CHRISTUS Health Plan Privacy Notice

Effective Date: October 5, 2020

Welcome to the website of CHRISTUS Health Plan, a company that provides information and services to help you find, enroll in, and make the best use of your marketplace health insurance! As used in this Privacy Notice, the terms “CHRISTUS Health Plan,” “we” and “us” refer to CHRISTUS Health Plan. To the extent applicable, they also refer to our affiliates, service providers and licensors, and their respective officers, directors, employees, contractors and agents. If you are accepting the terms of this Privacy Notice as an employee or representative of a company or other legal entity, the terms "you" and "your" will refer to both you, personally, and the entity you represent.

CHRISTUS Health Plan is committed to protecting and respecting your privacy. This Privacy Notice describes how we collect, use, protect and share information about you that we obtain when you access and use our Website (defined below), including when you register for an account, request a quote, or submit questions or feedback. This Privacy Notice also applies to information that we obtain when you communicate or interact with us outside of the Website, including by e-mail, telephone and otherwise.

Your use of our Website is also governed by our Consumer Terms of Use and/or Agent Terms of Use, as applicable (the “Terms of Use”), any additional terms made available to you in connection with certain features, functionality, tools, content and promotions available on or through the Website (“Supplemental Terms”), and any and all policies and rules referenced herein or therein, posted on the Website, or otherwise communicated to our Users (the "Website Policies"). To the extent that a provision of the Terms of Use, Supplemental Terms or Website Policies conflicts with this Privacy Notice, such provision shall control.

Please read this Privacy Notice carefully before you use our Website or communicate with us. Changes to this Privacy Notice are discussed at the end of this document.

For purposes of this Privacy Notice:

  • “Users” means any and all individuals that access or use the Website, including applicants for health insurance, insurance agents and other registered users. References to "access" and/or "use" of the Website (and any variations thereof) include the acts of accessing or browsing the Website, and accessing or using the services, information, content, features, functionality, tools and promotions available on or through the Website.
  • “Website” refers to any website owned, operated or powered by CHRISTUS Health Plan (including the website currently located at https://christus.healthsherpa.com/). References to the "Website" include any and all services, information, content, features, functionality, tools and promotions available on or through each such website.

BY ACCESSING OR USING OUR WEBSITE OR COMMUNICATING WITH US OUTSIDE OF THE WEBSITE, YOU ARE ACCEPTING AND CONSENTING TO THE PRACTICES DESCRIBED IN THIS PRIVACY NOTICE, WHICH MAY BE UPDATED AND AMENDED FROM TIME TO TIME. IF YOU DO NOT AGREE TO THE TERMS OF THIS PRIVACY NOTICE, YOU MUST NOT ACCESS OR USE OUR WEBSITE OR OTHERWISE COMMUNICATE WITH US.

Please click on the sections below to learn more about our Privacy Notice:

INFORMATION WE COLLECT

Information You Provide to Us

We collect information that you provide directly to us, including when you register for an account, solicit a health insurance quote, prepare or submit a health insurance application directly or on behalf of another individual, use the Website, update your email preferences, respond to a survey or provide other feedback about the Website, or contact us with questions or comments about the Website.

We may also collect information about you when you opt in to receive text messages from us (for example, when you sign up for health insurance). You may opt in to receive such updates and offers by providing your mobile telephone number through the Website.

We may also collect information about you if a company or organization authorizes you to manage its account or use our Website on its behalf.

Personally Identifiable Information

Some of the information we collect through your use of our Website or communications with us may personally identify you (“Personally Identifiable Information”). The types of Personally Identifiable Information you may submit in connection with use of the Website include, but are not limited to:

  • contact information (such as name, address, email address and telephone number);
  • date of birth;
  • gender;
  • account passwords for the Website;
  • payment card information and other billing information (such as card image, card number, cardholder name, expiration date and card verification code) associated with your account;
  • social security number;
  • health or medical history; and
  • geographic location.

