Effective September 5, 2024
Privacy Notice Table of Contents:
- Our Commitment to Privacy
- The Scope of This Privacy and Security Policy
- EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework
- The Information We Collect and the Way We Use It
- Our Commitment to Data Security
- Accessing or Correcting Your Information
- Mobile App
- Minors
- Legal Disclaimer
- How to Contact Us
Our Commitment to Privacy
Your privacy is important to us. Benefit Plan Services LLC, NFP Executive Benefits LLC
and their affiliates (collectively "NFP Executive Benefits") are committed to protecting the
confidentiality and security of information you provide us on our websites. To better protect
your privacy, we provide this Privacy and Security Policy to explain our online information
practices and the choices you can make about the ways your information is collected and used.
This Policy can be found on our homepage and at any place on our websites where personal information is requested.
If we decide to change our privacy policy, we will post those changes to this privacy statement, the home page,
and other places we deem appropriate so that you are aware of what information we collect, how we use it, and
under what circumstances, if any, we disclose it.
We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material
changes to this policy, we will notify you here, by email, or by means of a notice on our home page prior to the change
becoming effective.
The Scope of This Privacy and Security Policy
This Privacy Statement applies to NFP Executive Benefits' service platform residing at https://dcp.nfpexecutivebenefits.com
and https://dcp.benefitplanservices.com owned and operated by Benefit Plan Services LLC. This Privacy Statement describes
how NFP Executive Benefits collects and uses the personal information you provide for and on our services. It also describes
the choices available to you regarding the use of, your access to, and how to update and correct your personal information.
The use of information collected through our service shall be limited to the purpose of providing the service for which the
client (the data controller) has engaged NFP Executive Benefits.
Please note that other websites or third parties, referenced on our website, may adhere to their own customs and policies.
We are not affiliated with the creation or management of the content or privacy policies of such websites or third parties.
We are neither responsible nor liable for privacy or other information collection issues related to such other websites or third parties.
Data collected
We only collect the information you provide to us or that we are directed to collect by our clients.
In this regard, we do not control what end user data we may receive and host, nor what steps our clients (as data controller)
have taken to ensure that the data is reliable for its intended use, accurate, complete, and current. We also collect client
information on our portal and corporate website.
Client Information is personal information about people in our client's organization, such as account managers and users, who
interact with our portal. Client information is usually limited to name, work e-mail address, work phone number, and job title,
and we collect it through the portal or other means provided to us. We use this information to support your account, maintain
our business relationship with you and our client, respond to your inquiries, and perform recordkeeping functions.
The categories of information that we may collect directly from you or receive from a data controller include:
- access your personal information;
- request proof of the authorization or previous consent given to us to perform the collection and processing of the personal information;
- personal details (e.g., name, date of birth);
- contact details (e.g., phone number, email address, postal address or mobile number);
- government issued identification details (e.g., social security and national insurance numbers, passport details);
- health and medical details (e.g., health certificates);
- policy details (e.g., policy numbers and types);
- bank details (e.g., payment details, account numbers and sort codes);
- driving license details;
- online log-in information (e.g., username, password, answers to security questions); and
- other information we receive from you on applications or required questionnaires of our clients.
Notice
We operate under the assumption that it is generally our client's obligation as data controller to notify
individuals about the purposes for which we collect and use information about them, how individuals can
contact us with any inquiries or complaints, the types of third parties to which they disclose your information,
and the choices and means offered for limiting our use and disclosure. As your data processor, we make available
to you this privacy policy so that you can better understand our data practices and whether they are consistent
with privacy notices made available to you.
Transfer
We may transfer personal information to companies that help us provide our services. Transfers to subsequent third
parties are covered by the service agreements with our clients. Such transfers are made in accordance with applicable law.
We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal
requirements to ensure that your personal information is adequately protected. In addition, we use an approved certification
mechanism for legitimate transfers of information (see EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework section below).
Where you are based in the European Union you should be aware that your personal information may be transferred to, stored,
and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under
European Union law. Where you are based outside of the European Union, you should be aware that your personal information may
be transferred to, stored, and processed in a jurisdiction that is not your home jurisdiction. You consent to the transfer,
disclosure, storage and/or processing of your personal information outside the jurisdiction in which the information was originally collected.
