CERIS Privacy Policy

CERIS Inc., a wholly owned subsidiary of CorVel Corporation, (“CERIS”, “us,” “we” or “our”) has created this privacy policy (“Policy”) in order to comprehensively inform individuals about our privacy practices and to demonstrate our firm commitment to privacy. This Policy describes how we collect, use, disclose, transfer, store, retain or otherwise process your personal information in the course of performing our business and operational activities, which includes the administration of the CERIS.com web domains (the “Website”). Collectively, we shall refer to our business and operational activities and the Website as our “Services.”

When we refer to “you” or “your,” we mean the person about whom we collect personal information or data. If the person accessing the Website does so on behalf of, or for the purposes of, another person, including a business or other organization, “you” or “your” also means that other person, including a business organization, if applicable.

We provide our Services to businesses and not to individual consumers. However, in the course of providing our Services, we may process personal information of individuals, as will be described in this Policy. This may include personal information contained in the documents that we process for our customers, that we collect about you when you visit our Website, your business contact information if we provide our Services to a company that you work with, or if you are a sole proprietorship and you engage with our Services.

Please read this Policy carefully. Our Policy includes:

Our Privacy Policy Includes:

1. General Disclosures
2. What Information We Collect And Disclose And For What Purposes
   • When You Visit Our Website
   • If You Are An Employee of One of Our Business Partners Who Is Involved In CERIS’s Relationship With Your Employer
   • When You Interact With CERIS’s Social Media
   • When We Process Medical Bills On Behalf Of Our Customers
   • Deidentified and Aggregated Information
3. Personal Information Relating To Children
4. How Long We Retain Your Information
5. Marketing And Promotional Communications
6. Links To Other Sites
7. Security
8. Your Data Rights
9. Data Rights For California Consumers
10. Changes To This Privacy Policy
11. Contact Us

This Policy is supplemented by our: Cookies Policy

 

1. GENERAL DISCLOSURES

Our data centers and Website are hosted in the United States. If you are visiting this Website from outside of the United States, please note that by providing us your information it is being stored or processed in the United States. If you are outside the United States and do not wish to allow the collection and storage of your personal information within the United States, you should not use this Website and you should opt-out of the collection of cookies by following the guidelines in our section titled How To Restrict Cookies. For more information about how we utilize cookies, view our Cookies Policy.

This Policy applies only to CERIS’s Website and Services, and not to other companies’ or organizations’ websites, mobile applications and services. We are not responsible for the privacy practices of other businesses or the content of other websites, including any websites that may indicate a special relationship or partnership with us (such as co-branded pages or “in cooperation with” relationships). To ensure protection of your privacy, always review the privacy policy of the companies with whom you engage.

 

2. WHAT INFORMATION WE COLLECT AND DISCLOSE AND FOR WHAT PURPOSES

In the course of performing our Services, we collect a variety of different kinds of personal information from a variety of different individuals. What information we collect and the purposes for which it is collected will depend on the context of our activities or the Service that is being performed. Therefore, just because this Policy lists a particular data collection practice does not mean that we have necessarily collected that data from you. Instead, please review the applicable disclosures below to learn about how we may have collected personal information from you depending on how you have interacted with us.

CERIS provides payment integrity solutions, including medical bill review and analysis, for our customers. Other than through our Website, we generally do not directly interact with you or collect personal information directly from you. Rather, we receive your personal information from our customers and affiliates, which we process on their behalf.

