Aptia Privacy Notice

Effective: Friday, 1 March 2024

This Privacy Notice is intended to inform you of the ways in which the Aptia Group and its subsidiaries collect, use, and disclose personal information, and sets forth your rights.  When we mention “Aptia,” "we," "us" or "our" in this Privacy Notice, we are referring to the relevant company in the Aptia group responsible for processing the information.

Categories of Personal Information Collected, Purpose for Collection, and Third-party Disclosures

We process the following categories of personal information, including sensitive personal information:

Category of Personal Information

 

Examples/Description

 

Business or Commercial Purposes for Processing

 

Categories of Third Parties to Whom We May Disclose

Identifiers 

  • Name 
  • Mailing Address 
  • IP address
  • Email address
  • Date and place of birth
  • Social Security number
  • Driver’s license number
  • State ID
  • Data from cookies, web beacons, etc. 
  • Employee ID
  • Telephone Numbers
  • Business contact information
  • Dependent and beneficiary information
  • Quotation/ Inception 
  • Benefit Calculation, Enrollment and Management
  • Policy Administration
  • Verify your Identity
  • Claims Processing
  • Renewals
  • Lifecycle of Insurance Services
  • Compliance/ security monitoring and screening
  • Communicate with you about your benefits and our Services
  • As necessary in connection with a merger, sale or bankruptcy
  • Marketing or business development activities
  • Insurance carriers and third-party agents/ brokers (e.g., for quotes or placement services)
  • Service providers that we engage in connection with the services
  • Plan Administrators/ Plan Advisors/ Program Sponsors and their agents 
  • Our affiliates in connection with services provided to you or in which you have expressed an interest
  • Marketing partners or aggregators through whom you have requested a quote or service
  • Anti-fraud databases, supervisory or regulatory authorities and law enforcement agencies
  • Credit reference agencies
  • Service providers who help us operate, assess, analyze, and improve the performance of our websites, applications or tools (“Sites”)
  • Successor entities 
  • Third-party service providers identified by Aptia to offer services to you as you may select.  

Health Information

  • Health insurance enrollment information
  • Patient records, clinical trial records, medical procedures
  • Injury or disability information
  • Relevant personal habits (e.g., smoking)
  • Medical history, diagnoses, and treatments 
  • Previous health insurance information
  • Payment information for healthcare services 
  • Data collected by a healthcare provider or health insurance company subject to HIPAA or CMIA
  • Disability status
  • Medical fitness for work records 
  • Inferred data (health) 
  • Quotation/ Inception 
  • Benefit Calculation, Enrollment and Management
  • Policy Administration
  • Verify your Identity
  • Claims Processing
  • Renewals
  • Lifecycle of Insurance Services
  • Compliance/ security monitoring and screening
  • Communicate with you about your benefits and our Services
  • As necessary in connection with a merger, sale or bankruptcy
  • Marketing or business development activities

 

  • Insurance carriers and third-party agents/ brokers (e.g., for quotes or placement services)
  • Service providers that we engage in connection with the services
  • Plan Administrators/ Plan Advisors/ Program Sponsors and their agents in connection with the benefits and coverages you are able to purchase as a result of your employment or business relationship with an employer or program sponsor that is our client
  • Our affiliates in connection with services provided to you or in which you have expressed an interest
  • Marketing partners or aggregators through whom you have requested a quote or service
  • Supervisory or regulatory authorities and law enforcement agencies
  • Credit reference agencies
  • Successor entities 
  • Third-party service providers identified by Aptia to offer services to you as you may select.

