We have recently updated this Policy.

Collective Health Corporate Website Privacy Policy

Updated: April 26, 2024

Introduction

This Corporate Website Privacy Policy (“Policy”) describes how CollectiveHealth, Inc., its subsidiaries, and affiliates (“we” or “Collective Health”) collect, use, and disclose personally identifiable information (“Personal Information”) through www.collectivehealth.com and certain other interactions described herein (collectively, “our website” or “corporate website” or “this website”).

This Policy does not apply to the following:

• Collective Health’s web portal or mobile applications for health plan members
• Collective Health’s web portals for employers (i.e., Compass™)
• Any third-party sites or applications 

We are not responsible for the privacy policies or practices of third-party sites or applications. 

By accessing our corporate website, you agree to the Corporate Website Terms of Service  and the provisions of this Policy. If you do not agree with the website Terms of Service or this Policy, you may not access or use this website.

1. Personal Information We Collect

When you interact with us through our corporate website, we may collect information that relates to you, identifies you personally, or could be used to identify you, such as your full name, address, email, or your telephone number (“Personal Information”). Sources of Personal Information that we collect include the following:

1.1 Information you provide to us

When interacting with our corporate website, you may choose to provide us with Personal Information, such as:

• Contact Information. You may choose to provide us with contact information, such as name, e-mail, and company name to receive more information about our products and services.
• Job Applicant Information. When applying for a job through our corporate website, you may choose to provide us with Personal Information, such as your name, e-mail, phone, resume, cover letter, and links to personal profiles and websites containing Personal Information.

1.2 Information we receive in the course of business

We may receive or deduce information about you, including Personal Information, in the ordinary course of our business. For example, this includes Personal Information you may provide when attending a conference or event or in other business interactions with Collective Health.

1.3 Information we collect from third parties

To the extent permitted by applicable law, we may receive Personal Information about you from publicly available sources, third-party service providers, and/or partners and combine it with information we have about you to provide a more personalized experience.

1.4 Information automatically collected

When you use our corporate website, we use cookies, web beacons, pixels, and other tracking technologies to automatically collect information about which web pages you visit and how you use them to provide and improve the functionalities of our corporate website and services, and to comply with legal obligations.

• Device and Connection Information. We automatically collect certain information when you access or use our corporate website. This information includes your browser type, device information and settings, operating system information, IP address, access dates and times, and any links you clicked to navigate to our corporate website. Collecting this information allows us to customize your experience and content when using our corporate website.
• Usage Information. We collect information about your interactions with our corporate website, such as the content you view, the links you click, and the searches you conduct on the website. We may also collect information about how you arrived at our corporate website, including hostnames and keywords searched.
• Approximate Geolocation. When accessing our corporate website, we may collect information about your approximate location through your IP address or ISP. 
• Do Not Track. Our corporate website currently does not respond to a “Do Not Track” signal in the HTTP header from your browser or mobile application due to lack of standardization regarding how that signal should be interpreted. You may adjust browser settings and use other technical means to prevent some tracking. See also Section 5 and, if applicable to you, Section 4.1.

1.5 Information not collected

Except with respect to our employees and employment candidates in accordance with applicable law and separate policies, notices, and consents, as applicable, this website does not process or retain (1) consumer health data, including non-health information from which consumer health data may be derived or extrapolated, (2) sensitive personal information, or (3) biometric information. 

2. How We Use the Personal Information We Collect

Your Personal Information is used for the following purposes:

2.1 Provide and improve our corporate website

We may use your Personal Information to deliver and improve your experience with our corporate website, such as:

• Enable you to sign up to receive information about our products and services;
• Enable you to apply for jobs through our corporate website;
• Provide you with website content;
• Personalize your experience with our website; and
• Conduct research and analysis to improve our website.

2.2 Provide you with information you requested

We may use information collected through our website and third-parties to communicate with you about our products and services. You have the option to opt out of these communications.

2.3 Comply with legal requirements and provide a safe environment

We may use certain information collected through your use of our websites for the purposes of complying with legal obligations and protecting your information and our website, such as to:

• Prevent and detect harmful activity, including security incidents, spam, fraud, and abuse;
• Investigate suspected security incidents; 
• Enforce this Policy, our Terms of Service, and any other terms you have agreed to with us; and
• Resolve any disputes and enforce our agreements with third parties.

2.4 Provide, measure, and improve our advertising and marketing

We may use your Personal Information for legitimate business purposes, including providing you with information about our products and services that may be of interest to you, such as:

• Sending promotional messages and marketing communications that may interest you. You will have the option to unsubscribe from these communications.
• Providing, personalizing, measuring, and improving our advertising, including advertising through external websites and social media platforms.

3. Disclosing Your Personal Information

3.1 To Third-Party Service Providers

Collective Health uses third-party service providers to help us provide and improve our corporate websites and services. We may disclose your Personal Information to these third-party service providers consistent with applicable laws and with our agreements with such service providers. We disclose certain limited information to service providers that allows them to serve you with more useful and relevant ads and to measure their effectiveness. We do not share your name, contact information, or other information that directly identifies you when we do this. Instead, we use a cookie or device identifier, which you may reject as further described in Section 5, below. 

