Privacy policy

Signify Health Privacy Center

  • Online Privacy Policy (below)
  • Terms of Use (Web) - Access here
  • General Data Protection Regulation (GDPR) Candidate Privacy Policy - Access here
  • California Consumer Privacy Act (CCPA) Candidate Privacy Policy - Access here
  • Text Messaging Terms and Conditions - Access here

 

Online Privacy Policy

 

This Policy was last updated on 1/1/2024

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW WE TREAT YOUR PERSONAL INFORMATION AND YOUR CHOICES AND RIGHTS IN THIS REGARD. IF YOU DO NOT AGREE WITH THIS POLICY, YOU SHOULD NOT ACCESS OR USE THE SITE OR ENGAGE IN COMMUNICATIONS WITH US.

Download as PDF

 

Introduction

Signify Health (also referred to herein as “Signify,” “we,” “us,” and “our”) is committed to protecting the privacy and security of the personal information we collect, use, share, and otherwise process as part of our business. We also believe in transparency, and we are committed to informing you about how we treat your personal information.

 

When Does this Policy Apply? This Privacy Policy (the “Policy”) describes how we may collect information about you through your interactions with us on our website located at the URL, www.signifyhealth.com (the “Site”), and how we may use and disclose that information.

This Policy does not apply to Protected Health Information.

When we provide services for a “Covered Entity” (for example, a health plan), we act as a “Business Associate” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). In that capacity, we collect, receive, maintain, use, and disclose Protected Health Information (“PHI”) only as permitted or required under applicable law and our Business Associate Agreements. The Covered Entity’s notice of privacy practices describes and controls how we collect and process PHI.

If you would like to receive a copy of this Privacy Policy, or require further assistance in accessing this Privacy Policy, you may email privacy@signifyhealth.com to make such a request.

 

Individuals in the EU / EEA. For further information about how Signify collects, stores, uses, transfers and otherwise processes personal data in or from certain countries in the European Economic Area, the United Kingdom, and Switzerland (together, for purposes of this section of the Privacy Statement, “EEA”), in accordance with the General Data Protection Regulation (GDPR) and its local implementations, see “Additional Disclosures for Data Subjects in the EEA, The U.K. and Switzerland.”

Residents of California. For further information about the personal information that Signify collects, uses, and discloses about individual California consumers, applicants and contractors who visit or interact with this website, purchase or inquire about any of our products and services, contract with us to provide services, apply for a position of employment, or otherwise interact or do business with us see “Additional Disclosures for California Residents” below. This section does not apply to Candidates or our Workforce (current and former employees, independent contractors, and their family members, dependents, and beneficiaries).; i If you are a California resident who is a current or former employee of the Company or a family member, dependent, or beneficiary of any of our current or former employees, you may request access to our Employee Privacy Policy by sending an email to privacy@signifyhealth.com. Candidates should refer to the links above for more information.

 


 

What information do we collect?

Notice at Collection. We collect the following information from you for the purposes described in the “How Do We Use and Share Your Information?” section of this Policy. We may also obtain any of the information listed below from data vendors to supplement the information we collect from you. You should only share personal information about other individuals who have provided you with the permission to do so. Residents of California: please see “Collection of Personal Information and Sensitive Personal Information” in the “Additional Disclosures for California Residents” section below. Information collected includes:

 

  • Contact Information: When you visit the Site, we may ask you for your Contact Information. We may also ask you for Contact Information about other people for whom you are requesting services from us. Contact Information may include your first and last name, email address, street address, city, state, zip code, telephone number, date of birth, job title, company name or other contact details, or other information you choose to share with us.
  • Quality Assurance Information: We may use your personal information to monitor our services for quality assurance purposes. We may associate this with your Contact Information. We use and share this information as necessary to provide our services. For example, we may share your results with our communications vendors.
  • Communications, Feedback, Support, and Inquiries: If you contact us via phone, mail, email, chat, or social media; contact us for support or to ask us questions or report a problem; provide us with feedback; respond to our surveys; or submit other content, we will collect Communications, Feedback, Support, and Inquiries in addition to your Contact Information. Communications, Feedback, Support, and Inquiries may include the subject matter of your message and any comments, ratings, reviews, content or responses that you choose to provide. We may keep a log of the information you provide, and this could include additional personal information about you if you decide to include that information. Your Contact Information may be stored with Communications, Feedback, Support, and Inquiries if you decide to include that information.
    • In addition, when you communicate with us, including through any social media site, we will collect and aggregate the information that is tied to your account and your engagement with us, and we may retain all content, messages, and information that you provide to us.
    • If you receive email communications from us, we use certain tools to capture data related to if/when you open our message and if/when you click on any links or banners it contains. Other information collected through this email tracking feature includes: your email address, the date and time of your “click” and other interactions on the email, a message number, the name of the list from which the message was sent, a tracking URL number and/or IP Address, and a destination page.
  • Cookies and Similar Technologies: We use cookies and similar technologies as described in the “Cookies and Similar Technologies” section of this Policy.
  • Live Chat Function: By using the Live Chat feature, you consent to our collection and analysis of all personal information provided. The Live Chat feature utilizes a chatbot that analyzes the data and information submitted to respond intelligently to meet or identify your needs and answer questions. We utilize a vendor called Hubspot (“Chat Vendor”) to process, analyze, and store the contents of the chat on our behalf. The Chat Vendor will not sell this data or share it with anyone besides the Company or another vendor engaged to assist in the services provided to the Company. The Chat Vendor will not use or disclose this data for any purpose other than providing services to the Company. For more information on how the Chat Vendor may use or disclose your personal information, please review their privacy policy HERE. By using these forms and features, you direct the Company to disclose to and share with the Chat Vendor any personal information you provide.
  • Usage Information: When you visit the Site, we automatically collect Usage Information from your browser and your device. Usage Information includes the date and time of your visit, geolocation, time zone, Internet Protocol (IP) address, unique device identifier, domain server, operating system, browser type, access time, what websites or search terms referred you to the Site, and data about which pages you visit and how you interact with the Site.
  • Inferences: We may draw inferences from any of the categories of personal information identified above to create a profile about you, which may reflect topics like your preferences.

