BENEFITKARMA DETAILED US PRIVACY NOTICE
Information for US Residents
We collect Personal Data from US residents and comply with the consumer privacy laws of California, Colorado, Connecticut, Utah, and Virginia (“US Privacy Laws”). In addition to our general Privacy Notice available at benefitkarma.com/privacy, this Detailed US Privacy Notice applies to US residents (“users,” “you,” or “your”).
For the purposes of this Detailed US Privacy Notice, “Personal Data” means information that is linked or reasonably linkable to a particular individual or household. However, the following categories of information are not Personal Data:
· Publicly available information;
· Deidentified or aggregated data; or
· Information otherwise excluded from the scope of US Privacy Laws.
This Privacy Notice provides the following information to US residents:
· Categories of Personal Data we collect;
· Purposes for which we use Personal Data;
· Categories of Personal Data we disclose to third parties;
· Categories of third parties to which we disclose Personal Data; and
· How US residents can exercise their rights under US Privacy Laws:
o The rights to access, correct, or delete Personal Data;
o The right to obtain a portable copy of Personal Data;
o The right to limit the use of sensitive Personal Data in certain circumstances;
o The rights to opt out of targeted advertising, sales of Personal Data, or profiling; and
o The right to appeal our decisions about your requests.
Categories of Non-Sensitive Personal Data
The table below outlines the non-sensitive categories of Personal Data BenefitKarma collects about US residents and whether and how they are disclosed to third parties.
We collect Non-Sensitive Personal Data from the following sources:
· Directly from our users
Category of Personal Data: Identifiers
Examples – Identifiers may contain the following: Name, address, other contact information, Cookie IDs, hashed email addresses, and mobile advertising IDs
Purpose(s) for Collection: To provide personalized recommendations regarding opportunities from carefully selected partners that may be of interest to users; to provide personalized estimations of potential benefit opportunities; to improve services and conduct internal research
Targeted Advertising: We do not engage in targeted advertising or disclose this information for targeted advertising purposes
Sale: This information is not sold to third parties
Other Disclosures: This information may be disclosed to Processors. We disclose Identifiers to enable our processors to provide customer service on our behalf; to debug our products and identify errors that may impair functionality.
Retention Period:We retain this data until the user deletes their account, after which it is retained only to the extent required or permitted by law or for purposes of preventing fraud
Category of Personal Data: Personal Characteristics
Examples – Personal Characteristics may contain the following: Sex, age, veteran status, disability status, etc.
Purpose(s) for Collection: To provide personalized recommendations regarding opportunities from carefully selected partners that may be of interest to users; to provide personalized estimations of potential benefit opportunities; to improve services and conduct internal research
Targeted Advertising: We do not engage in targeted advertising or disclose this information for targeted advertising purposes
Sale: This information is not sold to third parties
Other Disclosures: This information may be disclosed to Processors. We disclose Personal Characteristics to enable our processors to provide customer service on our behalf; to debug our products and identify errors that may impair functionality.
Retention Period: We retain this data until the user deletes their account, after which it is retained only to the extent required or permitted by law or for purposes of preventing fraud
Category of Personal Data: Internet/Electronic Activity
Examples – Internet/Electronic Activity may contain the following: Browsing history, app use, device ID, etc.
Purpose(s) for Collection: To provide personalized recommendations regarding opportunities from carefully selected partners that may be of interest to users; to provide personalized estimations of potential benefit opportunities; to improve services and conduct internal research
Targeted Advertising: We do not engage in targeted advertising or disclose this information for targeted advertising purposes
Sale: This information is not sold to third parties
Other Disclosures: This information may be disclosed to Processors. We disclose Internet/Electronic Activity to enable our processors to provide customer service on our behalf; to debug our products and identify errors that may impair functionality.
Retention Period: We retain this data until the user deletes their account, after which it is retained only to the extent required or permitted by law or for purposes of preventing fraud
Category of Personal Data: Imprecise Geolocational Data
Examples – Imprecise Geolocational Data may contain the following: Locational data, based on an IP address, that is less precise than 1/3 mile (i.e., a radius of 1,750 feet).
Purpose(s) for Collection: To provide personalized recommendations regarding opportunities from carefully selected partners that may be of interest to users; to provide personalized estimations of potential benefit opportunities; to improve services and conduct internal research
Targeted Advertising: We do not engage in targeted advertising or disclose this information for targeted advertising purposes
Sale: This information is not sold to third parties
Other Disclosures: This information may be disclosed to Processors. We disclose Imprecise Geolocational Data to enable our processors to provide customer service on our behalf; to debug our products and identify errors that may impair functionality.
Retention Period: We retain this data until the user deletes their account, after which it is retained only to the extent required or permitted by law or for purposes of preventing fraud
Category of Personal Data: Commercial Data
Examples – Commercial Data may contain the following: Credit report data.
Purpose(s) for Collection: To provide personalized recommendations regarding opportunities from carefully selected partners that may be of interest to users; to provide personalized estimations of potential benefit opportunities; to improve services and conduct internal research
Targeted Advertising: We do not engage in targeted advertising or disclose this information for targeted advertising purposes
Sale: This information is not sold to third parties
Other Disclosures: This information may be disclosed to Processors. We disclose Commercial Data to enable our processors to provide customer service on our behalf; to debug our products and identify errors that may impair functionality.
Retention Period: We retain this data until the user deletes their account, after which it is retained only to the extent required or permitted by law or for purposes of preventing fraud
Categories of Sensitive Personal Data
The table below outlines the categories of Sensitive Personal Data BenefitKarma collects about US residents and whether they are disclosed to third parties. BenefitKarma obtains affirmative consent from US residents to process Sensitive Personal Data to the extent required by US Privacy Laws.
