Evernorth1 Website and Mobile Application Privacy Notice
Last Updated: 6/28/2024
Version: 2.0
Introduction
This Privacy Notice ("Notice") applies to Personal Information collected through the Evernorth Health, Inc. (“Evernorth,” “we,” “us,” or “our”) or affiliated website or mobile application on which it is posted, unless otherwise modified by another notice. We refer to these websites and mobile applications as “Services” throughout this Notice. Please note that this Privacy Notice may supplement, or be superseded by, other applicable policies, practices, and notices that may relate to the specific relationship you have with Evernorth or the particular Services you are using.
By using our Services and/or providing us your Personal Information, you acknowledge the terms of this Notice and those within our Terms of Use as well as any applicable Site Specific Terms of Use related to the specific Service being accessed.
Please note that this Notice does not apply to job applicants and candidates who apply for employment with us or to employees in the context of our working relationship with them. It also does not apply to information that is exempted by another law, including the Health Insurance Portability and Accountability Act (“HIPAA”) as described below.
1. © 2024 Evernorth Health Services
Quick Links:
Health Information
In some circumstances, our collection and use of Personal Information will be subject to the requirements of the HIPAA. Identifiable information for patients or members and related to their care or payment for care will be treated as protected health information (“PHI”) under HIPAA, at which point the terms of the applicable HIPAA Notice of Privacy Practices will apply and will supersede this notice.
In providing Services, many Evernorth affiliates act as “business associates,” a type of contractor under HIPAA, acting on behalf of certain health plans and other HIPAA “covered entities” or business associates. In either case, your health plan is responsible for providing you with a HIPAA Notice of Privacy Practices, and you may request a copy of that document from your health plan directly.
In other circumstances, certain Evernorth affiliates act as covered entities under HIPAA and provide services directly. Patients of Evernorth Care Group and Evernorth Behavioral Care Group should visit our Privacy Menu page to access the Notices of Privacy Practices for those entities.
Our Information Practices
Personal Information We Collect
We may collect information that describes or relates to you and is classified as Personal Information or Personal Data under applicable state laws (collectively, “Personal Information”). Personal Information does not include:
- Publicly available information as defined under applicable state laws.
- Deidentified or aggregated information as defined under applicable state laws.
- Other information excluded from the applicable state laws, including but not limited to Personal Information governed by HIPAA or the Gramm Leach Bliley Act.
In the past 12 months, we may have collected the following categories of Personal Information:
- Identifiers such as name, contact information, online identifiers, and government-issued ID numbers;
- Characteristics of Protected Classifications under state or federal law such as age and medical conditions;
- Commercial Information such as transaction information and purchase history;
- Internet or Network Activity Information such as browsing history, interactions with our website, Internet Protocol (IP) address, Media Access Control (MAC) address; operating system and version; Internet browser type and version (for more information, see the Cookies and Other Tracking Technologies section, below);
- Geolocation Data such as device location;
- Audio, Electronic, Visual and Similar Information such as call and video recordings; and
- Professional or Employment-Related Information such as place of employment and job title.
We may collect this Personal Information directly from you and automatically when you use our Services. We also may collect this Personal Information from our affiliates, vendors, joint marketing partners, and social media platforms.
How We Use Personal Information
To the extent we collect your Personal Information as described above, we may use your Personal Information for the following purposes:
- Services and Support. To provide and operate our Services, communicate with you about your use of the Services, provide you with information about our Services, including information about health care, health related services, resources and benefits that will help you manage your health; sending administrative information to you, such as changes to our terms, conditions, and policies; provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process your payments and claims, communicate with you about the Services, complete transactions, and provide quotes;
- Customization and Personalization. To tailor content we may send or display on the Services, including to offer location customization and personalized help and instructions, and to otherwise personalize your experiences;
- Marketing and Advertising. For marketing and advertising purposes. For example, to send you information about our Services, such as offers, promotions, newsletters, and other marketing content, as well as any other information that you sign up to receive. We also may use certain information we collect to manage and improve our advertising campaigns so that we can better reach people with relevant content;
- Analytics and Improvement. To better understand how users access and use the Services, and our other products and offerings, and for other research and analytical purposes, such as to evaluate and improve our Services and business operations, to develop services and features, and for internal quality control and training purposes;
- Research and Surveys. To administer surveys and questionnaires, such as for market research or member satisfaction purposes;
- Infrastructure. To maintain our facilities and infrastructure and undertake quality and safety assurance measures;
- Authentication. To authenticate or confirm your identity;
- Security and Protection of Rights. To protect the Services and our business operations; to protect our rights or those of our stakeholders; to prevent and detect fraud, unauthorized activities and access, and other misuse; conduct risk and security control and monitoring; where we believe necessary, to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms of Use and/or any additional terms specific to the Services;
- Compliance and Legal Process. To comply with the law and our legal obligations, to respond to legal process and related to legal proceedings;
- General Business and Operational Support. To consider and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions such as financings, and related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions; and
- Business Transfers. To consider and implement mergers, acquisitions, reorganizations, and other business transactions, and where necessary to the administration of our general business, accounting, recordkeeping, and legal functions.
