Introduction

Employee Family Protection, Inc. and its affiliated companies ("Company" or "We") respect(s) your
privacy. We are committed to protecting confidential information entrusted to us by you. This Privacy
Policy informs you, the User, of our practices and policies concerning collection, use, maintenance, and
disclosure of personal information for all Users (each a “User” and collectively, “Users”) of our Website
and its services.

What this Privacy Policy Covers

This Privacy Policy applies to information we collect:

• on this Website;
• in email, text, and other electronic messages between you and this Website;
• through mobile and desktop applications you download from this Website, which provide dedicated non-browser-based interaction between you and this Website.

This Privacy Policy also covers Company’s treatment of personal information that We, our subsidiaries, affiliates and business partners share or that We may collect on a related entity’s or business partner’s website.

This Privacy Policy does not apply to information collected by us offline or by any third party, including
through any application or content (including advertising) that may link to or be accessible from or on
the Website. Company has no control over the content of third party websites that may be identified on
the Website or, if applicable, accessed through hyperlinks. We are not responsible for the privacy
practices of other sites. Accordingly, we encourage users to read the privacy policies of each and every
website that collects your information.

This Privacy Policy does not cover aggregated and/or anonymized data from which the identity of an individual cannot be determined. Company retains the right to use aggregated and/or anonymized data in any way Company deems appropriate.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this privacy policy. This policy may change from time to time. Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates. 

Information We Collect About You and How We Collect It

We may collect several types of information from and about Users of our Website, including information:

• by which you may be personally identified, such as name, e-mail address, telephone number (“Personal Information”);
• regarding reports of problems with our Website;
• submitted in response to a survey that we might ask you to complete for research purposes;
• about your internet connection, the equipment you use to access our Website and usage details.

We may collect this information directly from you when you provide it to us or automatically as you navigate through the Website.

By providing Personal Information to Company and/or the Website, Users shall be deemed to acknowledge this Privacy Policy and provide express informed consent to Company’s collection, use, maintenance and disclosure of said User’s Personal Information in accordance with this Privacy Policy.  If, for some reason, a User does not agree with the terms of this Privacy Policy, then said User should not, and is requested not to, provide any Personal Information to Company. Certain services offered by Company can only be provided if a User provides Personal Information to Company. Thus, if a User chooses not to provide Company with certain required Personal Information, the User may not be permitted to obtain certain services offered by Company or this Website.

As you navigate through and interact with our Website, We may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns. Such information may include usage details, IP addresses, browser type, type of computer operating system, domain name of the website from which User linked to Company’s Website, the pages a User reviews or requests, and any other information collected through cookies or other tracking technologies. This type of information will only be collected int eh aggregate in connection with all Users of Company’s Website for tracking, planning, forecasting, and/or evaluation purposes.

“Cookies” are files or information that is stored on a User’s computer hard drive when a User visits our Website, and are used to remember and assist a User in the future use of the Website.  Most internet browsers are set up to accept cookies. If a User does not wish to accept cookies, a User can adjust its internet browser to refuse the use of cookies or alert the User when cookies are being transmitted.

ACH and Credit Card Authorization

Company shall review all EFT forms and confirm enrollments. Each premium amount per benefit will be manually authorized within Verko Consolidated billing module.  

• Bank validation of $.01 cent will occur within 5 business days with third party ACH vendor. Once validated, policy premium will be pulled from individual member accounts. 
• The above date is provided with limited access to specific roles within EFP.
• As long as policy remains in-force, secure data will remain with EFP.

How We Use Your Information

Company may use Personal Information it has collected through its Website to, among other things, (a) provide User with a service, (b) measure a User’s interest in certain services or to inform a User about a service offered by Company, (c) measure and attempt to predict the effectiveness of Company’s marketing, advertising and sales efforts; and (d) for any other purpose with your consent. In addition to the foregoing, if a User has provided its email address to Company, We may send the User email offers. 

Disclosure of Your Information

We may disclose aggregated information about our Users, and information that does not identify any individual, without restriction. 

We may disclose personal information that we collect or you provide:

• to our subsidiaries and affiliates;
• to contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them;
• to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Company about our Website users is among the assets transferred;
• to third parties to market their products or services to you if you have consented to these disclosures. We contractually require these third parties to keep personal information confidential and use it only for the purposes for which we disclose it to them;
• to fulfill the purpose for which you provide it;
• for any other purpose disclosed by us when you provide the information;
• with your consent;
• to comply with any court order, law or legal process, including to respond to any government of regulatory request.