We collect Sensitive Personal Data from the following sources:
· Directly from our users
Category of Sensitive Personal Data: Government ID Data
Examples – Government ID Data may contain the following: Social Security Number
Purpose(s) for Collection: To provide personalized recommendations regarding opportunities from carefully selected partners that may be of interest to users; to provide personalized estimations of potential benefit opportunities; to improve services and conduct internal research
Targeted Advertising: We do not engage in targeted advertising or disclose this information for targeted advertising purposes
Sale: This information is not sold to third parties
Other Disclosures: This information may be disclosed to Processors. We disclose Government ID Data to enable our processors to provide customer service on our behalf; to debug our products and identify errors that may impair functionality.
Retention Period: We retain this data until the user deletes their account, after which it is retained only to the extent required or permitted by law or for purposes of preventing fraud.
Category of Sensitive Personal Data: Health Data
Examples – Health Data may contain the following: Diagnosis, test results, and treatment
Purpose(s) for Collection: To provide personalized recommendations regarding opportunities from carefully selected partners that may be of interest to users; to provide personalized estimations of potential benefit opportunities; to improve services and conduct internal research
Targeted Advertising: We do not engage in targeted advertising or disclose this information for targeted advertisingpurposes
Sale: This information is not sold to third parties
Other Disclosures: This information may be disclosed to Processors. We disclose Health Data to enable our processors to provide customer service on our behalf; to debug our products and identify errors that may impair functionality.
Retention Period: We retain this data until the user deletes their account, after which it is retained only to the extent required or permitted by law or for purposes of preventing fraud.
Use of Personal Data
We use Personal Data for the purposes described in our general Privacy Notice (see benefitkarma.com/privacy). Personal Data may also be used or disclosed as otherwise permitted or required by applicable law.
Disclosing Personal Data
We share Personal Data with the following categories of third parties:
· Processors: We use processors to securely handle Personal Data on our behalf and only on our instructions. These companies may not use your Personal Data for their own purposes.
See the tables above for more details about how different categories of Personal Data are disclosed.
We do not sell Personal Data to anyone.
Exercising Your Personal Data Rights
US residents have the following rights under US Privacy Laws:
· The rights to access, correct, or delete Personal Data;
· The right to obtain a portable copy of Personal Data;
· The right to limit the use of Sensitive Personal Data in certain circumstances;
· The rights to opt out of targeted advertising, sales of personal data, or profiling;
· The right not to receive discriminatory treatment for exercising your privacy rights; and
· The right to appeal our decisions about your requests if you disagree with them.
If you are a US resident, you can submit a request to exercise your personal data rights under US Privacy Laws by visiting our online portal at https://www.requesteasy.com/63ce-5449 or sending an email to privacy@benefitkarma.com with the subject line “Privacy Rights Request”.
To protect your privacy, we may need to authenticate your identity before we respond to your rights request. We will verify your identity by sending an email to your email address on file with a link to click. If you do not complete the verification process, we may be unable to process your request. Any information you provide to authenticate your identity will only be used to process your rights request and not for any other purpose. Please be aware that we do not accept or process rights requests submitted through other means.
We will respond to your rights request within 45 days, though in certain cases we may inform you that we will need up to another 45 days to act on your request. If we suspect fraudulent or malicious activity on or from your account, we will delay taking action on your request until we can appropriately verify your identity and the request as authentic. Also note that each of the rights are subject to certain
We reserve the right to decline to process, or charge a reasonable fee for, requests from a US resident that are manifestly unfounded, excessive, or repetitive.
Notice of Right to Opt-Out of Sale/Sharing for Targeted Advertising
US privacy laws give US residents the right to direct a business that “sells” or “shares” their Personal Information to stop selling and/or sharing their Personal Information at any time. As used here, “selling” means exchanging Personal Data with a third party for money or anything of value, and “sharing” means disclosing Personal Data to a third party for use in conducting “cross-context behavioral advertising,” also referred to as “targeted advertising.” An example of targeted advertising is displaying advertisements to a person where the advertisement is selected based on Personal Data obtained from their activities over time and across non-affiliated websites or applications to predict their preferences or interests. In certain situations and as detailed above, we share for targeted advertising Personal Data with third parties. You can opt out of the sharing of your Personal Data by visiting our online portal at https://www.requesteasy.com/63ce-5449 or sending an email to privacy@benefitkarma.com with the subject line “Privacy Rights Request”.
Notice of Right to Limit the Use of Sensitive Personal Information
You have the right to limit some uses of Sensitive Personal Data. In general, you may direct companies not to use Sensitive Personal Data except as necessary to provide goods or services you have requested or other exempt purposes.
However, we only use Sensitive Personal Data for purposes that are exempt from this right, such as to provide you with goods or services you have requested, to detect and prevent security incidents, or verifying the quality of our goods and services. The full list of these exempt purposes are specified in California Code of Regulations, Title 11, Section 7027(m).
Children’s Data
We do not knowingly collect or use the Personal Information of children under 16. If you believe that we have collected the Personal Information of a child under 16, please contact us at privacy@BenefitKarma.com.
Authorized Agent Requests
You may designate an authorized agent to make a rights request on your behalf. Your authorized agent may submit such a request by following the same method described above in the section titled Exercising Your Personal Data Rights. We may require verification of your
authorized agent’s authority in addition to the information we require for verification of your identity.
Contact Us
If you have any questions or concerns regarding this Detailed US Privacy Notice, contact us at privacy@benefitkarma.com.
Last updated: April 08, 2024