PALIGMED :: TERMS OF USE

What is Covered by This Policy
What Information We Collect
How We Use the Information
How We Share Information
How We Protect Information
When This Privacy Policy Applies
How to Contact Us
Privacy Policy Changes

Privacy Policy

We recognize that the privacy of your information is important. This Privacy Policy ("Privacy Policy" or "Policy") describes our practices in connection with information we collect through online and mobile websites, platforms, services and applications that we own or operate and that contain a link to this Privacy Policy (collectively, "Online Services"). Some online services offered by us may be governed by a separate privacy policy. In addition, this Privacy Policy may be modified or supplemented in order to comply with country specific requirements.

As used in this Policy, terms such as "we," "us," "our," "Company" and “PALIG” refer to current and future affiliated entities of Pan-American Life Insurance Group, Inc.

By using the Online Services, you consent to our collection, use, disclosure, and storage of information as described in this Privacy Policy.

This Privacy Policy explains the steps we take to protect personal information collected online, including:

What is Covered by This Policy
What Information We Collect
How We Use the Information
How We Share Information
How We Protect Information
When This Privacy Policy Applies
How to Contact Us
Privacy Policy Changes

What is Covered by this Policy

We provide Online Services that may, among other things, make available tools to you to engage in wellness-related activities and select insurance and other benefits. We provide this Privacy Policy to outline the information collected from website visitors and how we may use and disclose this information.

Our products and services covered by this Privacy Policy include, without limitation:

Wellness Tools. “Wellness tools” refers to our products and services that provide you with the ability to engage in wellness-related activities through our website such as, evaluating your current health status and determining current and future risks, tracking your progress towards achieving various goals and toward accomplishing various missions, interacting with coaches, accessing resources or programs that may be available to you, interacting with other Users, reviewing articles and other wellness-related content.

What Information We Collect

In most instances, you can visit our website without providing any personal data. However, on some pages, you may give us your personal data by filling out forms or by corresponding with us by, phone, email or other channels.

We may collect two basic types of information through the Online Services: information you provide directly to us and information that is automatically gathered or collected through your use of our Online Services (collectively, "Information"). Such Information may include information such as your full name, telephone number, e-mail address, postal address, certain account numbers, your User ID you create or is assigned to you, and other information described in this Privacy Policy.

Information You Provide.When you use Online Services, you may provide certain information directly to us. For example, when you use our Wellness Tools, you may choose to provide us with information about yourself in connection with registration for the website as well as responses to our health survey, and you may choose to enter information about yourself into areas of the website such as your profile.

Automatically-Collected Information.We may also obtain automatically-collected information through the Online Services. We may use common technologies such as cookies, tokens, tags, beacons, scripts and Web server logs, as well as functionality that can collect data from a mobile device. The automatically-collected information may include demographic, de-identified, aggregated, or certain information collected automatically through your device such as technical information about your device, web browser information, and server log files collected by us or provided by you. Our mobile applications may also collect information specific to use of your mobile device, such as a unique device identifier and precise geolocation information.

You may limit the information you provide or make available to us if you want to; however, that may limit your ability to access or use certain functions of the Online Services or to request certain services or information.

In addition, we may also collect information from Third Parties. We have business relationships with employers, healthcare providers and/or network providers in connection with the health insurance services provided. When you use our website, we may collect information about you, directly or indirectly, from or through these partners.

For example, without limitation, when you use our Wellness Tools, our partners may directly or indirectly provide us with information to help confirm your eligibility for services, connect you with applicable services, and help complete your health survey.

How We Use Information

We may use the Information for a number of purposes such as:

To respond to an e-mail or particular request from you.
To communicate with you.
To provide you with content through our Online Services or other services that we may offer.
To process an application for a product or service as requested by you.
To authenticate you on any portion of our Online Services and with vendors acting on our behalf.
To administer surveys and promotions.
To determine your health risk based on your responses to the Health Risk Assessment and offer you programs and suggestions based on your results.
To personalize your experience on our Online Services.
To provide you with informational or promotional offers, as permitted by law, that we believe may be useful to you, such as information about products or services provided by us or other businesses.
For employee benefits clients who receive access to the Health Risk Assessment and other premium content tool via your employer, we may share non-individualized population data to your employer that demonstrates the health risk status of their entire employee population.
To calculate group renewal rates.
For the underwriting of individual policies.
To investigate fraud, abuse or any misrepresentation.
To perform analytics and to improve our products, Online Services, and advertising.
To comply with applicable laws, regulations, and legal process.
To protect someone's health, safety, or welfare.
To protect our rights, the rights of affiliates or related third parties, or take appropriate legal action, such as to enforce our Terms of Use.
To keep a record of our transactions and communications.
As otherwise necessary or useful for us to conduct our business, so long as such use is permitted by law or for any other purpose with your consent.