Special Categories of Personal Information

  • Marital status
  • Race
  • Religion
  • Health insurance claim information
  • Physical or mental disability
  • National origin
  • Veteran status
  • Gender
  • Sexual orientation
  • Beneficiaries/Dependents
  • Quotation/ Inception
  • Benefit Calculation, Enrollment and Management
  • Policy Administration
  • Claims Processing
  • Renewals
  • Lifecycle of Insurance Services
  • As necessary in connection with a merger, sale or bankruptcy
  • To the extent permitted by law, insurance carriers and third-party agents/brokers (e.g., for quotes or placement services)
  • To the extent permitted by law, service providers that we engage in connection with the services
  • Our affiliates in connection with services provided to you or in which you have expressed an interest
  • Successor entities

Internet & Other Electronic Network Activity 

  • Browsing history, search history, and information regarding your interaction with a Site
  • Server log records including page requests
  • Website Activities
  • As necessary in connection with a merger, sale or bankruptcy
  • Service providers who help us operate, assess, analyze, and improve the performance of our Sites
  • Successor entities

Financial Information

  • Financial account information
  • Pension entitlement and election information 
  • Consumer reporting data, credit scores, credit history
  • CLUE (Comprehensive Loss Underwriting Exchange) reports
  • Individual information about fraud convictions, allegations of crimes and sanctions details 
  • Quotation/ Inception 
  • Benefit Calculation, Enrollment and Management
  • Policy Administration
  • Payment Processing
  • Claims Processing
  • Renewals
  • Lifecycle of Insurance Services
  • Compliance/ security monitoring and screening
  • As necessary in connection with a merger, sale or bankruptcy
  • Insurance carriers and third-party agents/brokers (e.g., for quotes or placement services)
  • Service providers that we engage in connection with the services
  • Successor entities
  • Anti-fraud databases, supervisory or regulatory authorities and law enforcement agencies

Education Information

  • Student educational records
  • Quotation/ Inception 
  • Benefit Calculation, Enrollment and Management
  • Policy Administration
  • Claims Processing
  • Renewals
  • Lifecycle of Insurance Services
  • Compliance/ security monitoring and screening
  • As necessary in connection with a merger, sale or bankruptcy
  • Insurance carriers and third-party agents/brokers (e.g., for quotes or placement services)
  • Service providers that we engage in connection with the services
  • Our affiliates in connection with services provided to you or in which you have expressed an interest
  • Successor entities

Audio, video, or visual information 

  • Call center recordings  
  • Voicemails
  • Benefit Calculation, Enrollment and Management
  • Policy Administration
  • Claims Processing
  • Renewals
  • Lifecycle of Insurance Services
  • Compliance/ security monitoring and screening
  • Service providers that we engage in connection with the services
  • Our affiliates in connection with services provided to you or in which you have expressed an interest
  • Successor entities

Professional or employment-related Information

  • Occupation /Title
  • Employment grade
  • Employee performance
  • Salary and remuneration arrangements
  • CV/work history
  • Dates of employment and retirement
  • HR records (comp, benefits, training, performance, etc.)
  • Union Membership
  • Quotation/ Inception 
  • Benefit Calculation, Enrollment and Management
  • Policy Administration
  • Claims Processing
  • Renewals
  • Lifecycle of Insurance Services
  • As necessary in connection with a merger, sale or bankruptcy
  • Marketing or business development activities
  • Insurance carriers and third-party agents/brokers (e.g., for quotes or placement services)
  • Service providers that we engage in connection with the services
  • Our affiliates in connection with services provided to you or in which you have expressed an interest
  • Successor entities

Commercial Information

  • Benefits information
  • Service records
  • Claim number
  • Customer service records
  • Communication preferences
  • Consumer history/trends 
  • Payment preferences
  • Market research, survey data
  • Account information and data collected for quoting and enrolling in benefits
  • Policy and premium documentation
  • Quotation/ Inception 
  • Benefit Calculation, Enrollment and Management
  • Policy Administration
  • Claims Processing
  • Renewals
  • Lifecycle of Insurance Services
  • Communicate with you about your benefits and our Services
  • Analyze, administer, develop, and improve our products and services
  • As necessary in connection with a merger, sale or bankruptcy
  • Insurance carriers and third-party agents/brokers (e.g., for quotes or placement services)
  • Service providers that we engage in connection with the services
  • Plan Administrators/ Plan Advisors/ Program Sponsors and their agents in connection with the benefits and coverages you are able to purchase as a result of your employment or business relationship with an employer or program sponsor that is our client
  • Marketing partners or aggregators through whom you have requested a quote or service
  • Banks and Premium Finance Providers
  • Debt recovery providers
  • Service providers who help us operate, assess, analyze, and improve the performance of our Sites
  • Our affiliates in connection with services provided to you or in which you have expressed an interest
  • Successor entities