We retain the Personal Information we collect as long as reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection. For example, we will retain your account data for as long as you have an active account with us, as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, or comply with our legal obligations.
How We Disclose Personal Information
To the extent we collect your Personal Information as described above, we may disclose Personal Information for the following purposes:
- Operating the Services and Providing Related Support. To provide and operate our Services, communicate with you about your use of the Services, provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, and for similar service and support purposes.
- Business Transfers. If we or our affiliates are or may be acquired by, merged with, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. As part of the business transfer process, we may share certain of your Personal Information with lenders, auditors, and third-party advisors, including attorneys and consultants.
- In Response to Legal Process. We may disclose your Personal Information to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
- To Protect You, Ourselves, and Others. We disclose your Personal Information when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use, any additional terms specific to the Services, or this Notice, or as evidence in litigation in which we are involved.
We may disclose the Personal Information that we collect for the purposes described above with the following parties:
- Vendors. We may disclose Personal Information we collect to our service providers or agents who perform functions on our behalf. These may include, for example, IT service providers, help desk, payment processors, analytics providers, consultants, auditors, and legal counsel.
- Our Affiliates. We may disclose Personal Information we collect to our affiliates or subsidiaries.
- Our Business Customers. Any Personal Information that we collect and process on behalf of a business client will be disclosed as directed by that business customer.
- Third-Party Ad Networks and Providers. We may disclose Personal Information to third-party ad network providers, sponsors and/or traffic measurement services. These third parties may use cookies, JavaScript, web beacons (including clear GIFs), and other tracking technologies to measure the effectiveness of their ads and to personalize advertising content to you. These third-party cookies and other technologies are governed by each third party's specific Privacy Notice, not this one. To exercise your choices about receiving third-party ads, see the “Tracking and Advertising Choices” section below.
- Government or Public Authorities. We may disclose Personal Information to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request, (b) to enforce our agreements, policies, and terms of service, (c) to protect the security or integrity of our Services, (d) to protect the property, rights, and safety of us, our users, or the public from harm or illegal activities, (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person, or (f) to investigate and defend ourselves against any third-party claims or allegations.
Cookies, SDKs, and Other Tracking Technologies
We may use cookies, SDKs, tags, and other tracking mechanisms to track information about your use of our Services, and to provide, customize, evaluate, and improve our Services.A cookie is a small alphanumeric identifier that is placed on your website browser when you visit a website. Cookies are transferred to your device’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Services, while others are used to allow us to track your activities at our Services. Software Development Kits (SDKs) are programming packages that allow us to develop our Services. Certain SDKs allow us to track and measure certain data about the way users interact with our mobile apps. Below are descriptions of the types of tracking technologies our Services may employ.
- Session Cookies. Session cookies exist only during an online session. They disappear from your device when you close your browser or turn off your device. We use session cookies to allow our systems to uniquely identify you during a session while accessing our Services. This allows us to display content and provide our Services to you while navigating our Site.
- Persistent Cookies. Persistent cookies remain on your device after you have closed your browser or turned off your device. We use persistent cookies to track statistical information about user activity.
- Clear GIFs, Pixel Tags and Other Technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Services to, among other things, track activities of Site visitors, and to help us manage content on our Services.
- Third-Party Analytics. We use third-party tools, which are operated by third-party companies, to evaluate usage of our Services. These third-party analytics companies use cookies, pixels, and other tracking technologies to collect usage data about our Services to provide us with reports and metrics that help us evaluate usage of our Services, improve our Services, and enhance performance and user experiences.
