INTRODUCTION

This Privacy Policy is applicable to BeneSys, Inc. and all of its subsidiaries (“Company”, “BeneSys”, “we,” “our,” or “us”) as related to the services we offer when you visit to our Website (as defined below) or when you otherwise utilize our products and services (the “Services”), which collectively include:

  • the use of benesys.com; beaconspyglass.com; benefitdriven.com; www.bpalja.com; memberbenefitsonline.com; yourtrustoffice.net; ourbenefitoffice.com; or any other BeneSys owned URL (individually and collectively, the “Website” or “Site”).
  • the use of mobile applications made available by us.
  • the use of our products and services.

This Privacy Policy sets out the essential details relating to your personal data relationships with BeneSys as:

  • A website visitor
  • An end user of one of our applications (“end user”)
  • A prospective client
  • Partners
  • Trustee
  • Providers
  • Health Plans

BENESYS NOTICE OF PRIVACY PRACTICES

BeneSys is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. This Notice of Privacy Practices governs data collection and usage. By using the websites and mobile applications provided by BeneSys, you consent to the practices described in this Statement.

The websites, mobile applications and services provided by BeneSys are intended for use by participants in its client trust funds, located in the United States and Canada and are not intended for use by individuals located elsewhere, including in the European Union or United Kingdom. By providing personal information on BeneSys’s websites and mobile applications, you are agreeing to the transfer, storage and processing of information in the United States.

PERSONAL INFORMATION WE COLLECT

Information You Choose to Provide to Us

WHEN

We may ask you to provide personal information when:

  • You use the Website to download materials and forms
  • You connect with us directly via phone calls or chat
  • We or Client Account Administrators grant you access to the application
  • You or Client Account Administrators upload or enter personal information into the application
  • You or your employer contract or pay for our services

WHAT

Within the last 12 months, we collected personal information that may include, but is not limited to, first and last name, email address, address, date of birth, social security number, phone number and/or company name.

As an end user of an application, we collect your name, email address, and any comments you make in the specific application.

In addition, we may collect data uploaded by you, your employer, or other users of the application that may be required to use BeneSys’ services. We expect all users to follow their organization’s privacy policy and any applicable regulatory requirements when uploading, accessing, and using personal information into our application.

The data uploaded may include personal information such as, by way of example, and not limitation:

  • Employee names, email addresses, and contractual agreements
  • Vendor names, email addresses, contractual agreements or other personal data necessary for BeneSys services
  • Customer names and email addresses used to provide services within BeneSys’ platform Personal Identity Information (PII) and/or Protected Health Information (PHI)
  • Financial data such as contributions, pensions, claim payments, and other account activities
  • Job Applicant data; As a job applicant, we may also collect your resume and cover letter.

Information We Collect Automatically

WHEN

We collect information about your visits to the website and the application when you visit any of our web pages through logging and analytics technology.

WHAT

The information collected includes:

  • access times
  • the pages you view the links you click on
  • the search terms you enter
  • actions you take in connection with any of the visited pages
  • your device information such as IP address, location, browser type and language
  • the Uniform Resource Locator (URL) of the website that referred you to our website
  • the URL that you browse away from our pages if you click on an external link
  • We may also collect information when you open email messages from us, or click on links within those email messages.

HOW WE USE PERSONAL INFORMATION

We use your personal information to:

  • Deliver the contracted Services and allow full use of the application functionality as purchased by the clients.
  • Deliver training and support to our application end users and/or carry out the transactions you have requested.
  • To communicate with you directly through emails, calls, chats, video conferencing.
  • Send communications to you about:
    • New application features
    • Upgrades to our Services
    • Product notices and changes to our terms and policies.
    • Particular programs in which you have chosen to participate.
    • Promotional offers and surveys.
  • Analyze user clicks and usage of the application and website to improve user experience and maximize usage of our services.
  • Manage our Website and applications to maintain and deliver the contracted functionality and services.
  • Enforce our Website and application terms and/or separate contracts (if applicable) with you.
  • Prevent fraud and other prohibited or illegal activities
  • Protect the security or integrity of the website, application, our business or
  • To engage with third parties in connection with services these individuals or entities perform for or with us.
    • These third parties are restricted from using this data in any way other than to provide services for us or for the collaboration in which they and BeneSys are contractually engaged (e.g. hosting a BeneSys database).
  • To assist in business transfers.
    • As we continue to develop our business, we may buy, merge, or partner with other companies. In such transactions (including in contemplation of such transactions) user information may be among the transferred assets. If a portion or all of BeneSys’s assets are sold or transferred to a third party, customer personal data would likely be one of the transferred business assets. If such transfer is subject to additional mandatory restrictions under applicable laws, we will comply with such restrictions.
  • Or otherwise, as disclosed to you at the point of collection or as required or permitted by law.

