PLEASE NOTE THAT EFFECTIVE 1/1/2023 THE NEW MAILING ADDRESS FOR BBH & EMERIOS IS:
120 Vantis Suite 300. Aliso Viejo, Ca. 92656
(mail sent via postal services will be forwarded from the previous address for 1 year)
CORPORATE PRIVACY POLICY
Version 2.2nc
Last updated 9/1/2019
Last reviewed 12/29/2023
1. Introduction
Beyond Blue Holdings, Inc. (BBH, “The Company”) is sensitive to privacy issues with respect to the use of user information provided to us. The Company is committed to maintaining the privacy and confidentiality of the personal information that we collect. For these reasons, we are disclosing to you our practices in gathering and using information that you provide us.
This privacy policy relates to data obtained via business services performed for our corporate clients, the BBH website (www.beyondblueholdings.com) and all BBH powered websites.
1.1 Categories of Who Is Covered in this Privacy Statement
- If you are a User of our Hosted Programs, please see the section “Business Services Programs” below for information on our Business Services practices with respect to data about you.
- If you are a visitor to the portions of the BBH Website or a BBH-Powered Website that can be accessed without a password (our “Public Website”), please see the section “Public Website Privacy” with respect to data about you. We refer to you as a “Public Website Visitor”.
1.2 What Is Not Covered in this Privacy Policy
This policy only covers the Company’s business services practices. Without limitation, this Privacy Policy does not cover data that we collect offline, on businesses, legal entities or on our employees.
1.3 Definitions
- A “BBH Powered Website” means a website not owned by BBH, but which has a license from BBH to utilize certain BBH technologies.
- Personal Information (PI) means data that is about, or relates to, recorded information about an individual.
- Personally identifiable information (“PII”) is any information that can be used to identify, contact, or locate an individual, either alone or combined with other easily accessible sources. It includes information that is linked or linkable to an individual, such as medical, educational, financial and employment information. Examples of data elements that can identify an individual include name, fingerprints or other biometric (including genetic) data, email address, telephone number or social security number. Unless otherwise indicated, references herein to PII include sensitive PII (as defined below).
- Sensitive PII means data that is a subset of PII that indicates an individual’s racial or ethnic origin, financial account information, political opinions, religion, union membership, sexual orientation, medical or health condition (see “PHI” below), or actual or alleged criminal activity.
- Protected Health Information (“PHI”) is information that is created or received by a health care provider, health plan, public health authority, employer, life insurer, medical school or university, or health care clearinghouse; and relates to the past, present or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present or future payment for the provision of health care to an individual. Perhaps most importantly, PHI is information that either obviously identifies an individual; or that provides for a reasonable basis to believe it can be used to identify the individual. Examples of individually identifiable information include patient name, address, and date of birth, age, medical record number, phone number, fax number, and email address.
- “Users” has the meaning of Participants in our Business Services Practices and Public Website Visitors. A “User” means any individual who has access using a password to a Company Website or BBH Powered Website, including buyers of Company Services, participants of programs provided through the Company Website or BBH Powered Website, and employees and agents of corporate clients and Suppliers. Business Services performed for our clients is defined in our contracts with our Clients.
2. Business Services Programs (For Clients)
If you are a participant using business services on behalf of our client, the following terms are applicable to you:
2.1 General Information
PII and other pertinent information will be collected when you register for a program sponsored by our Clients and purged as necessary.
The PII you provide is the property of a third party, our client, to whom you have provided the information. Our Client is regarded as the Data Controller and as such, all personal information (PI/PII) is completely accessible to the respective Client, its agents and associated third parties.
With regards to PHI, the Privacy Rule sets the standards for how all PHI should be controlled and defines what information must be protected, who is authorized to access, use or disclose information, what processes must be in place to control the access, use, and disclosure of information, and patient (end customer) rights. The purpose of the Privacy Rule is to protect and enhance the rights of consumers by providing them access to their health information and controlling the inappropriate use of that information. Since some services provided by divisions within the Company give the Company access to personal information that identifies individuals and their eligibility for Medicaid and/or Medicare, the Company is under obligation to protect that information, and the identity of those individuals from improper disclosure.
Each BBH Client has its own privacy statement. By providing your personal information to the Company for use by our Client you consent to the Company providing a copy of your personal information to that Client for collection, processing and any further transfer in accordance with the privacy statement (if any) of that Client. BBH is not responsible for any actions of its clients once the data is provided to them.
Our Clients may have optional third-party service providers that can perform additional functions outside of the standard platform offering where individuals personal information may be shared.
BBH provides the tools necessary for the Client and the Client workforce to manage the Clients collected information/records.
