INTRODUCTION
This Privacy Policy is
applicable to BeneSys, Inc. (“Company”, “BeneSys”, “we,” “our,” or “us”) as
related to the services we offer when you visit to our Website (as defined
below) or when you otherwise utilize our products and services (the
“Services”).
This Privacy Policy sets
out the essential details relating to your personal data relationships with
BeneSys as:
·
A website visitor
·
An end user of one of our applications (“end user”)
·
A prospective client
·
Partners
·
Trustee
·
Providers
·
Health Plans
BENESYS, INC. NOTICE OF PRIVACY PRACTICES
BeneSys, Inc., is
committed to protecting your privacy and developing technology that gives you
the most powerful and safe online experience. This Notice of Privacy Practices
governs data collection and usage. By using the websites and mobile
applications provided by BeneSys, you consent to the practices described in
this Statement.
The websites, mobile applications
and services provided by BeneSys are intended for use by participants in its
client trust funds, located in the United States and Canada and are not
intended for use by individuals located elsewhere, including in the European
Union or United Kingdom. By providing personal information on BeneSys’s
websites and mobile applications, you are agreeing to the transfer, storage and
processing of information in the United States.
PERSONAL
INFORMATION WE COLLECT
Information You Choose
to Provide to Us
WHEN
We may ask you to
provide personal information when:
·
You use the Website to download materials and forms
·
You connect with us directly via phone calls or chat
·
We or Client Account Administrators grant you access to the
application
·
You or Client Account Administrators upload or enter personal
information into the application
·
You or your employer contract or pay for our services
WHAT
Within the last 12
months, we collected personal information that may include, but is not limited
to, first and last name, email address, address, date of birth, social security
number, phone number and/or company name.
As an end user of an
application, we collect your name, email address, and any comments you make in
the specific application.
In addition, we may
collect data uploaded by you, your employer, or other users of the application
that may be required to use BeneSys’ services. We expect all users to follow
their organization’s privacy policy and any applicable regulatory requirements
when uploading, accessing, and using personal information into our application.
The data uploaded may
include personal information such as, by way of example, and not limitation:
·
Employee names, email addresses, and contractual agreements
·
Vendor names, email addresses, contractual agreements or other
personal data necessary for BeneSys services
·
Customer names and email addresses used to provide services
within BeneSys’ platform Personal Identity Information (PII) and/or Protected
Health Information (PHI)
·
Financial data such a contributions, pensions, claim payments,
and other account activities
·
Job Applicant data; As a job applicant, we may also collect your
resume and cover letter.
Information We Collect
Automatically
WHEN
We collect information
about your visits to the website and the application when you visit any of our
web pages through logging and analytics technology.
WHAT
The information
collected includes:
·
access times
·
the pages you view the links you click on
·
the search terms you enter
·
actions you take in connection with any of the visited pages
·
your device information such as IP address, location, browser
type and language
·
the Uniform Resource Locator (URL) of the website that referred
you to our website
·
URL you browse away from our pages if you click on an external
link
We may also collect
information when you open email messages from us, or click on links within
those email messages.
HOW WE USE
PERSONAL INFORMATION
We use your personal
information to:
·
Deliver the contracted Services and allow full use of the
application functionality as purchased by the
·
Deliver training and support to our application end users and/or
carry out the transactions you have
·
To communicate with you directly through emails, calls, chats,
video conferencing.
·
Send communications to you about:
·
New application features
·
Upgrades to our Services
·
Product notices and changes to our terms and policies.
·
Particular programs in which you have chosen to participate.
·
Promotional offers and surveys.
·
Analyze user clicks and usage of the application and website to
improve user experience and maximize usage of our services.
·
Manage our Website and applications to maintain and deliver the
contracted functionality and services.
·
Enforce our Website and application terms and/or separate
contracts (if applicable) with you.
·
Prevent fraud and other prohibited or illegal
·
Protect the security or integrity of the website, application,
our business or
·
To engage with third parties in connection with services these
individuals or entities perform for or with us.
·
These third parties are restricted from using this data in any
way other than to provide services for us or for the collaboration in which
they and BeneSys, Inc are contractually engaged (e.g. hosting a BeneSys, Inc
database).
·
To assist in business transfers.
·
As we continue to develop our business, we may buy, merge, or
partner with other companies. In such transactions (including in contemplation
of such transactions) user information may be among the transferred assets. If
a portion or all of BeneSys Inc’s assets are sold or transferred to a third
party, customer personal data would likely be one of the transferred business
assets. If such transfer is subject to additional mandatory restrictions under
applicable laws, we will comply with such restrictions.
·
Or otherwise, as disclosed to you at the point of collection or
as required or permitted by
Please note that
sometimes we may record the video conferencing call in which you participate to
analyze and improve our staff’s communication skills. If we do so, we will be
announcing it at the beginning of the conference call.
