CERIS Privacy Policy

CorVel Corporation and its associated companies and subsidiaries (“CorVel”), have created this privacy policy (“Privacy Policy”) in compliance with applicable laws and in order to demonstrate our firm commitment to privacy. This Privacy Policy describes how CorVel collects, uses, discloses, transfers, stores, retains or otherwise processes your information when you (whether in your individual or business capacity) access or use, in any manner, any content, products, services or related activities (collectively “Services”), including through the Internet domains owned or operated by CorVel, which include, but are not limited to:

corvel.com
ppolookup.corvel.com
ceris.com
caremc.com

 

We refer to the above websites and all related websites and applications as “sites” and to each of them as a “site.” When we refer to “we,” “us,” or “our,” we mean CorVel, or the specific division, subsidiary, or affiliate that operates a site, provides its content, or processes information received through it, each as appropriate and applicable. When we refer to “you” or “your,” we mean the person accessing the site. If the person accessing the site does so on behalf of, or for the purposes of, another person, including a business or other organization, “you” or “your” also means that other person, including a business organization.

This Privacy Policy applies to your use of our Services, and covers information collected in connection with your access to and use of our Services, including those Services provided through our sites and/or online. Please read this Privacy Policy carefully. By continuing to interact with our Services, including using any of our sites and applications that link to this Privacy Policy or otherwise providing Personal Information to us, you are agree and consent to the practices described in this Privacy Policy. Note that there may be other websites that reference the CorVel brand but are subject to a different privacy policy.

I. Our Privacy Policy Includes:

• GENERAL DISCLOSURES
• WHAT INFORMATION WE COLLECT
• HOW WE USE YOUR INFORMATION
• WHEN AND WITH WHOM DO WE SHARE YOUR INFORMATION
• COOKIES POLICY
• HOW TO RESTRICT COOKIES
• EXTERNAL PARTNER ADVERTISING AND ANALYTICS
• LINKING SITES
• SOCIAL MEDIA
• HOW LONG WE RETAIN YOUR INFORMATION
• MARKETING AND PROMOTIONAL COMMUNICATIONS
• CHILDREN’S ONLINE PRIVACY PROTECTION ACT (COPPA) COMPLIANCE AND RELATED INFORMATION
• SECURITY
• CALIFORNIA CONSUMERS
• CHANGES TO THIS PRIVACY POLICY
• CONTACT US
• INTERNATIONAL PRIVACY POLICY
• TABLE OF COOKIES

 

II. General Disclosures

Each of the sites is hosted in the United States and their intended use is business to business. If you are visiting the sites from outside of the United States, please note that by providing your information it is being transferred to, stored or processed in the United States and other countries, where our data center and servers are located and operated. This section sets forth the general privacy policy for the United States and other jurisdictions not otherwise specifically covered by the below jurisdiction-specific policies. Depending on your state or country of residence, applicable privacy laws may provide you the ability to request access to, correction of or deletion of your information, as further outlined below. If you are outside the United States please see the provisions in our International Privacy Policy. If you are outside the United States and do not wish to allow the transfer of your personal information to the United States, you should not use these sites or our Services and you should opt-out of the collection of cookies by following the guidelines in our section titled How To Restrict Cookies. For more information about how we utilize cookies, view our Cookie Policy.

Business Information

We collect your business contact information, such as your full name and your business name, email address, telephone number, address and other work-related information you provide to us in the course of providing our Services to you or your organization.

We take your privacy and the protection of your personal information seriously. We will only store, process and disclose your personal information in accordance with applicable law. We will make it clear when we collect personal information and will explain what we intend to do with it. We do our best to protect your privacy through the appropriate use of information security measures.

 

III. What information we collect

CorVel may collect personal information about you either directly from you, your Connected Device, and from select external sources.

1. Categories of personal information that we collect

The following categories of personal information are provided to help you better understand the information we may collect directly from you, either through your use of the sites (including from your mobile and/or other Internet connected devices (“Connected Device”)) or in the course of us providing our Services from our customers and service providers.