 


 

Cookies and Similar Technologies

 

First-Party and Third-Party Cookies

A “cookie” is a small file created by a web server that can be stored on your device (if you allow) for use either during a particular browsing session (a “session” cookie) or a future browsing session (a “persistent” or “permanent” cookie). “Session” cookies are temporarily stored on your hard drive and only last until they expire at the end of your browsing session. “Persistent” or “permanent” cookies remain stored on your hard drive until they expire or are deleted by you. Local stored objects (or “flash” cookies) are used to collect and store information about your preferences and navigation to, from, and on a website. First-party cookies are set by the website you’re visiting, and they can only be read by that site. Third-party cookies are set by a party other than that website.

 

Similar Technologies

In addition to cookies, there are other automatic data collection technologies, such as Internet tags, web beacons (clear gifs, pixel tags, and single-pixel gifs), and navigational data collection (log files, server logs, etc.) that can be used to collect data as users navigate through and interact with a website:

  • Web beacons: These are tiny graphics (sometimes called “clear GIFs” or “web pixels”) with unique identifiers that are used to understand browsing activity. In contrast to cookies, which are stored on a user’s device, web beacons are rendered invisible on web pages when you open a page.
  • Social Widgets: These are buttons or icons provided by third-party social media platforms that allow you to interact with social media services when you view a webpage or mobile app screen. These social widgets may collect browsing data, which may be received by the third party that provided the widget and are controlled by third parties.
  • UTM Codes: These are strings that can appear in a URL (the “Uniform Resource Locator,” which is typically the http or https address entered to go to a web page) when you move from one web page or website to another. The string can represent information about browsing, such as which advertisement, page, or publisher sent the user to the receiving website.
  • Site Optimization and Usage Tracking. We contract with third-party service providers to help manage and optimize our Internet business and communications, and these third-party service providers may also use the technologies described in this section to collect certain information when you use our Platform(s).

 

What Cookies and Similar Technologies Are in Use and Why Do We Use Them?

We use first-party and third-party cookies and similar technologies for purposes such as to improve Site functionality, to measure and track how users interact with the Site and perform similar analytics, to track ad-driven activity on the Site, and to otherwise tailor our communications with you. We may also display targeted ads to you through social media platforms.

  • Necessary Cookies: These cookies are necessary for the Site to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms.
  • Analytics Cookies: These cookies help us to understand how visitors engage with the Site. We may use a set of cookies to collect information and report site usage statistics. In addition to reporting site usage statistics, data collected may also be used, together with some of the advertising cookies described, to help show more relevant ads across the web and to measure interactions with the ads we show. Web analytics that use cookies to gather data to enhance the performance of a website fall into this category. For example, they may be used for testing designs and ensuring a consistent look and feel is maintained for the user. This category does not include cookies used for behavioral/targeted advertising networks.
  • Functionality Cookies: We use a set of cookies that are optional for the Site to function. They are usually only set in response to information provided to the Site to personalize and optimize your experience as well as remember your chat history. These cookies allow the Site to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies cannot track your browsing activity on other websites. These cookies remember choices you make to improve your experience.
  • Advertisement Cookies: We use cookies to make our ads more engaging and valuable to Site visitors. Some common applications of these cookies are to select advertising based on what’s relevant to a user; to improve reporting on ad campaign performance; and to avoid showing ads the user has already seen.They remember that you have visited a website and this information is shared with other organizations such as advertisers. These cookies collect information about your browsing habits in order to make advertising relevant to you and your interests.

