication received from us. In addition, you may email privacy@healthcare.com. You may also opt-out of the sale of personal data by emailing us or using the contact form.  If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about our business dealings with you.

State-specific Consumer Privacy Rights

In addition to our general Privacy Policy as described above, some states provide their residents with state-specific privacy rights that may vary from our general Privacy Policy.  The following sections outline our privacy policy for residents of those states.

Colorado Consumer Privacy Rights

Privacy Notice for Colorado Residents

This Privacy Notice for Colorado Residents supplements our general Privacy Policy and applies solely to those visitors and users that are residents of the State of Colorado. We adopt this notice to comply with the Colorado Privacy Act (“CoPA”), as amended, and other Colorado privacy laws. Any terms defined by the CoPA have the same meaning when used in this notice. The CoPA provides consumers (Colorado residents) with specific rights regarding their personal information.

What sensitive data we collect.

We may collect the following CoPA categories of sensitive data about you.  For more information about the personal data we collect, please see Section X above.

  • Physical health condition or diagnosis, which may include your interactions with our pharmacy or insurance agents.
  • Personal data revealing your sex life, such as your purchases of non-prescription sexual health products.
  • Racial or ethnic origin, citizenship or immigration status, such as information that may reveal your race or nationality.
  • Biometric information, which may include facial scans, voice recognition information, and other similar biometric identifiers.

This section describes those CoPA rights and explains how to exercise those rights.

If you are a Colorado resident and we collect, use, or disclose personal data that is subject to CoPA, you may have the following rights under the CoPA with respect to your personal data:

  • Right to access.  You have the right to confirm whether we are processing your personal data and to access such personal data.
  • Right of portability.  You may have the right to obtain a copy of the personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your personal data to another controller or business where the processing is carried out by automated means.
  • Right to delete.  You have the right to ask us to delete certain personal data we have collected about you.
  • Right to correction.  You have the right to ask us to correct inaccuracies in the personal data we have collected.
  • Right to opt out of sale and profiling.  Under the CoPA, a “sale” includes exchanging personal data with a third party for monetary or other compensation.  Colorado residents have the right to opt out of the processing of your personal data for decisions that produce legal or similarly significant effects concerning you.  We do not process personal data for such profiling.
  • Right to out of targeted advertising.  You have the right to opt out of targeted advertising based on your personal data.

How to submit a request.

If you are a Colorado resident and wish to exercise your Colorado privacy rights, you may submit your request to privacy@healthcare.com .

Verifying requests.

Before we fulfill a request, we must verify your identity and ability to exercise these rights.  Some exclusions and exceptions to those rights may apply. If you have an account with HealthCare.com (or are a member of one of the family of HealthCare.com companies such as Pivot Health), you will first need to log into your account so that we can verify your identity.  If you do not have a member account with us, then you will be asked to provide certain personal information via a webform or other mechanism as described above. You may also be required to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.

Process to appeal a decision related to your rights.

If we refused to fulfill your request to exercise your privacy rights as described above, you may appeal this decision by contacting us at privacy@healthcare.com .  We will respond to your request within 45 days of our receipt of your appeal with an explanation about our decision to fulfill or refuse your request.

You may also contact the Colorado Attorney General to file a complaint related to the denial of your request by calling 1-720-508-6000.

Connecticut Consumer Privacy Rights

Privacy Notice for Connecticut Residents

This Privacy Notice for Connecticut Residents supplements our general Privacy Policy and applies solely to those visitors and users that are residents of the State of Connecticut. We adopt this notice to comply with the Connecticut Data Privacy Act (“CTDPA”), as amended, and other Connecticut privacy laws. Any terms defined by the CTDPA have the same meaning when used in this notice. The CTDPA provides consumers (Connecticut residents) with specific rights regarding their personal information.

To the extent you are a resident of Connecticut and we collect, use or disclose personal data that is subject to the CTDPA, the following applies.