3.2 To Company Affiliates

We may share the Personal Information you provided to us or that was collected by us with our affiliated companies or subsidiaries for purposes of providing services to you and for other lawful purposes. 

3.3 Business Transactions

If Collective Health is involved in any merger, acquisition, sale of our assets, bankruptcy, or insolvency event, we may sell or transfer some or all of our assets, including some or all of your Personal Information in connection with such transaction, at which time your Personal Information would be treated in accordance with the applicable privacy policies of the entity or entities resulting from the transaction. 

3.4 For Legal and Compliance Purposes

We may share your Personal Information to respond to valid legal processes (e.g., a court order or subpoena). We may also share your information to comply with applicable laws, to protect the safety of any person, to address fraud, security, or technical issues, or to enforce this Policy, the Terms of Service, and any other terms or conditions you have agreed to with us. 

4. California Consumer Privacy Act Notice

This section applies only to California residents and provides additional details about the Personal Information we collect about California consumers through the corporate website and the rights afforded to them under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (CPRA), and all effective regulations implemented thereunder (referred to collectively in this Policy as the “CCPA”). The terms used in this section have the meanings given to them in the CCPA. For California residents, the provisions in this section add to, and do not replace, the provisions in the rest of this Policy. For the avoidance of doubt, this section does not apply to any protected health information (PHI) that we may hold about you, which is governed by separate laws and policies. 

4.1 Your Privacy Rights

If you are a California resident, you have certain rights in relation to your Personal Information; however, your rights are subject to certain exceptions. Below are the specific rights provided to you by the CCPA:

• Right to know. You have the right to request, in writing, that we disclose to you (a) the categories of Personal Information we have collected about you, (b) the categories of sources from which your Personal Information is collected, (c) the business or commercial purposes for the collection, sale, or sharing of your Personal Information, (d) the categories of third parties with which we disclose your Personal Information, and (e) the specific pieces of Personal Information we have collected about you. Note that no request is necessary for items (a) through (d), as these are disclosed to you in Sections 4.3 and 4.4, below.
• Right to delete. You have the right to request that we delete any Personal Information we have collected from you or maintain about you, subject to certain exceptions.
• Right to correct. You can ask us to correct inaccurate Personal Information we have about you. 
• Right to know what Personal Information is “sold” or “shared” and to whom. To the extent that we “sell” or “share” Personal Information, or disclose it for a business purpose, you may ask us to disclose to you (a) the categories of personal information that we have collected about you; (b) the categories of personal information that we have sold or shared about you and the categories of third parties to whom your personal information was sold or shared, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared; or (c) the categories of personal information that we disclosed about you for a business purpose and the categories of entities to whom it was disclosed for a business purpose. This information is disclosed to you in Section 4.3, below. We do not sell your personal information. 
• Right to opt out of the “sale” or “sharing” of Personal Information. We do not sell your personal information. The CCPA defines “sharing” in a particular way that includes allowing third parties to receive certain information such as cookie identifiers, IP addresses, or browsing behavior to add to a profile about your device, browser, or you. Such profiles may enable delivery of interest-based advertising by such third parties within their platform or on other sites. Unless you opt out, we may share the following categories of information for such interest-based advertising, which may be considered “sharing” as defined by the CCPA: (1) device information and identifiers, such as IP address and cookies; and (2) connection and usage information, such as browsing history. You may opt-out of such sharing by doing any of the following: (a) using a Global Privacy Control (GPC) opt-out signal on your browser that signals to us that you have opted out of the sharing of your personal information, or (b) clicking “Do Not Sell or Share My Personal Information” in our cookie banner (note that this functions as an opt-out method because online cookies and similar tracking technologies are the only means by which we “share” personal information). For more information on clearing previously-placed advertising cookies, see the following browser-specific guides for Chrome, Firefox, Safari, and Edge.
• Right to limit the use and disclosure of Sensitive Personal Information. We collect, use, and disclose Sensitive Personal Information only within employment contexts for certain limited purposes that are permitted under the CCPA, such as to perform services reasonably expected; to prevent, detect, and investigate security incidents; to resist malicious, deceptive, fraudulent, or illegal actions; to ensure the physical safety of natural persons; and to verify or maintain the quality or safety of our services and devices. Because we use Sensitive Personal Information only for these limited purposes, we do not offer a right to further limit our use and disclosure of Sensitive Personal Information. Furthermore, we do not “sell” or “share” Sensitive Personal Information, as those terms are defined by the CCPA. 
• Right to non-discrimination. You have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising any of the rights described in this section.
• Right to notice at collection. At or before the time of collection, California residents may have a right to receive notice of our practices, including the categories of personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. 

4.2 Exercising Your Rights

In addition to the methods described above, you, or your authorized agent on your behalf, may exercise your rights described in this section by sending an e-mail to privacy@collectivehealth.com. We may request additional information from you or your authorized agent, which we will use only to verify your identity, and for security or fraud-prevention purposes. 

