Privacy Statement & Policy
Last Updated June 2024
Heartland Fidelity Insurance Company and its subsidiaries (collectively, “Heartland Fidelity Insurance”) are committed to respecting the privacy and security of your personal information. This Privacy Policy describes the information collected on our website (www.heartlandfidelityinsurance.com) and any current or future mobile application (collectively, the “Platform”). This Privacy Policy applies only to the Platform.
Please note any Protected Health Information collected on the Platform will be used and disclosed only in accordance with Heartland Fidelity Insurance’s Notice of Privacy Practices as further set forth below.
IF YOU ARE A CALIFORNIA RESIDENT, PLEASE SEE SECTION 12 BELOW FOR ADDITIONAL PROVISIONS THAT MAY APPLY TO YOU.
IF YOU ARE A WASHINGTON STATE RESIDENT, YOU MAY HAVE ADDITIONAL RIGHTS AS DESCRIBED BELOW IN SECTION 13 ENTITLED “WASHINGTON CONSUMER HEALTH DATA PRIVACY RIGHTS.”
By using the Platform or by providing your information to us, you acknowledge the collection, use, and disclosure of your information in accordance with this Privacy Policy, the Terms of Use, and any written agreement(s) executed and in effect in connection with any of our products or services.
We may modify this Privacy Policy at any time. All changes will be effective immediately upon posting to the Site. Material changes will be conspicuously posted on the Site or otherwise communicated to you.
- Protected Health Information.
Heartland Fidelity Insurance’s use and disclosure of certain of your information may be subject to the requirements of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”) and applicable state law. Any information that you submit to us, or that we otherwise receive, that constitutes “Protected Health Information,” as defined by HIPAA, is subject to HIPAA and applicable state law. The term “Protected Health Information” or “PHI” refers to individually identifiable health information about your past, present or future physical or mental health or condition, the provision of health care to you or the past, present or future payment for such care. If any information collected on this Platform constitutes PHI, then our Notice of Privacy Practices will apply.
- What Information is Collected by Heartland Fidelity Insurance or Service Providers and When
The information we receive and how we use it depends on what you do when visiting the Platform. The Platform and related services may require registration for access. As part of registration and related services, we ask you to provide us certain information about you. You may provide us and our service providers personal information using the Platform in a number of ways, for example by entering that information into data fields on the Platform (e.g., by creating an account, participating in surveys, or requesting our newsletters) or in communications with us using the contact information at the end of this Privacy Policy or in the Terms of Use Personal information includes data that specifically identifies you, such as your name, email address, mailing address, Social Security number, subscriber identification number, telephone number, and payment information. Public information is that information that you make publicly available through your account or by posting or otherwise communicating via the Platform.
When you use our mobile applications, we may collect your location information for purposes of tailoring our services for you, such as recommending a pharmacy close to you. Before we collect your location information, we will ask for your consent.
Heartland Fidelity Insurance and service providers may also collect certain non-personal information, data that does not identify you as an individual person. This information tells us about how people use the Platform so that we can analyze its effectiveness and provide you with a better web experience. We collect and use this information through a variety of technologies, including “cookies” and analysis applications, as discussed below.
- Server Information
The Heartland Fidelity Insurance servers automatically and temporarily store the following information in the server log files. This information is provided by your browser, unless you have deactivated the function.
- IP address of the enquiring computer
- File query by the client
- The http response code
- The Internet page from which you visited us (referrer URL)
- The time of the server query
- The browser type and version
- The operating system used on the enquiring computer
The server log files are not analyzed with respect to individuals. At no time can this data be attributed to specific individuals.
- Platform Visit Tracking Technologies
The Platform may use “cookies” and other technologies to help Heartland Fidelity Insurance understand which parts of the Platform are the most popular and the preferences of the Heartland Fidelity Insurance users. Heartland Fidelity Insurance may also use cookies and other technologies to study traffic patterns on the Platform, to improve its functionality and usability as well as to improve the effectiveness of our communications with users. Heartland Fidelity Insurance may also use cookies to customize your experience and provide greater convenience to you during your interactions with the Platform.