Information Generated from Use of the Website

We also collect certain technical information when you access, browse and use our Website, including information that we automatically receive and record from your browser or mobile platform on our server logs. This technical information helps us operate and provide our Website to you, and includes standard information about visits and system capabilities, such as:

  • information about the device(s) you use to access our Website, including MAC address, IP address, browser type and version, your location, time zone setting, browser plug-in types and versions, operating system and platform, device type, device and application identifiers, operating information, mobile carrier, and cookies;
  • information about your visits to the Website, including the full URL clickstream to, through, and from the Website, including dates and times;
  • information we need and use to facilitate your use of our Website (including to provide access to third party websites and services), such as URL requests, destination IP addresses, or device configuration details;
  • pages you view, searches you run, length of time browsing search results, specific search results you select to view, length of visits to other pages, page interaction information (such as scrolling, clicks, and mouse-overs), your engagement with certain variable/dynamic elements of a page and methods used to browse away from the page;
  • page response times and download errors; and
  • information generated using cookies and beacons. See below for more details regarding our use of cookies and beacons, and your choices with respect to such tracking technologies.

Technical information from your use of the Website is treated as "Non-Personally Identifiable Information," unless it is combined with Personally Identifiable Information, or unless otherwise required by applicable law.

Information from Other Sources

We may receive certain information about you from the organizations or entities on behalf of which we provide the Website to you and/or on behalf of which you access or use the Website. We may also supplement the technical information we collect from your use of the Website with information collected by third parties. Such third parties may include service providers, such as Google Inc., advertising partners, and ad networks that help us understand our Users and provide better service to our Users.

On occasion, we may compare or combine Personally Identifiable Information from third party sources to/with other information we have collected. For example, we may obtain contact information from other sources in order to contact you if we think you or the company you represent would be interested in our Website.

HOW INFORMATION MAY BE USED

Personally Identifiable Information

We may use the Personally Identifiable Information we collect, to:

  • create and manage your account;
  • provide the Website to you;
  • operate our Website, including, without limitation, providing quotes, and submitting and monitoring health insurance applications, access management, payment processing, Website administration, internal operations, troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • send you information that enables you to use our Website;
  • contact you about activity on your account;
  • provide you access to, and updates regarding health insurance and other related offers via text message;
  • respond to your requests, feedback or inquiries;
  • notify you about updates, information, or alerts regarding our Website;
  • process payments;
  • protect and enforce our rights and the rights of other Users against unlawful activity, including identify theft and fraud, and other violations of our Terms of Use;
  • protect and enforce our rights arising under any agreements entered into between you and us, including billing and collection;
  • protect the integrity and maintain the security of our Website, including secured areas of the Website;
  • operate, evaluate and improve our business, including conducting surveys and market research, developing new products, services, and promotions (such as, for example, special events, programs, offers, contests), analyzing and enhancing existing products, services, and promotions, managing our communications; performing accounting, auditing, and other internal functions;
  • provide you with information and advertisements about products, services, and promotions, from us or third parties, that may interest you; and
  • administer your participation in such products, services, and promotions.
In addition, we may use your information as described in any notice provided at the time you provide the information and for any other purpose for which you may provide consent.

Non-Personally Identifiable Information

In addition to the uses described above, we may also use Non-Personally Identifiable Information to:

  • deliver content (including advertising) tailored to your interests and the manner in which you use our Website;
  • present content in a manner that is optimized for your device; and
  • measure and analyze the effectiveness of advertising we serve you.
We may also combine technical information, or Non-Personally Identifiable Information, about your use of our Website with information that we obtain from other Users to use in an aggregate or anonymous manner for similar purposes.