 When You Visit Our Website

Categories Collected The personal information we collect may include:	Sources of Collection We may collect your personal information from:		Business Purpose of Collection The purposes of collection include:	Categories of Third Parties to Which Personal Information is Disclosed We may disclose your personal information to:	Business Purpose of Disclosure The purposes of disclosure include:	Is This Information Sold Or Used For Targeted Advertising?
Identifier Information*	you directly		facilitating your use of our Website enforcing any applicable terms of service or other applicable agreements or policies securing our networks, systems and databases against external threats	our service providers** our affiliates other entities during a corporate transaction courts, litigants, regulators, arbitrators, administrative bodies or law enforcement for legal purposes	facilitating your use and our provision of the Website enforcing any applicable terms of service or other applicable agreements or policies preventing attacks and intrusions on our systems securing our networks, systems and databases against external threats conducting audits of our systems, policies and procedures as part of sale, assignment, merger or other transfer of all or a portion of our organization or assets to other entities as required by law or to resolve, investigate or manage actual or suspected legal claims	yes, we may sell this information to our marketing and analytics vendors for the purposes of online marketing. we also may share this information with our marketing vendors for the purposes of targeted advertising or cross-contextual behavioral advertising.
* The personal information we collect may include your internet protocol (IP) address. **We may disclose your personal information to our security monitoring providers, data analytics providers, database hosting vendors and our auditors.
Geolocation Information†	you directly	personalizing and facilitating your use of our Website measuring, tracking and analyzing trends and usage in connection with your use or the performance of our Website		our service providers††: our affiliates other entities during a corporate transaction courts, litigants, regulators, arbitrators, administrative bodies or law enforcement for legal purposes	facilitating your use and our provision of the Website measuring, tracking and analyzing trends and usage in connection with your use or the performance of our Website securing our networks, systems and databases against external threats conducting audits of our systems, policies and procedures as part of sale, assignment, merger or other transfer of all or a portion of our organization or assets to other entities as required by law or to resolve, investigate or manage actual or suspected legal claims	yes, we may sell this information to our marketing and analytics vendors for the purposes of online marketing. we also may share this information with our marketing vendors for the purposes of targeted advertising or cross-contextual behavioral advertising.
†The information we collect may include your geolocation. ††We may disclose your personal information to our security monitoring providers, data analytics providers, database hosting vendors and our auditors.
Internet or Other Electronic Network Activity Information ‡	you directly	maintaining and improving our Website personalizing and facilitating your use of our Website measuring, tracking and analyzing trends and usage in connection with your use or the performance of our Website providing marketing and advertising services		our service providers ‡‡ our affiliates other entities during a corporate transaction courts, litigants, regulators, arbitrators, administrative bodies or law enforcement for legal purposes	facilitating your use and our provision of the Website maintaining and improving our Website measuring, tracking and analyzing trends and usage in connection with your use or the performance of our Website engaging in marketing and advertising securing our networks, systems and databases against external threats as part of sale, assignment, merger or other transfer of all or a portion of our organization or assets to other entities conducting audits of our systems, policies and procedures as required by law or to resolve, investigate or manage actual or suspected legal claims	yes, we may sell this information to our marketing and analytics vendors for the purposes of online marketing. we also may share this information with our marketing vendors for the purposes of targeted advertising or cross-contextual behavioral advertising.
‡The information we collect may include your time zone setting, auth0 logs, pages visited, pages viewed, events and page loads, browser plug-in types and versions. ‡‡We may disclose your personal information to our marketing services vendors, security monitoring providers, data analytics providers, database hosting vendors and our auditors.
Device Information⁂	§  you directly	maintaining and improving our Website personalizing and facilitating your use of our Website measuring, tracking and analyzing trends and usage in connection with your use or the performance of our Website		our service providers ⁂⁂ our affiliates other entities during a corporate transaction courts, litigants, regulators, arbitrators, administrative bodies or law enforcement for legal purposes	facilitating your use and our provision of the Website maintaining and improving our Website measuring, tracking and analyzing trends and usage in connection with your use or the performance of our Website securing our networks, systems and databases against external threats conducting audits of our systems, policies and procedures as part of sale, assignment, merger or other transfer of all or a portion of our organization or assets to other entities as required by law or to resolve, investigate or manage actual or suspected legal claims	yes, we may sell this information to our marketing and analytics vendors for the purposes of online marketing. we also may share this information with our marketing vendors for the purposes of targeted advertising or cross-contextual behavioral advertising.
⁂The information we collect may include your operating system and platform and other technology on the devices you use to access the Website. ⁂⁂We may disclose your personal information to our security monitoring providers, data analytics providers, database hosting vendors and our auditors.

Further, we may collect personal information from you in the form of cookies. For information regarding how we collect, process and disclose personal information in the context of cookies, view our Cookies Policy.