A cookie is a unique alphanumeric identifier that websites use to help identify the number of unique visitors to a website, whether or not those visitors are repeat visitors, and the source of the visits. Cookies cannot be executed as code or used to deliver a virus and thus pose no threat to you. Servers and sites other than the one placing the cookie on your hard drive cannot read the cookie, and no personal information can be gathered by other servers from the cookie. If you prefer not to enable cookies or to disable them, you may do so through your web browser’s security settings. Please note that certain features of the Platform may not be available once cookies have been disabled.
The Platform gathers certain information automatically and stores it in log files. This information includes internet protocol (“IP”) addresses, browser type, operating system, internet service provider (“ISP”), referring/exit pages, date/time stamp of access, and clickstream data, and information about the content you view on the Platform. When you visit the Platform, the servers automatically log your IP address, the time and duration of your visit, and the time and duration spent on the pages of the Platform which you view. If you arrive at the Platform by clicking a paid advertisement or a link in a communication, then the server will capture information that tracks your visit from that link. If you arrive at the Platform by clicking on a non-paid source, such as a search engine result or link on another website, the server may capture information that tracks your visit from that source, to the extent available.
Some of our communications to you may contain a “click-through URL” which links to content on the Platform. When you click one of these URLs, it passes information through the Heartland Fidelity Insurance web server before you arrive at the destination web page. Heartland Fidelity Insurance tracks this click-through data to help determine interest in particular topics and measure the effectiveness of our communications. If you prefer not to be tracked, simply avoid clicking text or graphic links in emails you receive from Heartland Fidelity Insurance.
Certain features of the Platform may use local stored objects (“Flash cookies”) to collect and store information about your preferences and navigation to, from, and on our website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
Heartland Fidelity Insurance additionally may use web beacons or pixel tags, which are tiny invisible graphic images, in the Platform. Web beacons and pixel tags may be used by Heartland Fidelity Insurance to count users who have visited its webpages and for related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
- Different Devices
If you use different devices (e.g., your smart phone, laptop, and/or home computer) to access the Platform, we may be provided with and collect device-specific information, including your hardware model, operating system version, phone number, approximate geographic location, and mobile network information.
- Third-Party Analytics
We may use third-party service providers (e.g., search engines) to collect and analyze information about use of the Platform. These service providers may utilize cookies and related technologies to collect personal information.
- Use of Information
Heartland Fidelity Insurance and its service providers (e.g., payment processors, and advertising or marketing companies) may use your personal information to provide our services and to contact you in response to inquiries you submit. Heartland Fidelity Insurance and service providers may retain and use your information for as long as needed for the following purposes:
- to present our Platform and related content to you;
- to provide you with information, products or services that you request from us;
- to provide you with notices about your account;
- to process your benefits claims;
- in combination with other information for Platform improvement and marketing and promotional purposes;
- to provide more consistent and personalized services across the Platform, including to personalize our advertising, marketing, and promotional efforts;
- to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
- to notify you about changes to the Platform or any products or services we offer or provide though it;
- to allow you to participate in interactive features on the Platform;
- in any other way we may describe when you provide the information;
- for any other purpose with your consent.
- When Heartland Fidelity Insurance Discloses Your Information
We do not sell, rent, or loan any of your Personal Information to any third party for monetary consideration. Regardless, you may notify us at our designated request address to opt-out of the sale of your information. Our designated request address for such requests is at privacyofficer@HeartlandFidelity.com. Please be aware that we will require you to verify your identity before processing any such request.
We may disclose aggregated information about our users without restriction. This data cannot be attributed to any specific individual. Heartland Fidelity Insurance may disclose aggregated user data in order to describe our services to current and prospective affiliates, and to other third parties for lawful purposes.