We may collect, use, store and process different kinds of personal information about you, which we have grouped into the following categories:

 

• Identity Information such as first name, middle initial, last name, date of birth, gender, race, Social Security number, driver’s license number, tax identification number, marital status and signature.
• Contact Information such as personal mailing address, email address and telephone number.
• Medical Information such as medical conditions, psychological trends, disabilities, behavioral information, aptitudes, hospital reports, physical characteristics/descriptions, sleep and exercise information and injury information.
• Insurance Information such as health insurance number, policy/plan information, health insurance claim numbers (HICNs) and Medicare beneficiary identifier (MBIs).
• Social Media Information such as information about how you interact with our social media content and your social media content that is relevant to our Services.
• Employment Information such as vocational, salary and work history and military or veteran status relevant to our Services.
• Activity Information such as your history, actions and experiences that are relevant to our Services.
• Biometric Information such as gait patterns or rhythms and voice recordings that are relevant to our Services.
• Financial Information such as bank account information and payment card details.
• Technical Information such as internet protocol (IP) address, geolocation, your login data, time zone setting and location (geocodes), auth0 logs, pages visited, pages viewed, events and page loads, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
• Profile Information such as your username, password and related account preferences.
• Usage Information such as information about how you use our website, products and services.

2. Information that we receive from select external partners

We may receive information about you from our customers, if, as an example, your employer utilizes our Services. We may also utilize select and vetted service providers that give us information about you relevant to our Services. These service providers may include our investigative services providers, data analytics providers, and our SMS texting and telehealth platforms.

We may receive information about you when you access our sites through external platforms, such as Facebook. If you use our sites on or through an external platform, including via your Connected Device, or click on external links, the collection, use, and disclosure of your information and your use of the sites will also be subject to the privacy policies and other terms of such external parties and platforms. You should review such privacy policies, terms and other agreements.

3. Collection of technical information and usage information

When you access CorVel’s sites, we automatically collect certain information. This information may include without limitation: (a) technical information about your Connected Device, such as your IP address, geolocation information, device type, operating system type and version, unique device ID, browser, browser language, domain and other systems information or platform types (collectively “Technical Information”); and (b) usage statistics about your interaction with CorVel’s sites, including pages accessed, referring website address(es) time spent on pages, pages visited, search queries, click data, date and time and other information regarding your use of CorVel’s sites (collectively “Usage Information”).

This Technical Information and Usage Information, which may be linked to your personal information, is collected through the use of server logs and tracking technologies, including: (i) cookies, which are small pieces of code that websites send to your Connected Device to uniquely identify your browser or mobile device or to store information in your browser setting; (ii) web beacons, which are small objects that allow us to measure the actions of visitors using the CorVel’s sites. For more detailed information regarding how we use cookies and other technology, please review the additional information in our Cookies Policy.

IV. How we use your information

We may use information about you for a number of purposes, including:

1. Providing, improving and developing our services

• Providing CorVel’s Services, including completing the transaction for which the personal information was collected, such as processing your claims;
• Facilitating medical care and payment of medical claims, including enrolling individuals in Medicare services;
• Performing our contractual obligations with our customers;
• Maintaining and improving our Services, including performing safety and quality controls of the Services;
• Developing new products and Services;
• Delivering the information and support you request;
• Improving, personalizing and facilitating your use of our Services; and
• Measuring, tracking and analyzing trends and usage in connection with your use or the performance of our Services.

2. Communicating with you about our services

• Responding to questions or concerns;
• Sending you SMS text messages relating to our pharmacy programs;
• Connecting with you through our telehealth programs and services; and
• Sending you information we think you may find useful or which you have requested from us about our Services.

3. Protecting our services and maintaining a trusted environment

• Enforcing any applicable terms of service or other applicable agreements or policies;
• Complying with any applicable laws or regulations, or in response to lawful requests for information from the government or through legal process;
• Fulfilling any other purpose disclosed to you in connection with our Services; and
• Contacting you to resolve disputes and provide assistance with our Services.

4. Advertising and marketing

• Marketing of our Services; and
• Communicating with you about opportunities, products and services offered by us and select partners. If we send you marketing emails, each email will contain instructions permitting you to “opt out” of receiving future marketing or other communications.

If we obtain any personal information from you we will not sell it to third parties, nor will we allow service providers with whom we share your personal information to sell it.

5. Other uses

• For any other purpose disclosed to you in connection with our Services from time to time.

V. When and with whom do we share your information

1. We do not sell your information

We do not sell your personal information nor the personal information of minors under sixteen (16) years of age to third parties.

