Effective Date: January 1, 2020
We refer to the above websites and all related websites and applications as “sites” and to each of them as a “site.” When we refer to “we,” “us,” or “our,” we mean CorVel, or the specific division, subsidiary, or affiliate that operates a site, provides its content, or processes information received through it, each as appropriate and applicable. When we refer to “you” or “your,” we mean the person accessing the site. If the person accessing the site does so on behalf of, or for the purposes of, another person, including a business or other organization, “you” or “your” also means that other person, including a business organization.
- GENERAL DISCLOSURES
- WHAT INFORMATION WE COLLECT
- HOW WE USE YOUR INFORMATION
- WHEN AND WITH WHOM DO WE SHARE YOUR INFORMATION
- COOKIES POLICY
- HOW TO RESTRICT COOKIES
- EXTERNAL PARTNER ADVERTISING AND ANALYTICS
- LINKING SITES
- SOCIAL MEDIA
- HOW LONG WE RETAIN YOUR INFORMATION
- MARKETING AND PROMOTIONAL COMMUNICATIONS
- CHILDREN’S ONLINE PRIVACY PROTECTION ACT (COPPA) COMPLIANCE AND RELATED INFORMATION
- CALIFORNIA CONSUMERS
- CONTACT US
- TABLE OF COOKIES
II. General Disclosures
We collect your business contact information, such as your full name and your business name, email address, telephone number, address and other work-related information you provide to us in the course of providing our Services to you or your organization.
We take your privacy and the protection of your personal information seriously. We will only store, process and disclose your personal information in accordance with applicable law. We will make it clear when we collect personal information and will explain what we intend to do with it. We do our best to protect your privacy through the appropriate use of information security measures.
III. What information we collect
CorVel may collect personal information about you either directly from you, your Connected Device, and from select external sources.
1. Categories of personal information that we collect
The following categories of personal information are provided to help you better understand the information we may collect directly from you, either through your use of the sites (including from your mobile and/or other Internet connected devices (“Connected Device”)) or in the course of us providing our Services from our customers and service providers.
We may collect, use, store and process different kinds of personal information about you, which we have grouped into the following categories:
- Identity Information such as first name, middle initial, last name, date of birth, gender, race, Social Security number, driver’s license number, tax identification number, marital status and signature.
- Contact Information such as personal mailing address, email address and telephone number.
- Medical Information such as medical conditions, psychological trends, disabilities, behavioral information, aptitudes, hospital reports, physical characteristics/descriptions, sleep and exercise information and injury information.
- Insurance Information such as health insurance number, policy/plan information, health insurance claim numbers (HICNs) and Medicare beneficiary identifier (MBIs).
- Social Media Information such as information about how you interact with our social media content and your social media content that is relevant to our Services.
- Employment Information such as vocational, salary and work history and military or veteran status relevant to our Services.
- Activity Information such as your history, actions and experiences that are relevant to our Services.
- Biometric Information such as gait patterns or rhythms and voice recordings that are relevant to our Services.
- Financial Information such as bank account information and payment card details.
- Technical Information such as internet protocol (IP) address, geolocation, your login data, time zone setting and location (geocodes), auth0 logs, pages visited, pages viewed, events and page loads, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Profile Information such as your username, password and related account preferences.
- Usage Information such as information about how you use our website, products and services.
2. Information that we receive from select external partners
We may receive information about you from our customers, if, as an example, your employer utilizes our Services. We may also utilize select and vetted service providers that give us information about you relevant to our Services. These service providers may include our investigative services providers, data analytics providers, and our SMS texting and telehealth platforms.
We may receive information about you when you access our sites through external platforms, such as Facebook. If you use our sites on or through an external platform, including via your Connected Device, or click on external links, the collection, use, and disclosure of your information and your use of the sites will also be subject to the privacy policies and other terms of such external parties and platforms. You should review such privacy policies, terms and other agreements.
3. Collection of technical information and usage information
When you access CorVel’s sites, we automatically collect certain information. This information may include without limitation: (a) technical information about your Connected Device, such as your IP address, geolocation information, device type, operating system type and version, unique device ID, browser, browser language, domain and other systems information or platform types (collectively “Technical Information”); and (b) usage statistics about your interaction with CorVel’s sites, including pages accessed, referring website address(es) time spent on pages, pages visited, search queries, click data, date and time and other information regarding your use of CorVel’s sites (collectively “Usage Information”).