Company does not and will not sell or rent your Personal Information to anyone. Company may, from time to time, send Personal Information about a User to other persons or entities that perform services on behalf of Company (“Service Providers”), but only when:

• Service Provider has agreed to use such information solely for the purposes of providing services to Company;
• Service Provider agrees to protect such information in the same manner as the policies set forth in this Policy Statement;
• Company has obtained the User’s consent to share the information;
• Company needs to share the User’s information in order to provide the service the User has requested;
• Company needs to send the information to a Service Provider who works on behalf of Company to provide a service to you.

Unless Company informs a User otherwise, a Service Provider does not have any right to use the Personal Information Company provides to them beyond what is necessary to assist Company, or in response to a legal obligation including without limitation a subpoena, court order or Company believes that the law requires disclosure, or where the information is currently in the public domain.

Retention and Security of Personal Information

Company keeps a User’s Personal Information for as long as We determine necessary to fulfill the objective for which it was collected and information will be retained for no less than one year. 

We have implemented measures designed to secure Users’ personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We secure the Personal Information provided by Users on computer servers in a controlled, secure environment, behind firewalls, protected from unauthorized access, use or disclosure, according to industry standard security measures.

The transmission of information via the internet is not 100% completely secure. Although Company does our best to protect your Personal Information, we cannot guarantee the absolute security of information submitted to, maintained by, or transmitted from our Website. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

The safety and security of Personal Information also depends on Users. Users are responsible for keeping data, including access logins and passwords, confidential.

Breaches of Protected Health Information

This Policy applies only if there is a breach of individually identifiable information. For purposes of this Policy, a breach is presumed if there is an unauthorized access, acquisition, use or disclosure of unsecured protected health information unless (1) Employee Family Protection (Provider) can demonstrate that there is a low probability that the information was compromised based a risk assessment of certain factors described below, or (2) the situation fits within one of the following exceptions to the breach notification rule: a. Any unintentional acquisition, access or use of protected information by a member of PROVIDER’s workforce or a person acting under PROVIDER’s authority if such acquisition, access, or use was made in good faith and within the scope of authority and does not result in further use or disclosure in violation of the HIPAA privacy rules. b. Any inadvertent disclosure by a person who is authorized to access protected information at PROVIDER to another person authorized to access patient information at PROVIDER and the information disclosed is not further used or disclosed in violation of the HIPAA privacy rules. c. A disclosure of protected information if PROVIDER has a good faith belief that the person to whom the disclosure was made would not reasonably have been able to retain such information. d. The use or disclosure involves protected health information that has been “secured” according to standards published by HHS. See www.hhs.gov/ocr/privacy/. (45 CFR § 164.402).

Breach Policy Applies To:

Protected Health Information (PHI): Protected health information means individually identifiable health information that is transmitted by electronic media, maintained in electronic media, or transmitted or maintained in any other form or medium. 

Unsecured Protected Health Information (Unsecured PHI): Unsecured PHI means any PHI which is not unusable, unreadable, or indecipherable to unauthorized persons through the use of technology or methodology, such as encryption or destruction, as specified by the HSS Secretary. 

Workforce: Workforce means employees, volunteers, trainees, and other persons under the direct control of the Company, whether or not they are paid by the Company. 

Breach Procedure:

1. Mitigating Potential Breaches. If PROVIDER personnel improperly access, acquire, use or disclose protected information and immediate action may cure or mitigate the effects of such use or disclosure, PROVIDER personnel should take such action. If PROVIDER personnel mistakenly disclose protected information to the wrong person, they should immediately request the return of the information and confirm that no further improper disclosures will be made. If the potential breach is significant or requires further action to mitigate its effects, PROVIDER personnel should immediately contact their supervisor or the Privacy Officer. 

2. Reporting Potential Breaches to VP of Administration in charge of compliance. PROVIDER personnel shall immediately report any suspected breach of protected information in violation of the HIPAA Rules or PROVIDER’s privacy policies to the Privacy Officer. 

3. Investigating Potential Breaches. The VP of Administration shall promptly investigate any reported privacy breach or related complaint to determine whether there has been a “breach” of protected information as defined above, and if so, how notice should be given. References HIPAA Breach Notification Rules, 45 CFR § 164.400; HIPAA Privacy Rules, 45 CFR § 164.500 

Changes to Our Privacy Policy

Company may amend this Privacy Policy from time to time. We will post any such changes on this page. If we make material changes to how we treat our Users' Personal Information, we will notify you through a notice on the Website home page. Any changes will be effective as of the date of posting revisions. The date the privacy policy was last revised is identified at the top of the page.

Users are responsible for periodically visiting our Website and this Privacy Policy to check for any changes.

Contact Information

To ask questions or comment about this Privacy Policy and our privacy practices, contact us at (860) 659-1323.

Employee Family Protection, Inc.
PO Box 1237
Glastonbury, CT 06033

Revison History: 3/24/2023, 7/21/21