Effective as of March 23, 2017
We strive to comply with the laws of the countries in which we do business regarding the protection of your Personal Data, including the European Union (“EU”) Directive on Data Protection.
Our Service and Personal Information Collection
Personal Data. “Personal Data” means non-public personal information that identifies an individual. It doesn’t include data that is encoded, anonymized or aggregated.
Sensitive Data. “Sensitive Data” means personal information about an individual’s race or ethnicity; political, religious, ideological or trade union memberships, opinions, views or activities; medical conditions or other protected health information (“PHI”) as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”); financial information (e.g. account number); sexuality; or administrative or criminal proceedings that are treated outside pending proceedings. In addition, Sensitive Data includes information we receive from a third party who treats and identifies the information as sensitive.
- Notice: We do not collect your personal information to operate and maintain our service. We use non-personally identifiable data, cookies, clear gifs, and log file information to: (a) monitor the effectiveness of our Service and the offerings of our partners; (b) monitor aggregate metrics such as total number of visitors, traffic, and demographic patterns; (c) diagnose or fix technology problems; (d) and allow our business partners to deliver offers to you as described below.
If we collect your Personal Data for any other reason, we will notify you before using or disclosing that data, stating our purpose for collecting and using the data, the types of third parties to which we disclose the data, and the means we offer you to limit the use and disclosure of the data. If we receive Personal Data from any entity in the EU, we will use that data according to the instructions such entity gives us regarding notices it provided and the choices made by the individuals to whom such data relates.
For circumstances in which we are subject to the provisions of HIPAA, we are required to provide you with notice of our duties and practices with respect to PHI. Under HIPAA, we may use and disclose your PHI for one or more of the following purposes: To help run our organization (e.g. we may use your PHI to conduct quality assessments of the services we have provided to you—however, note that we are prohibited from using or disclosing PHI that is genetic information about you for underwriting purposes); or for purposes as required to administer your insurance and/or assistance service/product
We may also in some specific cases need to use or disclose your PHI for one or more of the following purposes:
(1) for public health and safety issues;
(2) to comply with legal or regulatory requirements;
(3) to address or comply with workers’ compensation, law enforcement, or other governmental mandates or requests; or
(4) to respond to lawsuits or legal actions.
In cases where we are subject to HIPAA, uses and disclosures of your PHI not described above will be made only with your express authorization.
Choice. Except as required by law, we do not share, sell or otherwise disclose your Personal Data to third parties, nor do we use it for any purpose other than for which it was originally collected or as you subsequently authorize. However, if ever we wish to do so, we will offer you the opportunity to choose not to permit us to use your Personal Data (“opt-out”) by sending an appropriately detailed request to the address provided below. In the event that we wish to disclose your Sensitive Data to a third party or use such data for a purpose other than for which it was originally collected or as you subsequently authorize, we will provide you the affirmative, explicit choice of whether you wish to permit such disclosure (“opt-in”). Moreover, except as authorized by law, we will not use or disclose psychotherapy notes, use or disclose your PHI for marketing purposes, or use or disclose your PHI in a way that would constitute a sale of PHI under HIPAA unless you expressly authorize us to do so. You may revoke this authorization at any time, except that such revocation will not be effective as to actions we have already taken in reliance on that authorization.
Though we make every effort to preserve your privacy, we may need to disclose Personal Data or Sensitive Data if we have a good-faith belief that it is necessary to (a) protect or defend our or your rights, interests or property; or (b) comply with any applicable law, regulation, judicial rule or order, or other mandate. In any such case, we will take reasonable care to disclose only as much Personal Data as is necessary.
- Onward Transfer. We may disclose your Personal Data, but only for the above-stated purposes. We will take reasonable steps to obtain assurances and will safeguard your Personal Data consistent with this Policy. Upon discovery, we will take reasonable steps to stop the disclosure of Personal Data that is contrary to this Policy.We may transfer your personal data to other Allianz Group companies located outside of the EEA or US. For these transfers, Fusion as part of the Allianz Group, has established a set of Binding Corporate Rules (BCR) which have been approved by certain EU Data Protection Authorities. These BCR’s are a commitment by Fusion to adequately protect personal data process regardless of where the personal data resides.
- Security. We take significant precautions to protect your data from loss, erasure, misuse, or unauthorized access, disclosure, alteration and destruction. To help maintain the security of your data, we employ physical, electronic and procedural safeguards, including utilizing policies to take reasonable precautions to (a) securely and confidentially maintain your Personal Data; (b) assess and protect against threats/hazards to the security or integrity of such data; and (c) prevent unauthorized access to or use of such data. To make your online transaction with us as safe and secure as possible, we use advanced encryption technology and treat your Personal Data with the highest standard of confidentiality and safety. We are required by law to maintain the privacy and security of your Personal Data.
- Your Rights. You have the following rights in respect of your personal data.
- The right to access the personal data we are holding about you.
- The right to have your personal data rectified where it is inaccurate or incomplete.
