Privacy Policy

Signify Health Privacy Center

• Online Privacy Policy (below)
• General Data Protection Regulation (GDPR) Candidate Privacy Policy - Access here
• U.S. Workforce Privacy Policy - Access here
• California business-to-business privacy policy - Access here
• Text Messaging Terms and Conditions - Access here
• Terms of Use (Web) - Access here
  

Online Privacy Policy

Effective Date:  July 5, 2024

This Privacy Policy describes how Signify Health (“Signify”) “we” or “us” may collect information about you through your interactions with us or on our websites and mobile applications (collectively, the “Services”). By using the Services, you agree to the terms of this Privacy Policy. If you have any questions or concerns about this Privacy Policy, or about the way your information is collected and used, please email us at email us at privacy@signifyhealth.com.

To the extent that information collected through the Services is patient or member information provided to Signify Health on behalf of your health plan or one of your providers, this information is governed by the relevant the Health Insurance Portability and Accountability Act of 1996 (HIPAA) covered entity’s Notice of Privacy Practices and not this Privacy Policy. If you have questions about which policy applies to information you have provided, please do not hesitate to Contact Us or privacy@signifyhealth.com or call us toll-free at (855) 984-5121.

We may change this Privacy Policy. The “Effective Date” legend at the top of this page indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services following these changes means that you accept the revised Privacy Policy.

Individuals in the EU / EEA. For further information about how Signify collects, stores, uses, transfers and otherwise processes personal information in or from certain countries in the European Economic Area, the United Kingdom, and Switzerland (together, for purposes of this section of the Privacy Statement, “EEA”), in accordance with the General Data Protection Regulation (GDPR) and its local implementations, see “Additional Disclosures for Data Subjects in the EEA, The U.K. and Switzerland.”

Who May Use the Services

We do not knowingly collect personal information online from any person we know to be under the age of 13 and instruct users under 13 not to send us any information to or through the online Services without their parents’ consent.

The Personal Information We Collect

We want you to understand how personal information you provide to us is collected and used. Personal information is any information that we can use to identify, locate, or contact you. We may collect and store your personal information when you provide it to us or to our service providers. Some examples of personal information we collect and when we collect it include:

• Appointments: We or our service providers collect personal information from you when you schedule an appointment using the Website.
• Registration: We collect your personal information when you register on the Services.
• Transactions: We collect personal information from you when you enter into a transaction with us.
• Contact Information: We collect personal information from users of the Services who are interested in receiving information about our products or services, e-mail alerts, newsletters, and other notifications.
• Surveys: From time to time, we request information from you via surveys. Participation in these surveys is voluntary. We request that you not provide personal health information in your survey responses. You may contact us regarding any survey as set forth under “Contact Information,” below.
• Device Information:  We may automatically collect certain personal device information such as device locale, cellular carrier, device manufacturer and device model for purposes of diagnosing problems and to ensure services function properly. This may also include your interactions with our websites or mobile sites, mobile applications, Wi-Fi, and other online services, search terms, pages you visit on our mobile applications, and push notification services you request.
• Eligibility:  We may use your personal information to confirm eligibility for the Services
• Location Information: May collect your precise geolocation that you choose to share with us and / or general location information from your browser or device, which we use for internal purposes only.
• Social Media: We may use your social media account information if you share it with us (e.g., Facebook ID)
• Live Chat Function: By using the Live Chat feature, you consent to our collection and analysis of all personal information provided. The Live Chat feature utilizes a chatbot that analyzes the data and information submitted to respond intelligently to meet or identify your needs and answer questions. We utilize a vendor called Hubspot (“Chat Vendor”) to process, analyze, and store the contents of the chat on our behalf. The Chat Vendor will not sell this data or share it with anyone besides the Company or another vendor engaged to assist in the services provided to the Company. The Chat Vendor will not use or disclose this data for any purpose other than providing services to the Company. For more information on how the Chat Vendor may use or disclose your personal information, please review their privacy policy HERE. By using these forms and features, you direct the Company to disclose to and share with the Chat Vendor any personal information you provide.

If you submit any personal information relating to other people in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

If you choose not to provide your personal information to us, we may not be able to provide you with requested products, services or information.

We may combine the information collected from you through the Services with information we receive from and about you from other online and offline sources and use the combined information in accordance with this Privacy Policy. Our goal is to offer you content, advertisements, products, and services that are most likely to appeal to you.