A. Connecticut residents have the following rights under the CTDPA with respect to the resident’s personal data:

  • Right to access.  You have the right to confirm whether we are processing your personal data and to access such personal data.
  • Right of portability.  You may have the right to obtain a copy of the personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your personal data to another controller or business where the processing is carried out by automated means.
  • Right to delete.  You have the right to ask us to delete certain personal data we have collected about you.
  • Right to correction.  You have the right to ask us to correct inaccuracies in the personal data we have collected.
  • Right to opt out of sale and profiling.  Under the CTDPA, a “sale” includes exchanging personal data with a third party for monetary or other compensation.  Connecticut residents have the right to opt out of the processing of your personal data for decisions that produce legal or similarly significant effects concerning you.  We do not process personal data for such profiling.
  • Right to out of targeted advertising.  You have the right to opt out of targeted advertising based on your personal data.

B. How to submit a request.

If you are a Connecticut resident and wish to exercise your Connecticut privacy rights, you may submit your request to privacy@healthcare.com .

C. Verifying requests.

Before we fulfill a request, we must verify your identity and ability to exercise these rights.  Some exclusions and exceptions to those rights may apply.   If you have an account with HealthCare.com (or are a member of one of the family of HealthCare.com companies such as Pivot Health), you will first need to log into your account so that we can verify your identity.  If you do not have a member account with us, then you will be asked to provide certain personal information via a webform or other mechanism as described above.    You may also be required to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.

D. Process to appeal a decision related to your rights.

If we refused to fulfill your request to exercise your privacy rights as described above, you may appeal this decision by contacting us at privacy@healthcare.com.  We will respond to your request within 45 days of our receipt of your appeal with an explanation about decision to fulfill or refuse your request.  

You may also contact the Connecticut Attorney General to file a complaint related to the denial of your request by calling 1-860-808-5318.

Utah Consumer Privacy Rights

Under the Utah Consumer Privacy Act (“UCPA”), Utah residents may have the right to receive certain disclosures regarding a business processing of your “personal data”, as that term is defined under the UCPA, as well as certain rights with respect to our processing of such personal data.  For more information about the personal data we collect, please see the general Privacy Policy above.  To the extent you are a resident of Utah and we collect, use or disclose personal data that is subject to the UCPA, the following applies.

A. Utah residents have the following rights under the UCPA with respect to the resident’s personal data:

  • Right to access.  You have the right to confirm whether we are processing your personal data and to access such personal data.
  • Right of portability.  You may have the right to obtain a copy of the personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your personal data to another controller or business where the processing is carried out by automated means.
  • Right to delete.  You have the right to ask us to delete certain personal data we have collected about you.
  • Right to correction.  You have the right to ask us to correct inaccuracies in the personal data we have collected.
  • Right to opt out of sale and profiling.  Under the UCPA, a “sale” includes exchanging personal data with a third party for monetary compensation.  Utah residents have the right to opt out of the processing of your personal data for decisions that produce legal or similarly significant effects concerning you.  We do not “sell” personal data as defined by the UCPA.
  • Right to out of targeted advertising.  You have the right to opt out of targeted advertising based on your personal data.

B. How to submit a request.

If you are a Utah resident and wish to exercise your Utah privacy rights, you may submit your request to by privacy@healthcare.com .

Virginia Consumer Privacy Rights

Privacy Notice for Virginia Residents (effective for Virginia beginning January 1, 2023)

This Privacy Notice for Virginia Residents supplements our general Privacy Policy and applies solely to those visitors and users that are residents of the State of Virginia. We adopt this notice to comply with the Virginia Consumer Data Protection Act (“VCDPA”), as amended, and other Virginia Privacy laws. Any terms defined by the VCDPA have the same meaning when used in this notice. The VCDPA provides consumers (Virginia residents) with specific rights regarding their personal information. This section describes those VCDPA rights and explains how to exercise those rights.

Persons with disabilities may obtain this notice in alternative format upon request by contacting us at privacy@healthcare.com .