- The right to have your personal data erased in certain circumstances, for example the personal data is no longer necessary in relation to the purposes for which we have collected them as set out above.
- The right to restrict the processing of personal data, for example where you have contested the accuracy of that personal data.
- The right to lodge a complaint to the relevant data protection authority.
- The right to data portability, i.e. to receive your personal data in a structured, commonly used and machine readable format, and to have that personal data transmitted directly to another business entity (Data Controller).
- The right to withdraw your consent, at any time, for the processing of your personal data.
Where we are subject to HIPAA, you have the right to request to receive confidential communications of your PHI, as applicable. Subject to HIPAA, at your request, you may inspect, amend and copy PHI we maintain about you, and receive an accounting of certain disclosures of your PHI (e.g. health payment records), in accordance with and as permitted by HIPAA.
- Enforcement. Any complaint or dispute about how we handle your Personal Data should be directed to the address provided below. Additionally, complaints about how we handle your PHI may be directed to us or to the U.S. Secretary of Health and Human Services. We will investigate and attempt to resolve any such complaints or disputes internally; however, if we are unable to reach a mutually satisfactory resolution for such complaint or dispute, we have agreed to participate in the dispute resolution procedures administered by the European Data Protection Authorities’. You will not be retaliated against in any manner for filing a complaint.
Our Service and Non-Personally Identifiable Information
We may collect non-personally identifiable information about you, on behalf of our partners, through our Service to analyze usage of their websites and craft specific products/offers to their customers. When you visit such websites, your browser may send us certain information about you as described below. Any information obtained by Fusion from its partners’ websites will remain partner property and will be treated by Fusion as proprietary and confidential information of the partner. As such, Fusion will not disclose such information to any third party. Fusion will not review, share, distribute, print, sell or reference any session data of visitors to its partner’s websites except as explicitly requested by the partner. Fusion requires that any data held or transmitted on the behalf of our partners is done so in a secure manner consistent with the latest industry standards (e.g., data encryption, HTTPS/SSL) and all information provided to Fusion is stored on our secure servers. Fusion processes any behavioral data related to visitors to our partners’ websites in a format that maintains the anonymity of each user’s identity.
We may also collect the following information about you:
- Any information that you provide by filling in forms on our partners’ websites.
- If you contact us, we may keep a record of that correspondence.
We may share non-personally identifiable information (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to help them understand the usage patterns for certain Fusion services and those of our partners. Our partners also have the option to publish the testing results for their websites on the Service. Such results consist solely of non-personally identifiable information.
As explicitly requested by our partners, and on their behalf, we may employ the following technologies – cookies, log file information, and clear gifs – to generate statistics that help us create customized offers for our partners’ customers. We will not deduce personal preferences from this information.
Cookies Information: Cookies are electronic placeholders that are placed on your computer by websites to track your individual movements on that website over time. We may send one or more cookies to your computer that uniquely identifies your browser and lets us learn about your behavior and usage patterns when you are on a web page that utilizes our Service. A cookie may also convey anonymous information about how someone browses an affiliate website to our partners. A cookie does not collect personal information about you. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the Service. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent.
Log File Information: Log file information is automatically reported by your browser each time you access a web page that utilizes our Service. When you access the Service, our servers automatically record certain information that your web browser sends whenever you visit any website. These server logs may include information such as your web request, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, and other such information.
Clear Gifs Information: When you access the Service, we may employ clear gifs (also known as web beacons) which are used to track the online usage patterns of our partners’ customers anonymously. The information is used to enable more accurate reporting, improve the effectiveness of our Service, and make Fusion better for our partners and their customers.
Storage and Processing
For circumstances requiring a contract with Fusion, the collection of personal data is a statutory or contractual requirement, necessary to enter into a contract. You will be obliged to provide the data for the contract to be valid.
In circumstances where we need to collect your Personable Identifiable information such as employee or vendor management services, your information may be stored and processed in the United States or the EU. If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that we may transfer personally identifiable information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction. We also maintain back-up servers in the EU and your information may be transferred to the United Kingdom and processed and stored there under standards that provide adequate protection as confirmed by the European Commission.
Retention of Data
We will retain your personal data as long as necessary for the purposes set out above, or as long as required by law.
Compromise of Personal Information
Your Choices About Your Information
You can review and correct the information about you that Fusion keeps on file by contacting Fusion’s Privacy Office by email at Privacy@Fusion.com.
Protecting the privacy of young children is especially important. For that reason, Fusion does not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 13 is allowed to access or use the Service or to provide any personal information to Fusion. In the event that we learn that we have collected personal information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact our Privacy Office at Privacy@Fusion.com.
It is our policy to provide notifications, when such notifications are required by law or are for marketing or other business related purposes, to you via email notice, written or hard copy notice, or through conspicuous posting of such notice on the Service, as determined by Fusion in its sole discretion.
Links to Other Web Sites
ATTN: Steve Lestyan
9950 Mayland Drive
Richmond, VA 23233