Please note that sometimes we may record the video conferencing call in which you participate to analyze and improve our staff’s communication skills. If we do so, we will be announcing it at the beginning of the conference call.

We will not use your personal data, however, to send commercial or marketing messages to you unless we have a legal basis for doing so, such as your consent or a contract with us for which, in either case, you will have the ability to opt out of by sending an email to corporate.compliance@benesys.com.

This site does not collect personal data when you browse the site and request pages from our servers unless you voluntarily and knowingly provide such information to us.  This means that we will not know your name, your email address, or any other personal data just because you browse the site unless you:

  • access the site from a link in an email that we have sent to you;
  • have created a profile and you either log-in to your account or choose to be remembered via your cookie or your web-enabled mobile device.

In these cases, we will know who you are based on the information you previously supplied to us.  When you request a page from our Site, our servers log the information provided in the HTTP or HTTPS request header including the IP number, the time of the request, the URL of your request and other information that is provided in the HTTP header.  We collect the HTTP request header information in order to make our Site functions correctly and provides you with the functionality that you expect to see.  We also use this information to personalize content presented to you, better understand how visitors use our Site and how we can better tune it, its contents, and functionality to meet your needs.  We only use your personally identifiable information for those activities listed at the time you submit your information to us.  For example, if you provide us with an email to inform you of special events, then that is what we will use your email address to do.  If we would like to use your personally identifiable information for an unrelated activity, we will first request your consent to do so.

We do not sell your information to any third-party.

HOW WE SHARE PERSONAL INFORMATION

Our Application and Services

If you are an end-user of our application, your personal information may be viewed by BeneSys personnel with access to the application.

Legal Disclosures

At times, it may be possible that we may need to disclose personal information when required by law, subpoena or other legal processes as identified in the applicable legislation.

We attempt to notify our clients about legal demands for their personal data when appropriate in our judgment unless prohibited by law or court order or when the request is an emergency. 

Change in Control

We can also share your personal data as part of a sale, merger, change in control of BeneSys or in preparation for any of these events.

Any other entity which buys BeneSys or part of our business will have the right to continue to use your data, but only in the manner set out in this Privacy Policy unless you agree otherwise.

Who Can Use the Information We Collect and How

We may provide your personal data to third parties, or third parties may collect personal data from you on our behalf but only if we have contracted with that third party to provide some part of the information or service that you have requested.  Other than those that act on our behalf and except as explained in this Policy, personal data you provide to use will not be transferred to unrelated third parties, unless we have a legal basis to do so. However, please note that personal data provided to us is subject to disclosure pursuant to judicial or other government subpoenas, warrants, or orders, or other legal obligations. We will only provide this information after following a receipt of a valid subpoena or other legal process in a civil case.

HOW WE SECURE PERSONAL INFORMATION

We are committed to protecting the security of all of the personal information we collect and use.

We use a variety of physical, administrative, and technical safeguards designed to help protect it from unauthorized access, use and disclosure. We take our security obligations seriously. While we are responsible for maintaining the security of our website and applications, you must also access and use our website and applications in a manner that is responsible and secure.

We have implemented best-practice standards and controls in compliance with internationally recognized security frameworks. We use encryption technologies to protect data at rest and in transit. We review our strategies and update as necessary to meet our business needs, changes in technology, and regulatory requirements. In addition, we have implemented a series of policies, procedures, and training to address data protection, confidentiality, and security, and we update and review the appropriateness of these measures on a regular basis.

Disclosure of Sale of Personal Data

In the preceding twelve (12) months, BeneSys has not sold personal information.

Storage and Transfer of Personal Data

The personal data we collect may be stored and processed in your region, in the United States or in any other country where we, our affiliates, or contractors maintain facilities. We take steps to ensure that the data we collect under this Privacy Policy is processed pursuant to the terms thereof and the requirements of applicable law wherever the data is located.

We also collaborate with third parties such as cloud hosting services and suppliers located around the world to serve the needs of our business, workforce, and customers. In some cases, we may need to disclose or transfer your personal data within BeneSys or to third parties in areas outside of your home country. When we do so, we take steps to ensure that personal data is processed, secured, and transferred according to applicable law.