2.2 Notice
The Company collects PII from and about individuals from the client and client approved websites. This information can be received online, via a mobile device, over the phone or through the mail for the purposes of providing Services from the Company to the Client; facilitating communications between individuals and third-party service providers, and all verifications in relation to services provided by the Company.
The Company may only store, transmit, handle or process personal information collected by the Client only for purposes outlined in this Privacy Policy.
The Company may only disclose PI/PII to third parties for new purposes or uses only with the prior implicit consent of the Client and only if the individual has previously given permission for new uses.
Any individuals refusing to provide personal information or denying or withdrawing consent to use their personal information for services provided by the Company is the responsibility of the Client.
Any complaints or questions should be first sent to us by email at:
privacy@beyondblueholdings.com.
Users can also write to us at:
Attention: Director of Coordination Services
BBH
US Headquarters
1 Columbia, Suite 250
Aliso Viejo, CA, 92656 USA
A Company representative will respond to personal information change requests within 30 days of receiving such requests.
2.3 Choice and Consent
Personal information is collected only with those who have, or are in the process of establishing, a business relationship with the Client and have obtained consent (explicit or implied) to share their personal information (transfer to or from) with the Company and other third parties, only for the purposes for which it was collected.
The Company will work with the Client if any requests are submitted to the Company for removal or updates to individual’s personal information.
When the Client requests to the Company that information that was previously collected is used for purposes not previously identified in the privacy notice, the Client will be responsible to notify the individual and obtain consent prior to such new use or purpose.
When the Company will use information that was previously collected for purposes not previously identified in the privacy notice, the individual will be notified and consent will be obtained prior to such new use or purpose.
The Company will only disclose Personal Information to third parties for new purposes or uses only with prior implicit or explicit consent of the individual.
2.4 Security
The company takes security measures designed to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These measures include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures designed to guard against unauthorized access to systems where we store PII.
2.5 Information We Share, Disclosures
We do not share your personal information with third parties other than as follows:
These third parties must maintain agreements with the Company that ensures they will protect individual’s personal information in a manner consistent with relevant aspects of this Privacy Policy.
The Company restricts access to PII internally to BBH agents and partners, who need to know that information in order to operate, develop or improve our services. These parties are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
The Company reviews and performs a risk analysis prior to contracting with a third-party that collects, handles, processes, stores or protects personally identifiable information are reliable, operate fairly and lawfully and maintain the controls necessary to meet the terms of the Business Agreements and this policy.
The Company provides copies of the Privacy Policy to third parties that collects, handles, processes, stores or protects personally identifiable information prior to engagement and at least once a year.
The Client is responsible for monitoring and enforcement of security measures in regard to collection of personal information about their data subjects.
The Company maintains controls in attempt to prevent the misuse of personal information by third-parties and mitigates, to the extent practicable, any harm caused by the use or disclosure of personal information by a third-party in violations of the privacy policies and procedures and will take remedial action on any third-party that misuses personal information.
The Company will maintain a record of detected and reported unauthorized disclosures of personal information that is reviewed annually for completeness, accuracy, and timeliness.
2.6 Data Integrity/Quality of Personal Information
It is the responsibility of the Client and the Client workforce to ensure the quality of information collected prior to storage within our system. The Company is not responsible for the quality of information collected by the Client within our system prior, during, or after storage within our system.
The Company takes reasonable steps to ensure that PII collected and processed within the system remains as reliable, accurate, complete, current and relevant as possible for the purposes for which it was collected.
2.7 Data Retention & Disposal
Consistent with any applicable client commitments, the Company does not retain PI/PII/PHI longer than necessary to fulfill the stated business purposes unless a law or regulation specifically requires otherwise.
Consistent with any applicable client commitments and government regulations, the Company maintains processes that captures, identifies and flags PI/PII/PHI for destruction in a manner that data becomes entirely unreadable (destroyed/anonymized or redacted) and unable to be reconstructed/reconstituted, thereby preventing information loss, theft, misuse, or unauthorized access.
2.8 Access
Consistent with any applicable Client commitments, the Company will permit Users upon their request to access their PII to:
o The individual may need to provide sufficient identifying information, such as name, address, birth date, and social security or national health insurance or an equivalent number to prove identity.
o Correct or update any individual’s personal information that does not affect point-in-time transaction information that must be retained for business, regulatory and/or compliance reasons…
o Users can contact the Company customer services team at info@beyondblueholdings.com to request access to change personal information. Any personal information updated will be shared (where applicable) to any third-parties that were previously provided with the individuals personal information.
Requests for access or updates to personal information may be denied or limited by the Company if providing such access is unreasonably burdensome, expensive under the circumstances or if in giving such access would violate another person’s rights. If denied or limited, the Company will inform the individual of the denial, and reason for denial. It is the individual’s right to challenge any denial.