IV. How we use your information
We may use information about you for a number of purposes, including:
1. Providing, improving and developing our services
- Providing CorVel’s Services, including completing the transaction for which the personal information was collected, such as processing your claims;
- Facilitating medical care and payment of medical claims, including enrolling individuals in Medicare services;
- Performing our contractual obligations with our customers;
- Maintaining and improving our Services, including performing safety and quality controls of the Services;
- Developing new products and Services;
- Delivering the information and support you request;
- Improving, personalizing and facilitating your use of our Services; and
- Measuring, tracking and analyzing trends and usage in connection with your use or the performance of our Services.
2. Communicating with you about our services
- Responding to questions or concerns;
- Sending you SMS text messages relating to our pharmacy programs;
- Connecting with you through our telehealth programs and services; and
- Sending you information we think you may find useful or which you have requested from us about our Services.
3. Protecting our services and maintaining a trusted environment
- Enforcing any applicable terms of service or other applicable agreements or policies;
- Complying with any applicable laws or regulations, or in response to lawful requests for information from the government or through legal process;
- Fulfilling any other purpose disclosed to you in connection with our Services; and
- Contacting you to resolve disputes and provide assistance with our Services.
4. Advertising and marketing
- Marketing of our Services; and
- Communicating with you about opportunities, products and services offered by us and select partners. If we send you marketing emails, each email will contain instructions permitting you to “opt out” of receiving future marketing or other communications.
If we obtain any personal information from you we will not sell it to third parties, nor will we allow service providers with whom we share your personal information to sell it.
5. Other uses
- For any other purpose disclosed to you in connection with our Services from time to time.
V. When and with whom do we share your information
1. We do not sell your information
We do not sell your personal information nor the personal information of minors under sixteen (16) years of age to third parties.
2. When and how we may share/disclose your information with our service providers and customers
- We may share your information with our service providers in order to process your claims, such as with healthcare providers who provide independent medical examinations, insurance carriers, legal counsel, your employer, medical equipment companies, claims adjusters, companies that structure settlements/annuities and determine lifespans and state and other government agencies;
- We may share your information with governmental authorities, such as the Centers for Medicare and Medicaid Services, for purposes of mandatory reporting;
- We may share your information with our service providers for purposes of monitoring individuals throughout the claims process; and
- We may share your information with service providers that perform essential administrative and management services on our behalf, including for payment processing, data analysis, marketing services, advertising services, email and hosting services, SMS text messaging services, telehealth services and customer services and support.
We require all service providers to respect the security of your personal information. We do not allow our service providers to sell personal information or to use your personal information for their own purposes. All of our service providers are only permitted to process your personal information in accordance with our instructions and solely for the reasons for which we disclosed it to them.
3. Corporate Transactions
4. Disclosure of information for legal purposes
CorVel may disclose all or part of your personal information when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating any agreement with CorVel, or may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users of our sites, or anyone else that could be harmed by such activities. We may disclose information in response to a subpoena, search warrant, in connection with judicial proceedings, or pursuant to court orders, legal process or other law enforcement measures. CorVel may disclose or access personal information when we believe in good faith that the law requires it, to establish our legal rights or to defend against legal claims, and for administrative and other purposes that we deem necessary to maintain, service and improve our Services.
5. Analytics and data enrichment services
We use external analytics such as Google Analytics to help understand your usage of our sites and to improve our Services.
6. Aggregated, anonymized or de-identified information
We may disclose or use aggregated, anonymized or de-identified information for any purpose. Aggregated, anonymized or de-identified information is information that can no longer reasonably identify a specific individual. Although such information may be derived from your personal information, it can no longer directly or indirectly reveal your identity.
VI. Cookies Policy
Like many online platforms, CorVel and its analytics vendors use server logs and automated data collection tools, such as browser cookies, pixel tags, scripts and web beacons. These tools are used for analytics purposes to enable CorVel to understand how users interact with the sites and Services. CorVel and its analytics vendors may tie the information gathered by these means to the identity of users.