If You Are An Employee of One of Our Business Partners Who Is Involved In CERIS’s Relationship With Your Employer

Categories Collected The personal information we collect may include:	Sources of Collection We may collect your personal information from:	Business Purpose of Collection The purposes of collection include:	Categories of Third Parties to Which Personal Information is Disclosed We may disclose your personal information to:	Business Purpose of Disclosure The purposes of disclosure include:	Is This Information Sold Or Used For Targeted Advertising?
Identifier Information*	you directly your employer	administrating and facilitating our relationship with your employer	§  our service providers** individuals or entities you authorize governmental authorities our affiliates other entities during a corporate transaction courts, litigants, regulators, arbitrators, administrative bodies or law enforcement for legal purposes	corresponding with your employer providing business event planning, provision and operation services conducting audits of our systems, policies and procedures as part of sale, assignment, merger or other transfer of all or a portion of our organization or assets to other entities as required by law or to resolve, investigate or manage actual or suspected legal claims	No.
The information we collect may include your full name, business mailing address, business e-mail address and business telephone number. We may disclose your personal information to our client event management providers, e-mail services vendor, database hosting vendors and auditors.

 

When You Interact With CERIS’s Social Media

Categories Collected The personal information we collect may include:	Sources of Collection We may collect your personal information from:	Business Purpose of Collection The purposes of collection include:	Categories of Third Parties to Which Personal Information is Disclosed We may disclose your personal information to:	Business Purpose of Disclosure The purposes of disclosure include:	Is This Information Sold Or Used For Targeted Advertising?
Internet or Other Electronic Network Activity Information*	§  social media websites with whom you have engaged	developing new products and Services measuring, tracking and analyzing trends in connection with our marketing marketing of our Services communicating with you about opportunities, products and services offered by us and select partners	our service providers** individuals or entities you authorize governmental authorities our affiliates other entities during a corporate transaction courts, litigants, regulators, arbitrators, administrative bodies or law enforcement for legal purposes	developing new products and Services measuring, tracking and analyzing trends in connection with our marketing marketing of our Services communicating with you conducting audits of our systems, policies and procedures as required by law or to resolve, investigate or manage actual or suspected legal claims	yes, we may sell this information to our marketing and analytics vendors for the purposes of online marketing. we also may share this information with our marketing vendors for the purposes of targeted advertising or cross-contextual behavioral advertising.
*The information we collect may include information about how you interact with our social media content. **We may disclose your personal information to our data analytics providers, marketing service providers, database hosting vendors and auditors.

When We Process Medical Bills On Behalf Of Our Customers

Categories Collected The personal information we collect may include:	Sources of Collection We may collect your personal information from:	Business Purpose of Collection The purposes of collection include:	Categories of Third Parties to Which Personal Information is Disclosed We may disclose your personal information to:	Business Purpose of Disclosure The purposes of disclosure include:	Is This Information Sold Or Used For Targeted Advertising?
Identifier Information*	our customers our affiliates	providing our payment integrity solution services complying with any applicable laws or regulations	our service providers** our affiliates other entities during a corporate transaction courts, litigants, regulators, arbitrators, administrative bodies or law enforcement for legal purposes	providing our payment integrity solution services conducting audits of our systems, policies and procedures as required by law or to resolve, investigate or manage actual or suspected legal claims	No.
*The information we collect may include your full name, date of birth, gender, race, marital status, signature, personal mailing address, personal e-mail address, personal telephone number, business mailing address, business e-mail address, business telephone number and employee ID. **We may disclose your personal information to our document imaging, capture and extraction providers, data analytics vendors, payment processing vendors, file and data conversion vendors, file transfer vendors, database hosting vendors and our auditors.
Medical Insurance Information†	our customers our affiliates	providing our payment integrity solution services complying with any applicable laws or regulations	our service providers†† our affiliates other entities during a corporate transaction courts, litigants, regulators, arbitrators, administrative bodies or law enforcement for legal purposes	providing our payment integrity solution services conducting audits of our systems, policies and procedures as required by law or to resolve, investigate or manage actual or suspected legal claims	No.
†The information we collect may include your insurance coverage information, health insurance number, policy/plan information, workers’ compensation claim number, health insurance claim numbers and Medicare beneficiary identifiers. ††We may disclose your personal information to our document imaging, capture and extraction providers, data analytics vendors, payment processing vendors, file and data conversion vendors, file transfer vendors, database hosting vendors and our auditors.
Sensitive Personal Information (health information)#	our customers our affiliates	providing our medical bill automation, data capture and data imaging services complying with any applicable laws or regulations	our service providers## our affiliates other entities during a corporate transaction courts, litigants, regulators, arbitrators, administrative bodies or law enforcement for legal purposes	providing our medical bill automation, data capture and data imaging services conducting audits of our systems, policies and procedures as required by law or to resolve, investigate or manage actual or suspected legal claims	No.
#The information we collect may include your medical conditions, medical treatments, medical diagnoses, medications, physical and mental disabilities, medical, provider or hospital reports, physical characteristics/descriptions, sleep and exercise information and family medical history. ##We may disclose your personal information to our document imaging, capture and extraction providers, data analytics vendors, payment processing vendors, file and data conversion vendors, file transfer vendors, database hosting vendors and our auditors.
Sensitive Personal Information (identity information)⸸	our customers our affiliates	providing our medical bill automation, data capture and data imaging services complying with any applicable laws or regulations	our service providers⸸⸸ our affiliates other entities during a corporate transaction courts, litigants, regulators, arbitrators, administrative bodies or law enforcement for legal purposes	providing our medical bill automation, data capture and data imaging services conducting audits of our systems, policies and procedures as required by law or to resolve, investigate or manage actual or suspected legal claims	No.
⸸The information we collect may include your Social Security number, driver’s license number, tax identification number ⸸⸸We may disclose your personal information to our document imaging, capture and extraction providers, data analytics vendors, payment processing vendors, file and data conversion vendors, file transfer vendors, database hosting vendors and our auditors.