If you would like to know more about our data transfer practices, please contact corporate.compliance@benesys.com.

YOUR RIGHTS

If required by law, upon request, BeneSys will grant you reasonable access to the personal information that it maintains about you. You may request access to your personal information by contacting us at corporate.compliance@benesys.com.

We respect your right to access and control your personal data. You have choices about the data we collect. When you are asked to provide personal data that is necessary for the purposes of providing you with our Products and Services, you may decline. However, if you choose not to provide data that is necessary to provide a Service, you may not have access to certain features, Sites, or Services.

Access to personal data: In some jurisdictions, you have the right to request access to your personal data. In these cases, we will comply, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data. We may also charge you a fee for providing you with a copy of your data (except where this is not permissible under local law).

Correction and deletion: In some jurisdictions, you have the right to correct or amend your personal data if it is inaccurate or requires updating. You may also have the right to request deletion of your personal data. Please note that such a request could be refused because your personal data is required to provide you with the products or services you requested, e.g. to deliver a product or send an invoice to your email address, or that it is required by the applicable law.

Portability: If you reside within the European Union, you have the right to ask for a copy of your personal data and/or ask for it to be ported to another provider of your choice. Please note that such a request could be limited to the only personal data you provided us with or that we hold at that given time and subject to any relevant legal requirements and exemptions, including identity verification procedures.

E-mail communications you receive from us will generally provide an unsubscribe link allowing you to opt-out of receiving future email or to change your contact preferences. E-mail communications may also include a link to directly update and manage your marketing preferences.  Please remember that even if you opt out of receiving marketing emails, we may still send you important Service information related to your accounts.

How Do you Correct and Update Your Personal Data

We aim to keep all personal data that we hold accurate, complete and up-to-date. While we will use our best efforts to do so, we encourage you to tell us if you change your contact details. If you believe that the information we hold about you is incorrect, incomplete or out-of-date, please contact corporate.compliance@benesys.com.

You can change or correct your personal data at any time.  Just send an email with your old information and your corrections to corporate.compliance@benesys.com with “Correction” in the subject line.

The Privacy of Minors

We understand the importance of protecting the privacy of all individuals, especially the very young.  Our services are intended for United States audiences over the age of 18.  Our Site and its Services are not directed to children. Subscribing to our Services is restricted to adults who are either 18 years of age or older or as otherwise legally defined by the country of your residency. You must be old enough to consent to the processing of your personal data in your country to use our Services.

HOW LONG WE KEEP YOUR PERSONAL INFORMATION

We retain information as long as it is necessary to provide the Services to you and our clients, subject to any legal obligations to further retain such information.

We may also retain information to comply with applicable law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, enforce our Terms of Service and take other actions permitted by law.

The information we retain will be handled in accordance with this Privacy Policy.

Information connected to you that is no longer necessary and relevant to provide our services may be de- identified or aggregated with other non-personal data. This information may provide insights that are valuable to BeneSys, such as statistics of the use of the services.

As stated above, we will retain your Personal Information for as long as you are a client, the performance of our Services requires, and as long as our ethical obligations require.

OTHER IMPORTANT INFORMATION

We will only collect and process your personal data where we have a lawful reason for its collection.

When you visit our website and provide us with your personal information, we collect and use it with your consent.

What Happens When You Link to a Third-Party Website?

If you click a link and go to another site, you will be subject to that website’s privacy policy. We encourage you to read the posted privacy policy statement at any website before submitting any personal data at all.

What Happens When We Update Our Privacy Policy?

We may update our Privacy Policy at any time and from time to time. Your acceptance of any minor changes to this Privacy Policy is indicated by your continued use of our Services. If we make any material changes to our Privacy Policy, we will post a notice about the change at a prominent location on our Site. We encourage you to periodically review our Site and this Privacy Policy for any changes.

What Happens if We Sell Our Business?

While we do not anticipate it, every business should plan for the possibility that it might sell some or all of its assets to another company or individual, or that it might buy certain assets of another company or individual.  If all or part of the company is sold, merged or otherwise transferred to another entity, the personal information you have provided to us may be transferred as part of that transaction.  However, we will take steps to ensure that your personal information is used in a manner consistent with the provisions of our Policy.

CONTACT INFORMATION

You may contact us to exercise any of your rights or ask for more information about your personal information and our privacy practices by contacting us at corporate.compliance@benesys.com.