Heartland Fidelity Insurance and its service providers may transfer information between them for business purposes. For example, our service providers may handle technical support, payment processing, marketing, advertising delivery and tracking, or information analysis. We furnish our service providers the information they need to perform these and other services, and we work with our service providers to respect and protect your information. We may also provide your information to our affiliates. The entities with which we share information may be located in the United States or other countries.
In the event that Heartland Fidelity Insurance or some of our assets are sold or transferred or used as security, or to the extent we engage in business negotiations with our business partners, the information collected on the Platform may be transferred or shared with third parties as part of that transaction or negotiation. We may also provide information or provide access to information to any of our affiliated businesses or to our business partners.
On rare occasions, we may disclose specific information without your consent and without notice to you as required to comply with laws and regulations, or to comply with court orders, subpoenas, or lawful discovery requests. Information collected from you may also be used to investigate security breaches or otherwise cooperate with authorities. We may also share information with companies assisting in fraud protection or investigation.
We may disclose information about you without your consent and without notice to you as required to enforce or apply the Terms of Use, or other agreements, including for billing and collection purposes.
- How Your Information is Protected
Heartland Fidelity Insurance has implemented reasonable physical, technical, and organizational safeguards to help protect your personal information from unauthorized access, acquisition, or disclosure, alteration, or destruction. Although we strive to keep your personal information secure, no safeguards can be guaranteed to be completely secure, so you should exercise caution when transferring personal and other sensitive information over the Internet, including in email communications. Please advise us immediately at the address listed below of any incident involving the loss of or unauthorized access to or disclosure of personal information that is in our custody or control.
If your communication contains sensitive information and you would prefer not to submit this information online, please contact us at (202) 434-8354.
- Third-Party Sites
The Platform may contain links to other websites. Please note that when you click on one of these links, you will leave the Platform and will be subject to the policies and privacy practices of the other websites, which may differ significantly. You should review the policies of other websites you visit. Heartland Fidelity Insurance is not responsible for the content, technology, security, or practices of linked sites operated by others, or for your use of linked sites.
- Children’s Privacy
The Platform is not aimed at or intended for children. We do not knowingly collect information from children under the age of thirteen through the Platform. If we obtain actual knowledge that we have inadvertently collected personal information from a child under the age of thirteen, we will delete that information from our records. If you believe we might have any information from a child under the age of thirteen, please contact us at privacyofficer@heartlandfidelity.com Please note that emancipated minors and minors who may, under applicable law, obtain health care services or health insurance without the consent of a parent or guardian, are treated the same as adults for purposes of collection and access to health information.
- Applicable Law
If you access the Platform from outside the United States, please be aware that personal information may be transferred to, stored in, and processed in the United States. Certain governmental authorities may not consider the level of protection of personal information in the United States to be equivalent to that required by the in other jurisdictions.
- Do Not Track
“Do Not Track” is a privacy setting that you may set in your web browsers. If turned on, this setting requests that websites not track information about users. At this time, we do not respond to “Do Not Track” browser settings or signals.
- Review, Modify, or Delete Your Information
You can review and change your personal information by contacting your employer’s benefits office. If you request that your account information be deleted or if you unsubscribe from communications, we may maintain information about your transactions or inquiries for future service and recordkeeping purposes. In some circumstances, a change in or withdrawal of consent may severely limit our ability to provide you information, products, or services. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
- Updates to this Privacy Policy
Heartland Fidelity Insurance may update this Privacy Policy and the Platform to reflect material changes in how we collect, use, share, or store your information, to satisfy legal requirements, or for other business purposes. You should review this Privacy Policy when you visit the Platform to understand our current practices. The date at the top of the page shows when this Privacy Policy was last updated.
We encourage you to refer to this Privacy Policy on an ongoing basis so that you understand our current practices. You consent to any changes we make to this Privacy Policy if you continue to use the Platform after receiving a notice of the change or upon our posting of the new Privacy Policy on the Platform.
