Explore the Platform
Privacy Policy

Notice of Right to Limit the Use of Sensitive Personal Information Effective Date: September 23, 2019

PlanSource Benefits Administration, Inc. (“PlanSource”) operates the website and the PlanSource Mobile App mobile application (hereinafter collectively referred to as the “Services”). This Privacy Policy, without waiving or otherwise releasing any right or obligation under any prior privacy policy or similar document or agreement of PlanSource, hereby amends and restates any such prior privacy policy as of the Effective Date above. 

This page informs you of our policies regarding the collection, use, and disclosure of Personal Data when you use our Services and the choices you have associated with that data. 

DEFINITIONS

“Cookies” means small files of data sent from a website and stored on your device (computer or mobile device).

 “Data Controller” means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information is, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.

“Data Processor” or “Services Provider” means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Services Providers in order to process your data more effectively.

“Data Subject” or “User” means any individual who is using our Services and is the subject of Personal Data.

 “Location Data” means information associated with an electronic device that can be used to identify its physical location.

 “Personal Data” means personally identifiable information about an individual who can be identified from such information (or from those and other information either in our possession or likely to come into our possession).

“Usage Data” means data collected automatically either generated by the use of the Services or from the Services infrastructure itself (for example, the duration of a page visit).

INFORMATION COLLECTION AND USE
We collect several different types of information for various purposes to provide and improve our Services to you.

Personal Data

While using our Services, we may ask you to provide us with Personal Data. Such Personal Data may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Address, State, Province, ZIP/Postal code, City
  • Cookies and Usage Data

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us.

Usage Data

We may also collect Usage Data whenever you visit our Services or when you access the Services by or through a mobile device. This Usage Data may include information such as your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. 

 When you access the Services with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data. 

Location Data

We may use and store Location Data if you give us permission to do so. We use this data to provide features of our Services, to improve and customize our Services. 

You can enable or disable location services when you use our Services at any time by way of your device settings. 

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity of our Services and we hold certain information. 

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags, and scripts to collect and track information and to improve and analyze our Services. 

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services. 

Examples of Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Services.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.

USE OF DATA
PlanSource uses the collected data for various purposes:

  • To provide and maintain our Services
  • To notify you about changes to our Services
  • To allow you to participate in interactive features of our Services when you choose to do so
  • To provide customer support
  • To gather analysis or valuable information so that we can improve our Services
  • To monitor the usage of our Services
  • To detect, prevent and address technical issues
  • To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information

RESIDENTS OF THE EUROPEAN ECONOMIC AREA

If you are a resident of the EEA, you have certain rights and protections under the law regarding the processing of your Personal Data. Please see the sections below for more details.

PlanSource is a voluntary processor of the data collected about you. 

If you are a resident of the EEA, when we process your Personal Data, we will only do so in the following situations: 

  • If we need to use your Personal Data to perform our responsibilities under our contract with you (e.g., processing payments for and providing our Services you have requested). 
  • If we have a legitimate interest in processing your Personal Data. For example, we process the Personal Data we collect from you to send you marketing communications, to communicate with you about changes to our Services, and to provide, secure, and improve our Services. 
  • If we request your consent to a specific processing activity, and you provide your consent in the manner indicated. 
  • In some cases, processing will be necessary for compliance with a legal obligation, such as response to legal process requests. 

We store the information we collect about residents of the EEA for as long as is necessary for the purposes for which we originally collected it. We may retain certain information for legitimate business purposes or as required by law. 

If you are a resident of the EEA, you have the right to access Personal Data we store about you and to ask that your Personal Data be corrected. In certain cases, you may also have the right to request that we erase data we are processing or to restrict or object to certain of our processing activities. You may also have the right to request that we provide the Personal Data you have provided us with in a portable form for transmission to another controller’s service. If you would like to exercise any of these rights, you may contact us as indicated in the “Contact Us” section below or contact your data controller directly. 

If you are a resident of the EEA and have a concern about our processing of Personal Data that we are not able to resolve, you have the right to lodge a complaint with the data protection authority where you reside. For contact details of your local Data Protection Authority, please see: https://edpb.europa.eu/about-edpb/about-edpb/members_en. 

Please direct any inquiries or complaints regarding our compliance with the Data Protection Principles (the “Principles”) to the point of contact listed in the “Contact Us” section below. Under certain conditions specified by the Principles, you may also be able to invoke binding arbitration to resolve your complaint. PlanSource is subject to the investigatory and enforcement powers of the Federal Trade Commission. If PlanSource shares EU Data with a third-party service provider that processes the data solely on PlanSource’s behalf, then PlanSource may be held liable for that third party’s processing of EU Data in violation of the Principles, unless PlanSource can prove that it is not responsible for the event giving rise to the damage. 