We will not use your
personal data, however, to send commercial or marketing messages to you unless
we have a legal basis for doing so, such as your consent or a contract with us
for which, in either case, you will have the ability to opt out of by sending
an email to corporate.compliance@benesys.com
This site does not
collect personal data when you browse the site and request pages from our
servers unless you voluntarily and knowingly provide such information to
us. This means that we will not know your name, your email address, or
any other personal data just because you browse the site unless you:
·
access the site from a link in an email that we have sent to
you;
·
have created a profile and you either log-in to your account or
choose to be remembered via your cookie or your web-enabled mobile device.
In these cases, we will
know who you are based on the information you previously supplied to us.
When you request a page from our Site, our servers log the information provided
in the HTTP or HTTPS request header including the IP number, the time of the
request, the URL of your request and other information that is provided in the
HTTP header. We collect the HTTP request header information in order to
make our Site functions correctly and provides you with the functionality that
you expect to see. We also use this information to personalize content
presented to you, better understand how visitors use our Site and how we can
better tune it, its contents, and functionality to meet your needs. We
only use your personally identifiable information for those activities listed
at the time you submit your information to us. For example, if you
provide us with an email to inform you of special events, then that is what we
will use your email address to do. If we would like to use your
personally identifiable information for an unrelated activity, we will first
request your consent to do so.
We do not sell your
information to any third-party.
HOW WE SHARE
PERSONAL INFORMATION
Our Application and
Services
If you are an end-user
of our application, your personal information may be viewed by BeneSys
personnel with access to the application.
Legal Disclosures
At times, it may be
possible that we may need to disclose personal information when required by
law, subpoena or other legal processes as identified in the applicable
legislation.
We attempt to notify our
clients about legal demands for their personal data when appropriate in our
judgment unless prohibited by law or court order or when the request is an
emergency.
Change in Control
We can also share your
personal data as part of a sale, merger, change in control or in preparation
for any of these events.
Any other entity which
buys us or part of our business will have the right to continue to use your
data, but only in the manner set out in this Privacy Policy unless you agree
otherwise.
Who Can Use the Information We Collect and How
We may provide your
personal data to third parties, or third parties may collect personal data from
you on our behalf but only if we have contracted with that third party to
provide some part of the information or service that you have requested.
Other than those that act on our behalf and except as explained in this Policy,
personal data you provide to use will not be transferred to unrelated third
parties, unless we have a legal basis to do so. However, please note that
personal data provided to us is subject to disclosure pursuant to judicial or
other government subpoenas, warrants, or orders, or other legal obligations.
HOW WE SECURE
PERSONAL INFORMATION
We are committed to
protecting the security of all of the personal information we collect and use.
We use a variety of
physical, administrative, and technical safeguards designed to help protect it
from unauthorized access, use and disclosure. We take our security obligations
seriously. While we are responsible for maintaining the security of our website
and applications, you must also access and use our website and applications in
a manner that is responsible and secure.
We have implemented
best-practice standards and controls in compliance with internationally
recognized security frameworks. We use encryption technologies to protect data
at rest and in transit. We review our strategies and update as necessary to
meet our business needs, changes in technology, and regulatory requirements. In
addition, we have implemented a series of policies, procedures, and training to
address data protection, confidentiality, and security, and we update and
review the appropriateness of these measures on a regular basis.
Disclosure of Sale of Personal Data
In the preceding twelve
(12) months, BeneSys has not sold personal information.
Storage and Transfer of Personal Data
The personal data we
collect may be stored and processed in your region, in the United States or in
any other country where we, our affiliates, or contractors maintain facilities.
We take steps to ensure that the data we collect under this Privacy Policy is
processed pursuant to the terms thereof and the requirements of applicable law
wherever the data is located.
We also collaborate with
third parties such as cloud hosting services and suppliers located around the
world to serve the needs of our business, workforce, and customers. In some
cases, we may need to disclose or transfer your personal data within BeneSys
Inc. or to third parties in areas outside of your home country. When we do so,
we take steps to ensure that personal data is processed, secured, and
transferred according to applicable law.
If you would like to know more about our data transfer
practices, please contact corporate.compliance@benesys.com.
YOUR RIGHTS
If required by law, upon request, BeneSys Inc. will grant you
reasonable access to the personal information that it maintains about you. You
may request access to your personal information by contacting us at corporate.compliance@benesys.com.
We respect your right to
access and control your personal data. You have choices about the data we
collect. When you are asked to provide personal data that is necessary for the
purposes of providing you with our Products and Services, you may decline.
However, if you choose not to provide data that is necessary to provide a
Service, you may not have access to certain features, Sites, Products, or
Services.
Access to personal data: In some jurisdictions, you
have the right to request access to your personal data. In these cases, we will
comply, subject to any relevant legal requirements and exemptions, including
identity verification procedures. Before providing data to you, we will ask for
proof of identity and sufficient information about your interaction with us so
that we can locate any relevant data. We may also charge you a fee for
providing you with a copy of your data (except where this is not permissible
under local law).
Correction and deletion: In some jurisdictions, you
have the right to correct or amend your personal data if it is inaccurate or
requires updating. You may also have the right to request deletion of your
personal data. Please note that such a request could be refused because your
personal data is required to provide you with the products or services you
requested, e.g. to deliver a product or send an invoice to your email address,
or that it is required by the applicable law.