2. When and how we may share/disclose your information with our service providers and customers

We will share your information with the following source providers and customer entities (e.g., your employer) under the circumstances described below or as otherwise described in this Privacy Policy:

• We may share your information with our service providers in order to process your claims, such as with healthcare providers who provide independent medical examinations, insurance carriers, legal counsel, your employer, medical equipment companies, claims adjusters, companies that structure settlements/annuities and determine lifespans and state and other government agencies;
• We may share your information with governmental authorities, such as the Centers for Medicare and Medicaid Services, for purposes of mandatory reporting;
• We may share your information with our service providers for purposes of monitoring individuals throughout the claims process; and
• We may share your information with service providers that perform essential administrative and management services on our behalf, including for payment processing, data analysis, marketing services, advertising services, email and hosting services, SMS text messaging services, telehealth services and customer services and support.

We require all service providers to respect the security of your personal information. We do not allow our service providers to sell personal information or to use your personal information for their own purposes. All of our service providers are only permitted to process your personal information in accordance with our instructions and solely for the reasons for which we disclosed it to them.

3. Corporate Transactions

We may share all or part of your personal information with other business entities in connection with the sale, assignment, merger or other transfer of all or a portion of CorVel’s business or assets to such business entity (including due to a sale in connection with a bankruptcy). We will require any such purchaser, assignee or other successor business entity to honor the terms of this Privacy Policy.

4. Disclosure of information for legal purposes

CorVel may disclose all or part of your personal information when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating any agreement with CorVel, or may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users of our sites, or anyone else that could be harmed by such activities. We may disclose information in response to a subpoena, search warrant, in connection with judicial proceedings, or pursuant to court orders, legal process or other law enforcement measures. CorVel may disclose or access personal information when we believe in good faith that the law requires it, to establish our legal rights or to defend against legal claims, and for administrative and other purposes that we deem necessary to maintain, service and improve our Services.

5. Analytics and data enrichment services

We use external analytics such as Google Analytics to help understand your usage of our sites and to improve our Services.

6. Aggregated, anonymized or de-identified information

We may disclose or use aggregated, anonymized or de-identified information for any purpose. Aggregated, anonymized or de-identified information is information that can no longer reasonably identify a specific individual. Although such information may be derived from your personal information, it can no longer directly or indirectly reveal your identity.

 

VI. Cookies Policy

Like many online platforms, CorVel and its analytics vendors use server logs and automated data collection tools, such as browser cookies, pixel tags, scripts and web beacons. These tools are used for analytics purposes to enable CorVel to understand how users interact with the sites and Services. CorVel and its analytics vendors may tie the information gathered by these means to the identity of users.

Cookies are small text files placed on a computer or device while browsing the Internet. Cookies are used to collect, store and share bits of information about user activities. CorVel uses both session cookies and persistent cookies.

Session cookies are used to identify a particular visit to CorVel’s sites and collect information about your interaction with the sites. These cookies expire after a short time or when the user closes their web browser after using the sites. CorVel uses these cookies to identify a user during a single browsing session, such as when you log into the sites. This helps CorVel improve the sites and Services as well as improve the users’ browsing experience.

A persistent cookie will remain on a user’s device for a set period of time specified in the cookie. CorVel uses these cookies to identify and recognize a specific user over a longer period of time. They allow CorVel to:

• analyze the usage of the sites (e.g. what links users click on) in order to improve our offering;
• test different versions of the sites to see which particular features or content users prefer to optimize the sites;
• provide a more personalized experience to users with more relevant content and course recommendations; and
• allow users to more easily log in to use the sites and Services.

Examples of persistent cookies include: (i) preferences cookies to remember information about a user’s browser and settings preferences, such as preferred language – preference cookies make a user’s experience more functional and customized, (ii) authentication and security cookies to enable a user to log in or stay logged in to access the sites and Services, to protect user accounts against fraudulent log-ins by others and to help detect and protect against abuse or unauthorized usage of user accounts and (iii) functional cookies to make the experience of using the sites and Services better, like remembering the sound volume level selected by the user.

CorVel uses tracking technology to: (i) determine if a certain page was visited or whether an email sent by CorVel was opened or clicked on by a user; and (ii) to customize the experience of individual users by recommending specific content.

We also use clear gifs in HTML-based emails sent to our users to track which emails are opened and clicked on by recipients. We may use the information we obtain from the cookie in the administration of the sites, to improve the usability of the sites and for marketing purposes. We may also use that information to recognize your computer when you visit our sites, and to personalize our sites for you.

Cookies and information captured through our sites are stored for a certain retention period, however you can eliminate these cookies any time before the expiration date. Below is our Table of Cookies.