How We Share Information

Because PALIG is a global company, your Information may be shared with other PALIG affiliates to provide the Online Services. All PALIG affiliates are governed by this Privacy Policy or are bound by the appropriate confidentiality and data transfer agreements.

Inside PALIG, data is stored in controlled servers with limited access. Your Information may be stored and processed in the United States or any other country where PALIG and its affiliates are located.

PALIG will share your personal information collected in connection with Online Services with third parties only in ways that are described in this Privacy Policy. We do not sell your personal information to third parties. Your personal information is never shared outside PALIG without your permission, except under conditions explained below.

Disclosure to service providers. PALIG contracts with other companies to provide services on our behalf, such as hosting websites, sending out information, processing transactions, and analyzing our websites. We provide these companies with only those elements of personal data they need to deliver those services. These companies and their employees are prohibited from using the personal data for any other purposes.

Disclosure for other reasons. We may disclose personal information if required to do so by law or in the good-faith belief that such action is necessary to comply with legal requirements or respond to court orders, to protect and defend our rights or property, or in urgent circumstances to protect the personal safety of any individual.

Creation and Use of Combined Data, De-Identified Data and Aggregate Data. As permitted by law, we may aggregate and/or de-identify you information and and/or combine your information with other information maintained or available and use or disclose such information as follows:

• We may use aggregated or combined data to communicate with you about the website and/or our products and services and disclose such aggregated or combined data to your employer or our partners in connection with providing the Online Services.
• We may also use and disclose de-identified data, de-identified aggregated data, and/or de-identified combined data for any business purpose, which may include, without limitation, improving our products and services, conducting analytics such as evaluating our website and developing additional benefits, programs, and services, and disclosing to our partners for analytics purposes.

Posting Messages, Comments and Content.

Our Online Services may have collaboration areas, including but not limited to "blogs," "bulletin boards," "leader boards," and "health games," that permit users to have collaborative discussions and/or share information. Some of our Online Services may permit you to select a display name or image that will be "nickname" on the Online Service. Please note, any information you submit or post to these collaboration areas, including your display name or image, may be visible by other users of the Online Service, and such users may share with others. Therefore, please be thoughtful in what you write and understand that this information may become public.

Our Use of “Cookies”

Cookies are small files that websites save to your hard disk or to your browser's memory. Our website may use them to track the number of times you have visited the website, to track the number of visitors to the website, to determine and analyze visitors' use of our website, to store data that you provide (such as your preferences), and to store technical information related to your interactions with our website. We may also use session cookies, which are deleted when you close your browser, to store your user ID, to facilitate your movement around our websites.

Our website may also contain electronic images known as Web beacons—sometimes called single-pixel gifs—that allow us to count the number of users who have visited those pages. We may include Web beacons in promotional email messages or newsletters in order to determine whether messages have been opened and acted upon, including whether the recipient clicked on a link in the email or forwarded the email to another person.

Adjusting Browser Settings to Manage Cookies or Send “Do Not Track” Signals:

Most Internet browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies or to notify you when a cookie is being placed on your computer. If you choose not to accept cookies, you may not be able to experience all of the features of our websites. Internet browsers also enable you to delete existing cookies, although this means that your existing settings (including stored user IDs and other preferences) will be lost. Some web browsers may also give you the ability to enable a “do not track” setting. This setting sends a signal to the websites you encounter while web browsing. This “do not track” signal is different from disabling certain forms of tracking by declining cookies in your browser settings, as browsers with the “do not track” setting enabled may still accept cookies. PALIG does not respond to web browser “do not track” signals at this time. If we do so in the future, we will describe how we do so in this Privacy Policy.

Social Media Third Party Cookies

During your visit to this website, you may notice embedded content from other social media websites such as YouTube, Twitter or Facebook, and you may be presented with cookies from these websites. PALIG has no control or are responsible for those cookies. You should check the third party’s cookie policy for more information.