Deidentified and Aggregated Information

We may process your personal information into aggregated, anonymized or de-identified form for any purpose. Aggregated, anonymized or de-identified information is information that can no longer reasonably identify a specific individual and is no longer “personal information.” We will only maintain and use this type of information in deidentified form and we will not attempt to reidentify this information, except for the purposes of validating our deidentification process.

 

3. PERSONAL INFORMATION RELATING TO CHILDREN

The Children’s Online Privacy and Protection Act (COPPA) regulates online collection of information from persons under the age of 13. It is our policy to refrain from knowingly collecting or maintaining personal information relating to any person under the age of 13. If you are under the age of 13, please do not supply any personal information through the Website. If you are under the age of 13 and have already provided personal information through the Website, please have your parent or guardian contact us immediately using the information provided under Contact Us so that we can remove such information from our files. Please delete all CERIS related cookies and restrict further collection of cookies using the methods outlined in the section How to Restrict Cookies in our Cookies Policy.

 

4. HOW LONG WE RETAIN YOUR INFORMATION

We generally retain your information as long as reasonably necessary to provide you the Services or to comply with applicable law and in accordance with our document retention policy. To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means and the applicable legal requirements. We may retain copies of information about you and any transactions or Services you have used for a period of time that is consistent with applicable law, applicable statute of limitations or as we believe is reasonably necessary to comply with applicable law, regulation, legal process or governmental request, to detect or prevent fraud, to collect fees owed, to resolve disputes, to address problems with our Services, to assist with investigations, to enforce other applicable agreements or policies or to take any other actions consistent with applicable law.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. This allows the specific information collected (name, email, address, phone number, etc.) to become anonymous, but allows CERIS to keep the transaction or engagement data.

 

5. MARKETING AND PROMOTIONAL COMMUNICATIONS

You may opt-out of receiving marketing and promotional messages from us, if those messages are powered by us, by following the instructions in those messages. If you decide to opt-out, you will still receive non-promotional communications that are necessary in the performance of our Services.

 

6. LINKS TO OTHER SITES

This Website has links to other websites. Once you link to another site, you are subject to the privacy policy of the new site and its operator. We encourage you to carefully review the privacy policy of each entity to which you provide information.

 

7. SECURITY

We take reasonable measures, including administrative, technical, and physical safeguards, to protect your information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. We hold information about you at our own premises and with the assistance of service providers. Further public disclosure here of our security measures could aid those who might attempt to circumvent those security measures. If you have additional questions regarding security, please contact us directly using the information provided under Contact Us.