Inferences

  • Profile reflecting preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes
  • Quotation/ Inception 
  • Benefit Calculation, Enrollment and Management
  • Policy Administration
  • Claims Processing
  • Renewals
  • Lifecycle of Insurance Services
  • Communicate with you about your benefits and our Services
  • Website Activities
  • As necessary in connection with a merger, sale or bankruptcy
  • Insurance carriers and third-party agents/brokers (e.g., for quotes or placement services)
  • Service providers that we engage in connection with the services
  • Our affiliates in connection with services provided to you or in which you have expressed an interest
  • Successor entities

Sensitive Personal Information

  • Social Security Number
  • Driver’s License 
  • State ID
  • Health Information
  • Race
  • Religion
  • National Origin
  • Union Membership 
  • Sexual orientation
  • Compliance/ Quotation/ Inception 
  • Benefit Calculation, Enrollment and Management
  • Policy Administration
  • Verify your Identity
  • Claims Processing
  • Renewals
  • Lifecycle of Insurance Services
  • Compliance/ security monitoring and screening
  • Communicate with you about your benefits and our Services
  • As necessary in connection with a merger, sale or bankruptcy
  • Marketing or business development activities
  • Insurance carriers and third-party agents/ brokers (e.g., for quotes or placement services)
  • Service providers that we engage in connection with the services
  • Plan Administrators/ Plan Advisors/ Program Sponsors and their agents 
  • Our affiliates in connection with services provided to you or in which you have expressed an interest
  • Marketing partners or aggregators through whom you have requested a quote or service
  • Anti-fraud databases, supervisory or regulatory authorities and law enforcement agencies
  • Credit reference agencies
  • Service providers who help us operate, assess, analyze, and improve the performance of our websites, applications or tools (“Sites”)
  • Successor entities 
  • Third-party service providers identified by Aptia to offer services to you as you may select. 

 

Additional collection, use and disclosure

On some webpages, we deploy session recording technology that tracks visitor interactions with the page, including clicks, mouse movements, keystrokes, and other activities.  We may review these interactions to help us assess how to improve our user interface and experience on the relevant webpage.  By accepting this Privacy Notice, you consent to our or our third-party service providers’ recording of interactions during your session on the webpages where this technology is deployed.

We may also process or disclose de-identified information that is not reasonably likely to identify you for commercially legitimate and lawful business purposes.  Where we have de-identified data, we will maintain and use it without attempting to re-identify the data other than as permitted under law.  

In addition, we may be required or compelled to produce any of the above categories of personal information that we have collected in response to valid legal process, subpoenas, or regulatory requests to authorized parties, including government entities, law enforcement, courts and tribunals, or litigants. 

We may also disclose your personal information without obtaining your prior permission, as permitted by law, including instances when we believe it is necessary to: (a) prevent physical or financial harm; (b) enforce the Terms of Use; (c) respond to claims of suspected or actual illegal activity; (d) respond to an audit or investigate a complaint or security threat; or (e) comply with law or legal process.

Please be aware that if you conduct a transaction through us, a third party (e.g., a service provider or insurer) may collect and process credit card or other personal information about you, including through the use of website cookies, in connection with such transaction. In those instances, we will identify the third party to you and we encourage you to read the third party’s privacy notice to learn more about how your information will be used and disclosed by them.

