Version 1.1 Last Revised: 10/1/2021
This Privacy Notice applies to the operations of Evernorth Health, Inc. and its affiliates (Evernorth). At Evernorth we respect your right to privacy and value the trust you have placed in us. We are committed to the responsible management, use and protection of our customers' personal information.
This Privacy Notice supplements other applicable policies, practices and privacy notices that may relate to specific business relationships you have with Evernorth.
This Privacy Notice applies to all the information we collect from you through evernorth.com and other websites and mobile applications operated by us from or in connection with which you are accessing this Privacy Notice. We will refer to these websites and mobile applications as "Services" throughout this Privacy Notice.
- Consent to Use Evernorth Services
- Information We Collect
- Site Registration
- Website Role
- Communication Functionality
- Guest Authentication and Functionality
- Designated Caregiver
- Your Personal Health Information
- How We Use Personal Information
- How We Share Personal Information
- Other Information
- Anonymous and Aggregate Information
- Our Online Privacy Notice for Children
- Our Data Protection and Security Policy
- Our Privacy Commitment to Employment Applicants
- Social Media
- Additional Information for Users of a Evernorth Mobile Application
- Cross Border Transfers
- Changes to this Privacy Notice
- Links to Other Websites
- Your California Privacy Rights
- Contacting Us
Consent to Use Evernorth Services
By using Evernorth's Services you are consenting to the collection, use, and disclosure of your personal information in accordance with this Privacy Notice. If you do not agree with the practices described in this Privacy Notice, please do not use Evernorth's Services.
Information We Collect
Personal information is information that identifies you as an individual or relates to an identifiable person. We collect personal information that you voluntarily provide through our Services, including:
- Name, address, and birthdate;
- Other contact information such as email address and/or phone number;
- Financial and health information;
- Credit or debit card number;
- Social security or similar national ID number;
- Geolocation information; and,
- Social media account IDs
We may supplement the information you submit to us online with:
- other personal information we have about you, including information from our affiliates and vendors; and,
- information that we obtain about you from other sources, such as public and nonpublic records, joint marketing partners, social media platforms (including from people with whom you are friends or otherwise connected) and from other third parties.
If you submit any personal information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Notice.
Registration is optional; however, Registered Users are provided access to the Registered User Website and to information and online services not provided on the public website, as well as the ability to login to the Website when revisiting the Site. The Personal Information and Health Information you disclose to us during registration and in connection with the Website are provided strictly on a voluntary basis. We may also collect Non-Personal Information during the registration process as described below. Registered Members or Registered Beneficiaries may be asked to provide us with the Personal Information and/or Health Information of one or more of their Covered Household Members. In some instances, you may provide Personal Information and/or Health Information about your family members to enable utilization of certain Site functionality on their behalf.
Certain portions of the Site may be available to you that include communication functionality. The communication functionality enables real-time communication sessions with Evernorth personnel or other persons on behalf of or in conjunction with Evernorth ("Authorized Persons"). When used, certain Personal Information, Health Information, and/or Non-Personal Information may be shared with or collected by the Authorized Persons depending upon the nature of the communication session. In certain instances, you may be able to selectively grant permission(s) to an Authorized Person to participate with you in interacting with the Site. Certain communication functionality may be provided on the Site for limited purposes, and the Authorized Persons will be unable to provide assistance beyond such purposes.
When you are qualified, you may register for access to the Registered User Website using your Personal Information. Depending on the role assigned to you during Website registration and thereafter, differing Website functionality may be made available to you. For example, the Website functionality available to a Registered Member and a Registered User who is not a Registered Member may differ. In some instances, you may be able to register for access to the Website (i) before you are a plan member so that we can utilize your Personal Information during an open enrollment, (ii) to enable you to take advantage of Website functionality when your membership becomes active, or (iii) otherwise. If you have multiple accounts or roles with us (e.g., based on current membership in a first plan and past membership in a second plan or, as a member and as a caregiver), you may be able to switch between the different accounts/roles while on the Website.
In addition to providing Personal Information during the registration process, you may provide us with Personal Information or Health Information on the checkout page of the Site when ordering and paying for products and/or if you choose to purchase products or services using our "e-check" electronic funds transfer program or through an automatic refill option (if available to you).
