Last Updated: 05/19/23
Benefit Resource (“BRI”, “us”, “we”, or “our”) operates https://www.benefitresource.com (the “Site”) and the related services (together with the Site, the “Services”). This page informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of the Services. By using the Services, you agree to the collection and use of information in accordance with this policy.
The terms “you,” “your,” and “yours” refer to anyone utilizing the Services. We may periodically make changes to this Privacy Policy that we will include on this page. It is your responsibility to review this Privacy Policy frequently and remain informed about any changes.
1. Personal Information We Collect
We collect your personal information in the course of providing the Services to you. More specifically, when you use our Services, we may collect the following:
- Information You Provide to Us: We collect any information you provide in relation to the Services. This may include:
- User Account and Profiles. Our Services may give you the ability to register for an account or to create and update a user profile. To create an account, we will collect your information as provided to use in the course of registering for an account or creating or updating a user profile. This information may include, for example, name, postal address and zip code, telephone number, e-mail address, information about your health, and related demographic information. We may indicate that some of your information is required for you to register for the account or to create the profile, while some may be optional. Failure to provide any required information may affect your ability to use or enjoy all functionalities of the Services.
- Banking or Payment Information. You may provide banking or payment information to us. If you choose to do so, you will be transferred to a third-party payment card processor. We do not store your payment card information.
- Correspondence. If you contact us by e-mail, using a contact form on the Services, or by mail, fax, or other means, we collect your information as contained within, and associated with, your correspondence.
- Automatic Information: When you visit our Services, some information is collected automatically. This includes:
- Your browser type and operating system;
- Your device type (for example, if you are on a computer or cell phone);
- Your Internet Protocol (IP) address, which can sometimes be used to derive your general geographic location;
- Server logs and other communication data;
- Actions you take on our Services, and the content, features, and activities that you access and participate in on our Services;
- Information collected through cookies, Web beacons, and other similar Internet technologies; and
- Information regarding your interaction with e-mail messages, such as whether you opened, clicked on, or forwarded a message.
- Information from Other Sources: We may receive information about you from third parties, including from service providers, and may combine this information with your personal information that we maintain about you.
2. How We Use Personal Information
We use your personal information in the following ways:
- To provide Services and information that you request;
- To enhance, improve, operate, and maintain our Services, our programs, and other systems;
- To display personalized content and reminders;
- To prevent fraudulent use of our Services and other systems;
- To prevent or take action against activities that are, or may be, in violation of our Terms or applicable law;
- To tailor content and other aspects of your experience on and in connection with the Service;
- To maintain a record of our interactions with you;
- For other administrative and/or marketing purposes, including sending you direct email regarding our Services;
- For any other purposes that we may disclose to you at the point in which we request your information; and
- Pursuant to your authorization or consent.
3. Cookies
We use cookies, pixels, and other similar technologies (collectively, “cookies”) to recognize your browser or device, learn more about your interests, provide you with essential features and services, and for additional purposes, including:
- Recognizing you when you sign in to use our Services;
- Keeping track of your specified preferences;
- Conducting research and diagnostics to improve our Services;
- Preventing fraudulent activity and improving security;
- Delivering content;
- Measuring and analyzing the performance of our Services.
4. How We Share Personal Information
We do not rent or sell your personal information. Except as described in this Policy, we will not disclose your personal information without your authorization. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:
- Trusted Third-Party Service Providers. To the extent legally permissible, we may disclose and/or exchange your personal information to third-party service providers (e.g., administrative services companies, marketing partners, application developers, data hosting, and processing providers) that assist us in our operations. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions and we require them to agree to maintain the confidentiality of such information.
- Business Decisions. To the extent legally permissible, we may disclose your personal information to third parties if we are involved in a merger, acquisition, or sale of any or all of our business and/or our assets to a third party.
- Legal Compliance. To the extent legally permissible, we may disclose your personal information if we have a good faith belief that disclosure is necessary to:
- comply with applicable laws, regulations, legal process (such as a subpoena), or enforceable government request;
- enforce applicable Terms, including investigation of potential violations of such Terms, or to detect, prevent, or otherwise address fraud, security or technical issues; and
- protect against harms to the rights, property, or safety of BRI, our users, or the public as required or permitted by law.