 

Sources of Personal Information 

We collect personal information from the following categories of sources:  

  • Directly from you (e.g., when you visit a Site, enroll in benefits or call a service center)
  • Your representative, employer, association sponsor, or benefit program sponsor, and other third parties that have roles in delivering our services 
  • Vetting and data validation agencies and other professional advisory service providers in connection with our marketing or business development activities.  
  • Third parties, including insurance companies, recordkeepers, plan administrators and service providers, brokers or agents, credit agencies, financial institutions, and government agencies or persons acting on behalf of such parties

If you supply us with personal information about other people (e.g., family members, beneficiaries or dependents), you represent that you have the authority to provide this information on their behalf and have obtained their consent where necessary.  In these instances, you further represent that the individuals to whom this information relates have been informed of the information in this Privacy Notice and understand the reason(s) for obtaining the information, the manner in which this information will be used and disclosed, and have consented to such use and disclosure. 

 

Sale of your Personal Information or Sharing for Cross-Context Advertising 

We allow certain third parties to use cookies and other online tracking technologies to collect personal information of visitors on our websites, such as IP addresses and identifiers.  These third parties help us to personalize ads and content based on your interests, measure the performance of our ads and content, and derive insights about the audiences who saw our ads and content.  Certain of these third parties may have also collected your information from your activity on other companies’ websites, or through your direct relationship with them (e.g., Google), and they use that collective information to share de-identified insights about website visitors with companies like ours.  Others may offer free services or enhanced add on services to our company, and they may use your personal information for purposes beyond the services they provide to our company (for example, building consumer profiles to help other clients with their targeted advertising).  Some state laws consider this exchange and processing of personal information to be a “sale” or “sharing” of personal information in some cases, with some exceptions.  

You have the right to opt out of the sale of your personal information or the sharing of your personal information for cross context behavioral advertising or targeting purposes. To opt out of disclosures of your personal information to third parties that may be considered selling or sharing under applicable law, please click on the “Manage Cookies” link at the bottom of this webpage and ensure the toggles for “Advertising” and “Analytics” trackers are set to “No”.

You may also implement a browser setting or extension to communicate your selling and sharing preferences automatically to the websites you visit.  Our websites process such “opt out preference signals” in a frictionless manner.  The current “opt out preference signal” with a defined protocol for companies to follow if they receive the signal is called the Global Privacy Control (GPC). GPC is available for an increasing number of browsers and browser extensions, listed here. If you want to use GPC, you can download and enable it via a participating browser or browser extension. More information about downloading GPC is available here.

 

Retention of Personal Information

Our retention periods for personal information vary based on the nature of the information and applicable laws.  We consider the following obligations when setting retention periods for personal information and the records we maintain: the need to retain information to accomplish the business purposes or contractual obligations for which it was collected; our duties to effectuate our clients’ instructions with respect to personal information we process on their behalf; our duties to comply with mandatory legal and regulatory record-keeping requirements; and other legal impacts such as applicable statute of limitations periods. We may also retain personal information for other purposes delineated in applicable privacy laws.  

 

Steps We Take to Protect Your Information

As part of our cybersecurity program, we have implemented commercially reasonable physical, administrative, and technical safeguards in an effort to protect your personal information from unauthorized access, use, alteration and deletion. These safeguards may vary depending on the sensitivity, format, location, amount, distribution and storage of the personal information, and include measures designed to keep personal information protected from unauthorized access.  

Our cybersecurity program has policies and procedures for risk assessments to identify and assess cyber risks, as well as technical controls and processes to detect, respond to and recover from cybersecurity events.  

As effective as our cybersecurity program is, no security system is impenetrable. We cannot guarantee the security of our systems, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet.  

 

Your Rights Under Certain US Privacy Laws

Under certain state privacy laws, residents of the applicable states may have the following rights regarding their personal information.  These rights are subject to certain exceptions as described below. 