FOR INDIVIDUALS BASED IN CALIFORNIA and Other Certain States

This Privacy Notice (“Notice”) provides additional specific information for “Consumers” as defined in the California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act (“CPRA”). This Notice is a supplement to other privacy policies or notices issued by BeneSys, Inc. or its subsidiaries (collectively “Company”, “We”, “Us”, or “Our”). In the event of a conflict between any other BeneSys policy, statement, or notice and this Notice, this Notice will prevail as to California Consumers and their rights under the CCPA and CPRA.

In accordance with the CCPA’s and CPRA’s requirements, this Notice describes our collection, use, disclosure of California Consumers’ “Personal Information” or “PI” as defined by the CCPA and CPRA, as well as the rights California Consumers have under the CCPA and CPRA. Terms defined in the CCPA and CPRA that are used in this Notice have the same meanings as the CCPA and CPRA.

The following rights are also available to residents of the following states:

  • The Right to Opt Out of Certain Processing: Colorado, Connecticut, Virginia
  • The Right to Opt In for Sensitive Data Processing: Colorado, Connecticut, Virginia
  • The Right Against Automated Decision Making: Colorado, Connecticut, Virginia

Disclosure of Personal Information, No Sale:

BeneSys has not sold Personal Information (as defined or as contemplated by the CCPA or CPRA) in the preceding twelve (12) months. As defined and contemplated by the CCPA and CPRA, BeneSys does not sell Personal Information of minors under the age of sixteen (16).

California Consumer Privacy Rights

As a California Consumer, you have the following rights:

  • Right to Disclosure: California Consumers have a right to request information from us regarding the Personal Information we collect and disclose for business purposes about you, the consumer.
  • Right to Deletion: In certain circumstances, you have the right to request we delete Personal Information we collected from you.
  • Right to Non-Discrimination: BeneSys will not discriminate against California Consumers for exercising their rights under the CCPA or CPRA.
  • The Right to Opt-Out of the Sharing of Your Personal Information
  • The Right to Correct Inaccurate Personal Information
  • The Right to Limit Use and Disclosure of Sensitive Personal Information
  • The Right Against Automated Decision Making

Collection and Use of Personal Information

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”).

The following is a description of our data collection practices, including the personal data we may collect, the source of that information, the purposes for which we collect information (in addition to as otherwise set forth herein), and whether we disclose that information to external parties. We may use any and all of the information for any purposes described in this Privacy Notice. We may not collect additional categories of personal information or use personal information collected for additional purposes that are incompatible with the disclosed purposes for which the personal information was collected, without providing consumers with notice.

Our collection, use, retention, and sharing of a consumer’s personal information shall be necessary and proportionate to achieve the purposes for which such information is collected or processed, or for another disclosed purpose that is compatible with the context in which the personal information was collected, and not further processed in a manner that is incompatible with those purposes.

We may not retain a consumer’s personal information or sensitive personal information for each disclosed purpose for which the personal information was collected for longer than is reasonably necessary for that disclosed purpose.

We collect personal information directly from you, from your browser or device when you visit our websites, from third parties that you permit to share your information or from third parties that share public information about you, as stated above.

See the section above, “How We Use Personal Information,” to understand how we use the personal information collected from California consumers.

Below is a list of categories of personal information and a discussion as to whether we have collected any such information within the past twelve (12) months:

PERSONAL IDENTIFIERS

  • We collect your name, address, email address, zip code, telephone number, date of birth, phone number, and other similar personal identifiers when you create an account with us or it is provided to us. We use this information to provide our Services, as well as to respond to your requests.
  • We collect your IP address automatically when you use our Services. We use this information to identify you, gauge online activity, and measure the effectiveness of online services, applications, and tools.
  • We collect your Device ID automatically when you use our Services. We use this information to monitor your use and in furtherance of providing our Services to you.
  • Other personal information, such as personal information you provide to us in relation to a survey, comment, question, request, article download or inquiry and any other information you upload to our application.

CUSTOMER RECORDS INFORMATION AND PERSONAL DATA PROTECTED AGAINST SECURITY BREACHES (CAL. CIV. CODE § 1798.80(E))

  • We collect your name, phone number, username, password, company name, job title, business email address, and department when you create an account with us or provided to us. We use this information to provide our Services and to respond to your requests.
  • We may collect your Social Security Number to provide you with the Services.
  • We may collect banking information in order to provide the Services.
  • We collect life or health insurance or other financial services information directly from you or from records provided to us. We may use this information to provide you with the Services.