 

Other Third-Party Technologies

Some third parties may use automated data collection technologies to collect information about you when you browse the Internet. The information they collect about your online browsing activities over time and across different websites and other online services may be associated with your personal information and used to provide you with targeted content. We do not control these third parties’ technologies or how they may be used. If you have any questions about targeted content, you should contact the responsible party directly or consult their privacy policies.

 

Choices About Cookies

Most web browsers are set by default to accept cookies. If you do not wish to receive cookies, you may set your browser to refuse all or some types of cookies or to alert you when cookies are being sent by website tracking technologies and advertising. You may adjust your browser settings to opt out of accepting a “persistent” cookie and to only accept “session” cookies, but you may need to adjust your settings each time to enjoy the full functionality of the Site.

You can withdraw your consent to our use of cookies on the Site at any time. If you no longer wish to receive cookies, navigate to your browser settings and block cookies or utilize our cookie settings on the footer (bottom) of our website.

Please be aware that, if you decline the use of cookies, you may not have access to the full benefits of the Site, and certain features of the Site may not work properly. In addition, adjusting the cookie settings on the Site may not fully delete all of the cookies that have already been created. To delete them, visit your web browser settings after you have changed your cookie settings on the Site. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website.

For more information on how to modify your browser settings to block or filter cookies, http://www.cookiecentral.com/faq/. You may learn more about internet advertising practices and related consumer resources at http://www.aboutads.info/consumers/, http://www.networkadvertising.org/choices, and http://youronlinechoices.eu/.

 


 

How do we use and share your information?

How do we use the information described in this Policy? Where permitted by applicable law, we may use the personal information we collect for one or more of the following purposes. Residents of California: please see “Collection of Personal Information and Sensitive Personal Information” in the “Additional Disclosures for California Residents” section below for further information.

  • Delivering the services that you have requested;
  • Detecting fraud and preventing loss;
  • Providing you with information about our services;
  • Contacting you about products or services that may be of interest to you;
  • Managing our relationship with you;
  • Improving our services and customer service;
  • Improving our testing, research, analysis and development;
  • Allowing you to contact us and facilitate your communication with us;
  • Responding to your feedback, requests, questions, or inquiries;
  • Registering you for our email distribution lists;
  • Sending you periodic emails;
  • Administering a promotion or survey;
  • Enabling you to share reviews, comments, questions, and answers;
  • Providing you more tailored advertising or communications;
  • Operating the Site(s) and preparing aggregate traffic information;
  • Recognizing your device and remembering your interactions;
  • Providing you with a more personal and interactive experience on the Site;
  • Engaging with you on social media, including contacting you via social media and using other social media tools to interact with you;
  • Operating our business;
  • Fulfilling our obligations as an employer;
  • Enforcing our policies and contracts;
  • Facilitating, or use in connection with, corporate mergers, acquisitions, reorganizations, dissolutions, or other transfers;
  • Ensuring safety of person or property;
  • Asking if you would like for us to share your information with third parties;
  • Accomplishing any other purpose related to and/or ancillary to any of the purposes and uses described in this Policy for which your information was provided to us;
  • Accomplishing another purpose described to you when you provide the information, for which you have consented, or for which we have a legal basis under law;
  • Complying with federal, state, or local laws;
  • Complying with a civil, criminal, or regulatory inquiry, investigation, subpoena, order, or summons by federal, state, or local authorities;
  • Cooperating with law enforcement agencies;
  • Exercising or defending legal rights or claims; and
  • Creating, using, retaining, or disclosing de-identified or aggregated data.

 


 

How do we disclose or share the information described in this Policy?

Where Communications permitted by applicable law, we may share the information described above in the following contexts:

  • Corporate Affiliates: We may share your information with our corporate affiliates and with their respective officers, directors, employees, professional advisors, and agents.
  • Acquisitions and Similar Transactions: We may disclose your information in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our company assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.
  • Disclosures with Your Consent: We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this Policy. We will only disclose your information in this context with your consent.
  • Legal Obligations and Rights (Subpoenas, Court Orders, and Warrants): We may disclose the information described in this Policy in response to subpoenas, warrants, court orders 6 4826-9599-2535 or other legal process, or to comply with relevant laws. We may also share such information in order to establish or exercise our legal rights; to defend against a legal claim; and to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our contracts.
  • Professional Advisors: We may share information with our insurers and professional advisors, including attorneys and accountants, that need access to such information to provide operational or other support services on our behalf.
  • Service Providers: We may share your information with our service providers that need access to such information to provide operational or other support services on our behalf. Among other things, service providers help us to administer the Site; provide technical support; offer customer support; send marketing, promotions and communications; provide advertising services; assist with auditing; perform quality and safety-related services; and assist with other legitimate purposes permitted by law.
  • De-identified or Aggregated Data: We may disclose aggregated information about our users, and information that does not identify any specific individual, such as groupings of demographic data and customer preferences, for purposes such as new product and marketing development.

 


 

How long do we store and use your information?

