Privacy Policy

Website Privacy Policy

Capital District Physicians’ Health Plan, Inc., CDPHP Universal Benefits, Inc.^®, and Capital District Physicians’ Healthcare Network, Inc. on behalf of itself and its affiliates (hereinafter referred to as “CDPHP^®,” “us,” “we,” “our,” or “Company”) has created this Privacy Policy to apply to all users of this website www.cdphp.com (referred to herein as our “Services”). This Privacy Policy describes, among other things, the types of information we collect from users when you use our Services, how we use it, and how you can exercise choices regarding your information. This Privacy Policy is integrated into our Terms of Use.

If you are a CDPHP member (and not someone visiting our Services for informational purposes), then you may also provide us with Protected Health Information (as defined in our Notice of Privacy Practices) that constitutes health information protected by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). CDPHP is a Covered Entity under HIPAA and complies with HIPAA regulations regarding the use and disclosure of Protected Health Information. Our Notice of Privacy Practices explains how we may use and disclose Protected Health Information and how you may exercise your rights under HIPAA. If there is any conflict between this Privacy Policy and the CDPHP Notice of Privacy Practices, the Notice of Privacy Practices will apply if the use, disclosure, or request relates to Protected Health Information.

This Privacy Policy does not apply to information collected through other means, including but not limited to, by telephone or in person, although that information may be governed by the CDPHP Notice of Privacy Practices.

By using the Services and consenting to providing us with your personal Information (defined below), you agree to the practices described in this Privacy Policy and Terms of Use referenced below and to the updates to these policies posted here from time to time.

I. INFORMATION WE COLLECT ABOUT YOU

We may collect the following categories of information about you which are described in more detail below: (A) information you provide to us, (B) information we may automatically collect, and (D) information we may receive from third parties. All of the information listed in (A)-(D) above, are detailed below, and hereinafter referred to as “Information.”

A. Information You Provide to Us

In using our Services, you may provide us with Information, including, without limitation:

• Individual identifiers such as name, mailing address, phone number, and email address;

• Communications with us, preferences, and other Information you provide to us such as any messages (including via online chat feature), opinions and feedback that you provide to us, your user preferences (such as in receiving updates or marketing information), and other Information that you share with us when you contact us directly (such as for support services); and

• Additional Information as otherwise described to you at the point of collection or pursuant to your consent.

B. Information We May Automatically Collect About You

Our Services may automatically collect the following categories of usage and technical Information about you. This Information is used by CDPHP for the operation of the Services, to maintain quality of the Services, and to provide general statistics regarding use of the Services. This Information may include:

• Age, gender, and approximate geolocation;

• Language preferences;

• IP address, which is the number associated with the service through which you access the Internet, like your ISP (Internet service provider);

• Date and time of your visit or use of our Services;

• Domain server from which you are using our Services;

• Type of computer, web browsers, search engine used, operating system, or platform you use;

• Data identifying the web pages you visited prior to and after visiting our website or use of our Services;

• Your movement and activity within the website, which is aggregated with other information; and

• Mobile device information, including the type of device you use, operating system version, and the device identifier (or “UDID”).

C. Cookies & Technologies Used to Collect Information About You

We and/or certain service providers operating on our behalf may collect Information about your activity, or activity on devices associated with you over time, on our sites and applications, and across non-affiliated websites or online applications. We may collect this Information by using certain technologies, such as cookies, web beacons, pixels, software developer kits, third-party libraries, and other similar technologies. Third-party service providers, advertisers, and/or partners may also view, edit, or set their own cookies or place web beacons.

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our website.

• Web Beacons. Website pages may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages and for other related statistics (for example, recording the popularity of certain content and verifying system and server integrity). We also use these technical methods to analyze the traffic patterns, such as the frequency with which our users visit various parts of the Services. These technical methods may involve the transmission of Information either directly to us or to a third party authorized by us to collect Information on our behalf. Our Services use retargeting pixels from Google, Facebook, and other ad networks. We also use web beacons in HTML emails that we send to determine whether the recipients have opened those emails and/or clicked on links in those emails.

• Analytics. Analytics are tools we may use, such as Google Analytics or Meta Pixel, to help provide us with information about traffic to our website and use of our Services, which Google may share with other services and websites who use the collected data to contextualize and personalize the ads of its own advertising network. You can view Google’s Privacy Practices here: Privacy Policy – Privacy & Terms – Google. You can view Meta’s Privacy Practices here: Meta Privacy Policy - How Meta collects and uses user data | Privacy Center | Manage your privacy on Facebook, Instagram and Messenger | Facebook Privacy.