 

8. YOUR DATA RIGHTS

There are a number of U.S. states that provide specific data rights to residents of those jurisdictions regarding their personal information. This section of this Policy describes the rights available to those individuals who are entitled to them. If you have questions, or want more information about how to exercise your data rights, please contact us using the information provided under the section titled Contact Us.

1. What Data Rights Do You Have?

If you are a resident of California, you have access to special data rights and disclosures, which are described in this Policy under a separate section titled Data Rights For California Consumers.

If you are a consumer living in Colorado, Connecticut, Nevada or Virginia, you have the following rights with regards to your personal information. These rights are explained in further detail below.

	Colorado	Connecticut	Nevada	Virginia
Confirmation of Personal Information Processing	X	X		X
Access to Personal Information	X	X		X
Correction of Personal Information	X	X		X
Portability of Personal Information	X	X		X
Opt-Out of Targeted Advertising using Personal Information	X	X		X
Opt-Out of Sale of Personal Information	X	X	X	X
Opt-Out of Certain Profiling using Personal Information	X	X		X

• Right to Confirmation and Access: You have the right to confirm whether or not CERIS is processing your personal information and to access such personal information. The general categories of personal information that we collect, process and disclose are listed in the general Policy under the section: What Information We Collect And Disclose And For What Purposes. If you wish to access the specific pieces of personal information that we process about you, please submit a request as directed in the section titled How To Submit A Data Rights Request.
• Right to Correct: You have the right to request that CERIS correct inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes of the processing of the personal information.
• Right to Delete: You have the right to request that CERIS delete the personal information that CERIS maintains about you.
• Right to Portability: You have the right to request to receive your personal information that you have requested in a portable and readily usable format, to the extent technically feasible.
• Right to Opt-Out of Targeted Advertising: You have the right to request to opt out of CERIS’s processing of your personal information for purposes of targeted advertising. “Targeted advertising” generally means displaying advertisements where the advertisement is selected based on personal information obtained from your activities over time and across non-CERIS websites or online applications to predict your preferences or interests.
• Right to Opt-Out of Sale: You have the right to request to opt out of CERIS’s sale of your personal information.
• Right to Opt-Out of Profiling: You have the right to request to opt out of CERIS automated profiling of you that produce legal or similarly significant effects concerning you. Applicable state laws allow you to opt out of the application of automated profiling when it relates to substantive decision making, such as denial of financial or lending services, housing, insurance, education enrollment or opportunity, criminal justice, employment opportunities, health-care services, or access to essential goods or services. However, we do not automatically profile individuals in manner that produces legal or similarly significant effects on those individuals. Therefore, we do not offer a way to opt-out of profiling and neither do we look for or process any online browser preference or opt-out signals that purport to opt-out of profiling.

2. How To Submit A Request

You can submit your request to exercise a data rights through:

• Filling-out the Request Form and send it in an e-mail to PrivacyInquiry@CERIS.com
• Calling us toll-free number at 855-872-6674
• E-mailing us directly at PrivacyInquiry@CERIS.com

To opt-out of the sale or use of your personal information for target advertising, you should also opt-out of cookies using the methods outlined in our Cookies Policy.

3. How We Process Data Rights Requests

Once we receive your request to exercise a right, we will confirm receipt and begin to evaluate, and if appropriate, process the request.

• We may require that you provide additional information to confirm your identity, including providing us with at least two or more pieces of personal information to match against personal information that we currently maintain about you. We reserve the right to reject your request if we are unable to verify your identity to a sufficiently high level of certainty. The information you provide to verify your identity will only be used for verification purposes, and a record of your request, including certain information contained within it, will be maintained by CERIS for our files.
• To authenticate any request to correct personal information, you may be required to provide authentication information.
• We will make every effort to comply with your request to delete their personal information, however, certain laws or other legal requirements might prevent some personal information from being deleted.

If you fail or refuse to provide the necessary information, we may not be able to process your request.

If we reject a request for any reason, we will inform you of the basis of the rejection. Not all individuals about whom we possess information will have access to these rights and we may not be able to provide these rights to everyone due to legal and jurisdictional limitations. We may not be able to comply with your request for a number of reasons, including:

• you do not live in a state that grants you the specific right that you have requested;
• the information that you’ve requested is not subject to the regulation that grants you the right to make a request in relation to your personal information;
• we are prevented or exempted by law, regulation or rule from complying with your request;
• we do not maintain your personal information in a manner that is connected to your identity;
• we are not able to comply with your request without incurring disproportionate burden or expense; or
• if complying with your request conflicts with the integrity of our Services, the ability to administer our Website, to administer our business and related relationships or to establish, defend or administer legal claims.