We will retain and use your information for as long as is necessary to fulfill the purposes for which it was collected, to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to provide our services, and to enforce our agreements.

We take reasonable steps to delete the information we collect when (1) we have a legal obligation to do so or (2) we no longer have a purpose for retaining the information. We may also decide to delete your information if we believe it is incomplete, inaccurate, or that our continued storage of it is contrary to our legal obligations or business objectives. When we delete information, it will be removed from our active servers and databases; but, it may remain in our archives when it is not practical or possible to delete it.

To the extent permitted by law, we may retain and use anonymous, de-identified, or aggregated information for performance reporting, benchmarking, and analytic purposes and for product and service improvement.

 


 

How do we protect your information?

We understand the importance of securing and protecting your information. We maintain safeguards to secure your personal information and to help protect the integrity and privacy of the personal information you provide. We secure your personal information on servers located in controlled, secure environments. Our employees have limited access to your personal information based on their responsibilities and all employees with access to any such information are instructed to protect the confidentiality of your personal information as described in the Privacy Policy.

We want you to feel confident using our Site(s) to transact business. However, no system can be completely secure. Therefore, although we take steps to secure your personal information, we do not promise, and you should not expect, that your personal information will always remain secure.

The safety and security of your personal information also depends on you. You should take care with how you handle and disclose your personal information and should avoid sending personal information through unsecure e-mail. We encourage you to learn about how to prevent identity theft. Some helpful resources can be found on the websites like the site of the Federal Trade Commission, www.ftc.gov.

If a data breach compromises your personal information, we will notify you and any applicable regulator when we are required to do so by applicable law.

 


 

Rights and choices about your personal information

  • Communication Preferences: You may receive telephone calls, text messages, and emails from us using the numbers or email addresses you provide. You may change your communication preferences at any time by contacting us via the “Contact Us” details provided at the end of this Policy. If you no longer wish to receive communications from us via email, you may also opt-out by clicking the “unsubscribe” link at the bottom of our emails. If you wish to change your communication preferences, please provide your name, telephone number, and/or email address so that we may identify you in the opt-out process. Once we receive your instruction, we will promptly take action.
  • Cookies: You may set your browser to refuse all or some browser cookies or to alert you when cookies are being set. For more information on how to modify your browser settings to block or filter cookies, see the section, “Cookies and Similar Technologies” herein and visit http://www.cookiecentral.com/faq/. You may learn more about internet advertising practices and related consumer resources at http://www.aboutads.info/consumers/, http://www.networkadvertising.org/choices, and http://youronlinechoices.eu/.
  • Online Tracking Signals: Except if required by law, we do not currently recognize browser settings or signals of tracking preferences, which may include “Do Not Track” instructions. “Do Not Track” is a web browser setting that seeks to disable the tracking of individual users’ browsing activities. We adhere to the standards set out in this Policy and do not currently respond to “Do Not Track” signals on the Site or on third-party websites or online services where we may collect information.
  • Accuracy and Updating Your Personal Information: Our goal is to keep your personal information accurate, current, and complete. If any of the personal information you have provided to us changes, please let us know by contacting us at privacy@signifyhealth.com. For instance, if your email address changes, you may wish to let us know so that we can communicate with you. If you become aware of inaccurate personal information about you, you may want to update your information. We are not responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us. We honor such requests when we are required to do so under applicable law.
  • Complaints: If you believe your rights relating to your personal information have been violated, you may lodge a complaint with us by contacting via the “Contact Us” details provided at the end of this Policy.

 


 

Additional disclosures for data subjects in the EEA and the U.K.

 

When This Section Applies

This section applies solely to and provides information about how and Signify collects, stores, uses, transfers and otherwise processes personal data in or from certain countries in the European Economic Area, the United Kingdom, and Switzerland (together, for purposes of this section of the Privacy Statement, “EEA”), accordance with the General Data Protection Regulation (GDPR) and its local implementations.

We will use your personal data only for the purposes and in the manner set forth herein, which describes the steps we take to ensure the processing of your personal data is in compliance with the Data Protection Acts 1988 to 2018 (as amended) and any subsequent data protection and privacy legislation, European Union Law including Regulation (EU) 2016/679, known as the General Data Protection Regulation or GDPR and any subsequent amendments (collectively referred to as “Data Protection Legislation”).

 

Identity of the Controller of Personal Information

For the purposes of Data Protection Legislation, the Data Controller is Signify Ireland Technology Development Limited, an Irish registered company (Registered Number 709746) and having its registered office address at The Alcantara Building, Bonham Quay, Dock Road, The Docks, Galway, Ireland, H91 AX8R.

 

Contact Details of the Data Protection Officer

It has been determined that Signify is not required to have a Data Protection Officer. Please see “Contact Us” for how to reach us.