HOW INFORMATION MAY BE SHARED

Personally Identifiable Information

We will not sell or share your Personally Identifiable Information with third parties for the third party's own direct marketing purposes without your express consent. We may share your Personally Identifiable Information with:

  • the Centers for Medicare and Medicaid Services (“CMS”) in order to obtain an eligibility determination for you and to enroll you in health insurance plans offered on the federal healthcare exchange;
  • the organizations or entities on behalf of which we are providing the Website to you and/or on behalf of which you access or use the Website, such as your employer, and other companies associated with those organizations or entities in order to enable their systems to operate with the Website;
  • third party insurance companies to which you submit an application for health insurance on or through the Website;
  • your employer(s), affinity group, and/or benefits administrators or consultants, if you are referred to the Website by such respective parties;
  • if you are a licensed insurance agent using CHRISTUS Health Plan’s agent platform, the designated administrator of your account, if you have an individual subaccount, regarding use of the Services by individual subaccounts;
  • your licensed insurance agent, if applicable;
  • our service providers to the extent reasonably necessary to enable us operate our business and provide our Website to you, as described in this Privacy Notice (e.g., to an e-mail service provider in order to enable us to e-mail you);
  • a buyer or other successor in interest to CHRISTUS Health Plan in the event of a merger, divestiture, restructuring, reorganization, dissolution, liquidation, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personally Identifiable Information held by us about our Users is among the assets transferred;
  • other third parties with your express consent for any purpose disclosed by us when you provide the information; and
  • you, upon your written request.

We may also share Personally Identifiable Information with law enforcement agencies, government officials, or other third parties as necessary for the purpose of:

  • complying with any court order, law or legal process, including to respond to any government or regulatory request;
  • preventing fraud protection and credit risk reduction;
  • investigating potential unauthorized access or misuse of our Website or other breach of our Terms of Use, Supplemental Terms, Website Policies or other agreements;
  • protecting the assets or property, and enforcing the rights of CHRISTUS Health Plan, including for billing and collection purposes; and
  • protecting the rights, property, or safety of our Users or others.

Non-Personally Identifiable Information

In addition, we may share Non-Personally Identifiable Information, including aggregated or anonymized data:

  • with our partners about how our Users collectively use our Website, so that our partners may also understand how often people use their services and our Website;
  • with analytics companies, search engines, or other service providers that help us improve our Website;
  • to report to our affiliates, licensors and service providers, advertising partners and ad networks about the use of various aspects of the Website;
  • with other Users or prospective Users of the Website; and
  • to advertisers and advertising networks to select and serve relevant advertisements.

Notice to California Residents / Your California Privacy Rights

The California Consumer Privacy Act (“CCPA”) provides California residents with certain rights with respect to their personal information that is collected by businesses. If you are a California resident, please review CHRISTUS Health Plan’s California Privacy Notice.

COOKIES AND BEACONS

We may use cookies, beacons and similar automatic data collection technologies, now or in the future, to support the functionality of our Website. These technologies help us provide a better experience when you visit our Website and allows us to improve our Website. The technologies we may use for this automatic data collection may include:

  • Browser Cookies. A browser cookie is a small file placed on the hard drive of your computer. That cookie then communicates with our servers or those of other companies that we authorize to collect data for us, and allows recognition of your personal computer. We associate cookies with Personally Identifiable Information only if you use the logged in areas of the Website, order a Service, use the personalization services available as part of the Website, or ask us to contact you with additional marketing information. We do not otherwise collect Personally Identifiable Information from browser cookies and we do not associate browser cookies with your Personally Identifiable Information. You may use the tools available on your computer or other device to set your browser to refuse or disable all or some browser cookies, or to alert you when cookies are being set. However, if you refuse or disable all browser cookies, you may be unable to access certain parts or use certain features or functionality of our Website. Unless you have adjusted your browser settings so that it refuses all cookies, we may use cookies when you direct your browser to our Website.
  • Beacons. Our Website and e-mails may contain small electronic files known as beacons (also referred to as web beacons, clear GIFs, pixel tags and single-pixel GIFs) that permit us to, for example, count Users who have visited those pages or opened an e-mail and for other website-related statistics. Beacons in e-mail marketing campaigns allow us to track your responses and your interests in our content, offerings and web pages. You may use the tools in your device to disable these technologies as well.
  • Other Tracking Technologies. Our Website may also use other tracking technologies such as embedded scripts, location-identifying technologies, and other similar technologies. These technologies execute on our Website or in your browser and allow us to recognize you when you return to the Website and understand how our users use and interact with our Website.
Our service providers, advertising partners and ad networks may use cookies, beacons, and other similar tracking technologies to collect and share Non-Personally Identifiable Information about your activities both on our Website and on other websites, including, for example, to provide you targeted advertising based upon your interests. In addition, third parties that are unaffiliated with us may also collect information about you, including tracking your browsing history, when you use our Website. We do not have control over these third-party collection practices. If you wish to minimize these third-party collections, and you can adjust the settings of your browsers or install plug-ins and add-ins.