How We Protect Information

We maintain administrative, technical and physical safeguards designed to protect the information that you provide on our Online Services. These safeguards vary based on the sensitivity of the information that is being collected, used and stored. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

However, please keep in mind no security system is impenetrable and we cannot guarantee the security of our Online Services, nor can we guarantee the security of the information you transmit to us over the Internet, including your use of e-mail. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

It is your responsibility to safeguard the devices you use to access our Online Services (such as laptops, tablets and mobile devices), and to use appropriate security settings on those devices. If those devices are lost, stolen or misplaced, others may be able to access your account and your personal information using those devices. If you log into the Online Services using a public computer or device, or the computer or device of another person, you should affirmatively log out of your account (i) prior to ending your session, or (ii) if you will be inactive on the Online Services for more than a few minutes otherwise, the next user of that computer or device may be able to access your account and the Information in your account if your session has not ended.

You agree that we are not responsible for any harm that may result from someone accessing your account or personal information on a lost, stolen or misplaced device or on a public computer or kiosk where you do not for any reason take the necessary steps to log out of your account prior to ending a session on such public computer or kiosk.

We may offer mobile apps that enable us to communicate with you through push notifications. Where mobile apps are offered, you may be able to turn off push notifications in your mobile phone settings. You may also be able to control preview settings in your e-mail applications.

We will only retain your information for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

How We Manage Information of Children

Our website is not intended for children under 13 years of age. We do not knowingly gather information from anyone under age 13. If we find out that we have collected information from a child under age 13, we will delete that information immediately.

International Transfers of Information

We may transfer personal information that we collect through our Online Services to, and store such information in, countries other than the country from which that information was initially collected or the countries from which individual site visitors may access the Online Services. The countries, including the U.S. (and the other countries around the world where our individual affiliates, suppliers, or business partners maintain offices), to which we may transfer such information may have different data protection laws than the countries from which the information was initially collected or from which individual website visitors access the Online Services.

By choosing to use our website and to submit personal data to us through it, you consent to the transfer of such information outside of your country. To the extent required by applicable law, when we transfer your personal information to recipients in other countries, we will take measures to protect that information.

When This Privacy Policy Applies

Our Policy applies to Online Services that we own or operate and that contain a link to this Privacy Policy. Our Policy does not apply to information collected through other means such as by telephone, via mobile application that do not link to this Privacy Policy, or in person, although that information may be protected by other privacy policies.

Our Policy does not apply to the practices of other companies or other websites or software applications that may be linked from or made available through our Online Services. Some online services offered by us may be governed by a separate privacy policy.

The inclusion of a link on our Online Services or the ability to utilize a third party website or software application through our Online Services does not imply that we endorse, or otherwise monitor the privacy or security practices of that third party website or software application or the accuracy of its content and your use of the third party website or software application is governed by the third party's privacy policy.

Some of our products and services may have specific privacy practices that we want you to be aware. When a country or product related Privacy Notice exists, the content of the Product Privacy Notice applies to your use of the product and service.

This Privacy Policy is not intended to and does not create any contractual or other legal rights in or on behalf of any party.

How To Contact Us

If you have any questions about this Privacy Policy or our handling of personal information, please contact us by email to privacy@palig.com or you can write to us at:

Pan-American Life Insurance Group
Attn: Global Privacy Office
601 Poydras Street, 15th Floor
New Orleans, Louisiana 70130

Privacy Policy Changes

We may occasionally update this Privacy Policy. When we do, we will revise the "last update" date at the bottom of the Privacy Statement. You should revisit this page periodically to become aware of the most recent privacy terms; your use of the website after such changes have been posted constitutes your agreement to such changes.

This Privacy Statement was last updated as of December 1, 2018.

GDPR Statement

GDPR Statement

As many of our customers and business partners are aware, as of May 25, 2018, a new privacy law is in effect in the European Union (EU) and the European Economic Area (EEA) called the General Data Protection Regulation or the GDPR. The GDPR expands privacy rights granted to individuals in the EU and the EEA. The GDPR may apply to some of the activities of Pan-American Life Insurance Group (PALIG) and its affiliates even though we are headquartered in the United States with presence in Latin America and the Caribbean. We are committed to GDPR compliance across our organization and services, and we have implemented and will continue to implement GDPR compliance efforts.