If any of the above reasons apply, we will let you know in our response to your request.

4. Submitting A Request Through An Authorized Agent

You may designate an authorized agent to make a request to “opt-out” of sale, profiling or targeted advertising, as those rights are described above. Any authorized agent should make a request through the same mechanisms that are available to individuals. The request should clearly identify that the request is being made by an authorized agent and must include evidence of authorization. If we receive a request from an individual or an entity purporting to making the request on behalf of another individual, we can only comply with the request if we are able to sufficiently authenticate both the identity of the individual as well as the authorized agent’s authority to act on that individual’s behalf.

California has special rules regarding submitting requests through agents, so please review the appropriate disclosure in the section titled Data Rights For California Consumers.

5. Appeals And Complaints

If you disagree with our decision to reject your request or to any portion of our request, you have the right to appeal our refusal within a reasonable period of time. If you wish to appeal, please clearly and plainly describe your basis of disagreement with our decision by responding through the same means by which we communicated our refusal or by submitting your appeal through the information provided under Contact Us. We will review your appeal and either change our decision or reject your appeal, and in either case, we will provide a written explanation of the reason for the decision. This decision will be final.

However, if you still disagree with our decision, you have the right to submit a complaint to your attorney general of your state of residence. Your attorney general will have an online portal with details regarding how to submit complaints.

• If you are a resident of Colorado, the Colorado Attorney General can be contacted through the means described here.
• If you are a resident of Connecticut, the Connecticut Attorney General can be contacted through the means described here.
• If you are a resident of Virginia, the Virginia Attorney General can be contacted through the means described here.

DATA RIGHTS FOR CALIFORNIA CONSUMERS

The California Consumer Privacy Act (“CCPA”) provides the residents of California with the right to request the data rights as described in this section. For more information, or if you have questions, you can contact us using the information provided under Contact Us.

• Right to Know: California residents have the right to know what personal information CERIS has collected about them, including the categories of personal information, the categories of sources from which the personal information is collected in the past 12 months, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom CERIS discloses personal information, and the specific pieces of personal information CERIS has collected about them.

The categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for which we collect personal information and the categories of third parties to whom we disclose personal information are found in the general Policy under the section: What Information We Collect And Disclose And For What Purposes.

California residents have a right to know if we are “selling” or “sharing” their personal information, what categories of personal information are “sold” or “shared,” and to whom.

• “Sell,” “selling,” “sale,” or “sold,” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business a third party for monetary or other valuable consideration.
• “Share,” “shared,” or “sharing,” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged.

We may sell and shared limited personal information as defined under California law as described in this Policy. However, CERIS does not knowingly collect or sell the personal information of minors under sixteen (16) years of age.

• Right to Delete: California residents have the right to request the deletion of their personal information maintained by CERIS.
• Right to Correct: California residents have the right to request that CERIS correct inaccurate personal information that CERIS maintains about them. However, we reserve the right to delete your inaccurate personal information instead of correcting it, if permitted by the CCPA.
• Right to Non-Discrimination: California residents have the right to not be discriminated against due to the exercise of their CCPA privacy rights. However, note that the exercise of certain privacy rights may make it so that we are no longer able to provide you with certain services or communications. For example, if we delete all of your personal information, we cannot send you e-mails or other communications.
• Right to Opt-Out: California residents have the right to opt-out of the “sale” or “sharing” of their personal information. You can opt-out of this “sale” of personal information and “sharing” of your data through the opt-out mechanism found in our Request Form. You should also opt-out of cookies using the methods outlined in our Cookies Policy.
• Right to Limit Use and Disclosure of Sensitive Personal Information: California residents have the right to direct a business to limit its use and disclosure of their “sensitive” personal information. California residents can request that a business limit its use or disclosure of their “sensitive” personal information to that use or disclosure which is necessary to perform the services or provide the goods reasonably expected by an average consumer, or to those uses or disclosures otherwise authorized by California law.