 

Legal Bases for Processing of Your Personal Data

Where Signify is acting as a data controller, the personal data we collect from you or through our systems (as described in the “What Information Do We Collect?” and “How We Use and Share Your Information?” sections above) helps us manage our actual or potential employment relationship with you, and to comply with our legal obligations for the conduct of our business. Signify uses your personal data only when we have a valid legal basis to do so. Depending on the circumstance, Signify may rely on your consent or the fact that the processing is necessary to fulfill a contract with you, protect your vital interests or those of other persons, or to comply with law. We may also process your personal data where we believe it is in our or others’ legitimate interests, taking into consideration your interests, rights, and expectations. If you have questions about the legal basis, see “Contact Us” for further information.

 

Where Does Signify Obtain my Personal Data From?

Most of the personal data we process (as described above in “What Information Do We Collect?”) is obtained from you when you access this Site , but we also obtain personal data about you in the course of the performance of your contract with us or potential contract with us, including when you are a candidate for a position at Signify.

In some circumstances, we may request your explicit consent to process (specific types of) personal data. In these circumstances, you are able to withdraw your consent at any time by following the instructions provided when you gave consent or at the contact details below.

You are required to provide consent to strictly necessary cookies in order to use our Site. If you do not provide your consent you may not be able to apply for positions with us and you may not be able to use the full functionality of our Site.

No decisions will be taken about you using automated means, we will notify you in writing if this position changes.

 

Transfers Outside the European Economic Area

We will transfer your personal data to the United States of America and other countries outside of the EEA. When we transfer your personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such Data, including standard contractual clauses under GDPR Article 46.2 or adequacy decision under GDPR Article 45. Please see the ‘Contact Us’ section below if you wish to obtain information concerning such safeguards.

 

Retention of Personal Data

We will keep your personal data for as long as it is necessary to fulfill the purposes for which it was collected as described above and in accordance with our legal and regulatory obligations. This may mean that some information is held for longer than other information. The criteria we use to determine data retention periods for personal data includes the following:

  • Retention in case of queries; we will retain it for a reasonable period after the relationship between us has ceased;
  • Retention in case of claims; we will retain it for the period in which it may be enforced (this means we will retain it for 10 years in some instances); and
  • Retention in accordance with legal and regulatory requirements; we will consider whether we need to retain it after any period described in this section because of a legal or regulatory requirement.

 

Your Rights

You may have various rights under data protection legislation in your country (where applicable).

 

Right of Access: Subject to certain conditions, you are entitled to have access to your personal data which we hold (this is more commonly known as submitting a “data subject access request”).

  • How do I execute this right? Requests for such information should be made in writing to privacy@signifyhealth.com If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations.
  • What conditions must be met to exercise this right? We must be able to verify your identity. Your request may not affect the rights and freedoms of others, e.g. privacy and confidentiality rights of other customers. Data solely retained for data backup purposes is principally excluded.

 

Right of Data Portability: Subject to certain conditions, you are entitled to receive the data which you have provided to us and which is processed by us by automated means, in a commonly-used machine readable format.

  • How do I execute this right? Requests should be made in writing to privacy@signifyhealth.com If possible, you should specify the type of information you would like to receive to ensure that our disclosure is meeting your expectations.
  • What conditions must be met to exercise this right? The GDPR does not establish a general right to data portability. This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (e.g. not for paper records). It affects only personal data that was “provided” by you. Hence, it does, as a rule, not apply to personal data that was created by Signify.

 

Rights in Relation to Inaccurate or Incomplete Personal Data: You may challenge the accuracy or completeness of personal data which we process about you. If it is found that personal data is inaccurate, you are entitled to have the inaccurate data removed, corrected or completed, as appropriate.

  • How do I execute this right? We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details, telephone number, immigration status. Please always check first whether self-help tools are available. If no such tools are available, requests should be made in writing to privacy@signifyhealth.com.
  • What conditions must be met to exercise this right? This right only applies to your own personal data. When exercising this right, please be as specific as possible.

 

Right to Object to or Restrict our Data Processing: Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data.

  • How do I execute this right? Requests should be made in writing to privacy@signifyhealth.com.
  • What conditions must be met to exercise this right? This right applies only if the processing of your personal data is explicitly based on our so-called “legitimate interests” (see “basis of processing” above). Objections must be based on grounds relating to your particular situation. They must not be generic so that we can demonstrate that there are still lawful grounds for us to process your personal data.

 

Right to Have Personal Data Erased: Subject to certain conditions, you are entitled, on certain grounds, to have your personal data erased (also known as the “right to be forgotten”), e.g. where you think that the information we are processing is inaccurate, or the processing is unlawful.

  • How do I execute this right? Requests should be made in writing to privacy@signifyhealth.com.
  • What conditions must be met to exercise this right? There are various lawful reasons why we may not be in a position to erase your personal data. This may apply (i) where we have to comply with a legal obligation, (ii) in case of exercising or defending legal claims, or (iii) where retention periods apply by law or our statutes.