YOUR CHOICES

We offer you certain choices in connection with the information we collect from you.

Limit Use of Information for Health Insurance Purposes

You may request that we limit the collection, creation, disclosure, access, maintenance, storage and use of your Personally Identifiable Information for the sole purpose of our assisting you in applying for health insurance or obtaining an eligibility determination, facilitating payment for your first premium, assisting you in updating or canceling your enrollment in a health insurance plan, and for performing other authorized functions specified in our agreements with CMS. You may request such a limitation by sending an email to privacy@healthsherpa.com or calling us at (855) 772-2663.

Email Communications

You may have the opportunity to receive certain communications from us related to our Website. If you provide us with your e-mail address in order to receive communications, you can opt out of marketing e-mails at any time by following the instructions at the bottom of our e-mails and adjusting your e-mail preferences. Please note that certain e-mails may be necessary for the operation of our Website. You will continue to receive these e-mails, if appropriate, even if you unsubscribe from our optional communications.

Cookies/ Beacons

If you wish to minimize information collected by cookie or beacon, you can adjust the settings of your browsers to notify you when you receive a cookie, which lets you choose whether or not to accept it. You can also set your browser to automatically reject any cookies. You may also be able to install plug-ins and add-ins that serve similar functions. However, please be aware that some features and services on our Website may not work properly if we are not able to recognize and associate you with your account. In addition, the offers we provide when you visit us may not be as relevant to you or tailored to your interests.

Network Advertising Initiative

Certain websites you visit may provide options regarding advertisements you receive. If you wish to minimize the amount of targeted advertising you receive, you can opt out of certain network advertising programs through the Network Advertising Initiative (NAI) Opt–Out Page. Please note that even if you choose to remove your information (opt out) you will still see advertisements while you're browsing online. However the advertisements you see may be less relevant to you. For more information or to opt out of certain online behavioral advertising, please visit http://www.aboutads.info.

Additionally, many advertising network programs allow you to view and manage the interest categories that they have compiled from your online browsing activities. These interest categories help determine the types of targeted advertisements you may receive. The NAI Opt–Out Page provides a tool that identifies its member companies that have cookies on your browser and provides links to those companies.

Do Not Track

Some browsers support a “Do Not Track” (or, DNT) feature, a privacy preference that Users can set in certain web browsers, which is intended to be a signal to websites and services that you do not wish to be tracked across different websites or online services you visit. Our Website does not currently recognize or respond to DNT signals, so DNT settings do not change the way the Website operates.

Please note that we cannot control how third-party websites or online services you visit through our Website respond to Do Not Track signals. Check the privacy policies of those third parties for information on their privacy practices.

Text Alerts

You may have the opportunity to receive certain information, updates and/or offers from us via text communications. If you provide us with your mobile number in order to receive such communications, you can opt out of receiving text messages at any time by contacting us at customer_support@healthsherpa.com.

Updating Information

The accuracy of the information we have about you is very important. To review, correct or delete your Personally Identifiable Information, please contact us at customer_support@healthsherpa.com. For more information about your choices, or to review or correct your Personally Identifiable Information, please follow the prompts on the Website, or contact us as indicated in the “Contact Us” section of this Privacy Notice.

We will retain your information for as long as your account is active or as needed to provide the Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Please note that once your application has been submitted to your chosen health insurance company or any other relevant party (such as the federal government in the case of an application involving advanced premium tax credits) you may be required to contact the insurance company or such other party directly to update your application or other information that they may have collected about you.