PROTECTED CLASSIFIED INFORMATION

  • We collect information about your age and date of birth when you create an account with us or when your information is provided to us. We use this information to provide you with the Services.

COMMERCIAL INFORMATION

  • When you engage with us, we create records of your interactions with us and the Services provided. We use this information to measure the effectiveness of our Services and use this information to better calibrate our assessment tool.

BIOMETRIC INFORMATION

  • We do not collect any biometric information about you.

INTERNET OR OTHER SIMILAR NETWORK ACTIVITY

  • We collect information regarding your interaction with our Website. This includes device(s) used to access the services and information regarding your interaction with our Website or Services and other usage data.

GEOLOCATION

  • As described above, we collect your IP address automatically when you use our Site. We can determine your general location based on the IP address, but not your precise geolocation.  BeneSys does not collect data related to your precise geolocation.

AUDIO/VIDEO DATA

  • If you contact us via phone, we may record the call. We will notify you if a call is being recorded at the beginning of the call. We may collect sensory information, the content, audio and video recordings of conference calls between you and us that we record where permitted by you and/or the law. We do not collect thermal, olfactory, or similar information.

PROFESSIONAL OR EMPLOYMENT RELATED INFORMATION

  • We collect business information, including your name, company, and job title, and business contact details from you. We use this information to reach out to you in furtherance of the provision of our Services.

EDUCATION INFORMATION

  • We do not collect any information about the institutions you have attended.

Sharing your Data and the Recipients of your Personal Information

We share personal information with third parties for business purposes. The categories of third parties to whom we disclose your personal information may include: (i) our service providers and advisors, (ii) strategic partners; and (iii) analytics providers.

When we disclose personal information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except in performance of the contract.  The CCPA and CPRA prohibit third parties who receive the personal information we hold from selling it unless you have received explicit notice and an opportunity to opt-out of such downstream sales.

Either we or our Service Providers may use your information for the following Business Purposes (as defined in the CCPA and CPRA) on a day-to-day basis:

  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • Debugging to identify and repair errors that impair existing intended functionality.
  • Short-term, transient use, provided that the personal information is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction.
  • Performing services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.
  • Undertaking internal research for technological development and demonstration.
  • Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.

Do We Sell or Share Your Personal Information?

As mentioned above, we do not sell your personal information as currently defined under the CCPA and as amended by the CPRA, meaning that we do not rent, disclose, release, transfer, make available or otherwise communicate your personal information to a third party for monetary or other consideration. We will not sell your information unless we modify this Privacy Policy and take the additional steps required under the CCPA.

While we do not sell Personal Information for monetary value, we may share it with a third party or disclose it to a service provider or contractor in furtherance of a business purpose.  In accordance with the CPRA, you have the right to opt-out of BeneSys sharing or otherwise disclosing your personal data. If you choose to opt-out of BeneSys sharing your data, you can do so by emailing us at: corporate.compliance@benesys.com.

If we do share your Personal Information with a third party, BeneSys shall enter into an agreement with such third party, service provider, or contractor that: (1) specifies that the personal information is disclosed by BeneSys only for limited and specified purposes; (2) obligates the third party, service provider, or contractor to comply with applicable obligations under the CPRA and obligate those persons to provide the same level of privacy protection as required by the CPRA; (3) grants BeneSys rights to take reasonable and appropriate steps to help ensure that the third party, service provider, or contractor uses the personal information transferred in a manner consistent with BeneSys’s obligations under the CPRA; (4) requires the third party, service provider, or contractor to notify us if it makes a determination that it can no longer meet its obligations under the CPRA; and (5) grants BeneSys the right, upon notice, including under (4), to take reasonable and appropriate steps to stop and remediate unauthorized use of Personal Information.

Under the right to delete provisions of the CPRA, BeneSys will enter into an agreement with a third party that (1) the service provider or contractor shall cooperate with the Company in responding to a verifiable consumer request; and (2) that at the direction of BeneSys, shall delete, or enable BeneSys to delete, and shall notify any of its own service providers or contractors to delete, personal information about the consumer collected, used, processed, or retained by the service provider or the contractor.

Additionally, the service provider or contractor shall notify any service providers, contractors, or third parties who may have accessed personal information (requested for deletion) from or through the service provider or contractor, unless the information was accessed at the direction of BeneSys, to delete the consumer’s personal information, unless doing so proves impossible.  A service provider or contractor shall not be required to comply with a deletion request submitted by the consumer directly to the service provider or contractor to the extent that the service provider or contractor has collected, used, processed, or retained the consumer’s personal information in its role as service provider or contractor to BeneSys.