Guest Authentication and Functionality
Certain functionality on the Site requires login to the Registered User Website. Other functionality may be available without the use of login credentials. However, depending on the nature of the non-login functionality ("guest functionality"), you may be required to authenticate yourself ("guest authentication"). For example, Site features such as requesting a refill, checking order status, and paying a bill may be performed by logging into the Website or by use of guest functionality. If you have not previously registered for access to the Website, we will not use Personal Information captured during guest authentication to register you for the Website unless you have requested that we do so.
In general, we will not use the Personal Information collected during guest authentication to update your profile unless otherwise indicated. However, we may utilize the captured Personal Information to provide the associated guest functionality. For example, an e-mail address provided while requesting a refill using guest functionality may be used to confirm that your refill has been shipped. In certain instances when using guest functionality, we may communicate with you using your communication preferences and/or Personal Information contained in your profile or otherwise available to us.
When available, you may be able to assign a designated caregiver ("Caregiver") in the "Profile" section of the Registered User Website to act on your behalf with various Express Scripts functions. We will request that you provide certain Personal Information about this individual. The Personal Information may include the individual's full name and date of birth which will be used by us to properly identify your Caregiver when he or she contacts us on your behalf. In certain instances, the Caregiver when so designated may receive Site and other notifications that would otherwise be sent to you. Other features and functionality may be available to the Caregiver based on your designation.
The mechanism that you use to designate the Caregiver may affect the Caregiver functionality available to you and/or the Caregiver, and the actions on your behalf that the Caregiver may make. For example, designating a Caregiver via the Website may enable a lesser number of actions the Caregiver can make on your behalf while compared to designating a Caregiver via legal designation. In some implementations, a Caregiver designated via letter can only be revoked by calling us, while a Caregiver designated via the Website can be revoked via the Website or by calling us.
Your Personal Health Information
In some circumstances, Evernorth's use of your information will also be subject to the requirements of the Health Insurance Portability and Accountability Act ("HIPAA"). For example, when you complete a Health Risk Assessment, the information you provide may be subject to HIPAA.
How We Use Personal Information
We use personal information you provide when you visit or use our Services to fulfill the purpose for which you provided the information and to enhance your experience with us. These uses include:
- Completing transactions, for example, processing your insurance payments;
- Processing claims;
- Sending you information about health care and health related services, resources and benefits that will help you manage your health;
- Sending administrative information to you, for example, information regarding the Services and changes to our terms, conditions, and policies;
- Providing and improving customer services, including through email or text communications, or any chat or similar feature available through our services;
- Sending marketing information we think may be of interest to you;
- Providing a quote for one or more of our products;
- Sending you surveys;
- To allow you to send messages to a friend through the Services. By using this functionality, you are telling us that you are entitled to use and provide us with your friend's name and email address;
- Authenticating or confirming your identity when you return to your Evernorth accounts online;
- Conducting our business, such as data analysis, audits, developing new products, enhancing, improving or modifying our services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities;
- Taking any action that we believe to be necessary or appropriate:
- to investigate, prevent and detect illegal activities;
- under applicable laws, including laws outside your country of residence;
- to comply with legal process;
- to respond to requests from public and government authorities including public and government authorities outside your country of residence;
- to enforce our Terms of Service and Privacy Notice;
- to protect our operations or those of our affiliates;
- to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and
- to allow us to pursue available remedies or limit the damages that we may sustain.
- Informing you of job opportunities and evaluating your suitability for a job; and
- Other purposes specifically disclosed at the time we request your information.
How We Share Personal Information
Sharing Among our Affiliates
Evernorth and its affiliates may share your personal information with one another to ensure that your use of the Services is as helpful and beneficial as possible. We may also share your personal information with affiliates in order to support our business operation, to provide services to you and for any other purpose described in this Privacy Notice.
Sharing with Third Parties
We work with third parties that provide services to us, such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, credit card processing, auditing and other services. We may share your personal information with them so they can provide those services.
- We may share personal information with third parties to permit them to send you marketing communications, if you have opted in to such sharing.