Cookies are small text files placed on a computer or device while browsing the Internet. Cookies are used to collect, store and share bits of information about user activities. CorVel uses both session cookies and persistent cookies.
Session cookies are used to identify a particular visit to CorVel’s sites and collect information about your interaction with the sites. These cookies expire after a short time or when the user closes their web browser after using the sites. CorVel uses these cookies to identify a user during a single browsing session, such as when you log into the sites. This helps CorVel improve the sites and Services as well as improve the users’ browsing experience.
A persistent cookie will remain on a user’s device for a set period of time specified in the cookie. CorVel uses these cookies to identify and recognize a specific user over a longer period of time. They allow CorVel to:
- analyze the usage of the sites (e.g. what links users click on) in order to improve our offering;
- test different versions of the sites to see which particular features or content users prefer to optimize the sites;
- provide a more personalized experience to users with more relevant content and course recommendations; and
- allow users to more easily log in to use the sites and Services.
Examples of persistent cookies include: (i) preferences cookies to remember information about a user’s browser and settings preferences, such as preferred language – preference cookies make a user’s experience more functional and customized, (ii) authentication and security cookies to enable a user to log in or stay logged in to access the sites and Services, to protect user accounts against fraudulent log-ins by others and to help detect and protect against abuse or unauthorized usage of user accounts and (iii) functional cookies to make the experience of using the sites and Services better, like remembering the sound volume level selected by the user.
CorVel uses tracking technology to: (i) determine if a certain page was visited or whether an email sent by CorVel was opened or clicked on by a user; and (ii) to customize the experience of individual users by recommending specific content.
We also use clear gifs in HTML-based emails sent to our users to track which emails are opened and clicked on by recipients. We may use the information we obtain from the cookie in the administration of the sites, to improve the usability of the sites and for marketing purposes. We may also use that information to recognize your computer when you visit our sites, and to personalize our sites for you.
Cookies and information captured through our sites are stored for a certain retention period, however you can eliminate these cookies any time before the expiration date. Below is our Table of Cookies.
VII. How to restrict cookies
You can adjust the settings in your browser in order to restrict or block cookies that are set by the sites (or any other website on the Internet). Your browser may include information on how to adjust your settings. Alternatively, you may visit www.allaboutcookies.org to obtain comprehensive general information about cookies and how to adjust the cookie settings on various browsers. This site also explains how to delete cookies from your computer.
You can control and delete these cookies through your browser settings through the following:
- Google Chrome
- Mozilla Firefox
- Microsoft Internet Explorer
- Microsoft Edge
- Safari for iOS (iPhone and iPad)
- Chrome for Android
Or you can also use the following cookie management and disposal tool from Google Analytics by downloading and installing the browser plug-in from the following link: http://tools.google.com/dlpage/gaoptout.
Please be aware that restricting cookies may impact the functionality of the Services. Most browsers allow you to refuse to accept cookies. Additional general information about cookies, including how to be notified about the placement of new cookies and how to disable cookies, can be found at www.allaboutcookies.org.
VIII. External partner advertising and analytics
IX. Linking sites
For instance, information collected through Google Analytics is shared with Google and its partners who may combine it with other information you provided to them or they collected from your use of their services. This information is stored in Google’s servers according to their privacy practices.
X. Social media
We may collect information from other sources, such as social media platforms that may share information about how you interact with our social media content. We do not control how your personal information is collected, stored or used by third-party websites or to whom those websites disclose your information. You should review the privacy policies and settings on any social media website that you subscribe to so that you understand the information they collect and may be sharing. If you do not want your social media websites to share information about you, you must contact that website and determine whether it gives you the opportunity to opt-out of sharing such information. CorVel is not responsible for how these third-party websites may use information collected from or about you.
XI. How long we retain your information
We generally retain your information as long as reasonably necessary to provide you the Services or to comply with applicable law and in accordance with our document retention policy. To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means and the applicable legal requirements. We may retain copies of information about you and any transactions or Services you have used for a period of time that is consistent with applicable law, applicable statute of limitations or as we believe is reasonably necessary to comply with applicable law, regulation, legal process or governmental request, to detect or prevent fraud, to collect fees owed, to resolve disputes, to address problems with our Services, to assist with investigations, to enforce other applicable agreements or policies or to take any other actions consistent with applicable law.