Access
NFP Executive Benefits acknowledges that you have the right to access your personal information, as described further below.
NFP Executive Benefits has no direct relationship with the individuals whose personal data it processes. An individual who
seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to NFP Executive Benefits'
client (the data controller). If requested to remove data we will respond within a reasonable timeframe. We will retain personal
data we process on behalf of our clients for as long as needed to provide services to our clients. NFP Executive Benefits will
retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
You may have certain rights regarding your personal information with the client of NFP Executive Benefits (the data controller) that,
subject to local law, could include the following rights:
- access your personal information;
- request proof of the authorization or previous consent given to us to perform the collection and processing of the personal information;
- rectify the information we hold about you;
- erase your personal information;
- restrict our use or disclosure of your personal information;
- object to our use or disclosure of your personal information;
- request information about the use and processing of your personal information by data controllers and their data processors;
- receive your personal information in a usable electronic format and transmit it to a third party (right to data portability);
- revoke the consent given by you for the processing of your personal information; or
- lodge a complaint with your local data protection authority.
If you would like to discuss or exercise such rights, as applicable under local law, please contact the applicable data
controller of your information. You may also contact us at the details below.
Choice
Benefit Plan Services LLC will not share, sell, rent, or trade with third parties for their marketing purposes any client
or end user data collected by us, unless you direct us to do so and have the appropriate authorization to do so.
Benefit Plan Services LLC or Client offers individuals the opportunity to opt out of uses and disclosures of their data
that are incompatible with the purposes for which that data was originally collected or subsequently authorized. We operate
under the assumption that it is generally our client's obligation as data controller to obtain from data subjects the
appropriate consent to transfer their data to us and to process data using our products for defined purposes.
EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework
Benefit Plan Services, LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the
UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as
set forth by the U.S. Department of Commerce. Benefit Plan Services, LLC has certified to the
U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles
(EU-U.S. DPF Principles) with regard to the processing of personal data received from the
European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar)
under the UK extension to the EU-U.S. DPF. Benefit Plan Services, LLC has certified to the U.S.
Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles
(Swiss-U.S. DPF Principles) with regard to the processing of personal data received from
Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this
privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles
shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our
certification, please visit https://www.dataprivacyframework.gov/.
Benefit Plan Services, LLC is responsible for the processing of personal data it receives, under
the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF and subsequently transfers to
a third party acting as an agent on its behalf. Benefit Plan Services, LLC complies with the
EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all onward transfers of personal data
from the EU, UK, and Switzerland, including the onward transfer liability provisions.
The Federal Trade Commission has jurisdiction over Benefit Plan Services, LLC's compliance with
the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain
situations, Benefit Plan Services, LLC may be required to disclose personal data in response to
lawful requests by public authorities, including to meet national security or law enforcement
requirements.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S.
DPF, Benefit Plan Services, LLC commits to refer unresolved complaints concerning our handling
of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF,
and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the
United States. If you do not receive timely acknowledgment of your DPF Principles-related
complaint from us, or if we have not addressed your DPF Principles-related complaint to your
satisfaction, please visit https://feedback-form.truste.com/watchdog/request
for more information or to file a complaint. These dispute resolution services are provided at
no cost to you.
For complaints regarding EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF
compliance not resolved by any of the other DPF mechanisms, you have the possibility, under
certain conditions, to invoke binding arbitration. Further information can be found on the
official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction.
The Information We Collect and The Ways We Use It
This notice applies to all information collected or submitted on our website. On some pages, you can log into your
account, initiate account transfers, make changes to account information, and request additional information.
Once you log onto any of our websites, you provide us with the identity of your current Internet address and the
type of operating system and browser software you are using.
While you are visiting our website, we may ask you for other personal information. The types of personal information
that we may request from you, upon you visiting our website, are your name, address, e-mail address, phone number, etc.
Please note that providing such information is optional. However, in order to access the personal information we collect
about you, you may be required to provide identifying information.