 

Right to Withdraw Consent: You have the right to withdraw your consent to any processing for which you have previously given that consent.

  • How do I execute this right? Requests should be made in writing to privacy@signifyhealth.com.
  • What conditions must be met to exercise this right? If you withdraw your consent, this will only take effect for the future.

 

Your Right to Lodge a Complaint with a Supervisory Authority

You have the right to make a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR. The Irish personal Data Protection Authority contact details are:

 

Data Protection Commission
Telephone: +353 (0)761 104 800 (10:00 - 12:00hrs Monday - Friday) or
+353 (0)578 684 800 (14:00 - 16:00hrs Monday - Friday)

E-mail: info@dataprotection.ie

For further information please visit www.dataprotection.ie

 


 

Additional disclosures for residents of California

Collection of Personal Information and Sensitive Personal Information

In addition to the information we have provided throughout this Policy, in the last 12 months, we have collected the following categories of personal information about you based on your specific transactions and interactions with us or our website. For each category of information, the categories of third parties with whom we may have disclosed the information in the last 12 months are referenced by a letter that coincides with the letter in the list of categories of service providers and third parties that follows soon after this table.
 
Category
Examples
Disclosed in Last 12 Months To:
Personal Identifiers 
Name, alias, social security number, date of birth, driver’s license or state identification card number, passport number.
A, B, C, D, E, F, H, I
Contact Information
Home, postal or mailing address, email address, home phone number, cell phone number.
A, B, C, D, E, F, H, I
Account Information
Username and password for Company accounts and systems, and any required security or access code, password, security questions, or credentials allowing access to your Company accounts.
Not Disclosed
Protected Classifications
Race, ethnicity, national origin, citizenship, immigration status, sex, gender, sexual orientation, gender identity, religious or philosophical beliefs, age, disability, medical or mental condition, military status, familial status, union membership.
B
Commercial Transactional Data
Information regarding products or services provided, purchasing history.
A, C, D, E, F, I
Internet Network and Computer Activity
Date and time of your visit to this website; webpages visited; links clicked on the website; browser ID; browser type; device ID; operating system; form information downloaded; domain name from which our site was accessed; search history; and cookies; internet or other electronic network activity information related to usage of Company networks, servers, intranet, or shared drives, including system and file access logs, security clearance level, browsing history, search history, and usage history.
D, F, H
Geolocation Data
IP address and/or GPS location, latitude & longitude. 
H
Mobile Device Data
Information collected when you navigate, access, or use any of our websites via mobile device, including device type, software type; data identifying your device if you access our business networks and systems, including cell phone make, model, and serial number, cell phone number, and cell phone provider.
A, C, D, F
Employment Data 
Company name, role.
A
Online Portal and Mobile App Access and Usage Information
Username and password, account history, usage history, file access logs, and security clearance level.
H
Visual, Audio or Video Recordings
Your image when recorded or captured in surveillance camera footage or pictures of you taken on our premises or at our events or that you share with us.
H
Facility & Systems Access Information
Information identifying you, if you accessed our secure company facilities, systems, networks, computers, and equipment, and at what times, using keys, badges, fobs, login credentials, or other security access method.
H

 

We may disclose your personal information to the following categories of service providers, contractors, or third parties:
A.    Lead providers
B.    Government agencies
C.    Promotional or other fulfillment vendors
D.    Support vendors for marketing, managing, or hosting the website, and the Live Chat function on the website
E.    Transaction support vendors
F.    Data analytics vendors
G.    Security and risk management vendors
H.    Corporate customers

Of the above categories of Personal Information, the following are categories of Sensitive Personal Information the Company may collect from or about consumers, independent contractors, or applicants:
•    Personal Identifiers (social security number, driver’s license or state identification card number, passport number)
•    Account Information (your Company account log-in, in combination with any required security or access code, password, or credentials allowing access to the account)
•    Protected Classifications (racial or ethnic origin, citizenship, immigration status, religious or philosophical beliefs, union membership, or sexual orientation)
•    Biometric Information (used for the purpose of uniquely identifying you)
•    Medical and Health Information
•    Geolocation Data (IP address and/or GPS location, latitude & longitude)

Personal information does not include:
•    Publicly available information from government records.
•    Information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer, independent contractor, or applicant, or from widely distributed media. 
•    Information made available by a person to whom the consumer, independent contractor, or applicant has disclosed the information if the consumer, independent contractor, or applicant has not restricted the information to a specific audience. 
•    Deidentified or aggregated information.

Retention of Personal Information 
•    We will retain each category of personal information in accordance with our established data retention schedule. In deciding how long to retain each category of personal information that we collect, we consider many criteria, including, but not limited to: the business purposes for which the Personal Information was collected; relevant federal, state and local recordkeeping laws; applicable statutes of limitations for claims to which the information may be relevant; and legal preservation of evidence obligations. 
•    We apply our data retention procedures on an annual basis to determine if the business purposes for collecting the personal information, and legal reasons for retaining the personal information, have both expired. If so, we will purge the information in a secure manner. 

