WEBSITE PRIVACY NOTICE
Last update March 2022
Your privacy is important to us. This online privacy notice ("Privacy Notice") describes how Cigna (as defined below) uses and protects any personal data that we collect:
- Through websites operated by us from which you are accessing this Privacy Notice (the “Websites”),
- Through the software applications made available by us for use on or through computers and other (mobile) devices (the “Apps”),
- Through our social media pages and apps from which you are accessing this Privacy Notice (collectively, our “Social Media Pages”).
Collectively, we refer to the Websites, the Apps and our Social Media Pages, as the “Services”.
This Privacy Notice supplements other applicable policies, practices and privacy notices that Cigna has provided to you and which relate to our relationship with you and the ways in which we may process your Personal Data.
- Who is responsible for processing of my Personal Data?
- How does Cigna collect personal data about me?
- What Personal Data does Cigna collect about me?
- How does Cigna use my Personal Data?
- What other data does Cigna collect?
- With whom does Cigna share my Personal Data?
- International Transfer of Personal Data
- How does Cigna protect the security and integrity of my Personal Data?
- Third Party Services
- Data Retention
- Data Protection Rights
- Changes to this Privacy Notice
- Contact Us
1. Who is responsible for processing of my Personal Data?
This Service is operated by Cigna Corporation and its affiliates (collectively, "Cigna", "we", "our" or "us"). Cigna is made up of a number of companies. Which of those is the company responsible for the collection, use and disclosure of your Personal Data* under this Privacy Notice will depend on which of our products or services you buy, use or inquire about, or which of the Services you access.
For further information about Cigna or this Privacy Notice, or if you have any questions about how we collect, store or use your information or are unsure about which Cigna company is responsible as data controller for your Personal Data is, please contact us using the contact details noted in the “Contact Us” section (Section 13) below.
* 'Personal Data' means any information that identifies you as an individual or relates to an identifiable individual.
2. How does Cigna collect personal data about me?
We may collect Personal Data about you from a variety of sources, including:
- Through the Services: For example, when you sign up for a newsletter, register an account to access the Services, access and use the Services, or make a purchase.
- Offline: For example, when you attend one of our events or contact us by letter or by phone, for example to purchase a product or contact customer service.
- From Other Sources: For example, publicly available databases and joint marketing partners, when they share the data with us.
You may choose not to provide us with any Personal Data. In that case, you can still access and use many portions of the Services. We may sometimes need to collect Personal Data in order to provide the requested Services to you. If you do not provide the information requested, we may not be able to provide the Services.
If you disclose any Personal Data relating to other people in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Notice.
Please note that unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Data (such as, information related to racial or ethnic origin, health, political opinions, religion or other beliefs, criminal background or trade union membership) on or through the Services or otherwise to us.
The Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect Personal Data directly from individuals under 18.
3. What Personal Data does Cigna collect about me?
We may collect the following types of Personal Data:
- Information you give us
We receive and store Personal Data that you provide in relation to your use of the Services. For example:
- Log in credentials, such as your user name and password
- Postal address (including billing and shipping addresses)
- Telephone number
- Email address
- Credit and debit card number
- Profile picture
- Social media account ID
- Financial and health information
- National ID number
- Automatic Information:
We automatically receive and store certain types of information when you access the Services. For example:
- Geolocation information
4. How does Cigna use my Personal Data?
We may use and subsequently process Personal Data for the following legitimate business purposes:
- Providing the functionality of the Services and fulfilling your requests.
- To provide the Services’ functionality to you, such as arranging access to your registered account, and providing you with related customer service.
- To respond to your inquiries and fulfil your requests, when you contact us via one of our online contact forms or otherwise, for example, when you send us questions, suggestions, compliments or complaints, or when you request a quote for, or other information about, our products or services.
- To complete your transactions, and provide you with related customer service.
- To send administrative information to you, such as changes to our terms, conditions and policies.
We will engage in these activities to manage our contractual relationship with you and/or to comply with our legal obligations.
- Providing you with our newsletter and/or other marketing materials and facilitating social sharing
- To send you marketing related emails, with information about our services, new products and other news about our company.
- To facilitate social sharing functionality that you choose to use.
We will only engage in this activity with your consent or where we have a legitimate interest.
- Analysis of Personal Data for business reporting and providing personalized services.
- To analyse or predict our users’ preferences in order to prepare aggregated trend reports on how our digital content is used, so we can improve our Services.
- To better understand you, so that we can personalize our interactions with you and provide you with information and/or offers tailored to your interests.
- To better understand your preferences so that we can deliver content via our Services that we believe will be relevant and interesting to you.
We will provide personalized services either with your consent or because we have a legitimate interest.
- Allowing you to participate in sweepstakes, contests or other promotions.
- We may offer you the opportunity to participate in a sweepstakes, contest or other promotion.
- Some of these promotions will have additional rules containing information about how we will use and disclose your Personal Data. Such additional rules will be accessible to you as part of the information we provide about taking part in the relevant promotion.
We use this information to manage our contractual relationship with you.
- Aggregating and/or anonymizing Personal Data.
- We may aggregate and/or anonymize Personal Data so that the remaining data will no longer be considered Personal Data. We do so to generate other data for our use, which we may use and disclose for any purpose.
We will engage in this activity where we have a legitimate interest.
- Accomplishing our business purposes.