Portability: If you reside within the European Union, you have the
right to ask for a copy of your personal data and/or ask for it to be ported to
another provider of your choice. Please note that such a request could be limited
to the only personal data you provided us with or that we hold at that given
time and subject to any relevant legal requirements and exemptions, including
identity verification procedures.
E-mail communications
you receive from us will generally provide an unsubscribe link allowing you to
opt-out of receiving future email or to change your contact preferences. E-mail
communications may also include a link to directly update and manage your
marketing preferences. Please remember that even if you opt out of
receiving marketing emails, we may still send you important Service information
related to your accounts.
How Do you Correct and Update Your Personal Data
We aim to keep all
personal data that we hold accurate, complete and up-to-date. While we will use
our best efforts to do so, we encourage you to tell us if you change your
contact details. If you believe that the information we hold about you is
incorrect, incomplete or out-of-date, please contact
corporate.compliance@benesys.com.
You can change or
correct your personal data at any time. Just send an email with your old
information and your corrections to corporate.compliance@benesys.com with
“Correction” in the subject line.
The Privacy of Minors
We understand the
importance of protecting the privacy of all individuals, especially the very
young. Our services are intended for United States audiences over the age
of 18. Our Site and its Services are not directed to children.
Subscribing to our Services is restricted to adults who are either 18 years of
age or older or as otherwise legally defined by the country of your residency.
You must be old enough to consent to the processing of your personal data in
your country to use our Services.
HOW LONG WE KEEP
YOUR PERSONAL INFORMATION
We retain information as
long as it is necessary to provide the Services to you and our clients, subject
to any legal obligations to further retain such information.
We may also retain
information to comply with applicable law, prevent fraud, collect fees, resolve
disputes, troubleshoot problems, assist with investigations, enforce our Terms
of Service and take other actions permitted by law.
The information we
retain will be handled in accordance with this Privacy Policy.
Information connected to
you that is no longer necessary and relevant to provide our services may be de-
identified or aggregated with other non-personal data. This information may
provide insights that are valuable to BeneSys Inc., such as statistics of the
use of the services.
As stated above, we will
retain your Personal Information for as long as you are a client, the
performance of our Services requires, and as long as our ethical obligations
require.
OTHER IMPORTANT
INFORMATION
We will only collect and
process your personal data where we have a lawful reason for its collection.
When you visit our
website and provide us with your personal information, we collect and use it
with your consent.
What Happens When You Link to a Third-Party Website?
If you click a link and
go to another site, you will be subject to that website’s privacy policy. We
encourage you to read the posted privacy policy statement at any website before
submitting any personal data at all.
What Happens When We Update Our Privacy Policy?
We may update our
Privacy Policy at any time and from time to time. Your acceptance of any minor
changes to this Privacy Policy is indicated by your continued use of our
Services. If we make any material changes to our Privacy Policy, we will post a
notice about the change at a prominent location on our Site. We encourage you
to periodically review our Site and this Privacy Policy for any changes.
What Happens if We Sell Our Business?
While we do not anticipate
it, every business nowadays should plan for the possibility that it might sell
certain or all of its assets to another company or individual, or that it might
buy certain assets of another company or individual. If all or part of
the company is sold, merged or otherwise transferred to another entity, the
personal information you have provided to us may be transferred as part of that
transaction. However, we will take steps to ensure that your personal
information is used in a manner consistent with the provisions of our Policy.
CONTACT
INFORMATION
You may contact us to exercise any of your rights or ask for
more information about your personal information and our privacy practices by
contacting us at corporate.compliance@benesys.com.
FOR INDIVIDUALS
BASED IN CALIFORNIA and Other Certain States
This Privacy Notice
(“Notice”) provides additional specific information for “Consumers” as defined
in the California Consumer Privacy Act of 2018 (“CCPA”) and the California
Privacy Rights Act (“CPRA”). This Notice is a supplement to other privacy
policies or notices issued by BeneSys, Inc (“Company”, “We”, “Us”, or “Our”).
In the event of a conflict between any other BeneSys, Inc policy, statement, or
notice and this Notice, this Notice will prevail as to California Consumers and
their rights under the CCPA and CPRA.
In accordance with the
CCPA’s and CPRA’s requirements, this Notice describes our collection, use,
disclosure of California Consumers’ “Personal Information” or “PI” as defined
by the CCPA and CPRA, as well as the rights California Consumers have under the
CCPA and CPRA. Terms defined in the CCPA and CPRA that are used in this Notice
have the same meanings as the CCPA and CPRA.
The following rights are
also available to residents of the following states:
·
The Right to Opt Out of Certain Processing: Colorado,
Connecticut, Virginia
·
The Right to Opt In for Sensitive Data Processing: Colorado,
Connecticut, Virginia
·
The Right Against Automated Decision Making: Colorado,
Connecticut, Virginia
Disclosure of Personal
Information, No Sale:
BeneSys has not sold
Personal Information (as defined or as contemplated by the CCPA or CPRA) in the
preceding twelve (12) months. As defined and contemplated by the CCPA and CPRA,
BeneSys does not sell Personal Information of minors under the age of sixteen
(16).