However, we do not use or disclose your “sensitive” personal information for any purpose other than for the specific purposes described under the CCPA regulation § 7027(m) and always in a manner reasonably necessary and proportionate for these permitted purposes. For information on how we use or disclose your “sensitive” personal information, please see the applicable disclosures in the section titled: What Information We Collect From You And For What Purposes.

• Right to Make Requests Through an Authorized Agent: California residents can designate an authorized agent to make a request under the CCPA on their behalf.

California residents can designate an authorized agent to make requests under the CCPA on their behalf relating to the residents’ personal information. Only you as a California resident, or a person you have designated in writing as your authorized agent, may make a consumer request related to your personal information.

If you wish to have an authorized agent make a verifiable consumer request on your behalf, they will need to provide us with sufficient written proof that you have designated them as your authorized agent, such as a power of attorney pursuant to California Probate Code sections 4000 to 4465. We will still require you to provide sufficient information to allow us to reasonably verify that you are the person about whom we have collected personal information. We can deny any request made by a purported authorized agent who does not submit proof that they has been authorized by the California resident to act on the California resident’s behalf.

• Notice of Financial Incentives: California residents are entitled to certain information about a business’s financial incentive programs. However, CERIS does not offer any financial incentive programs to California consumers.
• Do Not Track (“DNT”): DNT is an optional browser setting that allows you to express your preferences regarding tracking across websites. Most modern web browsers give you the option to send a Do Not Track signal to the websites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a website should respond to this signal, so we do not take any action in response to this signal. We do not have a mechanism in place to respond to DNT signals. Instead, in addition to publicly available third-party tools, we offer you the choices described in this Privacy Policy to manage the collection and use of information about you.

 

9. CHANGES TO THIS PRIVACY POLICY

We may amend this Policy at any time by posting revisions on our Website. If we make any material changes in the way we collect or process your personal information, we will notify you by prominently posting notice of the changes on our Website.

 

10. CONTACT US

To submit questions or to inquire about or submit a request relating to data rights, you can contact us by:

• Filling-out the Request Form (available on the CERIS website) and send it in an e-mail to PrivacyInquiry@CERIS.com
• Calling us toll-free number at 855-872-6674
• E-mailing us directly at PrivacyInquiry@CERIS.com

Attention: Privacy Officer

CorVel Corporation

1800 SW 1st Avenue, Suite 600

Portland, OR 97201

If you have any questions or concerns regarding our Privacy Policy, or if you believe our Privacy Policy or applicable laws relating to the protection of your personal information have not been respected, you may file a complaint with CERIS using the contact information listed above, and we will respond to let you know who will be handling your matter and when you can expect a further response. We may request additional details from you regarding your concerns and may need to engage or consult with other parties in order to investigate and address your issue. We may keep records of your request and any resolution.

 

COOKIES POLICY

LAST MODIFIED:  August 10, 2023

Effective as of the date listed above, CERIS Inc. (“CERIS” or “we” or “us” or “our”) have adopted this Cookies Policy. This Cookies Policy is designed to be read in conjunction our general Privacy Policy. For the purposes of this Cookies Policy, we say the “Website,” we mean CERIS.com.

Like many website operators, CERIS and its analytics vendors use server logs and automated data collection tools, such as browser cookies, pixel tags, scripts and web beacons. These tools are used for analytics purposes to enable us to understand how users interact with the Website.

What is a cookie?

A cookie is a small text file that is placed on your hard drive by a web page server. Cookies contain information that can later be read by a web server in the domain that issued the cookie to you.  There are several types of cookies:

• Session cookies provide information about how a website is used during a single browser session while a user is visiting a website and usually expire after the browser is closed.
• Persistent cookies remain on your device between different browser sessions for a set amount of time in order to enable the website to remember user preferences, settings, or actions across other sites. A persistent cookie will remain on a user’s device for a set period of time specified in the cookie.
• First-party cookies are cookies set by the operator of the website you are visiting.
• Third-party cookies are cookies set by third parties that are different from the operator website you are visiting.
• Web beacons, tags and scripts may be used in the Website or in our emails to help us to deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon.