2.9 Policy Enforcement
The Company will conduct an annual self-assessment to ensure that this Privacy Policy is published and disseminated within BBH and on its website and that it conforms to these principles. In addition, the Company has deployed internal processes to monitor compliance with these principles and to address all questions or complaints from the Clients or Data Subjects.
Users may raise any concerns or complaints regarding their PII directly with the Company by first contacting us by email at privacy@beyondblueholdings.com.
Users can also write to us at:
Attention: Director of Coordination Services
BBH
US Headquarters
1 Columbia, Suite 250
Aliso Viejo, CA, 92656 USA
If a User raises such a concern or complaint, the Company will investigate the matter and attempt to resolve all issues to the satisfaction of the individual raising the concern or complaint.
If there is a breach of information, the Company will abide by all federal and state regulations.
3. Public Website Privacy
3.1 Your Use of the Website/Services Implies Your Consent
Your use of BBH Websites or Services signifies your acceptance of this Privacy Statement. If you do not agree or are not comfortable with any policy described in this Privacy Statement, your remedies are to discontinue your use of the relevant website or to follow instructions described elsewhere in this Privacy Statement.
3.2 Changes in this Privacy Statement
We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here and by means of a notice on our home page, your program website, another appropriate place or by email.
3.3 Testimonials
We occasionally post customer testimonials on our web sites which may contain Personally Identifiable Information such as the customer’s name. We obtain the customer’s consent prior to posting any testimonials.
3.4 Security of Data
The security of your personal information is important to us. When you enter sensitive information (such as credit card or social security numbers) within services provided on behalf of our clients, the information is encrypted using secure socket layer technology (SSL) when in transit. When we store your information in databases or in files, we utilize advanced encryption technologies to ensure extremely high levels of data protection.
We follow generally accepted industry standards to protect personal information submitted to us (both during transmission and at rest). No method of transmission over the Internet, or method of electronic storage, however, is 100% secure. Therefore, while we use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
3.5 How You Can Contact Us
If you have questions or concerns regarding this Privacy Statement, you should first contact us by email at privacy@beyondblueholdings.com.
You can also write to us at:
Attention: Director of Coordination Services
BBH
US Headquarters
1 Columbia, Suite 250
Aliso Viejo, CA, 92656 USA
A Company representative will respond to personal information change requests within 30 days of receiving such requests.
3.6 Information We Collect
When you first visit one of our Sites, we may ask that you take certain action and may request and/or require further information about you, including, but not limited to, your name, your employer’s name, address, telephone and facsimile number, email address and other identity and contact information.
If you choose not to supply the information, we may be unable to provide you with the services we make available to other users of and visitors to our website. When you submit any personally identifiable information over this website, the Company will (i) use the information for the purposes described at the time of submission (for example, your name, address, telephone number, and e-mail) and (ii) may use the information to contact you to make you aware of other services of interest. Of course, if you want to remain completely anonymous, you’re still free to take advantage of the publicly available content on our website without registration.
BBH allows Users from whom it collects PII the opportunity to choose not to allow the Company to disclose his or her PII to a third party or to use it for a purpose incompatible with the purpose for which it was originally collected (the “opt-out” rights). For Sensitive PII, BBH requires such User to affirmatively choose to allow for the data is to be disclosed to a third party or used for a purpose other than its original purpose (the “opt-in” choice).
Users desiring to exercise their opt-out rights should first contact us by email at:
opt-out@beyondblueholdings.com.
Users can also write to us at:
Attention: Director of Coordination Services
BBH
US Headquarters
1 Columbia, Suite 250
Aliso Viejo, CA, 92656 USA
3.7 How We Use the Collected Information
The information we collect from and about you may be used in the following ways, among others: to fulfill requests; to provide you with information about offers we believe you will find useful; or to notify you of updated information, changes to the Sites, or new products and services that we think might be beneficial to you. We also may combine information you have provided to us in communications offline with the information you have given us online, to, among other things, provide a more customized experience for visits to the Sites. All data is retained for at least the minimum time required by law.
3.8 Information We Share
We do not share your personal information with third parties other than as follows:
- Service Providers. We may share personal information with third parties who perform services on our behalf.
- Third Party Verification Services. We may share limited personal information (e.g., address, phone number) with non-BBH entities to assist with identity verification, and to prevent fraud and identity theft.
3.9 Information We Maintain on Behalf of Our Customers
The information we store, process and protect within our system boundaries is the property of our customers. We do not manage or maintain the content provided, nor do we ensure the quality of the information provided to our systems.
3.10 Choice & Consent
BBH allows Users from whom it collects PII the opportunity to choose not to allow the Company to disclose his or her PII to a third party or to use it for a purpose incompatible with the purpose for which it was originally collected (the “opt-out” rights). For Sensitive PII, BBH requires such User to affirmatively choose to allow for the data is to be disclosed to a third party or used for a purpose other than its original purpose (the “opt-in” choice).