SECURING YOUR INFORMATION

The security of your information is important to CHRISTUS Health Plan, and we have established administrative, technical, and physical safeguards designed to protect your Personally Identifiable Information against unauthorized alteration, access, loss, theft, use or disclosure. Unfortunately, no system can guarantee complete security of your information. As a result, CHRISTUS Health Plan cannot ensure or warrant that your information, including your Personally Identifiable Information, is secure from unauthorized third parties. Thus, your use of the Website and communication with us about them is at your own risk.

You are responsible for protecting your password(s) and for the security of information that you transmit to us over the internet.

CHILDREN

Our Website is directed to and is intended to be used only by persons who are 18 years of age or older. We do not knowingly collect information from children under 18. If you are under 18 years of age, you are not permitted to register for an account or otherwise submit any Personally Identifiable Information to us, including your name, address or e-mail address. By registering for an account or submitting any Personally Identifiable Information to us, you represent and warrant that you are 18 years of age or older.

If we discover that we have received any Personally Identifiable Information directly from a child under the age of 18, we will suspend the associated account and remove that information from our database as soon as possible. By registering for an account or otherwise submitting any Personally Identifiable Information to us, you represent and warrant that you are 18 years of age or older. For the avoidance of doubt, this restriction does not apply to information collected from a parent or legal guardian who provides information regarding a dependent child under the age of 18 in connection with a health insurance application or other related purpose.

LINKS TO THIRD PARTY WEBSITES

Our Website may contain links to third party websites and services, including those of third-party insurance providers and advertisers. Please note that these links are provided for your convenience and information, and the websites and services may operate independently from us and have their own privacy policies or notices, which we strongly suggest you review. This Privacy Notice applies to CHRISTUS Health Plan and our Website only. We do not accept any responsibility or liability for the policies or practices of any third parties. If you choose to access any websites or services linked from our Website, please check the applicable policies before you use or submit any personal data to such website or service.

INTERNATIONAL JURISDICTIONS

The Website is hosted in the United States of America and is subject to U.S. state and federal law. The Website is not intended to subject CHRISTUS Health Plan to the privacy laws or jurisdiction of any state, country or territory other than that of the United States, including the European Union. CHRISTUS Health Plan does not represent that the Site is appropriate for use in any particular jurisdiction. Those who access the Site do so at their own initiative and are responsible for complying with all local laws, rules and regulations. If you are accessing our Website from other jurisdictions, please be advised that you are transferring your personal information to us in the United States, and by using our Website, you consent to that transfer and use of your personal information in accordance with this Privacy Notice. You also agree to abide by the applicable laws of applicable states and U.S. federal law concerning your use of the Website and your agreements with us. Any persons accessing our Website from any jurisdiction with laws or regulations governing the use of the Internet, including personal data collection, use and disclosure, different from those of the jurisdictions mentioned above may only use the Website in a manner lawful in their jurisdiction. If your use of the Website would be unlawful in your jurisdiction, you may not use the Website.

CHANGES TO OUR PRIVACY NOTICE

CHRISTUS Health Plan may, in its sole discretion, change this Privacy Notice from time to time. Any and all changes to this Privacy Notice will be reflected on this page and the Effective Date will be stated at the top of this Privacy Notice. Unless stated otherwise, our current Privacy Notice applies to all information that we have about you and your account. Users should regularly check this page for any changes to this Privacy Notice. CHRISTUS Health Plan will always post new versions of the Privacy Notice on the Website. In the event that an amendment materially alters your rights or obligations, we may notify you of the amendment, such as by posting a notification to the home page of the Website, or sending a notification to you at the address we have on file for you, if any.

Your continued use of the Website or communication with us after the updated Privacy Notice has been posted (or any other indication of your consent) will constitute your acceptance of the updated Privacy Notice.

Please note that we may condition your continued access to our Website on your consent to changes to this Privacy Notice.