California Consumer Privacy Rights
As a California Consumer,
you have the following rights:
- Right to Disclosure:California
Consumers have a right to request information from us regarding the
Personal Information we collect and disclose for business purposes about
you, the consumer.
- Right to Deletion:In certain circumstances,
you have the right to request we delete Personal Information we collected
from you.
- Right to
Non-Discrimination:BeneSys
will not discriminate against California Consumers for exercising their
rights under the CCPA or CPRA.
- The Right to Opt-Out of
the Sharing of Your Personal Information
- The Right to Correct
Inaccurate Personal Information
- The Right to Limit Use and
Disclosure of Sensitive Personal Information
- The Right Against
Automated Decision Making
Collection and Use of
Personal Information
We collect information
that identifies, relates to, describes, references, is capable of being
associated with, or could reasonably be linked, directly or indirectly, with a
particular consumer or household (“personal information”).
The following is a
description of our data collection practices, including the personal data we
may collect, the source of that information, the purposes for which we collect
information (in addition to as otherwise set forth herein), and whether we
disclose that information to external parties. We may use any and all of the
information for any purposes described in this Privacy Notice. We may not
collect additional categories of personal information or use personal
information collected for additional purposes that are incompatible with the
disclosed purposes for which the personal information was collected, without
providing consumers with notice.
Our collection, use,
retention, and sharing of a consumer’s personal information shall be necessary
and proportionate to achieve the purposes for which such information is
collected or processed, or for another disclosed purpose that is compatible
with the context in which the personal information was collected, and not
further processed in a manner that is incompatible with those purposes.
We may not retain a
consumer’s personal information or sensitive personal information for each
disclosed purpose for which the personal information was collected for longer
than is reasonably necessary for that disclosed purpose.
We collect personal
information directly from you, from your browser or device when you visit our
websites, from third parties that you permit to share your information or from
third parties that share public information about you, as stated above.
See the section above,
“How We Use Personal Information,” to understand how we use the personal
information collected from California consumers.
Below is a list of
categories of personal information and a discussion as to whether we have
collected any such information within the past twelve (12) months:
PERSONAL IDENTIFIERS
·
We collect your name, address, email address, zip code,
telephone number, date of birth, phone number, and other similar personal
identifiers when you create an account with us or it is provided to us. We use
this information to provide our Services, as well as to respond to your
requests.
·
We collect your IP address automatically when you use our
Services. We use this information to identify you, gauge online activity, and
measure the effectiveness of online services, applications, and tools.
·
We collect your Device ID automatically when you use our
Services. We use this information to monitor your use and in furtherance of
providing our Services to you.
·
Other personal information, such as personal information you
provide to us in relation to a survey, comment, question, request, article
download or inquiry and any other information you upload to our application.
CUSTOMER RECORDS
INFORMATION AND PERSONAL DATA PROTECTED AGAINST SECURITY BREACHES (CAL. CIV.
CODE § 1798.80(E))
·
We collect your name, phone number, username, password, company
name, job title, business email address, and department when you create an
account with us or provided to us. We use this information to provide our Services
and to respond to your requests.
·
We may collect your Social Security Number to provide you with
the Services.
·
We may collect banking information in order to provide the
Services.
·
We collect life or health insurance or other financial services
information directly from you or from records provided to us. We may use this
information to provide you with the Services.
PROTECTED CLASSIFIED
INFORMATION
We collect information about your age and date of birth when you
create an account with us or when your information is provided to us. We use
this information to provide you with the Services.
COMMERCIAL INFORMATION
- When you engage with us, we
create records of your interactions with us and the Services provided. We
use this information to measure the effectiveness of our Services and use
this information to better calibrate our assessment tool.
BIOMETRIC INFORMATION
- We do not collect any
biometric information about you.
INTERNET OR OTHER
SIMILAR NETWORK ACTIVITY
- We collect
information regarding your interaction with our Website. This includes
device(s) used to access the services and information regarding your
interaction with our Website or Services and other usage data.
GEOLOCATION
- As described
above, we collect your IP address automatically when you use our Site. We
can determine your general location based on the IP address, but not your
precise geolocation. BeneSys does not collect data related to your
precise geolocation.
AUDIO/VIDEO DATA
- If you
contact us via phone, we may record the call. We will notify you if a call
is being recorded at the beginning of the call. We may collect sensory
information, the content, audio and video recordings of conference calls
between you and us that we record where permitted by you and/or the law.
We do not collect thermal, olfactory, or similar information.
PROFESSIONAL OR
EMPLOYMENT RELATED INFORMATION
- We collect
business information, including your name, company, and job title, and
business contact details from you. We use this information to reach out to
you in furtherance of the provision of our Services.
EDUCATION INFORMATION
- We do not
collect any information about the institutions you have attended.
SENSITIVE PERSONAL
INFORMATION (See Below)
Sharing your Data and
the Recipients of your Personal Information
We share personal
information with third parties for business purposes. The categories of third
parties to whom we disclose your personal information may include: (i) our
service providers and advisors, (ii) strategic partners; and (iii) analytics
providers.