INFORMATION FOR US RESIDENTS 

We collect Personal Data from US residents and comply with the consumer privacy laws of California, Colorado, Connecticut, Utah, and Virginia (“US Privacy Laws”). This Privacy Disclosure applies to US residents (“users,” “you,” or “your”). 

For the purposes of this Disclosure, “Personal Data” means information that is linked or reasonably linkable to a particular individual or household. However, the following categories of information are not Personal Data: 

  • Publicly available information; 
  • Deidentified or aggregated data; or 
  • Information otherwise excluded from the scope of US Privacy Laws. 

This Disclosure provides the following information to you: 

  • Categories of Personal Data we collect; 
  • Purposes for which we use Personal Data; 
  • Categories of Personal Data we disclose to third parties; 
  • Categories of third parties to which we disclose Personal Data; and 
  • How you can exercise your rights under US Privacy Laws: 
  • The rights to access, correct, or delete Personal Data; 
  • The right to obtain a portable copy of Personal Data; 
  • The right to limit the use of sensitive personal data in certain circumstances;  
  • The rights to opt out of targeted advertising, sales of personal data, or profiling; and 
  • The right to appeal our decisions about your requests. 

Categories of Non-Sensitive Personal Data

The table below outlines the non-sensitive categories of Personal Data PlanSource collects about you and whether and how they are disclosed to third parties.

We collect Non-Sensitive Personal Data from the following sources:

  • Directly from our users 
  • From our business partners (“business partners” are companies that we have a pre-existing commercial relationship with)

    Category of Personal Data: 

    Identifiers 

    Examples 
    Identifiers may contain the following: Name, Address, Date of Birth, Social Security Number, Phone Number, Employment Status 
    Purpose(s)  
    Processing employee benefits, employee payroll and business-to-business transactions 
    Targeted Advertising 
    We do not engage in targeted advertising or disclose this information for targeted advertising purposes 
    Sale 
    This information is not sold to third parties 
    Other Disclosures 
    This information may be disclosed to Processors and Business Partners. We disclose Identifiers to enable our business partners to fulfill ancillary services on our behalf. 
    Retention Period 
    PlanSource will retain your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies. 

    Category of Personal Data: 

    Personal Characteristics 

    Examples 
    Personal Characteristics may contain the following: Gender 
    Purpose(s) 
    Processing and management of employee benefits and employee payroll 
    Targeted Advertising 
    We do not engage in targeted advertising or disclose this information for targeted advertising purposes 
    Sale 
    This information is not sold to third parties 
    Other Disclosures 
    This information may be disclosed to Processors and Business Partners. We disclose Personal Characteristics to enable our business partners to fulfill ancillary services on our behalf. 
    Retention Period 
    PlanSource will retain your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies. 

    Category of Personal Data: 

    Internet/Electronic Activity 

    Examples 
    Internet/Electronic Activity may contain the following: Cookie IDs, your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. 
    Purpose(s) 
    To provide, maintain, improve, and enhance our Services. To understand and analyze how you use our Services and develop new products, services, features, and functionality. 
    Targeted Advertising 
    We do not engage in targeted advertising or disclose this information for targeted advertising purposes 
    Sale 
    This information is not sold to third parties 
    Other Disclosures 
    This information is not otherwise disclosed to third parties 
    Retention Period 
    PlanSource will retain your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies. 

    Category of Personal Data: 

    Professional Information 

    Examples 
    Professional Information may contain the following: Employment history 
    Purpose(s) 
    Processing and management of employee benefits and employee payroll 
    Targeted Advertising 
    We do not engage in targeted advertising or disclose this information for targeted advertising purposes 
    Sale 
    This information is not sold to third parties 
    Other Disclosures 
    This information may be disclosed to Processors and Business Partners. We disclose Professional Information to enable our business partners to fulfill ancillary services on our behalf. 
    Retention Period 
    PlanSource will retain your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies. 

Categories of Sensitive Personal Information

The table below outlines the categories of Sensitive Personal Data PlanSource collects about US residents and whether they are disclosed to third parties. PlanSource obtains affirmative consent from you to process Sensitive Personal Data to the extent required by US Privacy Laws.

We collect Sensitive Personal Data from the following sources:  

  • Directly from our users 
  • From our business partners (“business partners” are companies that we have a pre-existing commercial relationship with) 

Category of Sensitive Personal Data: 

Government ID Data 

Examples 

Government ID Data may contain the following: Social Security number, Name, Address, DOB, and phone number 

Purpose(s) 

Processing and ongoing management of employee benefits and employee payroll 

Targeted Advertising 

We do not engage in targeted advertising or disclose this information for targeted advertising purposes 

Sale 

This information is not sold to third parties 

Other Disclosures 

This information may be disclosed to Processors and Business Partners. We disclose Government ID Data to enable our business partners to fulfill ancillary services on our behalf. 

Retention Period 

PlanSource will retain your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies 

Business Partners 

See the tables above for more details about how different categories of Personal Data are shared. 

We do not sell Personal Data to anyone. 