5. Security
Your personal information as provided to us through the Services will be stored in a secure manner. We have implemented a variety of commercially standard encryption and security technologies and procedures to protect your information stored in our computer systems from unauthorized access. Please be aware, however, that no data security measures can be guaranteed to be completely effective. Consequently, we cannot ensure or warrant the security of any information that you provide to us. You transmit information to us at your own risk.
6. Links to Third Party Websites
The Services may contain hyperlinks to third party websites. Once you have used these links to leave the Site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide while visiting such sites and such sites are not governed by this Policy.
You should exercise caution and look at the privacy statement applicable to the website in question. Moreover, we are not responsible nor liable for the content of third party websites or platforms.
7. Access and Choice
You can view, update, and delete certain information about your account and your interactions with the Services by visiting your account page or contacting us at the below information.
You have choices about the collection and use of your personal information. If you receive e-mail from us, you may unsubscribe at any time by following instructions contained within the e-mail. Additionally, if we offer user account functionality on the Services, we may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us.
8. Children’s Personal Information
Our Services are designed and intended for those who are at least 18 years old. By using the Services, you affirm that you are at least 18 years of age or older. We are not responsible for any damages that may result from a user’s misrepresentation of age.
9. European Union Privacy Rights
For our European external contacts, we abide by the General Data Protection Regulation (GDPR). The GDPR provides a framework for organizations to ensure protection of the personal information of European citizens and gives European citizens certain rights.
Legal Basis for Processing
If you are an individual located in the European Economic Area (EEA) or Switzerland, our legal basis for processing your personal information will depend on the personal information concerned and the specific context in which it is collected. However, we will normally collect or process personal information from you only where:
- We have your consent to do so;
- Where we need the personal information to perform a contract with you (e.g. to deliver services); or
- Where the party is in our or a third party’s legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms).
In some cases, we may also have a legal obligation to process personal information from you, or may need the personal information to protect your vital interest or those of another person.
Where we rely on your consent to process the personal information, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.
Our Services may contain links to other websites and the information practices and the content of such other websites are governed by the privacy statements of such other websites. We encourage you to review the privacy statements of any such other websites to understand their information practices.
Retention
We will retain your personal information for as long as is needed to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Rights to Access and Control Your Personal Data
Individuals residing in the EEA and Switzerland have certain rights to access and control their personal data. These rights include:
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- rights in relation to automated decision making and profiling.
10. California Privacy Rights
If you are a California resident, please review the California Privacy Notice, below.
11. Retention of Personal Information
We keep your personal information to enabled your continued use of the Services, for as long as it is required in order to fulfill the relevant purposes described in this Privacy Policy, as may be required by law (including for tax and accounting purposes), or as otherwise communicated to you. How long we retain specific personal information varies depending on the purpose for its use, and we will delete your personal information in accordance with applicable law.
12. Updates to this Policy
We may occasionally update this Policy. When we do, we will also revise the “last updated” date at the beginning of the Policy. Your continued use of our Services after such changes will be subject to the then-current policy. If we change this Policy in a manner that is materially less restrictive of our use or disclosure of your personal information, we will use reasonable efforts to notify you of the change and to obtain your consent prior to applying the change to any of your information that we collected from you prior to the date the change becomes effective. We encourage you to periodically review this Policy to stay informed about how we collect, use, and disclose your personal information.
13. Contacting Us
If you have any questions or concerns regarding the way we collect or handle your information, please contact us at Privacy@BenefitResource.com. Our physical mailing address is:
Benefit Resource
ATTN: Data Privacy Officer
245 Kenneth Drive
Rochester, NY 14623
(866) 966-5200
We will take every privacy concern seriously and will assess it in a reasonably timely manner.
Privacy Notice for California Residents
This Privacy Notice for California Residents supplements the information contained in BRI’s Privacy Policy and applies solely to external contacts who reside in the State of California (“you” or “Consumer”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Notice.