Leading up to the GDPR's implementation date, we have taken many steps in an effort to comply with the GDPR. We have re-assessed and are updating our privacy notices. An updated General Privacy Practices Statement has been posted on our website in order to help our customers and business partners better understand how we collects, uses, shares and protects their personal information and to tell our customers and business partners how they can exercise any rights they may have under the GDPR. Please also review our updated Website Privacy Policy.

The GDPR also imposes certain requirements on "data controllers" and "data processors." A "data controller" is the individual or entity that determines the purposes for which and the manner in which personal data is collected, used and processed. PALIG is generally the data controller of the personal information we collect. A "data processor" is a person or entity that processes personal information on behalf of a data controller. Data controllers and data processors are required, among other things, to enter into an agreement with one another to protect the personal information that the data processor obtains from the data controller. We are working with our vendors that process personal data of EU and EEA members on behalf of PALIG to update any such agreements as needed to comply with the GDPR.

While we have been working on updating our privacy program in preparation for the GDPR, we recognize that protecting our customers and business partners’ personal information is an ongoing process. We continue to take steps to enhance data privacy and security for our customers and business partners, and PALIG will continue to review its practices as additional guidance under the GDPR or other applicable regulations are issued.

If you have any questions or comments about our privacy practices and GDPR compliance efforts, please do not hesitate to contact our Global Privacy Office via email at privacy@palig.com, or via mail at Pan-American Life Insurance Group, Attn: Global Privacy Office, 601 Poydras Street, 15th Floor, New Orleans, Louisiana 70130. If you wish to discuss over a phone call, please email us with your contact information and best times to reach you, and we will contact you as soon as it is practical.

Last Updated on October 1, 2018

Terms and Conditions
Purpose
Ownership
Document Source of Record
Accuracy of Content and Liability Disclaimer
Privacy
Sing-in Credentials
Electronic Signature
Monitoring
Termination
Entire Agreement
Governing Law

Terms and Conditions

Purpose

The purpose of this web portal is to facilitate exchange of documents and information between you (“User”) and the corresponding subsidiary of Pan-American Life Insurance Group (collectively referred to as “PALIG”).

Ownership

Using the web portal does not give you ownership of or any intellectual property rights in the content you access, and you should assume that everything you see or read on the portal is copyrighted and a trade secret and may not be used except as provided in these terms and conditions or in the text of the portal without the written permission of PALIG. You may not use content from the portal unless you obtain permission from its owner or are otherwise permitted by law. Except as expressly permitted in the terms set forth on this page (the “Terms”) or by law you may not copy, modify, sell, distribute, disseminate, transmit, translate, reverse engineer, decompile or disassemble the software, or disclose the software or any underlying information or technology to any third party.

Document Source of Record

This web portal should not be construed as the official source of record for transmitted information. The portal is intended only as a communication tool to facilitate data transfer between PALIG and the User. Use of this site does not release the User, as the originating party, from any other requirement to maintain proper local documentation.

Accuracy of Content and Liability Disclaimer

PALIG will make reasonable efforts to include accurate and updated information on the web portal. However, User understands and agrees that PALIG makes no warranty or representation regarding the reliability, completeness, or accuracy of the information contained on the portal. To the maximum extent permitted by law, PALIG shall have no liability whatsoever for any claims resulting from errors or omissions in the data provided via the portal. User acknowledges and agrees that use of the portal is at User’s risk and that User’s agreement to this paragraph is a material inducement to the decision by PALIG to make the portal available for User’s access and use.

Privacy

This site is covered under the privacy policy posted at www.paligmed.com/en/legal/terms-of-use

Sing-in Credentials

You agree to: (1) Keep your password secure and confidential; (2) not permit others to use your account; (3) refrain from using other users' accounts; (4) refrain from selling, trading, or otherwise transferring your account to another party; and (5) refrain from charging anyone for access to any portion of the site, or any information therein. Further, you are responsible for anything that happens through your account until you close down your account or prove that your account security was compromised through no fault of your own. You agree to immediately notify PALIG if your credentials are lost or compromised.

Electronic Signature

User attests that User is either the physician identified in all documents submitted via the portal or has been expressly authorized by the physician to sign and submit documents on the physician’s behalf. It is the User's responsibility to ensure account credentials are maintained with sufficient security to maintain liability for submissions.