Use and Disclosure of Personal Information

We use your personal information to respond to your requests, such as, to respond to your questions, send you email alerts, send you newsletters, and to provide you with related customer service. We may also use your information to send marketing communications and administrative information to you, including through the use of push notifications in our apps.

We may use and disclose your personal information to provide and coordinate the treatment and services you receive.

We may use your personal information to personalize your experience on the Website and when interacting with us, including by presenting products and offers tailored to you, and for our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing our Services and new products and services, determining the effectiveness of our educational, awareness or promotional campaigns, and operating and expanding our business activities.

In the event that Signify or some or all of our business, assets or stock are sold or transferred (including in connection with any bankruptcy or similar proceedings) or used as security, or to the extent we engage in business negotiations with third parties, personal information may be transferred to or shared with third parties as part of any such transaction or negotiation.

To the extent permitted by applicable law, we may provide personal information to our affiliated businesses or to our business partners, who may use it to send you marketing and other communications.

We may disclose personal information to our service providers, who provide services such as website hosting, data analysis, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services.

If we are requested by law enforcement officials or judicial authorities to provide personal information, we may do so. In matters involving claims of personal or public safety or in litigation where the information is pertinent (including to allow us to pursue available remedies or limit the damages that we may sustain), we may use or disclose personal information, including without court process. We may also use or disclose personal information to enforce our terms and conditions, to protect our operations or those of any of our affiliates, or to protect our rights, privacy, safety or property and/or that of our affiliates, you, or others.

We may use and disclose personal information to investigate security breaches or otherwise cooperate with authorities pursuant to a legal matter.

We may use and disclose information that does not personally identify you (including the information described under "Cookies and Other Technologies," below) for any purpose, except to the extent limited by applicable law. If we are required to treat such information as personal information under applicable law, then we may use it for all the purposes for which we use and disclose personal information.

We may combine information that does not personally identify you with personal information. If we do, we will treat the combined information as personal information as long as it is combined.

Social Media

We may use and disclose your personal information to facilitate social media sharing functionality that you initiate. If you choose to connect your social media account (e.g., Facebook, Twitter, Pinterest) with your Services account or otherwise engage in social sharing on the Services, your personal information may be shared with your friends, contacts or others associated with your social media account, with other Services users, and with your social media account provider. By connecting your Services account and your social media account or contacting us via social media, you authorize us to share information with your social media account provider, and you understand that the use of the information we share will be governed by the social media site's privacy policy.

For example, if you utilize a social media feature such as the Facebook "Like" button, Google Plus, Pinterest or a Twitter widget, these features may collect information about your IP address and which page you're visiting on our site, and they may set a cookie or employ other tracking technologies. Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with those features are governed by the privacy policies of the companies that provide them.

We may display targeted ads to you through social media platforms. These ads are sent to groups of people who share traits, such as where they live or have expressed an interest in shopping for cosmetics on our mobile site. We do not share any of your personally identifiable information, including your shopping history or health information, with social media platforms. See the policies of each social media platform for additional information about these types of ads, including how to manage your display settings for these ads.

Links

The Services may contain links to, or otherwise make available, third-party websites, services, or other resources not operated by us or on our behalf ("Third Party Services"). These links are provided as a convenience only and do not constitute an affiliation with, endorsement or sponsorship of the Third Party Services.  Specifically, the tools and resources section available on the site in connection with the Services are links to Third Party Services.

Any information you provide to such third parties is not subject to the terms of this Privacy Policy, and we are not responsible for the privacy or security of the information you provide to them or their handling of your information. We recommend that you review the privacy policy of any third party to whom you provide personal information online.

In addition, we are not responsible for the information collection, use, disclosure, or security policies and practices of other organizations, such as Apple, Google, Microsoft, RIM, or any other app developer, app provider, operating system provider, wireless service provider, or device manufacturer.

Signify uses Google Maps to provide navigation services. By using the Signify navigation services, you accept Google Maps’ privacy policy and terms of service.

Information from Other Sources

We may collect data about you from publicly available sources to personalize your experience. We may also obtain data provided by third parties. We may also obtain data provided by third parties.  For example, we may obtain information from companies to improve the accuracy of the information we have about you (e.g., adding your zip code to your address information). This improves our ability to contact you and increases the relevance of our offers and communications to you.