• Mobile Device Technologies. If you access our website and Services through a mobile device, we may automatically collect Information about your device, your phone number, and your physical location.

You may opt out of these online tracking technologies by expressing your preferences through our cookie consent banner. Please note that some features of our website may not be available to you as a result of these choices.

D. Information We May Receive from Third Parties

We may collect additional Information about you from third-party websites, social media platforms. and/or sources providing publicly available information (e.g., from the U.S. postal service) to help us provide services to you, help prevent fraud, and for marketing and advertising purposes.

This Privacy Policy only applies to Information collected by our Services. We are not responsible for the privacy and security practices of those other websites or social media platforms or the Information they may collect. You should contact such third parties directly to determine their respective privacy policies. Links to any other websites or content do not constitute or imply an endorsement or recommendation by us of the linked website, social media platform, and/or content.

II. HOW WE USE YOUR INFORMATION

A. Use and Purpose of Processing Your Information

We use and process your Information for things that may include, but are not limited to, the following:

• To provide you with the Services and information you request;

• To respond to your inquiries and questions and provide support services;

• For general or targeted marketing and advertising purposes, including sending you promotional material, or special offers on our behalf or on behalf of our marketing partners and/or their respective affiliates and subsidiaries and other third parties, provided that you have not already opted out of receiving such communications;

• To fulfill contracts we have with you;

• To manage, improve, and foster relationships with third-party service providers, including vendors, suppliers, and parents, affiliates, subsidiaries, and business partners;

• To monitor the usage of our Services;

• Maintain, improve, customize, or administer the Services, perform business analyses, or other internal purposes to improve the quality of our business, the Services, resolve technical problems, or improve security or develop other products and services;

• Comply with our Terms of Use;

• Analytics for business purposes and business intelligence;

• Comply with any applicable laws and regulations and respond to lawful requests; and/or

• For any other purposes disclosed to you at the time we collect your Information and/or pursuant to your consent.

We may also use Information that has been de-identified and/or aggregated for purposes not otherwise listed above.

B. Sharing or Disclosing Your Information

We may share and/or disclose your Information as set forth in the Privacy Policy and in the following circumstances:

• Third-Party Service Providers. We may share your Information with third-party service providers that perform certain functions or services on our behalf (such as to host the Services, manage databases, perform analyses, provide support services, or send communications for us). These third-party service providers are authorized to use your Information only as necessary to provide these services to us. In some instances, we may aggregate Information we collect so third parties do not have access to your identifiable Information to identify you individually.

• Disclosure of Information for Legal and Administrative Reasons. We may disclose your Information without notice: (i) when required by law or to comply with a court order, subpoena, search warrant, or other legal process; (ii) to cooperate or undertake an internal or external investigation or audit; (iii) to comply with legal, regulatory, or administrative requirements of governmental authorities (including, without limitation, requests from the governmental agency authorities to view your Information); (iv) to protect and defend the rights, property or safety of us, our subsidiaries and affiliates and any of their officers, directors, employees, attorneys, agents, contractors and partners, and the website Service users; (v) to enforce or apply our Terms of Use; and (vi) to verify the identity of the user of our Services.

• Business Transfers. Your Information may be transferred, sold, or otherwise conveyed (“Conveyed”) to a third party where we: (i) merge with or are acquired by another business entity; (ii) sell all or substantially all of our assets; (iii) are adjudicated bankrupt; or (iv) are liquidated or otherwise reorganize.

• Information Shared with our Subsidiaries and Affiliates. We may share your Information with our subsidiaries and affiliates.

• De-Identified or Aggregated Data. We may share your Information on an aggregated basis for any purpose in which your specific personal Information is blinded, masked, or otherwise not identifiable.

• With Your Consent. We may share Information consistent with this Privacy Policy with your consent.

III. LINKS TO OTHER WEBSITES

Our Services may contain links to other websites or services that are not owned or controlled by us, including, but not limited to, links to social media platforms such as Facebook, Instagram, or YouTube, which may redirect you off our website away from our Services.

This Privacy Policy only applies to Information collected by our Services. We are not responsible for the privacy and security practices of those other websites or social media platforms or the Information they may collect (which may include IP address). You should contact such third parties directly to determine their respective privacy policies. Links to any other websites or content do not constitute or imply an endorsement or recommendation by us of the linked website, social media platform, and/or content.