Monitoring

PALIG has the right to monitor and log activity on this web portal. These logs will include, but will not be limited to, user name, source IP, source device, date/time, changes made, failed login attempts, etc.

Termination

PALIG may restrict, suspend or terminate the account of any user who abuses or misuses the web portal or the services provided by the web portal. Upon termination of an account all access rights to the web portal and contained data are severed.

Entire Agreement

This is the entire agreement between User and PALIG regarding the web portal. This agreement does not modify or affect any existing or future agreement between User and PALIG regarding services provided by or for PALIG or its clients.

Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the State of Louisiana (excluding its conflicts of law rules). User consents to the jurisdiction of the state and federal courts located in the State of Louisiana for all disputes related to this agreement.

Important Information You Should Know
Our Privacy Practices
Information Collection, Processing, Protection, and Sharing
Your Rights

Important Information You Should Know

Our Privacy Practices

Respecting your privacy is a priority for the Pan-American Life group of companies (“PALIG”). We keep in confidence personal information about you and the insurance products and services you have with us to help you meet your financial and healthcare objectives.

We offer a voluntary wellness program to our insureds under employer-sponsored group policies. This program seeks to improve employee health and prevent diseases. If you choose to participate in the wellness program you will be asked to complete a voluntary health risk assessment or "HRA" that asks a series of questions about your health-related activities and behaviors and whether you have or had certain medical conditions (e.g., cancer, diabetes, or heart disease). You may also be asked to complete a biometric screening or participate in a blood test or other medical examination. However, you are not required to complete the HRA or to participate in the blood test or other medical examinations.

As part of the voluntary wellness program, we collect, use and disclose your personal information for purposes that include: wellness and disease management programs; underwriting; administration; claims adjudication; data analysis to improve wellness and benefit plan design; protecting against fraud, errors or misrepresentations; meeting legal, regulatory or contractual requirements. We may tell you about other related products and services that we believe meet your changing needs. The only people who have access to your personal information are our employees, business partners such as insurance agents/brokers and third-party service providers, along with our reinsurers. We may share aggregated, non-identifiable wellness information to your employer.

This notice serves as a summary of our privacy practices, and serves to briefly notify you of the information we collect about you, how we use it, how we protect it, and your rights. To find out more about our privacy practices, please visit https://www.paligmed.com/en/legal/terms-of-use.

Information Collection, Processing, Protection, and Sharing

We collect personal information in connection with the services offered. This may include information we receive on applications and other forms, health risk assessments, contact information, medical and financial information, and information we receive from third-parties, including healthcare providers, nutritionists or others.
We process your personal information when necessary to provide the services set out in a contract and/or as part of your enrollment in the wellness program, when it is in our or a third-party’s legitimate interests, or when it is required or allowed by applicable law. When we process your sensitive personal data, it will be in line with applicable law, as necessary to provide you with our services, or with your permission.
We share your information as necessary within our Group and with our business partners who help us provide services to you related to our wellness and disease management programs. We also share aggregate, de-identified wellness information with your employer. We will only share your information as allowed under applicable law.
We may contact you to offer disease management and wellness programs specific to your HRA results. We may also send you information related to your health risk factors and wellness tips.
We may review your HRA and other wellness program data when you apply for an individual policy or to investigate any fraud, abuse or misrepresentation.
PALIG is a global company, and where necessary we may allow your information to be shared with our affiliates or third-party service providers based in the United States and other countries. We will take steps to make sure that appropriate protection is in place to protect your information when it is transferred internationally.
• We keep your personal information in line with appropriate retention periods. The length of these periods is determined by relevant regulations, the information collected, and our obligations to you as a customer.
• Protecting your information is of the utmost importance to us. We use technical and physical safeguards to protect the security of your personal information from unauthorized disclosure. We also take every step to ensure that only authorized employees and third-parties with legitimate purposes have access to your personal information.

Your Rights

You have the right to access your information and request corrections to your data.
You also have the right to object to our use of our information, to request the transfer of information you have provided, to withdraw permission for our use of your information, and to ask us not to use automated decision-making which will affect you.
Certain exceptions apply to these rights.

If you have any questions or concerns about this notice, PALIG’s privacy practices or wish to withdraw previously granted consent to collect, process and share your data contact our Global Privacy Office at privacy@palig.com.

Use of "Cookies"
Browser Settings
Third Party Cookies

Paligmed