Security

We seek to use reasonable physical, technical, and administrative safeguards to protect personal information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account with us has been compromised), please immediately contact us in accordance with the "Contact Information" section below.

You are responsible for maintaining the confidentiality of your Services access information and password and for restricting access to your device, and you agree to accept responsibility for all activities that occur under your password.

Cookies and Other Technologies

Like many other websites and online services, we collect information about the Services’ traffic and usage patterns through the use of cookies, Web server logs, web beacons and other, similar technologies. We use this information for various purposes, such as to ensure that the Services function properly, to facilitate navigation, to personalize your experience, to understand use of the Services, to diagnose problems, to measure the success of our marketing campaigns and to otherwise administer the Services.

Cookies are small computer files we transfer to your computer's hard drive. These small text files help us personalize content on our pages and provide programs like e-coupons. Your browser software can be set to reject or accept cookies. Instructions for resetting the browser are available in the Help section of most browsers.

Our use of cookies also allows us to collect and retain certain information about a website user, such as the type of Web browser used by our customer. Reviewing our Web server logs and our customers' use of our site helps us to, among other purposes, statistically monitor how many people are using our site and for what purpose.

Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels of the Services, helping diagnose server problems, and administering the Services.

Tracking/Third-Party Advertisers

We may use third-party advertising companies to display advertisements regarding goods and services that may be of interest to you when you access and use the Services, based on information relating to your access to and use of the Services and other online services. To do so, these companies may place or recognize a unique cookie on your browser (including through the use of pixel tags). If you would like more information about this practice and to learn about your choices in connection with it, please visit http://www.networkadvertising.org/managing/opt_out.asp and http://www.aboutads.info/.

We do not respond to browser do-not-track signals.

We may use analytics providers that use cookies, pixel tags and other, similar technologies to collect information about your use of the Services and your use of other websites or online services.

Physical Location

We and our service providers may collect the physical location of your device by, for example, using satellite, cell phone tower, WiFi signals, beacons, Bluetooth, and near field communication protocols. We may use your device's physical location to provide you with personalized location-based services and content. We may also use such information to understand traffic patterns in, near, and across in-home visits. We may share aggregated statistics derived from the location and other information we collect with third parties for safety and other business reasons. You may be permitted to allow or deny such collection of your device’s location, such as through the settings on your mobile device and/or, to avoid the collection of location by beacons, by disabling Bluetooth. If you choose to deny such collection, we and our service providers may not be able to provide you with certain personalized services and content.

For example, precise geo-location can be used to identify your device’s latitude and longitude or your device’s location capability (e.g., GPS or Wi-Fi) to help you navigate.  

Fraudulent Sites, Spam & Phishing

Please be aware that there may be fraudulent websites that illegally use Signify’s logos, and other aspects of the Signify brand. Signify is in no way associated with any fraudulent websites. These sites may circulate their presence on the internet via spam email, or through fraudulent phishing practices.

These sites have not been authorized by Signify to use our name and we work aggressively to identify their source and have them shut down. If you are in receipt of this type of spam email, to help protect your privacy you should avoid replying to it or forwarding it to other people.

In addition to our official websites, Signify works with a number of third parties that host websites and micro-sites that provide information and services to our customers. If you are concerned that a website or an email may be fraudulent, please email us at privacy@signifyhealth.com with your concerns.

Your Choices and Access

You can take yourself off our email list for promotional offers at any time by unsubscribing to emails by following the instructions contained in such emails. If you opt out of receiving promotional emails from us, we may still send you important administrative messages, from which you cannot opt out.

You may stop the receipt of push notifications through your mobile device settings.

You can request the removal or modification of the personal information you have provided to us by sending an email to the appropriate area under "Contact Information". For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity and obtain information on the context in which you provided your personal information before implementing your request. We will try to accommodate your request as soon as reasonably practicable.

You can stop all further collection of information by a Signify mobile application by uninstalling the Signify mobile application.  You may use the standard uninstall process available as part of your mobile device or via the mobile application marketplace or network.

Note: If you uninstall the mobile application from your device, the Signify unique identifier associated with your install and/or device might continue to be stored.  If you re-install the application on the same device, Signify might be able to re-associate this identifier to your previous transactions and activities.

Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.

California Shine the Light Law

If you are our customer and a California resident, you may request that we provide you with certain information about the entities with which we have shared our customers' personal information for direct marketing purposes during the preceding calendar year. To do so, please write to us at privacy@signifyhealth.com.