Residents of Virginia may have the right to request, through a verifiable consumer request, that a business disclose certain information.  You may invoke your consumer rights under Section 59.1-577 of the Virginia Consumer Data Protection Act by following the instructions below in the section titled “How to Submit a Request For Information to Healthcare.” A known child’s parent or legal guardian may act as an Authorized Agent to invoke such consumer rights on behalf of the child regarding processing personal data belonging to the known child. Once we receive and confirm your verifiable consumer request, we may disclose:

  • The categories of personal information that we have collected, disclosed or sold about that consumer.
  • The categories of sources from which the personal information is collected.
  • The business or commercial purpose for collecting or selling personal information.
  • The categories of third parties with whom the business shares personal information.
  • The specific pieces of personal information we have collected about you.

Right to request access.  

You have the right to request access to Personal Information collected about you and information regarding the source of that information, the purposes for which we collect it, and the third parties and service providers with whom we share it. To protect your Personal Information, we are required to verify your identity before we can act on your request.

Right to request deletion or correction of your Personal Information. 

You have the right to request in certain circumstances that we delete or correct any Personal Information that we have collected directly from you. To protect our customers’ Personal Information, we are required to verify your identity before we can act on your request. We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

Right to be free from discrimination for exercising your rights.  

You have the right to be free from discrimination based on your exercise of your rights. We may run promotions from time to time whereby we incentivize a consumer to share certain pieces of information with us;  for example, we may offer a one-time discount if consumers sign up for our email marketing list. Participation in these incentives is voluntary, and you may opt out of the data sharing at any time.

Right to Opt Out of Sale of Personal Information to Third Parties. 

We sell information we collect to our Network Partners and other third parties, in order to provide you with targeted services and offers. A company may be considered a third party either because the purpose of sharing is not an enumerated business purpose under the law, or because our contract does not restrict them from using Personal Information for other purposes.

To exercise your right to opt-out of the sale of your information, please contact us at 1-888-987-4420 or by emailing us at privacy@healthcare.com.

We may maintain or disclose information to other entities who are not listed here when required by law or to protect our Company or other persons, as described in this Policy.

How to Submit a Request For Information to Healthcare:   

You may submit a request to exercise your rights through any one of these means:

  1. By sending an email to privacy@healthcare.com
  2. Calling us at 1 888-987-4420

Authorized Agent Requests:

You may authorize another individual or a business registered with your state’s Secretary of State, called an authorized agent, to make requests on your behalf. We require that you and the individual complete notarized affidavits in order to verify the identity of the authorized agent and confirm that you have authorized them to act on your behalf. Parents of minor children may submit a birth certificate of the child in lieu of an affidavit, in order to make requests on the child’s behalf. Please contact us at privacy@healthcare.com .

CALIFORNIA CONSUMER PRIVACY RIGHTS

Privacy Notice for California Residents

Persons with disabilities may obtain this notice in alternative format upon request by contacting us at privacy@healthcare.com .

This Privacy Notice for California Residents supplements our general Privacy Policy and applies solely to those visitors and users that are residents of the State of California. We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”), as amended [including amendments by the California Privacy Rights Act that became effective as of January 1, 2023], and other California Privacy laws. Any terms defined by the CCPA have the same meaning when used in this notice. The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes those CCPA rights and explains how to exercise those rights.

Information We Collect and May Disclose

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). Personal information does not include publicly available information, deidentified information, aggregate information, or any information protected by other privacy laws and otherwise excluded from the scope of the CCPA. We may disclose your personal information for a business purpose to third parties, such as our subsidiaries and affiliates, as well as to non-affiliated third-parties with whom we partner to offer products and services to you.

