Last Updated January 17, 2023
1. Your Responsibilities
Within the scope of the Flexpa Agreements and in its use of the Online Services, End Users (as defined in the Flexpa Agreements) shall be responsible for complying with all requirements that apply to it under applicable data protective, privacy, and security laws with respect to your processing and transmittal of information to Flexpa. You acknowledge and agree that you shall be solely responsible for:
- Accuracy, quality, and legality of any information, including any user content;
- Complying with all necessary laws concerning the collection and use of user content, including obtaining any necessary consents and authorizations
- Ensuring You have the right to transfer, or provide access to, the user content to Flexpa for purposes of providing the Online Services under the Flexpa Agreements.
2. What We Mean by Personal Information
“Personal Identifiable Information” means any information from or about a person or household that either identifies a person directly or that makes a person identifiable when it is combined with other information from or about that person from any source, such as the person’s name, address, email, phone number, or social security number.
“Personal Health Information” means any information from or about a person that identifies a person and was created or received by a healthcare provider or a health plan, including information related to the person’s physical or mental health or condition, health care services that the person receives, or a health plan’s payment for these services, such as the person’s name, address, telephone number, health insurance information, Medicare Beneficiary number, or financial information.
This Policy does not apply to any data such as anonymized or de-identified data which cannot directly or indirectly be used to identify you or to obtain information about you ("Anonymized and De-Identified Data"). We may generate or extract Anonymized and De-Identified Data out of any databases containing your personal data and we may make use of any such Anonymized and De-Identified Data for our purposes as we see fit.
3. What Information We Collect About You
We collect information about you when you provide it to us, when you use our Online Services, and when other sources provide it to us, as further described below.
Information that is necessary for the use of Flexpa and its Online Services
We ask for and collect the following Personal Information about you when you use the Online Services, including transferring any such information to a third party to facilitate the Online Services. This information is necessary to perform the contract between you and us. This information is also necessary for us to comply with various legal obligations. If you choose not to provide this information, we cannot provide you with access to the Online Services.
- Account Information. When you sign up for a Flexpa account, we require certain information such as your first name, last name, telephone number, email address, and date of birth.
- User Content. This consists of all text, documents, or other content or information uploaded, entered, or otherwise transmitted by you in connection with your use of the Online Services.
Information you provide to us
At any point you may choose to provide us with additional personal information in order to obtain a better user experience when using the Online Services. This additional information will be processed based on our legitimate interest or when applicable, your consent. You may otherwise choose to provide us information when you fill in a form, update or add information to your account, respond to surveys, post to community forums, participate in promotions, communicate with our customer care or support team, share your experience with us, or use other features of the Online Services.
Information we collect automatically when you use the Online Services
When you use the Online Services, we automatically collect certain information about your usage of the Online Services and how you use the Online Services. This information is necessary to ensure the best Online Services experience is available to you as well as enable us to comply with any applicable legal obligations and given our legitimate interest in being able to provide and improve the functionalities of the Online Services.
Usage Information. We collect information about your interactions with the Online Services such as the pages or content you view, your searches, and communications.
Log Data and Device Information. We automatically collect log data and device information when you access and use the Online Services, even if you have not created an account or logged in. That information includes, among other things: details about how you have used the Online Services (including if you clicked on links to third party applications), IP address, access dates and times, hardware and software information, device information, device event information, unique identifiers, crash data, cookie data, and the pages you’ve viewed or engaged with before or after using the Online Services.
Cookies and Similar Technologies. To collect information contemplated in this section, may use Internet server logs, cookies, tracking pixels, and other similar tracking technologies. We use these technologies in order to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences. Cookies are small text files that are placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer or device; (ii) store your preferences and settings; (iii) understand the web pages of the Online Services you have visited; (iv) enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform searches and analytics; and (vi) assist with security and administrative functions.
Most browsers are automatically set to accept cookies whenever you visit a website. You can disable cookies or set your browser to alert you when cookies are being sent. If you are based in Europe, visit www.youronlinechoices.eu for more details about advertising cookies and their management. If you are in the US, refer to www.aboutads.info/choices/. Visit www.allaboutcookies.org/manage-cookies to enable/disable cookies. Disabling cookies that are necessary for website’s proper operation may result in the web page not loading, or not operating as expected. Disabling cookies that remember your preferences or analytics, will prohibit us from providing you with relevant information. If you disable all cookies (including the essential ones), then you won’t be able to access all parts of our website.
Analytics. We may share your Personal Information with third-party analytics providers to monitor and analyze how our Online Services and features are being used. The analytics providers track and report website traffic and use this information to monitor the use of our Online Service. To opt out of use of third-party cookies that share data with these analytics providers, visit allaboutcookies.org/manage-cookies.
Information we receive from third parties in connection with the Online Services
Please note that we use certain third-party service providers and business partners on the Online Services to enhance your experience or deliver certain services. Such third parties include the Flexpa Client or Customer that interacts directly with the End User. These third parties may collect Personal Information in performing their services and/or functions on the Online Services.