- California Residents
This Section provides additional provisions that apply to residents of California. In the event of a conflict between this Section and the remainder of this Policy, this Section shall take precedence for California residents. In this Section only, any capitalized terms not defined in this Policy have the meanings set forth in the California Consumer Privacy Act of 2018 (the “CCPA“).
Categories of Personal Information. We collect the categories of Personal Information described in Section 2 of this Policy.
Categories of Sources From Which Personal Information is Collected. The categories of sources from which your Personal Information is collected is described in Section 2 of this Policy.
Purposes for Collecting Personal Information. Our purposes for collecting your Personal Information are described in Section 3 of this Policy.
Categories of Third Parties / Services Providers With Whom Personal Information is Shared. The categories of third parties and / or service providers with whom we share your Personal Information are described in Section 4 of this Policy.
Categories Of Personal Information Sold. In the last 12 months we have not Sold your personal information and we currently do not Sell personal information. “Sale” / “Sold” / “Sell” has the definition set forth in the CCPA.
Categories of Personal Information Disclosed for a Business Purpose. In the last 12 months we disclosed the categories of personal Information set forth in Section 2 of this Policy for our Business Purposes, where “Business Purposes” has the definition set forth in the CCPA. See the section above titled “Categories of Personal Information We Collect” for more detail on the type of personal information in each category.
Right to Request Disclosure. You have the right to request disclosure of any of the following: (a) the categories of Personal Information we collected from you in the prior 12-month period, (b) the categories of sources from which the Personal Information was collected, (c) the Business Purpose or Commercial Purpose for collecting or Selling your Personal Information, (d) the categories of Personal Information we Sold or disclosed for a Business Purpose in the last 12 months and (e) for each category of Personal Information Sold or disclosed, the categories of third parties with whom we shared such Personal Information.
Right to Request Access. You have the right to request access to the specific pieces of Personal Information we collected from you in the prior 12-month period (i.e. “data portability”).
Right to Request Deletion. You have a right to request that we delete Personal Information we collected from you.
Right to Opt-Out of the Sale. California law provides you the right to request to opt out of the Sale of Personal Information. However, at this time we do not “Sell” Personal Information as contemplated by CCPA. To our knowledge, we have not sold any Personal Information of an individual under the age of 16 years of age.
How to Exercise Your Request Rights. You must provide sufficient information to allow us to reasonably verify you are the person about whom we collected Personal Information, and you must describe your request with sufficient detail to allow us to properly understand, evaluate, and respond to your request. To exercise your California rights described in this Section, you may submit your request to us by contacting us at any of the following:
Phone: 1-(202)-434-8354.
Email: privacyofficer@HeartlandFidelity.com
Who May Exercise Your Rights? You may only make a request to exercise your rights on behalf of yourself or the child for whom you are the parent or legal guardian. In addition, you may authorize an agent to exercise your rights on your behalf, if you provide the agent with written signed permission. Any legal entity acting as your agent must be registered with the Secretary of State to do business in the State of California. If an authorized agent contacts us to exercise the above rights, we will need to verify their identity as well as your identity. We will also require proof of your signed authorization to the agent to submit your request on your behalf as well as to submit the particular request made to us, unless the agent holds a lawful Power of Attorney under California probate laws, in which case we will require evidence of such Power of Attorney.
We may deny a request from an authorized agent if we do not have proof that they are authorized by you to act on your behalf.
When We Will Respond. We will try to respond to your request for access or deletion within 45 days. If we require additional time, we will inform you of the reason and extension period.
How We Will Respond. Once we receive your request, we will contact you to confirm receipt of your request. We may also request that you provide us with additional information to allow us to verify your identity, the identity of the person that is the subject of the Personal Information you have requested (if other than you), and the authenticity of your request. The information we may request may vary depending on the Personal Information we already have in our systems. Certain types of requests, such as a request to access, may require additional verification to ensure you are who you say you are as we are subject to higher standards of authentication with respect to such requests. We consider various factors when determining how to verify your identity, such as the sensitivity and value of the data, risk of harm, likelihood of fraud, etc.