Our collection of cookies

We, our marketing partners, affiliates, and analytics or service providers use cookies and other similar technologies. You can see what cookies we place and/or collect and for what purposes by clicking “Show Details” on the cookie banner when you first visit the Website. If you are not presented with a cookie banner, please delete your cookies and re-visit the Website.

We group the cookies that we collect into the following categories based upon their function (note that all types of cookies, as described above, will be found in each category):

Category	Description
Essential Cookies	Essential cookies are sometimes called “strictly necessary” as without them we cannot operate and administer the Website. For example, essential cookies help remember your preferences as you move around the Website.
Analytics Cookies	These cookies track information about visits to the Websites so that we can make improvements and report our performance. For example: analyze visitor and user behavior so as to provide more relevant content or suggest certain activities. They collect information about how visitors use the Websites, which site the user came from, the number of each user’s visits and how long a user stays on the Websites. We might also use analytics cookies to test new ads, pages, or features to see how users react to them.
Functionality or Preference Cookies	During your visit to the Websites, cookies are used to remember information you have entered or choices you make (such as your username, language or your region) on the Websites. They also store your preferences when personalizing the Websites to optimize your use of the Website, for example, your preferred language. These preferences are remembered, through the use of the persistent cookies, and the next time you visit the Websites you will not have to set them again.
Targeting or Advertising Cookies	These Third Party Cookies are placed by third party advertising platforms or networks in order to, deliver ads and track ad performance, enable advertising networks to deliver ads that may be relevant to you based upon your activities (this is sometimes called “behavioral” “tracking” or “targeted” advertising) on the Websites. They may subsequently use information about your visit to target you with advertising that you may be interested in, on the Websites and other websites. For example, these cookies remember which browsers have visited the Websites.

Third-party cookies

The Website allows third-parties to place cookies on your Internet-connected device in order to deliver advertisements based upon your web-browsing habits and history. Further, in order to provide interoperability and plug-ins (like YouTube), the Website allows these third-parties to place and collect cookies on your Internet-connected device. However, you can restrict the third-party collection of cookies through the instructions provided in the section How to Restrict Cookies below. Further, you can choose to reject third-party cookies by clicking “Deny” on the cookie banner when you first visit the Website.

Do Not Track

Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking across websites. Most modern web browsers give you the option to send a Do Not Track signal to the websites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a website should respond to this signal, so we do not take any action in response to this signal. CERIS does not have a mechanism in place to respond to DNT signals. Instead, in addition to publicly available external tools, we offer you the choices described in this Cookies Policy to manage the collection and use of information about you.

How to Restrict Cookies

You can choose to restrict all non-necessary cookies by clicking “Deny” on the cookie banner when you first visit the Website or choose which specific non-necessary cookies to accept or reject by clicking “Show Details.” If you are not presented with a cookie banner, please delete your cookies and re-visit the Website.

You can also adjust the settings in your browser in order to restrict or block cookies that are set by the Website (or any other website on the Internet). Your browser may include information on how to adjust your settings. Alternatively, you may visit the U.S. Federal Trade Commission’s website www.consumer.ftc.gov to obtain comprehensive general information about cookies and how to adjust the cookie settings on various browsers.

You can control and delete these cookies through your browser settings through the following:

• Google Chrome
• Mozilla Firefox
• Safari
• Opera
• Microsoft Internet Explorer
• Microsoft Edge
• Safari for iOS (iPhone and iPad)
• Chrome for Android

Or you can also use the following cookie management and disposal tool from Google Analytics by downloading and installing the browser plug-in from the following link: http://tools.google.com/dlpage/gaoptout.

Please be aware that restricting cookies may impact the functionality of the Website. For example, refusing cookies will not allow CERIS to present the Website in your preferred language. Additional general information about cookies, including how to be notified about the placement of new cookies and how to disable cookies, can be found at www.allaboutcookies.org.

Changes to this policy

If there are any material changes to this Policy, you will be notified by the posting of a prominent notice on our Websites prior to the change becoming effective. We encourage you to periodically review this page for the latest information on the Policy. Your continued use of the Websites constitutes your agreement to be bound by such changes to this Policy. Your only remedy, if you do not accept the terms of this Policy, is to discontinue use of and access to the Websites. The content of this Policy is for your general information and use only. These cookies are subject to change without notice. You acknowledge that this information may contain inaccuracies or errors and is subject to change and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.