VII. How to restrict cookies

You can adjust the settings in your browser in order to restrict or block cookies that are set by the sites (or any other website on the Internet). Your browser may include information on how to adjust your settings. Alternatively, you may visit www.allaboutcookies.org to obtain comprehensive general information about cookies and how to adjust the cookie settings on various browsers. This site also explains how to delete cookies from your computer.

You can control and delete these cookies through your browser settings through the following:

• Google Chrome
• Mozilla Firefox
• Safari
• Opera
• Microsoft Internet Explorer
• Microsoft Edge
• Safari for iOS (iPhone and iPad)
• Chrome for Android

Or you can also use the following cookie management and disposal tool from Google Analytics by downloading and installing the browser plug-in from the following link: http://tools.google.com/dlpage/gaoptout.

Please be aware that restricting cookies may impact the functionality of the Services. Most browsers allow you to refuse to accept cookies. Additional general information about cookies, including how to be notified about the placement of new cookies and how to disable cookies, can be found at www.allaboutcookies.org.

VIII. External partner advertising and analytics

We may use service providers to provide site metrics and other analytics services. These service providers may use cookies, web beacons and other technologies to collect information, such as your IP address, identifiers associated with your device, other applications on your device, the browsers you use to access our sites and Services, webpages viewed, time spent on webpages, links clicked and conversion information (e.g., transactions entered into). This information may be used by CorVel and service providers on behalf of CorVel to analyze and track usage of our sites and Services, to determine the popularity of certain content and to better understand how you use our sites and Services. The service providers that we engage are bound by confidentiality obligations and other restrictions with respect to their use and collection of your information.

This Privacy Policy does not apply to, and we are not responsible for, third-party cookies, web beacons or other tracking technologies, which are covered by such third-parties’ privacy policies. For more information, we encourage you to check the privacy policies of these third-parties to learn about their privacy practices. For more information about targeted advertising specifically, please visit http://www.aboutads.info/choices.

 

IX. Linking sites

The sites contain links to other websites. CorVel is not responsible for the privacy practices or the content of such websites, including any websites that may indicate a special relationship or partnership with us (such as co-branded pages or “powered by” or “in cooperation with” relationships). We do not share information we gather with other websites or any other entities or individuals unless such sharing is disclosed to you in advance through this Privacy Policy. Other linked websites, however, may collect personal information from you that is not subject to our control. To ensure protection of your privacy, always review the privacy policy of the websites you may visit by linking from the sites. Please note that this Privacy Policy applies only to our sites, and not to other companies’ or organizations’ websites to which we link.

For instance, information collected through Google Analytics is shared with Google and its partners who may combine it with other information you provided to them or they collected from your use of their services. This information is stored in Google’s servers according to their privacy practices.

X. Social media

We may collect information from other sources, such as social media platforms that may share information about how you interact with our social media content. We do not control how your personal information is collected, stored or used by third-party websites or to whom those websites disclose your information. You should review the privacy policies and settings on any social media website that you subscribe to so that you understand the information they collect and may be sharing. If you do not want your social media websites to share information about you, you must contact that website and determine whether it gives you the opportunity to opt-out of sharing such information. CorVel is not responsible for how these third-party websites may use information collected from or about you.

Further, our sites may include social media features, such as the Facebook Like button. Our integration of these features may allow external social media to collect certain information, such as your IP address and which page(s) you are visiting when using our sites and Services, and to set a cookie to enable that feature to function properly. Your interactions with these features are governed by the privacy policy of the company providing it.

XI. How long we retain your information

We generally retain your information as long as reasonably necessary to provide you the Services or to comply with applicable law and in accordance with our document retention policy. To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means and the applicable legal requirements. We may retain copies of information about you and any transactions or Services you have used for a period of time that is consistent with applicable law, applicable statute of limitations or as we believe is reasonably necessary to comply with applicable law, regulation, legal process or governmental request, to detect or prevent fraud, to collect fees owed, to resolve disputes, to address problems with our Services, to assist with investigations, to enforce other applicable agreements or policies or to take any other actions consistent with applicable law.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. This allows the specific information collected (name, email, address, phone number, etc.) to become anonymous, but allows CorVel to keep the transaction or engagement data. For example, CorVel will not be able to tell if John Smith registered for an event, but we will be able to tell that a person registered for an event and maintain headcount and transactional history. This will allow CorVel to maintain a level of information that helps us develop and improve our sites and Services.