If you have used an agent to make your request, we will also need to verify the identity of the agent.
We may require a signed declaration under penalty of perjury to verify the identity of the data subject or that of your agent, if applicable.
We may deny your request as permitted or as required by law, if we are unable to verify your identity or the authenticity of the request, or if an agent makes the request on your behalf, if we are unable to verify their identity or proof of their authorization. We will inform you of the reason we are unable to comply with your request.
For data portability requests, we will select a format to provide your personal information to you.
We may charge a fee to process or respond to your request if it is excessive, repetitive, or manifestly unfounded.
Non-Discrimination. California residents have the right to not receive discriminatory treatment for exercising any of their rights under the CCPA.
- WASHINGTON CONSUMER HEALTH DATA PRIVACY RIGHTS
Pursuant to the Washington Mental Health and Drug Dependency Act (MHMDA), effective March 31, 2024, Washington state residents have specific rights regarding their health data privacy. This section outlines these rights and explains how to exercise them.
Right to Information. As a Washington resident, you have the right to request the following information, which our company has collected about you in the 12 months preceding your request:
- Categories of Consumer Health Data Collected: The types of consumer health data we have collected about you.
- Categories of Data Sources: The sources from which we collected your health data.
- Purpose of Data Collection: The business or commercial purposes for collecting your health data.
- Third-Party Data Sharing: The categories of third parties with whom we have shared your health data.
- Specific Pieces of Collected Data: The specific pieces of consumer health data we have collected about you.
Right to Correction. You have the right to request correction of inaccurate consumer health data we have about you, considering the nature of the data and the purposes for which we process it.
Right to Delete. You can ask us to delete any consumer health data that we have collected about you, subject to certain limitations under the MHMDA. We may deny your deletion request in specific instances where the data is necessary for us or our service providers to fulfill a service, comply with a legal obligation, or for other purposes as permitted under the Act.
Right to Limit Use and Disclosure. You have the right to limit the use and disclosure of your sensitive health data to necessary purposes as expected in the provision of our services or for legitimate business purposes.
Right to Nondiscrimination. We will not discriminate against you for exercising any of your privacy rights under Washington law. This includes, but is not limited to:
- Denying you services.
- Charging different prices or rates for services.
- Providing different levels or quality of services.
- Suggesting that you may receive a different price, rate, or quality of services.
Exercise Your Rights. To exercise any of these rights, please contact us by Calling us at 1-(202)-434-8354, and ask to speak with the privacy officer.
Emailing us at privacyofficer@HeartlandFidelity.com – please provide your name, telephone number, and type of request (that is, a request for categories of information, a request for specific pieces of information, and/or a request to delete, correct, or limit use and disclosure).
We will respond to your request in accordance with the MHMDA’s guidelines.
Response and Timing. We will respond to your requests free of charge, up to twice annually. Additional requests may incur a reasonable fee. We will comply with your requests without undue delay, but no later than 45 days from receipt of the request. This period may be extended once for an additional 45 days when necessary, with prior notice to you.
- INTERPRETATION OF THIS PRIVACY POLICY
Any interpretation associated with this Privacy Policy will be made by our legal counsel. This Privacy Policy includes examples but is not intended to be restricted in its application to such examples, therefore where the word “including” is used, it means “including without limitation.”
This Privacy Policy does not create or confer upon any individual any rights, or impose upon Heartland Fidelity Insurance any rights or obligations outside of, or in addition to, any rights or obligations imposed by applicable country, state, and other privacy laws, as applicable. Should there be, in a specific case, any inconsistency between this Privacy Policy and applicable privacy laws, this Privacy Policy shall be interpreted in that case to give effect to, and comply with, such privacy laws.
- Contact Us
If you have questions or comments about this Privacy Policy or the Platform, please contact us using the information below.
Heartland Fidelity Insurance Company
Attn: Legal Department
1200 Route 46 West
Clifton, NJ 07013
Email: privacyofficer@heartlandfidelity.com
Phone: 1-(202)-434-8354.