For information about your privacy rights under the California Consumer Privacy Act (CCPA) to the extent applicable, see the Signify Health Workforce Privacy Policy (link above).

Additional disclosures for data subjects in the EEA and the U.K.

When This Section Applies

This section applies solely to and provides information about how and Signify collects, stores, uses, transfers and otherwise processes personal information in or from certain countries in the European Economic Area, the United Kingdom, and Switzerland (together, for purposes of this section of the Privacy Statement, “EEA”), accordance with the General Data Protection Regulation (GDPR) and its local implementations.

We will use your personal information only for the purposes and in the manner set forth herein, which describes the steps we take to ensure the processing of your personal information is in compliance with the Data Protection Acts 1988 to 2018 (as amended) and any subsequent data protection and privacy legislation, European Union Law including Regulation (EU) 2016/679, known as the General Data Protection Regulation or GDPR and any subsequent amendments (collectively referred to as “Data Protection Legislation”).

Identity of the Controller of Personal Information

For the purposes of Data Protection Legislation, the Data Controller is Signify Ireland Technology Development Limited, an Irish registered company (Registered Number 709746) and having its registered office address at The Alcantara Building, Bonham Quay, Dock Road, The Docks, Galway, Ireland, H91 AX8R.

Contact Details of the Data Protection Officer

It has been determined that Signify is not required to have a Data Protection Officer. Please see “Contact Information” for how to reach us.

Legal Bases for Processing of Your Personal Information

If you are from a jurisdiction that requires a legal basis for processing your personal information our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. We will only process your personal information if we have a lawful basis for doing so.

The lawful bases are explained below:

• Performance of a Contract: When it is necessary for Signify to process your Personal Information to:
  • Comply with legal obligations under a contract with you. This includes our obligations under the terms and conditions of your order, or
  • To verify information before entering into a contract with you.
• Legitimate Interest: Where Signify has an interest in using your personal information in a certain way, which is necessary and proportionate in light of improving our customer experience and audience & targeting.
• Consent: When Signify asks you to actively indicate your agreement to Signify’s use of your personal information for a certain purpose.
• Compliance with Legal Obligations: When Signify must process your personal information to comply with a law.

The table below details how Signify will use your personal information and the accompanying lawful basis.

 Where required by applicable data privacy laws, we will only use your personal information for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for any other reasonable purposes in connection with our engagement with you, the purpose and legal basis for any other further processing will be notified in advance from time to time.

We will share personal information with our service providers and affiliates so that they can provide services to us. Our service providers help us to provide the website, support our marketing and communications services to you. We carefully select our service providers and we take corresponding measures to protect your personal information when service providers are engaged.

Where we rely on a legitimate purpose of Signify or a third-party recipient of the personal information in order to use and disclose personal information, you are entitled to object to such use or disclosure and if you do, we will stop processing your personal information for that purpose unless we can show there are compelling legitimate reasons for us to continue to do so.

Where Does Signify Obtain my Personal Information From?

Most of the personal information we process (as described above in “What Information Do We Collect?”) is obtained from you when you access the Services , but we also obtain personal information about you in the course of the performance of your contract with us or potential contract with us, including when you are a candidate for a position at Signify.

In some circumstances, we may request your explicit consent to process (specific types of) personal information. In these circumstances, you are able to withdraw your consent at any time by following the instructions provided when you gave consent or at the contact details below.

You are required to provide consent to strictly necessary cookies in order to use the Services. If you do not provide your consent you may not be able to apply for positions with us and you may not be able to use the full functionality of the Services.

No decisions will be taken about you using automated means, we will notify you in writing if this position changes.

Transfers Outside the European Economic Area

We will transfer your personal information to the United States of America and other countries outside of the EEA. When we transfer your personal information outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such Data, including standard contractual clauses under GDPR Article 46.2 or adequacy decision under GDPR Article 45. Please see the “Contact Information” section below if you wish to obtain information concerning such safeguards.

Retention of Personal Information

We will keep your personal data for as long as it is necessary to fulfill the purposes for which it was collected as described above and in accordance with our legal and regulatory obligations. This may mean that some information is held for longer than other information. The criteria we use to determine data retention periods for personal information includes the following:

• Retention in case of queries; we will retain it for a reasonable period after the relationship between us has ceased;
• Retention in case of claims; we will retain it for the period in which it may be enforced (this means we will retain it for 10 years in some instances); and
• Retention in accordance with legal and regulatory requirements; we will consider whether we need to retain it after any period described in this section because of a legal or regulatory requirement.