- Third-Party Advertising. We work with third-party ad networks, analytics, marketing partners, and others (“third-party ad companies”) to personalize content and display advertising within our Services, as well as to manage our advertising on third-party websites. We and these third-party ad companies may use cookies, pixels tags, and other tools to collect browsing and activity information within our Services (as well as on third-party websites and services), as well as IP address, unique ID, cookie and advertising IDs, and other online identifiers. We and these third-party ad companies use this information to provide you more relevant ads and content within our Services and on third-party websites, and to evaluate the success of such ads and content.
- Session Replay. We use session replay technologies so we can diagnose problems with our Services and identify areas for improvement. The data collected by this technology is not accessible by or shared with third parties or service providers.
Tracking and Advertising Choices
If you wish to prevent cookies from tracking your activity on our websites or visits across multiple websites, there are tools you can use to disable cookies and opt out of interest-based advertising.
- Browser Solutions for Disabling Cookies. If you wish to prevent cookies from tracking your activity on our website or visits across multiple websites, you can set your browser to block certain cookies or notify you when a cookie is set. The Help portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Services who disable cookies will be able to browse the Services, but some features may not function.
- Industry Solutions for Opting Out of Interest-Based Advertising. Notwithstanding the above, you may follow the steps provided by initiatives that educate users on how to set tracking preferences for most online advertising tools. These resources include the Network Advertising Initiative (https://thenai.org/about-online-advertising/) and the Digital Advertising Alliance (https://digitaladvertisingalliance.org/).
Note, your opt out may not be effective if your browser is configured to reject cookies. Opting out of participating third party ad networks does not opt you out of being served advertising. You may continue to receive generic or “contextual” ads on our Services. You may also continue to receive targeted ads on other websites, from companies that do not participate in the above programs.
We are not responsible for the completeness, effectiveness, or accuracy of any third-party opt-out options or programs.
State-Specific Disclosures
This section describes how we may collect Personal Information and our information practices related to Personal Information when you visit our website or otherwise interact with us (collectively our “Services”), under the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020, (“CCPA”); Colorado Privacy Act (“CPA”); Connecticut Data Protection Act (“CTDPA”); Virginia Consumer Data Protection Act (“VCDPA”); the Utah Consumer Privacy Act (“UCPA”); the Montana Consumer Data Privacy Act (“MCDPA”); the Nevada Consumer Health Data Privacy Act (“NHDPA”); the Oregon Consumer Privacy Act (“OCPA”); and the Texas Data Privacy and Security Act (“TDPSA”). To the extent applicable, these laws will be referred to as “applicable state laws” in this Notice. This Notice applies to the Personal Information we collect from residents of these states. If you are a resident of California, Colorado, Connecticut, Virginia, Utah, Nevada, Oregon, or Texas, please refer to the relevant Privacy Rights section below for your jurisdiction.
California Privacy Rights
Under the CCPA, California residents have the right to receive certain disclosures regarding our information practices related to “Personal Information,” as defined under the CCPA. To the extent you are a resident of California, and we collect Personal Information subject to CCPA, the following applies.
Disclosures to Third Parties
This section relates to our third-party disclosures. We may disclose Personal Information to service providers, as described above in this Notice. We also may disclose the Personal Information we collect (as described above) to the following categories of third parties.
- Third party analytics providers
- Regulators, government entities, and law enforcement
- Affiliates and subsidiaries
Additionally, CCPA defines a "sale" as disclosing or making available to a third-party Personal Information in exchange for monetary or other valuable consideration, and “sharing” broadly includes disclosing or making available Personal Information to a third party for purposes of cross-context behavioral advertising. While we do not disclose Personal Information to third parties in exchange for monetary compensation, we may “sell” or “share” (as defined by the CCPA) identifiers and internet and electronic network activity information to third parties. We do so to improve and evaluate our advertising campaigns and better reach customers and prospective customers with more relevant ads and content. As described in the Cookies and Other Technologies section above, although we also use session replay technologies to record users’ interactions with the Services, this data is not accessible by or shared with third parties or service providers.
We do not sell or share any Personal Information about individuals who we know are under sixteen (16) years old.
Your CCPA Rights
To the extent you are a resident of California, you may have the following rights to your Personal Information:
- Right to Access: With respect to the Personal Information we have collected about you in the prior 12 months, you have the right to request from us (up to twice per year and subject to certain exemptions): (i) categories of Personal Information about you we have collected; (ii) the sources from which we have collected that Personal Information; (iii) our business or commercial purposes for collecting, selling, or disclosing that Personal Information; (iv) the categories of third parties to whom we have disclosed that Personal Information; and (v) a copy of the specific pieces of your Personal Information we have collected.