When we disclose
personal information for a business purpose, we enter into a contract that
describes the purpose and requires the recipient to both keep that personal
information confidential and not use it for any purpose except in performance
of the contract. The CCPA and CPRA prohibit third parties who receive the
personal information we hold from selling it unless you have received explicit
notice and an opportunity to opt-out of such downstream sales.
Either we or our Service
Providers may use your information for the following Business Purposes (as
defined in the CCPA and CPRA) on a day-to-day basis:
·
Detecting security incidents, protecting against malicious,
deceptive, fraudulent, or illegal activity, and prosecuting those responsible
for that activity.
·
Debugging to identify and repair errors that impair existing
intended functionality.
·
Short-term, transient use, provided that the personal
information is not disclosed to another third party and is not used to build a
profile about a consumer or otherwise alter an individual consumer’s experience
outside the current interaction, including, but not limited to, the contextual
customization of ads shown as part of the same interaction.
·
Performing services on behalf of the business or service
provider, including maintaining or servicing accounts, providing customer
service, processing or fulfilling orders and transactions, verifying customer
information, processing payments, providing financing, providing advertising or
marketing services, providing analytic services, or providing similar services
on behalf of the business or service provider.
·
Undertaking internal research for technological development and
demonstration.
·
Undertaking activities to verify or maintain the quality or
safety of a service or device that is owned, manufactured, manufactured for, or
controlled by the business, and to improve, upgrade, or enhance the service or
device that is owned, manufactured, manufactured for, or controlled by the
business.
Do We Sell or Share Your Personal Information?
As mentioned above, we
do not sell your personal information as currently defined under the CCPA and
as amended by the CPRA, meaning that we do not rent, disclose, release,
transfer, make available or otherwise communicate your personal information to
a third party for monetary or other consideration. We will not sell your
information unless we modify this Privacy Policy and take the additional steps
required under the CCPA.
While we do not sell Personal Information for monetary value, we
may share it with a third party or disclose it to a service provider or
contractor in furtherance of a business purpose. In accordance with the
CPRA, you have the right to opt-out of BeneSys sharing or otherwise disclosing
your personal data. If you choose to opt-out of BeneSys sharing your data, you
can do so by emailing us at: corporate.compliance@benesys.com.
If we do share your
Personal Information with a third party, BeneSys shall enter into an agreement
with such third party, service provider, or contractor that: (1) specifies that
the personal information is disclosed by BeneSys only for limited and specified
purposes; (2) obligates the third party, service provider, or contractor to
comply with applicable obligations under the CPRA and obligate those persons to
provide the same level of privacy protection as required by the CPRA; (3) grants
BeneSys rights to take reasonable and appropriate steps to help ensure that the
third party, service provider, or contractor uses the personal information
transferred in a manner consistent with the BeneSys’ obligations under the
CPRA; (4) requires the third party, service provider, or contractor to notify
us if it makes a determination that it can no longer meet its obligations under
the CPRA; and (5) grants BeneSys the right, upon notice, including under (4),
to take reasonable and appropriate steps to stop and remediate unauthorized use
of Personal Information.
Under the right to
delete provisions of the CPRA, BeneSys will enter into an agreement with a
third party that (1) the service provider or contractor shall cooperate with
the Company in responding to a verifiable consumer request; and (2) that at the
direction of BeneSys, shall delete, or enable BeneSys to delete, and shall
notify any of its own service providers or contractors to delete, personal
information about the consumer collected, used, processed, or retained by the
service provider or the contractor.
Additionally, the
service provider or contractor shall notify any service providers, contractors,
or third parties who may have accessed personal information (requested for
deletion) from or through the service provider or contractor, unless the
information was accessed at the direction of BeneSys, to delete the consumer’s
personal information, unless doing so proves impossible. A service
provider or contractor shall not be required to comply with a deletion request
submitted by the consumer directly to the service provider or contractor to the
extent that the service provider or contractor has collected, used, processed,
or retained the consumer’s personal information in its role as service provider
or contractor to BeneSys.
How Long Do We Keep Your Data?
For each of the
categories of personal data and for the sensitive personal data, below please
find information regarding how long we keep such data or how we will decide to
dispose of such data.
·
Personal Identifiers:
·
We collect this data as provided by you to us, and we utilize
this data in furtherance of providing Services to you. We keep this data for as
long as it’s needed to provide Services to you, or as may be required under applicable
law and will decide to dispose of this data when it is no longer needed to
achieve our business-related purposes.
·
Customer Records Information:
·
We collect this data when you create an account with us and use
it to provide Services to you. We keep this data for as long as it’s needed to
provide Services to you, or as may be required under applicable law and will
decide to dispose of this data when it is no longer needed to achieve our
business-related purposes.
·
Protected Classified Information Under California Law:
·
We collect information about you, including your age and date of
birth, when you create an account with us or if you provide this information to
us. We keep this data for as long as it’s needed to provide Services to you, or
as may be required under applicable law and will decide to dispose of this data
when it is no longer needed to achieve our business-related purposes
·
Commercial information:
·
When you create an account or otherwise engage with us via our
Website or app, we create records of your interactions with us and the Services
provided. We utilize this information to measure the effectiveness of our
Services. We keep the data for as long as it’s needed to provide Services to
you, or as may be required under applicable law, and will decide to dispose of
this data when it is no longer needed to achieve our business-related purposes.