4.3 Categories of Personal Information We Collect. 

Below are the categories of Personal Information that we may have collected, disclosed for a business purpose, or sold or shared in the past twelve (12) months: 

4.4 How We Collect Your Personal Information 

Below are the sources from which we may receive your Personal Information:

• Directly from you or your agents  
• From your device, operating system, or browser 
• From your internet service provider (ISP) 
• From your organization  
• From your vendors or customers 
• From other third parties you choose to interact with, including social networks
• From our service providers
• From government entities
• From public sources

We may combine Personal Information that you provide us through our website with other information we have received from you or your agents, whether online or offline, or from other sources. 

4.5 Purposes for Collecting and Using Your Personal Information  

Below are the purposes for which we may collect and use the Personal Information listed in Section 4.3: 

• Provide our services to you
• Communicate with you
• Our marketing activities
• Operate, improve, and perform analytics on our website
• Identify and repair errors in our website and services
• Prevent, detect, and investigate security incidents and other fraudulent or illegal activity
• Verify and maintain the quality or safety of our services
• Verify your identity
• Protect your account
• Recruit, hire, and onboard job applicants and conduct general human resources activities

4.6 How Long We Keep Your Personal Information 

We retain your Personal Information as long as necessary to carry out the purposes set forth in this Policy and to comply with our data retention requirements. Even after you stop using our services, we may be required to keep your information for as long as necessary to comply with our legal and regulatory obligations, to make or defend legal claims, and to protect against fraudulent activity of others. We dispose of the information we collect in accordance with our retention policies and procedures.

5. Your Advertising Choices

Your online behavior patterns and interactions with our corporate website may be used by us or by third-party advertisers to surface relevant content to you. To do so, our advertising service providers either place or recognize a unique cookie on your browser. They may also use other techniques such as pixel tags to determine the content you view and surface relevant advertisements on their websites. You may reject this tracking within the cookie banner presented to you when you visit our website. If you would like more information about these practices and to learn about your choices, please visit the Digital Advertising Alliance or the Network Advertising Initiative. 

In addition to accepting or rejecting cookies on this website within our cookie banner, you may control interest-based advertising as explained below. Please note that opting out of receiving interest-based advertising does not result in blocking all advertisements served to you. You will continue receiving advertisements; these advertisements will be generic or based on the content of a webpage that you are visiting, instead of being targeted to your specific interests.

• To Control Advertising on Websites. If you want to limit the amount of interest-based advertising you receive through websites, you may opt-out of certain forms of tracking. Please note that you will continue receiving advertising on third-party sites, but this advertising will not be based on your activities on our website. You can opt-out of certain forms of tracking by visiting Digital Advertising Alliance WebChoices or the Network Advertising Initiative Opt Out.
• To Control Advertising on Mobile Applications. If you want to limit the amount of interest-based advertising you receive through mobile applications, you may opt-out of certain forms of tracking. You can learn more about ad choices for mobile devices by visiting Digital Advertising Alliance AppChoices and downloading the AppChoices mobile application. To immediately end all targeting on a mobile device, you can also limit ad tracking in the device settings. For instructions on how to limit ad tracking on your mobile device, please visit Apple Support or Android Support.
• To Control Information Collected and Used by Google Analytics. We use Google Analytics to analyze our corporate website traffic and interactions. For more information on how Google uses this information, please refer to How Google Uses Data When You Use Our Partners’ Sites or Apps. Information collected by the Google Analytics cookie is transmitted to and stored by Google in accordance with its privacy practices. To opt out of Google Analytics, please visit Google Analytics Opt Out.

6. Information Security

Although we are serious about protecting the security of your Personal Information and have deployed reasonable security procedures and practices to protect your Personal Information from loss, misuse, unauthorized access, disclosure, or destruction appropriate to the nature of such Personal Information, no security measures are completely secure, and we do not and cannot guarantee the security of your Personal Information. If you have reason to believe that your Personal Information collected by us has been lost, stolen, or otherwise compromised, please contact us immediately via privacy@collectivehealth.com. 

7. Changes to this Corporate Website Privacy Policy

Collective Health may change this Policy as needed to accurately reflect our information collection, use, and sharing practices. If we make changes to this Policy, the revised policy will be posted on this website with the last effective date indicated at the top of the Policy. Your continued use of the corporate website after the effective date signifies your acceptance of the revised Policy. We therefore encourage you to review this Policy regularly. 

8. Children

Our corporate website is directed toward adults and is not designed for, intended to attract, or directed toward children under the age of 16. If you are under the age of 16, you must obtain the authorization of a responsible adult (parent or legal guardian) before using or accessing our corporate website. If we become aware that we have collected any Personal Information from children under 16, we will promptly remove such information from our databases. If you learn that your child has used our corporate website to provide us with their personal information without your consent, please email us at privacy@collectivehealth.com.

9. Contact Us

If you have any questions or comments about this Policy, please email us at privacy@collectivehealth.com or send us a letter at:

Collective Health
ATTN: Privacy and Compliance
45 Fremont Street, Suite 1200
San Francisco, CA 94105