How Long Do We Keep Your Data?

For each of the categories of personal data and for the sensitive personal data, below please find information regarding how long we keep such data or how we will decide to dispose of such data.

  • Personal Identifiers:
    • We collect this data as provided by you to us, and we utilize this data in furtherance of providing Services to you. We keep this data for as long as it’s needed to provide Services to you, or as may be required under applicable law and will decide to dispose of this data when it is no longer needed to achieve our business-related purposes.
  • Customer Records Information:
    • We collect this data when you create an account with us and use it to provide Services to you. We keep this data for as long as it’s needed to provide Services to you, or as may be required under applicable law and will decide to dispose of this data when it is no longer needed to achieve our business-related purposes.
  • Protected Classified Information Under California Law:
    • We collect information about you, including your age and date of birth, when you create an account with us or if you provide this information to us. We keep this data for as long as it’s needed to provide Services to you, or as may be required under applicable law and will decide to dispose of this data when it is no longer needed to achieve our business-related purposes
  • Commercial information:
    • When you create an account or otherwise engage with us via our Website or app, we create records of your interactions with us and the Services provided. We utilize this information to measure the effectiveness of our Services. We keep the data for as long as it’s needed to provide Services to you, or as may be required under applicable law, and will decide to dispose of this data when it is no longer needed to achieve our business-related purposes.
  • Biometric Information:
    • BeneSys does not collect any biometric data.
  • Internet and other electronic network activity:
    • We collect information regarding your interaction with our Website. This includes device(s) used to access the Website and information regarding your interaction with our Website or in the provision of our Services to you. We keep this data for as long as it’s needed to provide Services to you, or as may be required under applicable law, and will decide to dispose of this data when it is no longer needed to achieve our business-related purposes.
  • Geolocation Data:
    • As described above, we collect your IP address automatically when you use our Site. We can determine your general location based on the IP address, but we do not and cannot determine your precise geolocation. We keep this data until we determined that it is no longer needed to achieve our business-related purposes, or as may be required under applicable law, and will decide to dispose of this data when it is no longer needed to achieve our business-related purposes.
  • Audio, electronic, visual, thermal, olfactory, or similar information:
    • If you contact us via phone, we may record the call. We will notify you if a call is being recorded at the beginning of such call.  We may collect the content, audio, and video recordings of conference calls between you and us that we record where permitted by you and/or by law.  We keep this data for as long as it’s needed to provide Services to you, or as may be required under applicable law, and will decide to dispose of this data when it is no longer needed to achieve our business-related purposes.  We do not collect thermal, olfactory, or other similar information.
  • Professional or employment-related information:
    • We collect business information, including your name, company, job title, and business contact details from you which you provide to us. We use this information in furtherance of our Services.  We keep this data for as long as it’s needed to provide Services to you, or as may be required under applicable law, and will decide to dispose of this data when it is no longer needed to achieve our business-related purposes.

Do We Use your Data for Automated Decision Making?

            We do not use your data for automated decision making (i.e. data profiling) purposes.

How to Exercise Your Rights Under the CCPA/CPRA

Under the CCPA and CPRA you have the right to find out about the personal information that we have collected and how that information has been used or disclosed. You also have the right to request that we delete or correct your personal information (and/or opt-out of the sale or sharing of your personal information).

If you wish to exercise any of these opt-out rights, or if you would like additional information, please contact us at the following email address: corporate.compliance@benesys.com, or call us at the following toll-free number: (888) 659-8789.

  1. The Right to Access and Know About Personal Information Collected, Disclosed, or Shared

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties to whom we disclose that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we disclosed your personal information for a business purpose, identifying the personal information categories that each category of recipient obtained.

For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

  1. The Right to Request Deletion of Your Personal Information by BeneSys and Third Parties

Subject to certain exceptions, you have the right to request that we delete any of all of your personal information that we collected from you and retained over the past twelve (12) months. Please bear in mind that deletion of your personal information may not allow BeneSys to continue to provide the Services to you.  Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers or contractors to delete) your personal information from our records, unless an exception applies. Additionally, upon receiving a verifiable consumer request, we will notify all third parties to whom BeneSys has shared such personal information to delete the consumer’s personal information, unless doing so is proven to be impossible or involves disproportionate effort.  You may request that only a portion of your information be deleted.