- We will share any personal information you provide on our Services for the purposes stated on the page where we collected the information and in accordance with applicable laws and regulations.
- We may share with your benefit plan's plan sponsor or plan administrator the fact that you have visited or used features of our Services to permit your benefit plan's plan sponsor or plan administrator to determine eligibility, qualification or confirmation of a promised incentive or reward to you.
We may share your information in other limited circumstances, including:
- Complying with applicable laws, including laws outside your country of residence;
- Responding to requests from government or public authorities or otherwise cooperating with authorities pursuant to a legal matter, including authorities outside your country of residence;
- Responding to matters of personal or public safety;
- In litigation, investigations, and other legal matters where the data is pertinent;
- Investigating security incidents;
- In the event of the sale or transfer of Evernorth or some of our assets, or in the context of similar business negotiations, including a bankruptcy or similar transaction;
- To identify you to anyone to whom you send messages through the Services;
- Enforcing our Terms of Service; and,
- To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
- Using Adobe Flash technology (including Flash Local Shared Objects ("Flash LSOs") and other similar technologies: We may use Flash LSOs and other technologies to, among other things, collect and store information about your use of the Services. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also go to the Global Storage Settings Panel and follow the instructions (which may explain, for example, how to delete existing Flash LSOs (referred to as "information", how to prevent Flash LSOs from being placed on your computer without your being asked, and how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications.
- An "IP Address" (a number that is automatically assigned to the computer that you are using by your Internet Service Provider) may be identified and logged automatically in our server log files whenever a user access the Services, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is standard practice and is done automatically by many websites, applications and other services. We use IP Addresses for purposes such as calculating usage levels of the Services, helping diagnose server problems, and administering the Services.
- We may also derive your approximate location from your IP address.
- To opt out of these cookies and web beacons, visit the National Advertising Initiative (NAI) by clicking here.
In some instances, we may combine other information with personal information (such as combining your name with your geographical location). If we do, we will treat the combined information as personal information as long as it is combined.
Anonymous and Aggregate Information
Evernorth may aggregate personal information so that it does not personally identify you or any other user of the Services (for example, we may aggregate personal information to analyze the percentage of our users who have a particular area code).
- Evernorth may remove personally identifiable information to create anonymous data.
- Evernorth uses and shares anonymous and aggregate information for historical, statistical, or business planning purposes. Additionally, we may use and share this information for any purpose except where we are required to do otherwise under applicable law. If we are required to treat this information as personal information under applicable law, then we may use it as described above in "Other Information," as well as for the purposes for which we use and share personal information.
Our Online Privacy Notice for Children
- Our Services are not directed to or intended for children.
- Evernorth does not knowingly collect information from children under the age of 18.
- You can visit the Federal Trade Commission"s website to learn about the Children's Online Privacy Protection Act (COPPA).
Our Data Protection and Security Policy
- We take reasonable precautions to safeguard the personal information transmitted between visitors and the Services and the personal information stored on our servers.
- Unfortunately, no method of transmitting or storing data can be guaranteed to be 100% secure. As a result, although we strive to protect your personal information, we cannot ensure the security of any information you transmit to us through, or in connection with, the Services. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the "Contacting Us" section below.
Our Privacy Commitment to Employment Applicants
- We collect information, including personal contact information, education and work history, as well as Social Security and similar national ID numbers in order to process and consider your application.
- We will not sell your application information to unaffiliated third parties for marketing purposes.
- The information on your application may be shared with background check services and our affiliates and used and disclosed for certain regulatory, compliance and legal purposes.
- Evernorth maintains profiles and/or pages on various social media services including Facebook and Twitter.
- If you choose to "Like" Evernorth on Facebook, "Follow" Evernorth on Twitter, or take any other similar action on another social media site, you are providing your consent to receive information updates, including solicitations from Evernorth.
- To stop receiving this information from Evernorth on a social media site, you must follow the procedure established by the site. For example, on Facebook, you must click "Unlike" on Evernorth's page, and on Twitter, you must click "Unfollow" on Evernorth's profile.