Users desiring to exercise their opt-out rights should first contact us by email at:
opt-out@beyondblueholdings.com.
Users can also write to us at Attention:
Attention: Director of Coordination Services
BBH
US Headquarters
1 Columbia, Suite 250
Aliso Viejo, CA, 92656 USA
Personal information is collected only with those who have, are interested in, or are in the process of requesting information on, or establishing a business relationship with the Company and have obtained consent (explicit or implied).
The Company will ensure the individual has obtained consent to share their personal information (transfer to or from) with Third Parties before doing so.
The Company will work with individuals who request removal of, or updates to, their personal information as allowed by business requirements or relevant Laws & Regulations.
When the Company intends to use personal information that was previously collected for purposes not previously identified in the privacy notice, the individual will be notified, and consent will be obtained prior to such new use or purpose.
The Company will maintain documentation of explicit consent for the collection, use, or disclosure of personal information on the public websites.
3.11 Onward Transfer to Third Parties
The Company may disclose PII to a third party if (a) the Company has received the applicable User’s permission to make the disclosure, (b) the disclosure is necessary to meet national security, public interest, or law enforcement requirements, (c) allowed by a law that creates conflicting obligations for the Company or that explicitly authorizes disclosure (except that we will limit such disclosure to the extent necessary), or (d) the Principals allow for other exceptions provided that it is applied to other Users equally.
The Company may only disclose PI/PII to third parties for new purposes or uses only with the prior implicit or explicit consent of the individual.
3.12 Public Website Privacy Statement
This section describes how the Company uses and disseminates information collected about Public Website Visitors through our Public Website; it does not cover any other data processing activities.
3.13 Use of Cookies
A “cookie” is a small text file containing information that a web browser transfers to your computer’s hard disk for record-keeping purposes. On the Public Websites, we may use cookies to analyze our site traffic patterns, except as described above, we link cookies only to IP addresses and not any personally identifiable information about Public Website Visitors.
For an overview on the security of the Emerios Platform, click here.
If you believe that someone at our company, or any companies that we partner with, have violated any of these policies or have been involved in any instances of fraud, abuse or waste, that would affect our company, it is imperative that we are notified by one of the following measures:
BY EMAIL: EmeriosReports@GetInTouch.com
BY PHONE: 1-844-220-3825
BY WEB: https://InTouchWebsite.com/EmeriosReports
We contract with a third party to manage these reports, so any information you provide will be submitted in a completely anonymous fashion. Your contact information will never be provided to us without your consent.
CCPA
Under CCPA, businesses that process these requests must publish information about them. For the calendar year 2023 (January 1 to December 31), Emerios has processed 0 access, 0 limiting, 0 deletion, and 0 do not sell requests.
The following are our lifetime totals:
Access Requests January 2020 – December 2023
Total Number of Access Requests received 0
Total number of Access Requests complied (in whole or in part) 0
Total number of Access Requests denied 0
Limiting Requests January 2020 – December 2023
Total number of requests to limit data to minimum necessary received 0
Total number of requests to limit data to minimum necessary complied (in whole or in part) 0
Total number of requests to limit data to minimum necessary 0
Deletion Requests January 2020 – December 2023
Total number of Deletion Requests received 0
Total number of Deletion Requests complied (in whole or in part) 0
Total number of Deletion Requests denied 0
Do Not Sell (DNS) Requests January 2020 – December 2023
Total number of DNS Requests received 0
Total number of DNS Requests complied (in whole or in part) 0
Total number of DNS Requests denied 0
Average Days to Respond January 2020 – December 2023
Average number of days to respond to Access Requests N/A – 0 Requests received
Average number of days to respond to Deletion Requests N/A – 0 Requests received
Average number of days to respond to DNS Requests N/A – 0 Requests received
GDPR
Emerios currently does not provide services to clients or clients customers for use outside of the United States of America. It also does not collect information on persons with a non-United States address, including within our CRM platform.
Privacy Metrics for GDPR
Under GDPR, businesses that process these requests must publish information about them. For the calendar year 2023 (January 1 to December 31), Emerios has processed 0 access, 0 limiting, 0 deletion, and 0 do not sell requests, 0 investigations. The following are our lifetime totals for GDPR requests: 0 access, 0 limiting, 0 deletion, and 0 do not sell requests, 1 investigation (closed with no negative finding).
As of 10/18/2022, the Emerios website is blocked from viewing in the EU and other regions where Emerios does not operate or support.
TEXT MESSAGING
All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. Visit www.emerios.com/sms-policy for more information on text messaging.