Please note that, in many cases, we collect personal information on behalf of our commercial clients, pursuant to a contract.  In such circumstances, we act as a “service provider” or “processor” to our clients under applicable privacy laws, and are thus obligated to process personal information in accordance with clients’ instructions. Accordingly, in any case where we are acting as a service provider or processor to a client, if you or your authorized agent wish to exercise any rights of the below rights, you should direct your request to our client, who is the party responsible for receiving, assessing, and responding to your requests.  If you submit a request directly to us in a scenario where we only process your information as a service provider or processor, we may be required to deny your request.  If you are not certain what our role is with respect to your personal information, please contact us through one of the methods described at the end of this Privacy Notice. 

When required, we will respond to most requests within 45 days, unless it is reasonably necessary for us to extend our response time.

1. Right to Confirm or Access Information

You may have the right to confirm whether we process your personal information or what information we process, and to obtain a copy of that information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another business without hindrance. If you submit a valid and verifiable request and we confirm your identity and/or authority to make the request, we will disclose to you any of the following at your direction (with various exceptions):

  • The categories of personal information we have collected about you.
  • The categories of sources for the personal information we have collected about you.
  • Our business or commercial purpose for collecting that personal information.
  • The categories of third parties to whom we disclose that personal information.
  • If we sold your personal information for a business purpose, a list of the personal information types that each category of recipient purchased.
  • If we disclosed your personal information to a third party for a business purpose, a list of the personal information types that each category of recipient received.
  • The specific pieces of personal information we collected about you.

2. Right to Delete Personal Information

You may have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.  If you submit a valid and verifiable request and we can confirm your identity and/or authority to make the request, we will determine if retaining the information is permitted or required under law.

If no retention conditions apply, we will delete your personal information from our records and direct our service providers to do the same.

3. Right to Correct Personal Information

You may have the right to correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of your personal information.  If you submit a valid and verifiable request and we can confirm your identity and/or authority to make the request, we will use commercially reasonable efforts to correct the inaccurate information.

4. Right to Limit Processing of Sensitive Personal Information

We process sensitive personal information solely as necessary in performance of the Services, to ensure the security and integrity of the information, or as otherwise authorized under law or regulation.  Because we do not process your Sensitive Personal Information for the purpose of inferring characteristics about you, we do not provide a mechanism for you to limit our processing of such information.

5. Rights related to Automated Decisions and Profiling

We do not independently engage in the automated processing of Personal Information to profile or make predictions, recommendations or decisions that produce a legal or other significant effect on our clients.  Because we do not engage in such automated processing, we do not provide a mechanism for you to limit or opt out of our processing of Personal Information in such a manner.  Decisions regarding insurance premiums, coverage limits and eligibility, however, may be determined by insurance carriers using automated means, including through one of our sites or applications interacting with such insurers’ systems.  In those instances, we encourage you to review the applicable insurers’ privacy notices to obtain additional information regarding their automated decision-making practices, as well as any right to opt out of such processing or challenge a prediction, recommendation or decision that has impacted you.

6. Right to Non-Discrimination

You may exercise your rights under law without discrimination.  For example, unless applicable law provides an exception, we will not:

  • Deny you goods or services;
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
  • Provide you a different level or quality of goods or services; or
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

We may offer you financial incentives to provide us with personal information that is reasonably related to the information’s value.  This could result in different prices, rates, or quality levels for our products or services.  Any financial incentive we offer will be described in written terms that explain the material aspects of the financial incentive program.  You must opt-in to any financial incentive program and may revoke your consent at any time by contacting us as indicated below.

7. Direct Marketing and Do Not Track Signals

Under California’s “Shine the Light” law, California residents may request and obtain a notice once a year about the personal information we disclosed to other businesses for their own direct marketing purposes.  Such a notice will include a list of the categories of personal information that were disclosed (if any) and the names and addresses of all third parties with which the personal information was disclosed (if any).  The notice will cover the preceding calendar year.  To obtain such a notice, please contact us as described below. 

In addition, under this law you are entitled to be advised how we handle “Do Not Track” browser signals.  Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not honor Do Not Track requests at this time.