We may collect your personal information from the following sources:
•    You the consumer, when you visit the website and voluntarily submit information through forms on the website or social media, when you visit any of our stores or physical locations, when you purchase or inquire about any of our products or services, when you utilize the Live Chat feature on the website, when you enter into a contract to perform services for us, or when you apply for a position of employment
•    Our employees and contractors, when you interact with them
•    Other customers and visitors, when you interact with them or when they observe you
•    We utilize cookies to automatically collect information about our website visitors
•    Lead generators and referral sources
•    Recruiters
•    Social media platforms
•    Company-issued computers, electronic devices
•    Company systems, networks, software applications, and databases you log into or use

We may collect your personal information for the following business purposes:
1.    To fulfill or meet the purpose for which you provided the information.
2.    To process, complete, and maintain records on transactions.
3.    To retain your selection for Text opt in/opt out to ensure customers who opted out are not sent any text messages.
4.    To schedule, manage and keep track of customer appointments.
5.    To maintain records of when customers decline a service or sale.
6.    To respond to consumer inquiries, including requests for information, customer support online, Live Chat on the website, and phone calls
7.    To improve user experience on our website.
8.    To understand the demographics of our website visitors.
9.    To detect security incidents.
10.    To debug, identify, and repair errors that impair existing intended functionality of our website.
11.    To protect against malicious or illegal activity and prosecute those responsible.
12.    To verify and respond to consumer requests.
13.    To prevent identity theft.

We may disclose your personal information for the following business purposes as numbered above:
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13. 

We DO NOT AND WILL NOT sell your personal information in exchange for monetary or other valuable consideration. We do not share your personal information for cross-context behavioral advertising.
We do not and will not use or disclose your sensitive personal information for purposes other than the following: 
1.    To perform the services reasonably expected by an average employee who requests those services.
2.    To detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information.
3.    To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions.
4.    To ensure the physical safety of natural persons.
5.    For short-term, transient use. 
6.    To perform services on behalf of the Company.
7.    To verify or maintain the quality or safety of a service controlled by the Company, and to improve, upgrade, or enhance the service that is controlled by the Company.
8.    For purposes that do not involve inferring characteristics about the consumers, contractors, and applicants. 

Third-Party Vendors
We may use other companies and individuals to perform certain functions on our behalf. Examples include administering e-mail services and running special promotions. Such parties only have access to the personal information needed to perform these functions and may not use or store the information for any other purpose. Subscribers or site visitors will never receive unsolicited e-mail messages from vendors working on our behalf.

Business Transfers
In the event we sell or transfer a particular portion of its business assets, information of consumers, contractors and applicants may be one of the business assets transferred as part of the transaction. If substantially all of our assets are acquired, information of consumers, contractors and applicants may be transferred as part of the acquisition.

Compliance with Law and Safety
We may disclose specific personal and/or sensitive personal information based on a good faith belief that such disclosure is necessary to comply with or conform to the law or that such disclosure is necessary to protect our employees or the public.

Children Under the Age of 16
We do not knowingly sell or share the personal information of consumers under 16 years of age.

How We Protect the Information that We Collect
The protection of the information that we collect about visitors to this website is of the utmost importance to us and we take every reasonable measure to ensure that protection, including:
•    We keep automatically collected data and voluntarily collected data separate at all times.
•    We use internal encryption on all data stores that house voluntarily captured data.
•    We use commercially reasonable tools and techniques to protect against unauthorized access to our systems.
•    We restrict access to private information to those who need such access in the course of their duties for us.

Rights Under the CCPA and CPRA 
This section of the Privacy Policy applies only to California residents who are natural persons; it does not apply to any entities (whether business, non-profit or governmental). If you are a California resident, you have the following rights: 
1.    Right to Know. The right to request, up to 2 times in a 12-month period, that we identify to you (1) the categories of personal information we have collected about you going back to January 1, 2022, unless doing so would be impossible or involve disproportionate effort, or unless you request a specific time period, (2) the categories of sources from which the personal information was collected, (3) the business or commercial purpose for collecting, selling, or sharing this information, (4) the categories of third parties with whom we share or have shared your personal information;
2.    Right to Access. The right to request, up to 2 times in a 12-month period, that we disclose to you, free of charge, the specific pieces of personal information we have collected about you going back to January 1, 2022, unless doing so would be impossible or involve disproportionate effort, or unless you request a specific time period;
3.    Right to Delete. The right to request, up to 2 times in a 12-month period, that we delete personal information that we collected from you, subject to certain exceptions;
4.    Right to Correct. The right to request that we correct inaccurate personal information (to the extent such an inaccuracy exists) that we maintain about you; 
5.    The right to designate an authorized agent to submit one of the above requests on your behalf. See below for how you can designate an authorized agent; and
6.    The right to not be discriminated or retaliated against for exercising any of the above rights, including an applicant’s and independent contractor’s right not to be retaliated against for exercising the above rights.