- Right to Correct: You have the right to request that we correct inaccuracies in your Personal Information.
- Right to Delete: Subject to certain conditions and exceptions, you may have the right to request deletion of Personal Information that we have collected about you.
- Right to Opt-Out of Sale/Sharing: You may have the right to opt-out of the “sale” or “sharing” of your Personal Information.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of the rights described in this section.
- Authorized Agent: You may designate someone as an authorized agent to submit requests and act on your behalf. To do so, you must provide us with written permission to allow the authorized agent to act on your behalf.
In order to opt out of sharing information for targeted marketing, please click on the Opt-Out Link titled “Do Not Sell or Share My Personal Information” on the bottom of the website homepage. To make a request for the other rights described above, please contact us at privacy@evernorth.com or mail us at: P.O. Box 188014, Chattanooga, TN 37422 ATTN: Privacy Office, or contact us toll-free at the number on the back of your member ID card or customer service at 877-279-6391. Please indicate you are making a request pursuant to your “California Privacy Rights.” You must provide us with the following information: (1) first and last name; (2) email address; (3) physical address; and (4) date of birth. We will take steps to verify your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your request or, where necessary, to process your request. If we are unable to adequately verify a request, we will notify the requestor. If we are unable to adequately verify a request, we will notify the requestor.
Colorado Privacy Rights
Under the CPA, Colorado residents have the right to receive certain disclosures regarding a business’ processing of “Personal Data,” as defined under the CPA, as well as certain rights with respect to our processing of such Personal Data. To the extent you are a resident of Colorado, and we collect Personal Data subject to applicable Colorado law, the following applies.
- Right to Access: You have the right to confirm whether or not we are processing your Personal Data and to access such Personal Data.
- Right to Correction: You have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data.
- Right to Deletion: You have the right to delete the Personal Data provided to us by you.
- Right to Data Portability: You have the right to obtain a copy of the Personal Data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your Personal Data to another controller without hindrance, where the processing is carried out by automated means.
- Right to Opt-Out of Sale, Targeted Advertising, and Profiling: For purposes of the CPA, a “sale” includes disclosing Personal Data to a third party in exchange for monetary compensation or other valuable consideration. We do not “sell” Personal Information under this definition. Colorado residents have the right to opt out of the automated processing of your Personal Data by us for decisions that produce legal or similarly significant effects concerning you. We do not process Personal Data for such profiling. If our Services involve targeted marketing of involving Personal Data, you may opt out of such activities by clicking on the Opt-Out Link that will populate on the bottom of the applicable website or mobile application homepage.
- Right to Appeal: If we decline to take action regarding your request, you have the right to appeal. We will notify you providing our reasons and instructions for how you can appeal the decision. You have the right to contact the Colorado Attorney General if you have concerns about the result of the appeal.
To make a request for the other rights described above, please contact us at privacy@evernorth.com or mail us at: P.O. Box 188014, Chattanooga, TN 37422 ATTN: Privacy Office, or contact us toll-free at the number on the back of your member ID card or customer service at 877-279-6391. Please indicate that you are making a request pursuant to your “Colorado Privacy Rights” and provide us with the following information: (1) first and last name; (2) email address; (3) physical address; and (4) date of birth. We will take steps to verify your request by matching the information provided by you with the information we have in our records.
Connecticut Privacy Rights
Under the CTDPA, Connecticut residents have the right to receive certain disclosures regarding a business’ processing of “Personal Data,” as defined under the CTDPA, as well as certain rights with respect to our processing of such Personal Data. To the extent you are a Connecticut resident, and we collect Personal Data subject to applicable Connecticut law, the following applies.
- Right to Access: You may have the right to confirm whether or not we are processing your Personal Data and to access such Personal Data.
- Right to Correction: You may have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data.
- Right to Deletion: You may have the right to delete the Personal Data provided to us by you.
- Right to Data Portability: You may have the right to obtain a copy of the Personal Data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your Personal Data to another controller without hindrance, where the processing is carried out by automated means.
- Right to Opt-Out of Sale, Targeted Advertising, and Profiling: For purposes of the CTDPA, a “sale” includes disclosing Personal Data to a third party in exchange for monetary compensation or other valuable consideration. We do not “sell” Personal Information under this definition. Connecticut residents have the right to opt out of the automated processing of your Personal Data by us for decisions that produce legal or similarly significant effects concerning you. We do not process Personal Data for such profiling. If our Services involve targeted marketing involving Personal Data, you may opt out of such activities by clicking on the Opt-Out Link that will populate on the bottom of the applicable website or mobile application homepage.