Your Rights

You may have various rights under data protection legislation in your country (where applicable).

 Right of Access: Subject to certain conditions, you are entitled to have access to your personal information which we hold (this is more commonly known as submitting a “data subject access request”).

• How do I execute this right? Requests for such information should be made in writing to privacy@signifyhealth.com If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations.
• What conditions must be met to exercise this right? We must be able to verify your identity. Your request may not affect the rights and freedoms of others, e.g. privacy and confidentiality rights of other customers. Data solely retained for data backup purposes is principally excluded.

 Right of Data Portability: Subject to certain conditions, you are entitled to receive the data which you have provided to us and which is processed by us by automated means, in a commonly-used machine readable format.

• How do I execute this right? Requests should be made in writing to privacy@signifyhealth.com If possible, you should specify the type of information you would like to receive to ensure that our disclosure is meeting your expectations.
• What conditions must be met to exercise this right? The GDPR does not establish a general right to data portability. This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (e.g., not for paper records). It affects only personal information that was “provided” by you. Hence, it does, as a rule, not apply to personal data that was created by Signify.

 Rights in Relation to Inaccurate or Incomplete Personal Information: You may challenge the accuracy or completeness of personal information which we process about you. If it is found that personal information is inaccurate, you are entitled to have the inaccurate data removed, corrected or completed, as appropriate.

• How do I execute this right? We encourage you to notify us of any changes regarding your personal information as soon as they occur, including changes to your contact details, telephone number, immigration status. Please always check first whether self-help tools are available. If no such tools are available, requests should be made in writing to privacy@signifyhealth.com.
• What conditions must be met to exercise this right? This right only applies to your own personal information. When exercising this right, please be as specific as possible.

 Right to Object to or Restrict our Data Processing: Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal information.

• How do I execute this right? Requests should be made in writing to privacy@signifyhealth.com.
• What conditions must be met to exercise this right? This right applies only if the processing of your personal information is explicitly based on our so-called “legitimate interests” (see “basis of processing” above). Objections must be based on grounds relating to your particular situation. They must not be generic so that we can demonstrate that there are still lawful grounds for us to process your personal information.

 Right to Have Personal Information Erased: Subject to certain conditions, you are entitled, on certain grounds, to have your personal information erased (also known as the “right to be forgotten”), e.g. where you think that the information we are processing is inaccurate, or the processing is unlawful.

• How do I execute this right? Requests should be made in writing to privacy@signifyhealth.com.
• What conditions must be met to exercise this right? There are various lawful reasons why we may not be in a position to erase your personal information. This may apply (i) where we have to comply with a legal obligation, (ii) in case of exercising or defending legal claims, or (iii) where retention periods apply by law or our statutes.

 Right to Withdraw Consent: You have the right to withdraw your consent to any processing for which you have previously given that consent.

• How do I execute this right? Requests should be made in writing to privacy@signifyhealth.com.
• What conditions must be met to exercise this right? If you withdraw your consent, this will only take effect for the future.

Your Right to Lodge a Complaint with a Supervisory Authority

You have the right to make a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal information infringes the GDPR. The Irish Personal Data Protection Authority contact details are:

 Data Protection Commission

Telephone: +353 (0)761 104 800 (10:00 - 12:00hrs Monday - Friday) or

+353 (0)578 684 800 (14:00 - 16:00hrs Monday - Friday)

E-mail: info@dataprotection.ie

For further information please visit www.dataprotection.ie

Your Responsibility

By establishing an account with Signify, you agree that it is your responsibility to:

• Authorize, monitor, and control access to and use of your account, User ID and password.
• Promptly inform us of any need to deactivate a password or an account by calling Customer Service provided during registration.

Contact Information

If you have any questions or concerns about this statement, or about the way your information is collected and used, please Contact Us or call us toll-free at (855) 984-5121.

We can also be reached at:

United States:

Signify Health
4055 Valley View Lane, Ste 400
Dallas, TX 75244
Attn: Privacy Department

International:

The Alcantara Building
Bonham Quay
Dock Road, The Docks
Galway, Ireland
H91 33V2
Attn: Site Lead (Data Privacy and HR)