You can submit any of the above types of consumer requests through any of the 2 options below:
1.    Submit an online request on our website at https://www.signifyhealth.com/ccpa-request
2.    Call our privacy toll-free line at 855-484-1673. 

How We Will Verify That it is Really You Submitting the Request
If you are a California resident, when you submit a Right to Know, Right to Access, Right to Delete, or Right to Correct request through one of the methods provided above, we will ask you to provide some information in order to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us. For example, we may need you to provide your name, email, phone number, IP address, browser ID, amount of your last purchase with the business, and/or date of your last transaction with the business.

Responding to Your Right to Know, Right to Access, Right to Delete, and Right to Correct Requests
Upon receiving a verifiable request from a California resident, we will confirm receipt of the request no later than 10 business days after receiving it. We endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to an additional 45 calendar days, or 90 calendar days total from the date we receive your request), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. 
We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
For a request to correct inaccurate personal information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own documentation that the personal information is accurate. You should make a good-faith effort to provide us with all necessarily information at the time that you make the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent. 

If You Have an Authorized Agent:
If you are a California resident, you can authorize someone else as an authorized agent who can submit a request on your behalf. To do so, you must either (a) execute a valid, verifiable, and notarized power of attorney or (b) provide other written, signed authorization that we can then verify. When we receive a request submitted on your behalf by an authorized agent who does not have a power of attorney, that person will be asked to provide written proof that they have your permission to act on your behalf, and we will also contact you and ask you for information to verify your own identity directly with us and not through your authorized agent. We may deny a request from an authorized agent if the agent does not provide your signed permission demonstrating that they have been authorized by you to act on your behalf.

 


 

Third-party sites

This Policy is applicable only to the Site, and it does not apply to any third-party websites.
The Site may contain links to, and media or other content from, third parties. These links are to external resources and third parties that have their own privacy policies. Because of the dynamic media capabilities of the Site, it may not be clear to you which links are to external, third-party resources. If you click on an embedded third-party link, you will be redirected away from the Site to the external third-party website. You can check the URL to confirm that you have left this Site.
We cannot and do not (1) guarantee the adequacy of the privacy or security practices employed by or the content and media provided by any third parties or their websites, (2) control third parties’ independent collection or use or your information, or (3) endorse any third-party information, products, services or websites that may be reached through embedded links on this Site.
Any information provided by you or automatically collected from you by a third party will be governed by that party’s privacy policy and terms of use. If you are unsure whether a website is controlled, affiliated, or managed by us, you should review the privacy policy and practices applicable to each linked website.

 


 

Children's online privacy protection act

The Children’s Online Privacy Protection Act (“COPPA”), as well as other data privacy regulations, restrict the collection, use, or disclosure of personal information from and about children on the Internet. Our Site and services are not directed to children aged 13 or younger, nor is information knowingly collected from children under the age of 13. No one under the age of 13 may access, browse, or use the Site or provide any information to or on the Site. If you are under 13, please do not use or provide any information on the Site (including, for example, your name, telephone number, email address, or username). If we learn that we have collected or received personal information from a child under the age of 13 without a parent’s or legal guardian’s consent, we will take steps to stop collecting that information and delete it. If you believe we might have any information from or about a child under the age of 13, please contact us using the contact information provided below.
For more information about COPPA, please visit the Federal Trade Commission’s website at: https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule.

 


 

Updates and changes to this policy

We reserve the right, at any time, to add to, change, update, or modify this Policy to reflect any changes to the way in which we treat your information or in response to changes in law. Should this Policy change, we will post all changes we make to this Policy on this page. If we make material changes to this Privacy Policy, we will place a notice on our Platform(s) near the link to this Privacy Policy and may also send, at our option, a notice to the email address that you have provided. Any such changes, updates, or modifications shall be effective immediately upon posting on the Site. The date on which this policy was last modified is identified at the beginning of this Policy.
You are expected to, and you acknowledge and agree that it is your responsibility to, carefully review this Policy prior to using the Site, and from time to time, so that you are aware of any changes. Your continued use of the Site after the “Last Updated” date will constitute your acceptance of and agreement to such changes and to our collection and sharing of your information according to the terms of the then-current Policy. If you do not agree with this Policy and our practices, do not access, view, or use any part of the Site.

 


 

Contact Us

For more information, or if you have any questions or concerns regarding this Policy or wish to exercise your rights, you may contact us using the information below, and we will do our best to assist you.

By Email: privacy@signifyhealth.com

In Writing:

United States:
Signify Health
4055 Valley View Lane, Ste 400
Dallas, TX 75244
Attn: Privacy Department

International:


The Alcantara Building 
Bonham Quay
Dock Road, The Docks
Galway, Ireland
H91 AX8R
Attn: Site Lead (Data Privacy and HR)