- Right to Appeal: If we decline to take action regarding your request, you have the right to appeal. We will notify you providing our reasons and instructions for how you can appeal the decision. If the appeal is denied, we will provide a way for you contact the Attorney General to submit a complaint.
To make a request for the other rights described above, please contact us at privacy@evernorth.com or mail us at: P.O. Box 188014, Chattanooga, TN 37422 ATTN: Privacy Office, or contact us toll-free at the number on the back of your member ID card or customer service at 877-279-6391. Please indicate that you are making a request pursuant to your “Colorado Privacy Rights” and provide us with the following information: (1) first and last name; (2) email address; (3) physical address; and (4) date of birth. We will take steps to verify your request by matching the information provided by you with the information we have in our records.
Virginia Privacy Rights
Under the VCDPA, Virginia residents have the right to receive certain disclosures regarding a business’ processing of “Personal Data,” as defined under the VCDPA, as well as certain rights with respect to our processing of such Personal Data. To the extent you are a resident of Virginia and we collect Personal Data subject to applicable Virginia law, the following applies.
- Right to Access: To confirm whether or not we are processing your Personal Data and to access such Personal Data.
- Right of Portability: You may have the right to obtain a copy of the Personal Data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your Personal Data to another controller or business where the processing is carried out by automated means.
- Right to Correction: You may have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data.
- Right to Deletion: You may have the right to delete Personal Data provided by or obtained about you.
- Right to Opt-Out of Sale: Under the VCDPA, a “sale” includes disclosing or making available Personal Information to a third party in exchange for money. We do not “sell” Personal Information under this definition.
- Right to Opt-Out of Targeted Ads and Profiling: You may have the right to opt out of the automated processing of your Personal Data by us for decisions that produce legal or similarly significant effects concerning you. We do not process Personal Data for such profiling. If our Services involve targeted marketing involving Personal Data, you may opt out of such activities by clicking on the Opt-Out Link that will populate on the bottom of the applicable website or mobile application homepage.
- Right to Appeal: If we decline to take action regarding your request, you have the right to appeal. We will notify you providing our reasons and instructions for how you can appeal the decision. If the appeal is denied, we will provide a way for you contact the Attorney General to submit a complaint.
To make a request for the other rights described above, please contact us at privacy@evernorth.com or mail us at: P.O. Box 188014, Chattanooga, TN 37422 ATTN: Privacy Office, or contact us toll-free at the number on the back of your member ID card or customer service at 877-279-6391. Please indicate that you are making a request pursuant to your “Virginia Privacy Rights” and provide us with the following information: (1) first and last name; (2) email address; (3) physical address; and (4) date of birth. We will take steps to verify your request by matching the information provided by you with the information we have in our records. Please note, we may deny your request if (1) we are not reasonably capable of associating your request with the Personal Data or it would be unreasonably burdensome for us to associate your request with the Personal Data; (2) we do not use the Personal Data to recognize or respond to you specifically or associate the Personal Data with other Personal Data about you; and (3) we do not sell the Personal Data to any third party or otherwise voluntarily disclose the Personal Data to any third party other than a processor, except as otherwise permitted under Virginia law.
Utah Privacy Rights
Under the UCPA, Utah residents have the right to receive certain disclosures regarding a business’ processing of “Personal Data,” as defined under UCPA, as well as certain rights with respect to our processing of such Personal Data. To the extent you are a resident of Utah, and we collect Personal Data subject to applicable Utah law, the following applies.
- Right to Access: You may have the right to confirm whether or not we are processing your Personal Data and to access such Personal Data.
- Right to Correction: You may have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data.
- Right to Deletion: You may have the right to delete the Personal Data provided to us by you.
- Right to Data Portability: You may have the right to obtain a copy of the Personal Data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your Personal Data to another controller without hindrance, where the processing is carried out by automated means.
- Right to Opt-Out of Sale and Targeted Advertising: For purposes of UCPA, a “sale” includes disclosing Personal Data to a third party in exchange for monetary compensation. We do not “sell” Personal Information under this definition. If our Services involve targeted marketing involving Personal Data, you may opt out of such activities by clicking on the Opt-Out Link that will populate on the bottom of the applicable website or mobile application homepage.