We may deny all or part of your deletion request if retaining the information is necessary for us or our service providers to:

  • Complete the transaction for which we collected the personal information, provide a service that you requested, take actions reasonably anticipated based on our ongoing business relationship with you, or otherwise perform our agreement with you
  • Help to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes.
  • Debug products to identify and repair errors that impair existing intended functionality
  • Exercise free speech or ensure the right of another consumer to exercise their right of free speech or other right provided for by law
  • Engage in public or peer reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when the business’s deletion of the information is likely to render impossible or seriously impair the ability to complete such research, if the consumer has provided informed consent
  • To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business and compatible with the context in which the consumer provided the information
  • Comply with a law or a legal obligation

BeneSys may maintain a confidential record of deletion requests solely for the purpose of preventing the personal information of a consumer who has submitted a deletion request from being sold, for compliance with other laws, or for other purposes solely to the extent permissible under the CPRA.

  1. The Right to Opt-Out of the Sharing of Your Personal Information

“DO NOT SELL OR SHARE MY INFORMATION”

The CCPA and CPRA provide you with the right to opt out and stop businesses from selling or sharing your personal information.  This right applies to all California consumers ages 16 or older and may be exercised at any time.

The right to opt out of sharing personal information includes sharing with a third party even when there is no exchange of consideration between the parties. This can include the right to opt out of BeneSys using technologies like cookies and pixels to track you across other websites, apps, or services that then share that information with ad networks to deliver targeted advertisements to you.

If you are 16 years of age or older, you have the right to direct us to not share your personal information at any time (the “right to opt-out”). Our websites and products are not intended for minors. We do not sell or share the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization to sell or share (the “right to opt-in”) from either the consumer who is at least 13 but not yet 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sharing may opt-out of future sharing at any time.

How to exercise this right:

  • By contacting BeneSys at the toll-free number: (888) 659 – 8789; or
  • By sending an email to the following address: corporate.compliance@benesys.com, providing specific details of your request

Do Not Track.  We do not track our customers over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals.

  1. The Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA or CPRA rights, and will not engage in the following behaviors:

  • Denying you goods or services
  • Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties
  • Providing you a different level or quality of goods or services
  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services
  • Retaliating against an employee, applicant for employment, or independent contractor as defined under the CPRA, for exercising their rights under the CPRA.

When you exercise these rights and submit a request to us, we will verify your identity by asking for information about your relationship with BeneSys such as an email address on file or other methods of verification as allowed under the CCPA and CPRA.

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

  1. The Right to Correct Inaccurate Personal Information

You shall have the right to request that we correct any inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information. If BeneSys collects your personal information we shall disclose, pursuant to the CPRA, section 1798.130, your right to request correction of inaccurate personal information, which you may do by contacting us at the following email address: corporate.compliance@benesys.com. Or by calling us at the following toll-free number: (888) 659-8789.

If BeneSys receives a verifiable consumer request to correct inaccurate personal information, we shall use commercially reasonable efforts to correct the inaccurate personal information, as directed by you pursuant to your rights under the CPRA. We shall also ask any third parties and service providers to whom information has been shared with to correct or delete your personal information upon your request.

  1. The Right to Limit Use and Disclosure of Sensitive Personal Information

For purposes of the CPRA, sensitive personal information (“SPI”) includes the following personal information:

  • Any communications that you have with a third-party.
    • BeneSys does not collect any data related to communications you have with a third-party
  • Biometric data processed to identify an individual
    • BeneSys does not collect any biometric data
  • Data about sexual orientation or sex life
    • BeneSys does not collect any information regarding sexual orientation or sex life.
  • Financial account details in a combination (e.g. card number and password) that gives or provides access to an account.
    • BeneSys does not collect any of this data related to financial accounts.
  • Genetic data
    • BeneSys does not collect any genetic data
  • Government-issued numbers (such as a social security number or a number on a passport, or driver’s license number).
    • Yes, BeneSys does collect driver’s license numbers and passport numbers in certain circumstances. BeneSys also collects SSNs via employer contribution files (BeneSys’s internal systems utilize alternate IDs in place of SSNs for use in any data transfers).
  • Health Data
    • By the end of 2024, BeneSys will collect health data.
  • Philosophical or religious beliefs
    • BeneSys does not collect any information related to philosophical beliefs.
  • Precise geolocation
    • BeneSys does not collect any data related to precise geolocation.
  • Racial or ethnic origin
    • BeneSys does not collect any data or information related to racial or ethnic origin
  • Union membership
    • BeneSys does collect information about union membership. We keep this data for as long as it’s needed to provide Services to you, or as may be required under applicable law, and will decide to dispose of this data when it is no longer needed to achieve our business-related purposes.