·
Biometric Information:
·
BeneSys does not collect any biometric data.
·
Internet and other electronic network activity:
·
We collect information regarding your interaction with our
Website. This includes device(s) used to access the Website and information
regarding your interaction with our Website or in the provision of our Services
to you. We keep this data for as long as it’s needed to provide Services to
you, or as may be required under applicable law, and will decide to dispose of
this data when it is no longer needed to achieve our business-related purposes.
·
Geolocation Data:
·
As described above, we collect your IP address automatically
when you use our Site. We can determine your general location based on the IP
address, but we do not and cannot determine your precise geolocation. We keep
this data until we determined that it is no longer needed to achieve our
business-related purposes, or as may be required under applicable law, and will
decide to dispose of this data when it is no longer needed to achieve our
business-related purposes.
·
Audio, electronic, visual, thermal, olfactory, or similar
information:
·
If you contact us via phone, we may record the call. We will
notify you if a call is being recorded at the beginning of such call. We
may collect the content, audio, and video recordings of conference calls
between you and us that we record where permitted by you and/or by law.
We keep this data for as long as it’s needed to provide Services to you, or as
may be required under applicable law, and will decide to dispose of this data
when it is no longer needed to achieve our business-related purposes. We
do not collect thermal, olfactory, or other similar information.
·
Professional or employment-related information:
·
We collect business information, including your name, company,
job title, and business contact details from you which you provide to us. We
use this information in furtherance of our Services. We keep this data
for as long as it’s needed to provide Services to you, or as may be required
under applicable law, and will decide to dispose of this data when it is no
longer needed to achieve our business-related purposes.
·
Sensitive Personal Information (See Below).
Do We Use your Data for Automated Decision Making?
We do not use your data
for automated decision making (i.e. data profiling) purposes.
How to Exercise Your Rights Under the CCPA/CPRA
Under the CCPA and CPRA
you have the right to find out about the personal information that we have
collected and how that information has been used or disclosed. You also have
the right to request that we delete or correct your personal information
(and/or opt-out of the sale or sharing of your personal information).
If you wish to exercise any of these opt-out rights, or if you
would like additional information, please contact us at the following email
address: corporate.compliance@benesys.com, or call us at the
following toll-free number: (888) 659-8789.
1. The Right to Access and Know About Personal Information
Collected, Disclosed, or Shared
You have the right to
request that we disclose certain information to you about our collection and
use of your personal information over the past twelve (12) months. Once we
receive and confirm your verifiable consumer request, we will disclose to you:
·
The categories of personal information we collected about you.
·
The categories of sources for the personal information we
collected about you.
·
Our business or commercial purpose for collecting or selling
that personal information.
·
The categories of third parties to whom we disclose that
personal information.
·
The specific pieces of personal information we collected about
you (also called a data portability request).
·
If we disclosed your personal information for a business
purpose, identifying the personal information categories that each category of
recipient obtained.
For data portability
requests, we will select a format to provide your personal information that is
readily useable and should allow you to transmit the information from one
entity to another entity without hindrance.
2.
The Right to Request Deletion of Your Personal Information by
BeneSys and Third Parties
Subject to certain
exceptions, you have the right to request that we delete any of all of your
personal information that we collected from you and retained over the past
twelve (12) months. Please bear in mind that deletion of your personal
information may not allow BeneSys to continue to provide the Services to
you. Once we receive and confirm your verifiable consumer request, we
will delete (and direct our service providers or contractors to delete) your
personal information from our records, unless an exception applies.
Additionally, upon receiving a verifiable consumer request, we will notify all
third parties to whom BeneSys Inc. has shared such personal information to
delete the consumer’s personal information, unless doing so is proven to be
impossible or involves disproportionate effort. You may request that only
a portion of your information be deleted.
We may deny all or part
of your deletion request if retaining the information is necessary for us or
our service providers to:
·
Complete the transaction for which we collected the personal
information, provide a service that you requested, take actions reasonably
anticipated based on our ongoing business relationship with you, or otherwise
perform our agreement with you
·
Help to ensure security and integrity to the extent the use of
the consumer’s personal information is reasonably necessary and proportionate
for those purposes.
·
Debug products to identify and repair errors that impair
existing intended functionality
·
Exercise free speech or ensure the right of another consumer to
exercise their right of free speech or other right provided for by law
·
Engage in public or peer reviewed scientific, historical, or
statistical research that conforms or adheres to all other applicable ethics
and privacy laws, when the business’s deletion of the information is likely to
render impossible or seriously impair the ability to complete such research, if
the consumer has provided informed consent
·
To enable solely internal uses that are reasonably aligned with
the expectations of the consumer based on the consumer’s relationship with the
business and compatible with the context in which the consumer provided the
information
·
Comply with a law or a legal obligation
BeneSys Inc. may maintain
a confidential record of deletion requests solely for the purpose of preventing
the personal information of a consumer who has submitted a deletion request
from being sold, for compliance with other laws, or for other purposes solely
to the extent permissible under the CPRA.