To make a request for the other rights described above, please contact us at privacy@evernorth.com or mail us at: P.O. Box 188014, Chattanooga, TN 37422 ATTN: Privacy Office, or contact us toll-free at the number on the back of your member ID card or customer service at 877-279-6391. Please indicate that you are making a request pursuant to your “Utah Privacy Rights” and provide us with the following information: (1) first and last name; (2) email address; (3) physical address; and (4) date of birth. We will take steps to verify your request by matching the information provided by you with the information we have in our records.
Montana Consumer Data Privacy Act (Effective October 1, 2024)
Under the MCDPA, Montana residents have the right to receive certain disclosures regarding a business’ processing of “Personal Data,” and defined under MCDPA, as well as certain rights with respect to processing of such Personal Data. To the extent you are a resident of Montana, and we collect Personal Data subject to applicable law, the following applies.
- Right to Access: You may have the right to confirm whether or not we are processing your Personal Data and to access such Personal Data.
- Right to Correction: You may have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data.
- Right to Deletion: You may have the right to delete the Personal Data provided to us by you.
- Right to Opt-Out of Sale, Targeted Advertising, and Profiling: For purposes of the MCDPA, a “sale” includes disclosing Personal Data to a third party in exchange for monetary compensation or other valuable consideration. We do not “sell” Personal Information under this definition. Texas residents have the right to opt out of the processing of your Personal Data by us for decisions that produce legal or similarly significant effects concerning you. We do not process Personal Data for such profiling. To opt out of targeted marketing, where applicable, please click on the Opt-Out Link on the bottom of the website homepage.
- Right to Data Portability: You may have the right to obtain a copy of the Personal Data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your Personal Data to another controller without hindrance.
To make a request for the other rights described above, please contact us at privacy@evernorth.com or mail us at: P.O. Box 188014, Chattanooga, TN 37422 ATTN: Privacy Office, or contact us toll-free at the number on the back of your member ID card or customer service at 877-279-6391. Please indicate that you are making a request pursuant to your “Montana Privacy Rights” and provide us with the following information: (1) first and last name; (2) email address; (3) physical address; and (4) date of birth. We will take steps to verify your request by matching the information provided by you with the information we have in our records. If your request to exercise a right under the MCDPA is denied, you may appeal the denial.
Nevada Consumer Health Data Privacy Rights (Effective March 31, 2024)
Under the NHDPA, Nevada residents and those whose consumer health data is collected in Nevada have the right to receive certain disclosures regarding a business’ processing of “Consumer Health Data,” which is a type of Personal Information, defined by NHDPA. Consumer Health Data means Personal Information that is linked or reasonably capable of being linked to a consumer and that is used by a regulated entity to identify the past, present or future health status of a consumer. This data may vary depending on your relationship with us. For example, we may collect consumer health data when administering a prescription discount card, or verifying your eligibility for benefits under a program we administer.
In connection with the identifiers described above, we may collect the following categories of consumer health data:
- Individual health conditions or status, disease, or diagnosis;
- Social, psychological, behavioral, and medical interventions;
- Surgeries or other health-related procedures;
- The use or acquisition of medication;
- Bodily functions, vital signs, symptoms;
- Reproductive or sexual health care information;
- Gender-affirming care information;
- Certain Biometric data;
- Certain Genetic data;
- Information related to the precise geolocation information of a consumer that a indicates an attempt by a consumer to receive health care services or products; and
- Other information that is derived or extrapolated from information that is not consumer health data that is a proxy or used to infer data related to the above.
NHDPA grants certain rights including a right of access and deletion, subject to certain exceptions. To make such a request, please contact us at privacy@evernorth.com or mail us at: P.O. Box 188014, Chattanooga, TN 37422 ATTN: Privacy Office, or contact us toll-free at the number on the back of your member ID card or customer service at 877-279-6391. Please indicate that you are making a request pursuant to your “Nevada Privacy Rights” and provide us with the following information: (1) first and last name; (2) email address; (3) physical address; and (4) date of birth. We will take steps to verify your request by matching the information provided by you with the information we have in our records. If your request to exercise a right under the NHDPA is denied, you may appeal the denial.
Oregon Privacy Rights (Effective July 1, 2024)
Under the OCPA, Oregon residents have the right to receive certain disclosures regarding a business’ processing of “Personal Data,” and defined under OCPA, as well as certain rights with respect to processing of such Personal Data. To the extent you are a resident of Oregon, and we collect Personal Data subject to applicable law, the following applies.