 

How to exercise the above rights*

To exercise your rights described above, please submit a verifiable consumer request to us by visiting Get in Touch to Simplify Benefits Administration | Aptia US (aptia-group.com).

*Please note that, as described above, in certain cases we may collect your personal information as a service provider pursuant to a contract we have with a commercial Client to provide the Service.  In any case where we are acting as a service provider to a client, you should direct your requests to exercise your rights available under data privacy laws to our client, who is the party responsible for receiving, assessing, and responding to your requests.  

Only you or a person legally authorized to act on your behalf may make a verifiable consumer request related to your personal information.  To designate an authorized agent, we may require you to verify your identity or confirm with us directly that you have provided permission to your authorized agent, or we will rely on a power of attorney you have provided to your authorized agent.

You may make a verifiable consumer request for access or deletion no more than twice within a 12-month period. The verifiable request must:

  • provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.  Depending on the nature of your request and the sensitivity of the information, we may ask you to confirm various data elements we already have on file such as your mailing address and phone number, or, in case of sensitive personal information, we may require you to submit a copy of a government issued identification; and
  • describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

You will not be required to create an account with us in order to submit a verifiable request, though we may communicate with you about your request via a pre-established account if applicable.  However, in order to safeguard the personal information in our possession, if we cannot verify your identity or authority to act on another’s behalf, we will be unable to comply with your request.  We will process and retain additional personal information you provide when submitting a verifiable request only to confirm your identity or authority, or to fulfill your request.

 

How to appeal an action we have taken with respect to your request to exercise a right

If we deny your privacy request in full or in part, please contact the email address for appeals provided in our written response to your request. Our privacy team will consider your request and applicable law, and either agree to honor your appeal request or deny it. 

 

Minors

We do not knowingly collect personal information from children under 13.  If we learn that we have collected any personal information from a child under the age of 13 without verifiable parental consent, we will delete that information from our files as quickly as possible.  If you believe that we may have collected information from a child under 13, please contact us at the email address provided below.  If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”).  However, we never knowingly sell or share the personal information of minors under 16 years of age and would not do so in the future without affirmative authorization of the consumer if between 13 to 16 years of age, or the parent or guardian of a consumer less than 13 years of age.  

 

Calls and Text Messages

In some instances, your employer or association, group or benefit program sponsor may request services that require us to contact you via telephone calls or text. By accepting the terms of this Privacy Notice and providing us with your contact information, you consent to receive automated calls and texts, as well as emails and/or standard mail, from us including but not limited to information regarding your policy, account, benefits, relationship with us, and other products or services offered through us and/or your employer or program sponsor. 

Consent is not a condition of any purchase or to obtain a quote.  Message and data rates may apply. If you wish to withdraw your consent in the future, follow the prompts described in the call or text or contact us as described below.

 

External Links

Our Sites may include links to websites that are operated by third-party organizations.  If you access another organization’s website using a hyperlink on our Site, the other organization may collect information from you.  We are not responsible for the content or privacy practices of linked websites or their use of your information.  If you leave a Site via such a link (you can tell where you are by checking the URL in the location bar on your browser), you should refer to that websites' privacy policies, terms of use, and other notices to determine how they will handle any information they collect from you.

 

Changes to this Notice

This Privacy Notice is subject to change at any time. If we make changes to this Privacy Notice, we will update the “Effective Date” at the top of this page and post it on our Sites. 

 

Other Applicable Terms

Our contractual commitments to clients will supersede any terms in this Privacy Notice.  In some instances, our services may be subject to additional privacy notices or related disclosure. In the event of a conflict or inconsistency between this Privacy Notice and any service-specific privacy notice or related disclosure, the latter will prevail. 

 

Questions, Requests or Complaints 

To submit general questions, requests, complaints, or appeals regarding this Privacy Notice or our privacy practices, you may contact us on Get in Touch to Simplify Benefits Administration | Aptia US (aptia-group.com)