IV. INFORMATION SECURITY

We use commercially reasonable and appropriate administrative, physical, and technical security measures to provide our Services and safeguard your information. However, no data transmitted over the Internet or stored or maintained by us or our third-party service providers can be 100% secure. Therefore, we do not promise or guarantee, and you should not expect, that your Information or private communications will always remain private or secure. We do not guarantee that your Information will not be misused by third parties. We are not responsible for the circumvention of any privacy settings or security features. You agree that we will not have any liability for misuse, access, acquisition, deletion, or disclosure of your Information.

If you believe that your Information has been accessed or acquired by an unauthorized person, you should promptly contact information_assurance@cdphp.com so that necessary measures can quickly be taken.

V. DATA RETENTION

We will retain your Information for as long as needed to provide, manage, and improve the Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. In accordance with our routine record keeping, we may delete certain records that contain Information you have submitted to us. We are under no obligation to store such Information indefinitely and disclaim any liability arising out of, or related to, the destruction of such Information.

VI. YOUR CHOICES

A. Marketing Communications. If you do not want to receive marketing and promotional emails from us, you may click on the “unsubscribe” link in the email to unsubscribe and opt out of marketing email communications or see How to Contact Us below for more information.

B. Opting Out of Direct Marketing by Third Parties. To exercise choices regarding the marketing information you receive, you may also review the following links:

• You may opt out of tracking and receiving tailored advertisements on your mobile device by some mobile advertising companies and other similar entities by downloading the App Choices app at www.aboutads.info/appchoices.

• You may opt out of receiving permissible targeted advertisements by using the NAI Opt-out tool available at http://optout.networkadvertising.org/?c=1 or visiting About Ads at http://optout.aboutads.info.

• You can opt out of having your activity on our Services made available to Google Analytics by installing the Google Analytics opt-out add-on for your web browser by visiting: https://tools.google.com/dlpage/gaoptout for your web browser.

VII. GEOGRAPHIC LOCATION OF DATA STORAGE AND PROCESSING

Our Services are targeted to individuals located in the United States. As such, the Services collect Information and process and store that Information in databases located in the United States. If you are visiting the Services from a country outside the United States, you should be aware that you may transfer personally identifiable Information about yourself to the United States, and that the data protection laws of the United States may not be as comprehensive as those in your own country. By visiting the Services and submitting any personally identifiable Information you consent to the transfer of such personally identifiable Information to the United States.

Based on security risk, CDPHP may, in its sole discretion, block access to its Services from certain countries.

VIII. CHILDREN’S INFORMATION

The Services are intended only for users over the age of thirteen (13). If we become aware that a user is under thirteen (13) (or a higher age threshold where applicable) and has provided us with Information, we will take steps to comply with any applicable legal requirement to remove such Information. Contact us at privacyofficer@cdphp.com if you believe that we have mistakenly or unintentionally collected Information from a child under the age of thirteen (13).

IX. DIFFICULTY ACCESSING OUR PRIVACY POLICY

Individuals with disabilities who are unable to usefully access our Privacy Policy online may contact us at (518) 641-3000 to inquire how they can obtain a copy of our policy in another, more easily readable format.

X. “DO NOT TRACK” SIGNALS

We do not support “Do Not Track.” Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable “Do Not Track” by visiting the “Preferences” or “Settings” page of your web browser. Do Not Track is different from Global Privacy Controls (“GPC”), which may notify websites of consumers’ privacy preferences regarding the sale or sharing of personal Information, or the use of sensitive personal Information.

XI. CHANGES TO THIS PRIVACY POLICY

We reserve the right to change, modify or amend this Privacy Policy at any time to reflect changes in our products and service offerings, accommodate new technologies, regulatory requirements, or other purposes. If we modify our Privacy Policy, we will update the “Effective Date,” and such changes will be effective upon posting. It is your obligation to check our current Privacy Policy for any changes.

XII. HOW TO CONTACT US

If you have any questions about this Privacy Policy or the Information we have collected about you, please contact us at the following:

Email us: privacyofficer@cdphp.com

Call us: (518) 641-5261

Write us:  Capital District Physicians’ Health Plan, Inc.
                     Attn: CDPHP Privacy Officer
                     6 Wellness Way
                     Latham, NY 12110