- Right to Access: You may have the right to confirm whether or not we are processing your Personal Data and to access such Personal Data.
- Right to Correction: You may have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data.
- Right to Deletion: You may have the right to delete the Personal Data provided to us by you.
- Right to Opt-Out of Sale, Targeted Advertising, and Profiling: For purposes of the OCPA, a “sale” includes disclosing Personal Data to a third party in exchange for monetary compensation or other valuable consideration. We do not “sell” Personal Information under this definition. Texas residents have the right to opt out of the processing of your Personal Data by us for decisions that produce legal or similarly significant effects concerning you. We do not process Personal Data for such profiling. To opt out of targeted marketing, where applicable, please click on the Opt-Out Link on the bottom of the website homepage.
- Right to Data Portability: You may have the right to obtain a copy of the Personal Data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your Personal Data to another controller without hindrance.
To make a request for the other rights described above, please contact us at privacy@evernorth.com or mail us at: P.O. Box 188014, Chattanooga, TN 37422 ATTN: Privacy Office, or contact us toll-free at the number on the back of your member ID card or customer service at 877-279-6391. Please indicate that you are making a request pursuant to your “Oregon Privacy Rights” and provide us with the following information: (1) first and last name; (2) email address; (3) physical address; and (4) date of birth. We will take steps to verify your request by matching the information provided by you with the information we have in our records. If your request to exercise a right under the OCPA is denied, you may appeal the denial.
Texas Privacy Rights (Effective July 1, 2024)
Under the TDPSA, Texas residents have the right to receive certain disclosures regarding a business’ processing of “Personal Data,” and defined under TDPSA, as well as certain rights with respect to processing of such Personal Data. To the extent you are a resident of Texas, and we collect Personal Data subject to applicable law, the following applies.
- Right to Access: You may have the right to confirm whether or not we are processing your Personal Data and to access such Personal Data.
- Right to Correction: You may have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data.
- Right to Deletion: You may have the right to delete the Personal Data provided to us by you.
- Right to Opt-Out of Sale, Targeted Advertising, and Profiling: For purposes of the TDPSA, a “sale” includes disclosing Personal Data to a third party in exchange for monetary compensation or other valuable consideration. We do not “sell” Personal Information under this definition. Texas residents have the right to opt out of the processing of your Personal Data by us for decisions that produce legal or similarly significant effects concerning you. We do not process Personal Data for such profiling. To opt out of targeted marketing, where applicable, please click on the Opt-Out Link on the bottom of the website homepage.
- Right to Data Portability: You may have the right to obtain a copy of the Personal Data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your Personal Data to another controller without hindrance.
To make a request for the other rights described above, please contact us at privacy@evernorth.com or mail us at: P.O. Box 188014, Chattanooga, TN 37422 ATTN: Privacy Office, or contact us toll-free at the number on the back of your member ID card or customer service at 877-279-6391. Please indicate that you are making a request pursuant to your “Texas Privacy Rights” and provide us with the following information: (1) first and last name; (2) email address; (3) physical address; and (4) date of birth. We will take steps to verify your request by matching the information provided by you with the information we have in our records.
Changes to this Privacy Notice
The Notice is current as of the date set forth above. We may change, update, or modify this Notice from time to time, so please be sure to check back periodically. We will post any updates to this Notice here. A different version number and/or updated date indicates that a change has been made. If we make any changes to this Notice that materially affect our practices regarding our use of the personal information we previously collected, we will endeavor to provide you with notice, such as by posting prominent notice on our website.
Links to Other Websites
Our Services may contain links to unaffiliated websites. Any access to and use of such linked websites is not governed by this Privacy Notice, but instead is governed by the privacy policies of those websites. We are not responsible for the information practices of such websites, including their collection of your personal information. You should review the privacy policies and terms for any third parties before proceeding to those websites or using those features.
Our Online Privacy Notice for Children
Our Services are designed for a general audience and are not directed to children under the age of 13. We do not knowingly collect personal information online from any person we know to be under the age of 13. If we discover that a child under 13 has provided us with information, we will delete such information from our systems. If you believe we have impermissibly collected personal information from someone under the age of 13, please contact us using the information below.
Contacting Us
If you have any questions about this Privacy Notice, please contact us by email at privacy@evernorth.com or call us toll-free at 877-279-6391.