This table identifies the categories of personal information about consumers we have collected and may have disclosed for business purposes within the preceding 12 months:

 CategoryExamples
AIdentifiersA real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
BPersonal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). (Related Information)A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
CProtected classification characteristics under California or federal law. (Characteristics)Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
DCommercial information. (Commercial Information)Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
FInternet or other similar network activity. (Internet Activity)Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
HSensory data. (Sensory data)Audio, electronic, visual, thermal, olfactory, or similar information.
KInferences drawn from other personal information. (Inferences)Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
    • Sales of your information, identifying the personal information categories that each category of recipient purchased; and
    • Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
    • Enable solely internal uses that are reasonably aligned with consumer expectations based on your  relationship with us;
    • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
    • Comply with a legal obligation;
    • Debug products to identify and repair errors that impair existing intended functionality;
    • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
    • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; or
    • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

    How to Exercise California Access, Data Portability, and Deletion Rights

    To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by sending us an email to privacy@healthcare.com  or calling us toll-free at 1 888-987-4420.

    Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must: (a) provide sufficient information to allow us to reasonably verify that you are the person about whom we collected personal information or an authorized representative; and (b) describe your request with sufficient detail to allow us to properly understand, evaluate, and respond to the request.Our policy is to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.
    We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

    Right to Opt-Out

    You have the right to direct us not to sell your personal information to third parties. Any personal information about you that we sell to a third party cannot be sold by that third party unless you have received explicit notice and are provided with an opportunity to opt-out of the sale of your personal information. You or your authorized representative may submit your request to opt out by sending us an email to privacy@healthcare.com  or calling us toll-free at 1 888-987-4420.

    Generally, we will not request additional information from you for purposes of verification. If, however, we cannot verify your identity from the information already maintained by us, we may request additional information from you, which shall only be used for the purposes of verifying your identity and seeking to exercise you rights under the CCPA, and for security or fraud-prevention purposes. We will delete any new personal information collected for the purposes of verification as soon as practical after processing your request, except as required to comply with the CCPA. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We may require authentication that is reasonable in light of the nature of the personal information requested and will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

    Please note that we may continue to share your personal information with our affiliates and service providers for essential purposes described above and other such circumstances allowed under the CCPA. Opting out of the sale of personal information does not mean that you will stop seeing ads, including some interest-based ads. To learn more about interest-based advertising across sites and additional opt-out choices, please see our general Privacy Policy.

    Use of an Authorized Agent

    If you use an authorized agent to submit a request to know or a request to delete, we may require that you provide the authorized agent written permission and require the authorized agent to verify its own identity with us and provide proof of their authority to act on your behalf (for example, an appropriate power of attorney to your authorized agent is an acceptable form of authorization). We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.

    When you submit a request to delete, or a request to know, we verify your request by taking the following steps:

    • We may match the information you provided in your request with the personal information of the consumer already maintained by us; or
    • We may use a third-party identity verification service that complies with the CCPA;

    When verifying a request, we consider the following factors:

    • The type, sensitivity, and value of the personal information collected and maintained about you;
    • The risk of harm to you posed by any unauthorized access or deletion;
    • The likelihood that fraudulent or malicious actors would seek the personal information;
    • Whether the personal information to be provided by you to verify your identity is sufficiently robust to protect against fraudulent requests or being spoofed or fabricated;
    • The manner in which we interact with you; and
    • The technology available for verification.

    Right to Non-Discrimination

    We will not discriminate against you for exercising any of your rights under the CPRA. For example, we will not:

    • Deny you goods or services.
    • Charge you different prices or rates for goods or services, including through the use of discounts or other benefits, or imposing penalties.
    • Provide you a different level or quality of goods or services.
    • Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

    However, we reserve the right to charge you a different price or rate or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to you by your personal information.

    Changes to This Policy

    We may make changes to this Policy from time to time. We will post any changes and such changes will become effective when they are posted. Your continued use of our Services following the posting of any changes will mean you accept those changes.

    Questions?

    If you have any questions about this privacy policy, the practices of HealthCare.com, or your dealings with a HealthCare.com affiliate, please contact us at:

    HealthCare, Inc.

    privacy@healthcare.com 

    or

    Phone:  1 888-987-4420