In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. This allows the specific information collected (name, email, address, phone number, etc.) to become anonymous, but allows CorVel to keep the transaction or engagement data. For example, CorVel will not be able to tell if John Smith registered for an event, but we will be able to tell that a person registered for an event and maintain headcount and transactional history. This will allow CorVel to maintain a level of information that helps us develop and improve our sites and Services.
XII. Marketing and promotional communications
You may opt-out of receiving marketing and promotional messages from CorVel, if those messages are powered by CorVel, by following the instructions in those messages. If you decide to opt-out, you will still receive non-promotional communications relevant to your use of our Services.
XIII. Children’s Online Privacy Protection Act (COPPA) compliance and related information
The Children’s Online Privacy and Protection Act (COPPA) regulates online collection of information from persons under the age of 13. It is our policy to refrain from knowingly collecting or maintaining personal information relating to any person under the age of 18. If you are under the age of 18, please do not supply any personal information through the sites. If you are under the age of 18 and have already provided personal information through the sites, please have your parent or guardian contact us immediately using the information provided under Contact Us so that we can remove such information from our files.
We take reasonable measures, including administrative, technical, and physical safeguards, to protect your information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. We hold information about you both at our own premises and with the assistance of service providers. Further public disclosure here of our security measures could aid those who might attempt to circumvent those security measures. If you have additional questions regarding security, please feel free to contact us directly using the information provided under Contact Us . To ensure that our employees comply with our privacy policies, we have developed a training program that provides all employees with the tools and knowledge to protect your personal information in all aspects of their work. Any employee who violates our privacy policies is subject to disciplinary action, including possible termination and civil and/or criminal prosecution.
XV. California Consumers
The California Consumer Privacy Act (“CCPA”) permits residents of California to have the following additional rights. For more information, or if you have questions, you can contact us using the information provided under Contact Us . For your protection, before CorVel can respond to your request, CorVel may be required to collect certain information from you to verify your identity. This may include asking for your full name, aliases, current home addresses or alternative e-mail address. The information you provide to verify your identity will only be used for verification purposes, and a record of your request, including certain information contained within it, will be maintained by CorVel for its files.
1. California residents have the right to request CorVel disclose what information it collects, uses, and discloses
California residents have the right to request that CorVel disclose what personal information CorVel collects, uses and discloses about them. The general categories of personal information CorVel collects about California residents are listed above under What Information We Collect. If you are a California resident and would like to request the specific personal information that CorVel collects, uses and discloses about you, please complete this Request Form and send it to CorVel using the information provided under Contact Us or contact CorVel at the toll-free number provided in this Policy.
2. California residents have the right to request the deletion of their personal information maintained by CorVel
California residents have the right to request that CorVel delete the personal information CorVel maintains about them. CorVel will make every effort to comply with California residents’ requests to delete their personal information, however, certain laws or other legal requirements might prevent some personal information from being deleted. If you are a California resident and would like to request the deletion of your personal information, please complete this Request Form and send it to CorVel using the information provided under Contact Us or contact CorVel at the toll-free number provided in this Policy. To verify any request to delete personal information, you will be required to provide the information contained in the Request Form. Failure to do so could result in CorVel’s inability to comply with your request.
3. California residents have the right to non-discrimination for the exercise of their privacy rights under the CCPA
Under the CCPA, California residents have the right not to receive discriminatory treatment by CorVel for the exercise of their privacy rights. However, the exercise of certain privacy rights by California residents will make it so that CorVel is no longer able to provide those residents with certain services. For example, if, at the request of a California resident, CorVel deletes all of the California resident’s personal information that it maintains, CorVel will no longer be able to send marketing communications to that California resident.
4. California residents have the right to opt-out of the sale of the personal information
Under the CCPA, California residents can request that a company stop selling their personal information. However, as described above, CorVel does not sell your personal information.
5. California residents can designate an authorized agent to make a request under the CCPA on their behalf
California residents can designate an authorized agent to make requests under the CCPA related to the residents’ personal information. CorVel can deny any request made by an agent who does not submit proof that he or she has been authorized by the California resident to act on the California resident’s behalf. For more information on submitting a request on behalf of a California resident as an authorized agent, you can contact us using the information provided under Contact Us.
6. Do not track