- For data analysis, for example, to improve the efficiency of our Services;
- For audits, to verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements;
- For fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft;
- For developing new products and services;
- For enhancing, improving, or modifying our current products and services;
- For identifying usage trends, for example, understanding which parts of our Services are of most interest to users;
- For determining the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users; and
- For operating and expanding our business activities, for example, understanding which parts of our Services are of most interest to our users so we can focus our energies on meeting our users’ interests;
We engage in these activities to manage our contractual relationship with you, to comply with our legal obligations, and/or because we have a legitimate interest.
5. What other data does Cigna collect?
“Other Data” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual, such as:
- App usage data;
- Information collected through cookies, pixel tags and other technologies;
- Demographic information and other information provided by you that does not reveal your specific identity;
- Information that has been aggregated in a manner such that it no longer reveals your specific identity.
If we are required to treat Other Data as Personal Data under applicable law, then we may use and disclose it for the purposes for which we use and disclose Personal Data as detailed in this Privacy Notice.
We and our service providers may collect Other Data in a variety of ways, including:
- Through your use of the App. When you download and use the App, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
- Using cookies & similar technologies. We will process cookies and similar technologies data in accordance with our Cookies & Similar Technologies Policy available here.
- IP Address. Your IP address is automatically assigned to your computer or other device by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Services. We may also derive your approximate location from your IP address. When using certain functions via a Cigna mobile application, we may use your location information if your mobile device uses global positioning system (“GPS”) technology, trackers or other location tools, if you allow your device to provide this information to the mobile application.
We may use and disclose Other Data for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Data with Personal Data. If we do, we will treat the combined data as Personal Data for as long as they are combined.
6. With whom does Cigna share my Personal Data?
Cigna will share your Personal Data with the following recipients:
- Cigna affiliates. We share your Personal Data with Cigna's affiliates for the purposes described in this Privacy Notice. To view a list of our affiliates and their locations, please contact us using the contact details noted in the “Contact Us” section (Section 13) below.
- Trusted third party service providers, to facilitate services they provide to us. These can include providers of services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services.
- Asset purchasers and business transitions. In the event Cigna goes through a business transition, such as a reorganization, merger, acquisition by another company, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), users’ Personal Data will, in most instances, be part of the assets transferred.
- Law enforcement agencies, courts, regulators, government authorities as necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so. This may be necessary to comply with applicable law and regulations (including laws outside your country of residence), to respond to a regulatory or law enforcement request/orders, or to provide the information to appropriate authorities that we believe is important.
- We will also disclose Personal Data for other legal reasons, such as to enforce our terms and conditions and to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
7. International Transfer of Personal Data
Your Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers. By using the Services you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data.
Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your Personal Data. You may obtain a copy thereof by contacting our Data Protection Officer at GDPR@Cigna.com.
8. How does Cigna protect the security and integrity of my Personal Data?
Cigna seeks to take appropriate physical, technical, and organizational measures to safeguard and protect your Personal Data. We use a variety of security measures, including encryption and authentication where required, to maintain the confidentiality of your Personal Data. We store your Personal Data on systems behind firewalls that are only accessible to a limited number of persons, each of whom is required to keep the information confidential.
Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us by using the contact details given in section 13 below.
Cigna employees, agents, and contractors who have access to Personal Data are required to protect this information in a manner that is consistent with this Privacy Notice, and may not use the data for any purpose other than those described in this Privacy Notice.
9. Third Party Services
This Privacy Notice does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.
In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Data you disclose to other organizations through or in connection with the Apps or our Social Media Pages.
10. Data Retention
Determining the period of time for which information must be retained is important to Cigna in order to ensure that the information is not kept beyond its useful life unnecessarily but at the same time complying with any relevant legal requirements.
The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services);
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
11. Data Protection Rights
Your choices regarding our use and disclosure of your Personal Data
We give you choices regarding the ways in which we contact you and our use and disclosure of your Personal Data for marketing purposes. You may opt-out from:
- Receiving electronic communications from us: If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out by using the unsubscribe mechanism contained in each such email.
- Communicating with you via SMS, telephone or mail: Similarly, if you no longer wish to be contacted by us via these channels, you may opt-out via the unsubscribe mechanism provided via the relevant channel.
We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt-out.
How you can access, change or delete your Personal Data
You may request to review, correct, update, suppress, restrict or delete your Personal Data, object to the processing of your Personal Data, or request to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law). The company responsible for collection, use and disclosure of your Personal Data under this Privacy Notice will respond to your request consistent with applicable law.
We will respond to your request in line with any requirements of applicable law. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase, you may not be able to change or delete the Personal Data provided until after the completion of such purchase or promotion).
If you are a resident of California, under 18 and a registered user of the Services, you may ask us to remove content or information that you have posted to the Services. Please note that your request does not ensure complete or comprehensive removal of the content or information, as, for example, some of your content may have been reposted by another user.
You may exercise these rights by using contact details in “Contact Us” section (section 13) below.
Additional Information Regarding the EU/EEA/UK
You may also:
- Contact our Data Protection Officer (DPO) responsible for your country or region, if applicable by emailing GDPR@Cigna.com
- Lodge a complaint with a data protection authority for your country or region or where an alleged infringement of applicable data protection law occurs. A list of data protection authorities is available at http:/ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
12. Changes to this Privacy Notice
We may change the terms of this Privacy Notice at any time. The “LAST UPDATED” legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes will become effective when we post the revised Privacy Notice on the Services. Your use of the Services following these changes means that you acknowledge the revised Privacy Notice.
13. Contact Us
If you have any questions about this Privacy Notice please feel free to contact us using the following contact details:
|By:||For queries relating to Europe:||For queries relating to all other locations:|