3.
The Right to Opt-Out of the Sharing of Your Personal Information “DO
NOT SELL OR SHARE MY INFORMATION”
The CCPA and CPRA
provide you with the right to opt out and stop businesses from selling or
sharing your personal information. This right applies to all California
consumers ages 16 or older and may be exercised at any time.
The right to opt out of
sharing personal information includes sharing with a third party even when
there is no exchange of consideration between the parties. This can include the
right to opt out of BeneSys Inc. using technologies like cookies and pixels to
track you across other websites, apps, or services that then share that
information with ad networks to deliver targeted advertisements to you.
If you are 16 years of
age or older, you have the right to direct us to not share your personal
information at any time (the “right to opt-out”). Our websites and products are
not intended for minors. We do not sell or share the personal information of
consumers we actually know are less than 16 years of age, unless we receive
affirmative authorization to sell or share (the “right to opt-in”) from either
the consumer who is at least 13 but not yet 16 years of age, or the parent or
guardian of a consumer less than 13 years of age. Consumers who opt-in to
personal information sharing may opt-out of future sharing at any time.
How to exercise this
right:
·
By contacting BeneSys Inc. at the toll free number: (888) 659 –
8789; or
·
By sending an email to the following address: corporate.compliance@benesys.com,
providing specific details of your request
Do Not Track:
We do not track our customers over time and across third party
websites to provide targeted advertising and therefore does not respond to Do
Not Tract (DNT) signals.
4.
The Right to Non-Discrimination
We will not discriminate
against you for exercising any of your CCPA or CPRA rights, and will not engage
in the following behaviors:
·
Denying you goods or services
·
Charging you different prices or rates for goods or services,
including through granting discounts or other benefits, or imposing penalties
·
Providing you a different level or quality of goods or services
·
Suggesting that you will receive a different price or rate for
goods or services or a different level or quality of goods or services
·
Retaliating against an employee, applicant for employment, or
independent contractor as defined under the CPRA, for exercising their rights
under the CPRA.
When you exercise these
rights and submit a request to us, we will verify your identity by asking for
information about your relationship with BeneSys Inc., such as an email address
on file or other methods of verification as allowed under the CCPA and CPRA.
We endeavor to respond
to a verifiable consumer request within forty-five (45) days of its receipt. If
we require more time, we will inform you of the reason and extension period in
writing.
Any disclosures we
provide will only cover the 12-month period preceding the verifiable consumer
request’s receipt. The response we provide will also explain the reasons we
cannot comply with a request, if applicable.
5. The Right to Correct Inaccurate
Personal Information
You shall have the right to request that we correct any
inaccuracies in your personal information, taking into account the nature of
the personal information and the purposes of the processing of the personal
information. If BeneSys Inc. collects your personal information we shall
disclose, pursuant to the CPRA, section 1798.130, your right to request
correction of inaccurate personal information, which you may do by contacting
us at the following email address: corporate.compliance@benesys.com. Or by calling us at
the following toll-free number: (888) 659-8789.
If BeneSys Inc. receives
a verifiable consumer request to correct inaccurate personal information, we
shall use commercially reasonable efforts to correct the inaccurate personal
information, as directed by you pursuant to your rights under the CPRA. We
shall also ask any third parties and service providers to whom information has
been shared with to correct or delete your personal information upon your
request.
6.
The Right to Limit Use and Disclosure of Sensitive
Personal Information
For purposes of the
CPRA, sensitive personal information (“SPI”) includes the following personal
information:
·
Any communications that you have with a third-party.
§ BeneSys does not collect
any data related to communications you have with a third-party
·
Biometric data processed to identity an individual
§ BeneSys does not collect
any biometric data
·
Data about sexual orientation or sex life
§ BeneSys does not collect
any information regarding sexual orientation or sex life.
·
Financial account details in a combination (e.g. card number and
password) that gives or provides access to an account.
§ BeneSys does not collect
any of this data related to financial accounts.
·
Genetic data
§ BeneSys does not collect
any genetic data
·
Government-issued numbers (such as a social security number or a
number on a passport, or driver’s license number).
§ Yes, BeneSys does
collect driver’s license numbers and passport numbers in certain circumstances.
BeneSys also collects SSNs via employer contribution files (BeneSys’ internal
systems utilize alternate IDs in place of SSNs for use in any data transfers).
·
Health Data
§ BeneSys does not collect
any health data.
·
Philosophical or religious beliefs
§ BeneSys does not collect
any information related to philosophical beliefs.
·
Precise geolocation
§ BeneSys does not collect
any data related to precise geolocation.
·
Racial or ethnic origin
§ BeneSys does not collect
any data or information related to racial or ethnic origin
·
Union membership
§ BeneSys does collect
information about union membership. We keep this data for as long as it’s
needed to provide Services to you, or as may be required under applicable law,
and will decide to dispose of this data when it is no longer needed to achieve
our business-related purposes.
Please note that any
information that is already publicly available shall not be considered SPI or
personal information.