XII. Marketing and promotional communications

You may opt-out of receiving marketing and promotional messages from CorVel, if those messages are powered by CorVel, by following the instructions in those messages. If you decide to opt-out, you will still receive non-promotional communications relevant to your use of our Services.

XIII. Children’s Online Privacy Protection Act (COPPA) compliance and related information

The Children’s Online Privacy and Protection Act (COPPA) regulates online collection of information from persons under the age of 13. It is our policy to refrain from knowingly collecting or maintaining personal information relating to any person under the age of 18. If you are under the age of 18, please do not supply any personal information through the sites. If you are under the age of 18 and have already provided personal information through the sites, please have your parent or guardian contact us immediately using the information provided under Contact Us so that we can remove such information from our files.

XIV. Security

We take reasonable measures, including administrative, technical, and physical safeguards, to protect your information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. We hold information about you both at our own premises and with the assistance of service providers. Further public disclosure here of our security measures could aid those who might attempt to circumvent those security measures. If you have additional questions regarding security, please feel free to contact us directly using the information provided under Contact Us . To ensure that our employees comply with our privacy policies, we have developed a training program that provides all employees with the tools and knowledge to protect your personal information in all aspects of their work. Any employee who violates our privacy policies is subject to disciplinary action, including possible termination and civil and/or criminal prosecution.

XV. California Consumers

The California Consumer Privacy Act (“CCPA”) permits residents of California to have the following additional rights. For more information, or if you have questions, you can contact us using the information provided under Contact Us . For your protection, before CorVel can respond to your request, CorVel may be required to collect certain information from you to verify your identity. This may include asking for your full name, aliases, current home addresses or alternative e-mail address. The information you provide to verify your identity will only be used for verification purposes, and a record of your request, including certain information contained within it, will be maintained by CorVel for its files.

1. California residents have the right to request CorVel disclose what information it collects, uses, and discloses

California residents have the right to request that CorVel disclose what personal information CorVel collects, uses and discloses about them. The general categories of personal information CorVel collects about California residents are listed above under What Information We Collect. If you are a California resident and would like to request the specific personal information that CorVel collects, uses and discloses about you, please complete this Request Form and send it to CorVel using the information provided under Contact Us or contact CorVel at the toll-free number provided in this Policy.

2. California residents have the right to request the deletion of their personal information maintained by CorVel

California residents have the right to request that CorVel delete the personal information CorVel maintains about them. CorVel will make every effort to comply with California residents’ requests to delete their personal information, however, certain laws or other legal requirements might prevent some personal information from being deleted. If you are a California resident and would like to request the deletion of your personal information, please complete this Request Form and send it to CorVel using the information provided under Contact Us or contact CorVel at the toll-free number provided in this Policy. To verify any request to delete personal information, you will be required to provide the information contained in the Request Form. Failure to do so could result in CorVel’s inability to comply with your request.

3. California residents have the right to non-discrimination for the exercise of their privacy rights under the CCPA

Under the CCPA, California residents have the right not to receive discriminatory treatment by CorVel for the exercise of their privacy rights. However, the exercise of certain privacy rights by California residents will make it so that CorVel is no longer able to provide those residents with certain services. For example, if, at the request of a California resident, CorVel deletes all of the California resident’s personal information that it maintains, CorVel will no longer be able to send marketing communications to that California resident.

4. California residents have the right to opt-out of the sale of the personal information

Under the CCPA, California residents can request that a company stop selling their personal information. However, as described above, CorVel does not sell your personal information.

5. California residents can designate an authorized agent to make a request under the CCPA on their behalf

California residents can designate an authorized agent to make requests under the CCPA related to the residents’ personal information. CorVel can deny any request made by an agent who does not submit proof that he or she has been authorized by the California resident to act on the California resident’s behalf. For more information on submitting a request on behalf of a California resident as an authorized agent, you can contact us using the information provided under Contact Us.

6. Do not track

Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking across websites. Most modern web browsers give you the option to send a Do Not Track signal to the websites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a website should respond to this signal, so we do not take any action in response to this signal. CorVel does not have a mechanism in place to respond to DNT signals. Instead, in addition to publicly available external tools, we offer you the choices described in this Privacy Policy to manage the collection and use of information about you.

CorVel does track some activity across websites (including your search terms, the website you visited before you visited or used the Services and other clickstream data) and we may continue to collect information in the manner described in this Privacy Policy from web browsers that have enabled DNT signals or similar mechanisms.