Information We Collect and Disclose
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“Personal Information”). Personal Information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
In particular, we have collected the following categories of Personal Information from our Consumers within the last twelve (12) months:
| Category | Collected | Disclosed |
| Identifiers, such as your name, address, phone number, email address, date of birth, or other similar identifiers. | YES | Collected via: – Manual (Client setup, participant services, etc.) – BRI Employee in contact with client or participant, and manually inserting, updating, deleting information on their behalf – File feeds sent from client themselves – File feeds sent from brokers / partners on behalf of one or more clients – BRiWeb Participant registration and profile management – BRiWeb Employer Manage Participant functionality – BRiMobile App – update notification preferences (email & phone number) – ADP Marketplace Data Connector (API responses from ADP) – FIS Card Services data *Note that not all of these “paths” may be used to collect data, it depends on how the client is setup & configured. (ie: a client may not allow BRiWeb enrollment, or a client may not be subscribed to ADP Marketplace) |
| Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as birthdate, contact information, and payment information. Some personal information included in this category may overlap with other categories. | YES | Same as above |
| Protected classification characteristics under California or federal law, such as your age, race, color, ancestry, national origin, citizenship, sexual orientation, or other similar protected information. | ||
| Commercial information, such as records of personal property, products or services purchased, or other consuming histories or tendencies. | YES | Submission of Claims for reimbursement will include Service Provider, Type of Service, and Item Purchased / Service Rendered fields. Card swipe data retrieved from FIS will also contain information about the purchase, such as, but not limited to, the Merchant. |
| Biometric information, such as genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints. | NO | |
| Internet or other similar network activity, such as browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | NO | |
| Geolocation data, such as physical location or movements. | NO | |
| Sensory data, such as audio, electronic, visual, thermal, olfactory, or similar information. | NO | |
| Professional or employment-related information. Such as current or past job history or performance evaluations. | YES | Participants must belong to an eligible employer/client before enrolling in plans. Employer level data is collected during client setup, and can be managed through BRiWeb Employer portal. Basic client data is also accessible via ADP Marketplace Data Connector, and synced with our System of Record. Eligibility and Enrollment data for participants may contain information about their current employment. Past job history may also be collected via COBRA file feeds. ADP also provides us employment information via the ADP Marketplace Data Connector, but we currently are not storing that data, only basic demographic information. |
| Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)), such as educational history or degree (for applicants). | NO | |
| Inferences drawn from other personal information, such as predictions about your interests and preferences. | NO |
Use of Personal Information
We use your information in accordance with the Section “Why do we collect personal data” in our Privacy Policy.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. Please see above for the disclosures we have made in the preceding twelve (12) months for a business purpose.
Sales of Personal Information
In the preceding twelve (12) months, Company has not sold personal information.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
| The Right to Know | You have the right to request any or all of the following information relating to your personal information we have collected and disclosed in the last 12 months, upon verification of your identity: – The specific pieces of information we have collected about you; – The categories of Personal Information we have collected about you; – The categories of sources of the Personal Information; – The categories of Personal Information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed; – The categories of Personal Information we have sold and the categories of third parties to whom the information was sold; and – The business or commercial purposes for collecting or selling the Personal Information |
| The Right to Request Deletion | You have the right to request the deletion of Personal Information we have collected from you, subject to certain exceptions. |
| The Right to Opt Out of Personal Information Sales | You have the right to request the deletion of Personal Information we have collected about you to third parties now or in the future. |
| The Right to Non-Discrimination | You have the right not to receive discriminatory treatment for exercising these rights. However, please note that if the exercise of these rights limits our ability to process Personal Information, we may no longer be able to provide you our products and services or engage with you in the same manner. |
| “Shine the Light” | California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to Privacy@BenefitResource.com or write us at: Benefit Resource, LLC ATTN: Data Privacy Officer 245 Kenneth Drive Rochester, NY 14623 (866) 966-5200 |
Changes to Our Privacy Notice
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website or our Services following the posting of changes constitutes your acceptance of such changes.
Contact Information
If you have any questions or comments about this notice, the ways in which BRI collects and uses your information described here and in the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
- Phone: (866) 966-5200
- Website: www.benefitresource.com
- Email: privacy@benefitresource.com
Postal Address:
Benefit Resource, LLC
ATTN: Data Privacy Officer
245 Kenneth Drive
Rochester, NY 14623
(866) 966-5200