With regard to any of the
data from the above-listed categories which BeneSys does collect, BeneSys
utilizes the data in furtherance of providing Services to you, and will keep
the data for as long as it’s needed to provide Services to you, or as may be
required under applicable law, and we will decide to dispose of this data when
it is no longer needed to achieve our business-related purposes.
Our use and disclosure
of your SPI is limited to those uses which are necessary to perform the
Services reasonably expected by an average consumer who requests such Services,
including the following Services:
·
to ensure security and integrity to the extent the use of your
personal information is reasonably necessary and proportionate for security and
integrity
·
To debug to identify and repair errors that impair existing
intended functionality
·
To perform services on behalf of the business, including
maintaining or servicing accounts, providing customer service, processing or
fulfilling orders and transactions, verifying customer information, processing
payments, providing financing, providing analytic services, providing storage,
or providing similar services on behalf of the business or
·
Undertaking activities to verify or maintain the quality or
safety of a service or device that is owned, manufactured for, or controlled by
BeneSys Inc., and to improve, upgrade, or enhance the service or device that is
owned, manufactured for or controlled by BeneSys Inc.
BeneSys only uses SPI to
provide the Services. As such, the use of your SPI is already limited to
uses in furtherance of the provision of our Services to you, as we do not use
it for other non-Services related purposes. As such, since use of your
SPI is already limited to the provision of the Services to you and not used for
any other purpose, your right to limit the use of your SPI to the provision of
Services is already attained and exercised.
7. Right Against Automated Decision Making
Automated decision-making
takes place when an electronic system uses personal data to make a decision
without human intervention. You will not be subject to decisions that will have
a significant impact on you based solely on automated decision-making, unless
we have a lawful basis for doing so and we have notified you. We do not foresee
that any decisions will be taken about you using automated means, however we
will notify you if this position changes.
Authorized Agents
You may authorize a natural person or a business entity
registered with the California Secretary of State to act on your behalf to make
a request to know or to delete your personal information.
To do so, you must (i)
verify your identity to BeneSys Inc. and provide that authorized agent written
permission to make such a request or (ii) provide the authorized agent with
power of attorney pursuant to the California Probate Code sections 4000 to
4465.
The authorized agent
must include those authorizations in the verifiable consumer request.
Security Procedures
BeneSys Inc. shall implement reasonable security procedures and
practices appropriate to the nature of the personal information collected about
a consumer to protect the personal information from unauthorized or illegal
access, destruction, use, modification, or disclosure.
Timeframe for Disclosure
If a consumer requests disclosure of required information, a
consumer’s right to request required information beyond a 12-month period, and
a business’s obligation to provide such information, shall only apply to
personal information collected on or after January 1, 2022.
Children 16 and Under
We do not knowingly collect, solicit, or share personal
information from children under the age of 16. If we have knowledge that a
child under 16 has submitted personal information in violation of this Policy,
we will delete that information as soon as possible. If you believe we may have
obtained information in violation of this Policy, please email us at the
following address: corporate.compliance@benesys.com, or call at the following
toll-free number: (888) 659 – 8789.
Questions About The CPRA?
If you have questions or
concerns regarding this statement, you should first contact us via email at
corporate.compliance@benesys.com.
Changes to this Privacy Policy
We reserve the right to
amend this Privacy Notice at our discretion and at any time. When we make
changes to this privacy notice, we will post the updated notice on the Website
and update the notice’s effective date. Your continued use of our website following
the posting of changes constitutes your acceptance of such changes. If we are
required by applicable data protection laws to obtain your consent to any
material changes before they come into effect, then we will do so in accordance
with law.
California Shine the Light Law
If you are a California resident and have an established
business relationship with us and want to receive information about how to
exercise your third party disclosure choices, you must send a request to the
following address with a preference on how our response to your request should
be sent (email or postal mail). You may contact us in two ways. Send an
email to corporate.compliance@benesys.com
Alternatively, you may
contact us at:
BeneSys, Inc.
700 Tower Drive, Suite 300
Troy, MI 48098
Attn: Your California Privacy Rights
c/o Privacy Officer
For requests sent via
email, you must put the statement “Your California Privacy Rights” in the subject
field of your email. All requests sent via postal mail must be labeled
“Your California Privacy Rights” on the envelope or post card and clearly
stated on the actual request. For all requests, please include your name,
street address, city, state, and zip code. (Your street address is
optional if you wish to receive a response to your request via email. Please
include your zip code for our own recordkeeping.) We will not accept requests
via the telephone or by facsimile. We are not responsible for responding
to notices that are not labeled or not sent properly, or do not have complete
information.
If you are a California
resident under the age of 18, and a registered user of any site where this
policy is posted, California Business and Professions Code Section 22581
permits you request and obtain removal of content or information you have
publicly posted. To make such a request, please send an email with a detailed
description of the specific content or information to the following address:
corporate.compliance@benesys.com. Please be aware that such a request does not
ensure complete or comprehensive removal of the content or information you have
posted and that there may be circumstances in which the law does not require or
allow removal even if requested.
Questions?
If you have questions or concerns regarding this statement, you
should first contact us via email at the following address: corporate.compliance@benesys.com.