Exercising your Personal Data Rights 

US residents have the following rights under US Privacy Laws: 

  • The rights to access, correct, or delete Personal Data; 
  • The right to obtain a portable copy of Personal Data; 
  • The right to limit the use of Sensitive Personal Data in certain circumstances; and 
  • The rights to opt out of targeted advertising, sales of personal data, or profiling; 
  • The right not to receive discriminatory treatment for exercising your privacy rights; and 
  • The right to appeal our decisions about your requests if you disagree with them. 

If you are a US Resident, you can submit a request to exercise your personal data rights under US Privacy Laws by visiting our online portal at https://www.requesteasy.com/6385-5889. To protect your privacy, we may need to authenticate your identity before we respond to your rights request.  

We will verify your identity by sending an email, which may include a link you must click on in order to verify your identity, to your provided email address. If you do not complete the verification process, we may be unable to process your request. Any information you provide to authenticate your identity will only be used to process your rights request and not for any other purpose. Please be aware that we do not accept, or process rights requests submitted through other means. 

We will respond to your rights request within 45 days, though in certain cases we may inform you that we will need up to another 45 days to act on your request. If we suspect fraudulent or malicious activity on or from your account, we will delay taking action on your request until we can appropriately verify your identity and the request as authentic. Also, note that each of the rights are subject to certain exceptions. If you believe our response to your rights request is insufficient, you can appeal our decision by contacting PlanSource Corporate Compliance at compliance@plansource.com and we will inform you of our final decision within 45 days. 

We reserve the right to decline to process, or charge a reasonable fee for, requests from a US resident that are manifestly unfounded, excessive, or repetitive. 

Notice of Right to Limit the Use of Sensitive Personal Information 

You have the right to limit some uses of Sensitive Personal Data. In particular, you may direct companies not to use Sensitive Personal Data except as necessary to provide goods or services you have requested or other exempt purposes. 

However, we only use Sensitive Personal Data for purposes that are exempt from this right, such as to provide you with goods or services you have requested, to detect and prevent security incidents, or verifying the quality of our goods and services. The full list of these exempt purposes is specified in California Code of Regulations, Title 11, Section 7027(m).  

You may submit a request to limit the use of your sensitive Personal Data by submitting a rights request as described above. 

Authorized Agent Requests

You may designate an authorized agent to make a rights request on your behalf. Your authorized agent may submit such a request by following the same method described above in the section titled Exercising Your Personal Data Rights. We may require verification of your authorized agent’s authority in addition to the information we require for verification of your identity. 

Do Not Track 

PlanSource does not currently take steps to respond to browsers’ “Do Not Track” signals as no uniform standard to respond to such signals has been developed at this time. 

RETENTION OF DATA 

PlanSource will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies. 

PlanSource will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer periods. 

TRANSFER OF DATA 

Your information, including Personal Data, may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. For instance, data transferred from the European Economic Area (“EEA”) to PlanSource in the United States will be processed pursuant to the EU Data Protection Regulation. In other cases, we will use European Commission-approved Standard Contractual Clauses to ensure an adequate level of protection for data originating from the EEA. 

If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. 

PlanSource will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information. 

DISCLOSURE OF DATA 

PlanSource will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

PlanSource will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer periods.

TRANSFER OF DATA

Your information, including Personal Data, may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. For instance, data transferred from the European Economic Area (“EEA”) to PlanSource in the United States will be processed pursuant to the EU Data Protection Regulation. In other cases, we will use European Commission-approved Standard Contractual Clauses to ensure an adequate level of protection for data originating from the EEA.

If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

PlanSource will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

 

DISCLOSURE OF DATA

Business Transaction 

If PlanSource is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Disclosure for Law Enforcement

Under certain circumstances, PlanSource may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency). 

Legal Requirements

PlanSource may disclose your Personal Data in the good faith belief that such action is necessary to: 

  • To comply with a legal obligation 
  • To protect and defend the rights or property of PlanSource Benefits Administration, Inc. 
  • To prevent or investigate possible wrongdoing in connection with the Services 
  • To protect the personal safety of users of the Services or the public 
  • To protect against legal liability 

SECURITY OF DATA

The security of your data is important to PlanSource. We will use commercially acceptable means to protect your Personal Data. 

SERVICE PROVIDERS

We may employ third-party companies and individuals to facilitate our Services (“Services Providers”), provide the Services on our behalf, perform Services-related services, or assist us in analyzing how our Services are used. 

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. 

ANALYTICS

We may use third-party Services Providers to monitor and analyze the use of our Services, including but not limited to the below: 

GOOGLE ANALYTICS

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. 

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page.

LINKS TO OTHER SITES

Our Services may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third-party’s site. We strongly advise you to review the Privacy Policy of every site you visit. 

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. 

CHILDREN’S PRIVACY

We do not knowingly collect personally identifiable information from anyone under the age of 16.