Additional Information for Users of an Evernorth Mobile Application
- When you download and use an Evernorth mobile application, we and our service providers may track and collect application usage data, such as the date and time the application on your device accesses our servers and what information and files have been downloaded to the application based on your device number.
- When using certain functions via an Evernorth mobile application, we may use your location information if your mobile device uses global positioning system ("GPS") technology, trackers or other location tools, if you allow your device to provide this information to the mobile application.
- We will use this information to estimate your location and to provide you with more personalized content and/or services.
- An Evernorth mobile application may also permit you to upload a photograph from your mobile device. The photograph is for your use only and Evernorth will not have access to it. Evernorth will not upload it to an Evernorth server. This paragraph does not apply to scans or images of documents you submit to Evernorth in connection with your use of the Services or any services provided Evernorth.
Cross Border Transfers
Your personal information may be transferred to, stored and processed in any country where we have facilities or in which we engage service providers, including the United States. By using the Services, you consent to the transfer of information to countries outside of your country of residence which may have different data protection rules than your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal information.
Evernorth does not represent or warrant that the Services, or any part of them, are appropriate or available for use in any particular jurisdiction. Those who choose to access the Services do so on their own initiative and at their own risk and are responsible for complying with all applicable local laws, rules and regulations. Additional Information for Users of an Evernorth Mobile Application
Changes to this Privacy Notice
- We reserve the right to amend this Privacy Notice at any time.
- We will post the revised Privacy Notice on our Services or announce the change on the home page of the website or app.
- You can determine when we revised the Privacy Notice by referring to the "LAST UPDATED" date at the top of this notice.
- Any changes will become effective when we post the Privacy Notice on our websites. By continuing to use the Services following such changes, you will be deemed to have agreed to such changes.
- If you do not agree with the terms of this Privacy Notice, in whole or in part, you can choose to not continue to use the Services.
Links to Other Websites
- The Services contain links to websites operated by third parties. If you provide personal information to any third party"s website, your transaction will occur on that website (not Evernorth's websites) and that operator will collect the personal information you provide, subject to its privacy policies. We encourage you to read the legal notice posted on those sites, including their privacy policies.
- This Privacy Notice does not apply to your use of and activity on those other websites. We provide links through the Services to other websites only as a convenience, and the inclusion of these links does not imply endorsement of the linked site. We have no responsibility or liability for your use of third party websites.
Please note that we are not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any personal information you disclose to other organizations through or in connection with our mobile applications or other websites.
Your California Privacy Rights
California Civil Code Section 1798.83, entitles California customers to request information relating to whether a business has disclosed personal information to any third parties for the third parties' direct marketing purposes. As explained elsewhere in this Privacy Notice, Evernorth will not sell or transfer your personal information to third party companies for their direct marketing purposes without your consent. California customers who wish to request further information about our compliance with this statute or who have questions may Contact Us or call us toll-free at 1.800.234.4077*. For information about your rights under the California Consumer Privacy Act, please access our California Consumer Privacy Act Notice.
Your Access Rights
If you would like to request to review, correct, update, suppress or delete Personal Information that you have previously provided to us, you may contact us by emailing us here. We will respond to your request consistent with applicable law.
In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information suppressed from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
Online Communication Practice
If you email us, please do not include information you want to keep private. It is possible that your e-mail communication may be accessed or viewed inappropriately by another Internet user while in transit to us. If you wish to send us information that you want to keep completely private, please use a method other than e-mail.
Other Online Communications
We may send you electronic newsletters, information about products or services we offer, and other marketing communications. If you no longer want to receive marketing-related e-mails from us you may opt-out of receiving these marketing related emails by clicking on the unsubscribe link at the bottom of each email.
We will try to comply with your request(s) as soon as reasonably practicable. Please also note that if you do opt-out of receiving marketing-related e-mails from us, we may still need to send you important administrative messages, and you cannot opt-out from receiving administrative messages.
If you have any questions about this Privacy Notice please feel free to Contact Us or call us toll-free at 1.800.234.4077*.
*Note: If you are calling from outside of the United States, and you would like the call to be free, you will need to dial your local access number for AT&T Direct Service and then dial the number provided above. If you are not aware of the access number, it can be located by clicking here.