4. How We Use Your Information
We use your information for various purposes depending on the types of information we have collected from and about you, in order to:
- Respond to your request for information and provide you with more effective and efficient service
- Contact you by email, postal mail, or phone regarding Flexpa and its Online Services
- Customize the content you see on the Online Services
- Secure our Online Services and resolve technical issues being reported
- Help us better understand your interests and needs, and improve the Online Services, including through research and reports, and test, improve, and create new products, features, and services. We automatically analyze and aggregate information to improve and develop similar features, to better integrate the Online Services you use, or to improve the Online Services similarity functionalities for purposes of providing information to users. We also test and analyze certain new features with some users before rolling the feature out to all users. Any user test of new Flexpa features will be done with the express consent of the user and may be governed by additional agreements related to the user test.
- To allow access to third party services’ accounts, including Facebook accounts at your direction and consent
- For our business purposes we have a legitimate interest, when we:
- Operate the Online Services, including by transferring any information to necessary third parties to enable us to provide and operate the Online Services
- Apply information security policies and controls on the Online Services, including overall integrity, identity management and account authentication
- For research and development to improve Flexpa’s Services
- Investigate and prevent fraudulent transactions, unauthorized access to the Online Services
- Comply with any procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others
- Establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others
- For other purposes for which we obtain your consent
We may anonymize and de-identify aggregate information collected through the Online Services so that such information does not identify you as the source of the information. We may use such information to improve the Online Services, by and through any third-party we use to integrate Online Services with the users’ database, for research.
5. Data Subject Rights and Your Choices
When you share information with us, the Personal Information that you share may have an impact on others. For example, if you share Personal Health Information related to genetic or family history, this may have an impact on your family members.
You have certain rights with respect to your information as further described in this section.
If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us using the information in the “Contact Information” at Section 12. You have the following rights with respect to your Personal Information
- You have the right to request we provide access to and/or a copy of certain information we hold about you.
- You have the right to prevent the processing of your information for direct-marketing purposes.
- You have the right to have us update information which is out of date or incorrect.
- You have the right to restrict the way that we process and disclose certain of your information.
- You have the right to withdraw your consent at any time where we rely on your consent as the basis to process or use your Personal Information.
Please note that we may ask you to verify your identity before responding to such requests. We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request.
6. Third-Party Links
7. Data Security
We use commercially reasonable administrative, technical, and physical measures to safeguard your information in our possession against loss, theft and unauthorized use, disclosure or modification. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. In the unlikely event of a data breach, you will be notified as soon as reasonably possible, in accordance with applicable law. Furthermore, we are not responsible for any breach of security or for any actions of any third parties that receive the information.
8. Data Retention
We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.
We reserve the right to retain any Personal Information as long as the Personal Information are needed to: (i) fulfill the purposes that are described in Section 4 and (ii) comply with applicable law.
If your account is deleted or terminated, your Personal Information will be deleted within 180 days from termination or request for deletion. Once this time period has expired, we will delete your data, except as to the extent necessary to comply with applicable law. If your account is dormant without activity for over a year, your Personal Information will be deleted within 180 days from the one-year dormant period, except as to the extent necessary to comply with applicable law.
9. Control of Your Information
There are several ways that you can control your Personal Information
- You may change your personal account information by updating your health insurance account page
- You may request deletion of your account by contacting us at firstname.lastname@example.org
- You may request deletion of your Personal Information pursuant to Section 8 by contacting us at email@example.com
Users in certain jurisdictions may have additional rights regarding control of their Personal Information.
10. Sharing of Information
We may share Your Personal Information in the following situations:
- With Service Providers: We may share Your Personal Information with Service Providers for provision of the Online Services and to monitor and analyze the use of our Service, for payment processing, to contact You.
- With business partners: We may share Your Personal Information with Our business partners to offer You certain products, services or promotions.
- With other users: when You share Personal Information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If You interact with other users or register through a Third-Party Social Media Service, Your contacts on the Third-Party Social Media Service may see Your name, profile, pictures and description of Your activity. Similarly, other users will be able to view descriptions of Your activity, communicate with You and view Your profile.
- When necessary to comply with laws and law enforcement requests or otherwise to protect the Company: Under certain circumstances, the Company may be required to disclose Your Personal Information if required to do so by law or in response to valid requests by public authorities. We may disclose Personal Information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or act regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of the Flexpa Agreements, or as otherwise required by law
- With Your consent: We may disclose Your Personal Data for any other purpose with Your consent.
11. Information Shared in Connection With a Business Transfer
We do not knowingly collect Personal Information online from children under 16 (note that the minimum age may vary based on location and on local law). If you become aware that a child has provided us with Personal Information without parental consent, please contact us through firstname.lastname@example.org. If we become aware that a child under 16 has provided us with Personal Information without parental consent, we will take steps to remove the data and cancel the child’s account.
13. California Requirements
If you are a California resident, there are some additional rights that may be available to you under the California Consumer Protection Act (“CCPA”). This policy explains the tools that we have made available to you to exercise your data rights under the CCPA, such as the right to deletion and the right to request access to the categories of information we have collected about you. We encourage you to manage your information, and to make use of the privacy controls we have included in our Services. You will not be discriminated against for exercising any of your privacy rights under the CCPA. In order to protect your information from unauthorized access or deletion, we may require you to provide additional information for verification. If we cannot verify your identity, we will not provide or delete your information.
This policy describes the categories of personal information we may collect, the sources of that information, and our deletion and retention policies. We have also included information about how we may process your information, which includes for "business purposes" under the CCPA - such as to protect against illegal activities, and for the development of new products, features, and technologies.
We will not make changes that have a retroactive effect unless we are legally required to do so.