During your visit to our website, we may also keep track of the sections of our website that you visit the most. We do
this so we can continually provide our users with better visiting experiences. For instance, we may use such user tracking
information to modify the most frequently visited sections of our website, so that they can be accessed more efficiently by a
broader range of operating systems. Additionally, we may aggregate your tracking information with that of our other website
users in order to tell us that X number of users visited a certain area on our website, or that Y number of users filled
out a form. We will not, however, disclose any information that could be used to identify you or any of the other website users.
Any personal information you provide us on our websites is only used on your behalf to complete a transaction or provide other
assistance you request. We do not share this information with outside parties except to the extent necessary to complete that
transaction or request. When such disclosure is necessary, third parties are authorized to use your personal information only
as much as necessary to provide specific services to us. We use return email addresses only to answer the emails we receive.
Such addresses are not used for any other purpose and are not shared with outside parties. Moreover, we never use, share or
sell the personal information provided to us online in ways unrelated to the ways described above, without first providing you
with an opportunity to opt-out or otherwise prohibit such unrelated uses.
NFP Executive Benefits does not automatically process personal information to make decisions or conduct 'profiling' about you.
Our Commitment to Data Security
The security of your personal information is important to us. When you enter sensitive information such as log in credentials
on our portals, we encrypt that information using transport layer security (TLS).
We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission
and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure however.
Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee
its absolute security.
Technologies such as cookies, tags and scripts are used by NFP Executive Benefits and our service providers for content delivery,
security verification and privacy compliance. These technologies are used to provide website functionality and insure secure and
private delivery of our website content. These are neither used to collect nor store information about the users of this website,
their activity or their preferences.
Our service platform sites employ the use of a single session cookie to uniquely identify you during your use of the sites. This
cookie expires when your browsing session ends and is required to use these sites. Users can control the use of cookies at the
individual browser level.
Accessing or Correcting Your Information
Upon request, Benefit Plan Services LLC will provide you with information about whether we hold any of your personal information.
You may access, correct, and request deletion of your personal information by contacting us via phone, email or postal mail.
Our contact information is at the bottom of this Policy. We will respond to your request within a reasonable timeframe. You may
also contact the privacy office of our parent company at the contact information found at the bottom of this Policy.
To protect your privacy and security, if the contact individual is our employee, we will also take reasonable steps to verify
your identity before granting access or making any corrections.
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and
use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Mobile App
The data we collect through use of our mobile app is generally the same as on our website in that we may track the sections of
the app you use. As with our website, we do this so we can better understand how our users interact with the app. This helps
us know what areas are used more or less often which allows us to better tailor the app to meet our users' needs.
We may use mobile analytics software to allow us to better understand how our app is used on mobile devices. This software may
record information such as how often you use the application, the events that occur within the application, aggregated usage,
performance data, and where the application was downloaded from. Any such information we may store is not linked to any personally
identifiable information you submit within the mobile application.
With respect to mobile app specific data:
Unique Device IDs: Our app does not collect your mobile device's unique identifier.
Device Information: We do collect the type of device and operating system of your mobile device. This helps us better understand
the types of devices our app needs to support. This information is not shared with any third parties.
Security: Just like accessing your account via a non-mobile browser on your computer or other device, all communications while
using the app are encrypted over a secure TLS connection.
Geolocation Data: Our app neither uses nor collects any location based or geolocation information from your mobile device.
Push Notifications: Neither our systems nor anybody else's systems send push notifications to your mobile device via our app.
Minors
This website does not intend to collect any information from, or market any products or services to, children. We do not knowingly gather or solicit data from children under the age of 18 through our website for marketing purposes.
TopLegal Disclaimer
Applicable federal and state laws may give you additional rights that are not put forth in this online Privacy and Security Policy. We reserve the right to disclose your personal information as required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served on our Web site. If NFP Executive Benefits is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
TopHow to Contact Us
NFP Executive Benefits
3445 Peachtree Road NE
Suite 200
Atlanta, GA 30326
Email Address: service@nfpexecutivebenefits.com
P: (404) 504-3800
F: (404) 504-3900
The Privacy Office of our parent company, NFP Corp., may be contacted here: privacy@nfp.com
We are committed to working to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe
that we have not been able to assist with your complaint or concern, you may have the right to make a complaint to the data
protection authority in your country of residence.