Please note that any information that is already publicly available shall not be considered SPI or personal information.

With regard to any of the data from the above-listed categories which BeneSys does collect, BeneSys utilizes the data in furtherance of providing Services to you, and will keep the data for as long as it’s needed to provide Services to you, or as may be required under applicable law, and we will decide to dispose of this data when it is no longer needed to achieve our business-related purposes.

Our use and disclosure of your SPI is limited to those uses which are necessary to perform the Services reasonably expected by an average consumer who requests such Services, including the following Services:

  • to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for security and integrity
  • To debug to identify and repair errors that impair existing intended functionality
  • To perform services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business or
  • Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured for, or controlled by BeneSys and to improve, upgrade, or enhance the service or device that is owned, manufactured for or controlled by BeneSys

BeneSys only uses SPI to provide the Services.  As such, the use of your SPI is already limited to uses in furtherance of the provision of our Services to you, as we do not use it for other non-Services related purposes.  As such, since use of your SPI is already limited to the provision of the Services to you and not used for any other purpose, your right to limit the use of your SPI to the provision of Services is already attained and exercised.

  1. Right Against Automated Decision Making

Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you. We do not foresee that any decisions will be taken about you using automated means, however we will notify you if this position changes.

Authorized Agents

You may authorize a natural person or a business entity registered with the California Secretary of State to act on your behalf to make a request to know or to delete your personal information.

To do so, you must (i) verify your identity to BeneSys and provide that authorized agent written permission to make such a request or (ii) provide the authorized agent with power of attorney pursuant to the California Probate Code sections 4000 to 4465.

The authorized agent must include those authorizations in the verifiable consumer request.

Security Procedures

BeneSys shall implement reasonable security procedures and practices appropriate to the nature of the personal information collected about a consumer to protect the personal information from unauthorized or illegal access, destruction, use, modification, or disclosure.

Timeframe for Disclosure

If a consumer requests disclosure of required information, a consumer’s right to request required information beyond a 12-month period, and a business’s obligation to provide such information, shall only apply to personal information collected on or after January 1, 2022.

Children 16 and Under

We do not knowingly collect, solicit, or share personal information from children under the age of 16. If we have knowledge that a child under 16 has submitted personal information in violation of this Policy, we will delete that information as soon as possible. If you believe we may have obtained information in violation of this Policy, please email us at the following address: corporate.compliance@benesys.com, or call at the following toll-free number: (888) 659 – 8789.

Questions About The CPRA?

If you have questions or concerns regarding this statement, you should first contact us via email at corporate.compliance@benesys.com.

Changes to this Privacy Policy

We reserve the right to amend this Privacy Notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes. If we are required by applicable data protection laws to obtain your consent to any material changes before they come into effect, then we will do so in accordance with law.

California Shine the Light Law

If you are a California resident and have an established business relationship with us and want to receive information about how to exercise your third party disclosure choices, you must send a request to the following address with a preference on how our response to your request should be sent (email or postal mail).  You may contact us in two ways. Send an email to corporate.compliance@benesys.com

Alternatively, you may contact us at:
BeneSys, Inc.
700 Tower Drive, Suite 300
Troy, MI 48098
Attn:   Your California Privacy Rights
c/o Privacy Administrator

For requests sent via email, you must put the statement “Your California Privacy Rights” in the subject field of your email.  All requests sent via postal mail must be labeled “Your California Privacy Rights” on the envelope or post card and clearly stated on the actual request.  For all requests, please include your name, street address, city, state, and zip code.  (Your street address is optional if you wish to receive a response to your request via email. Please include your zip code for our own recordkeeping.) We will not accept requests via the telephone or by facsimile.  We are not responsible for responding to notices that are not labeled or not sent properly, or do not have complete information.

If you are a California resident under the age of 18, and a registered user of any site where this policy is posted, California Business and Professions Code Section 22581 permits you request and obtain removal of content or information you have publicly posted. To make such a request, please send an email with a detailed description of the specific content or information to the following address: corporate.compliance@benesys.com. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.

Questions?

If you have questions or concerns regarding this statement, you should first contact us via email at the following address: corporate.compliance@benesys.com.