You are using a browser we no longer support. Current functionality may be reduced and some features may not work properly. For a more optimal geha.com experience, please click here for a list of supported browsers.

Privacy policy

GEHA protects your privacy

Effective date: May 30, 2021

Your privacy is important to GEHA and its affiliates (referenced within this Privacy Policy as “GEHA,” “we,” “us,” or “our”). We developed this Website Privacy Policy (“Privacy Policy” or “Policy”) to provide you with information concerning our personal information collection and usage practices, as well as our privacy and security practices, when you visit our websites or use our apps that link to this Privacy Policy (collectively, “Site” or “Sites”) or otherwise provide us with personal information.

Personal information” is information that identifies an individual or that relates to an identifiable individual. For purposes of this Policy, the term “personal information” does not include protected health information. This Policy does not explain our privacy practices with respect to your protected health information. For information about our privacy practices related to your protected health information under the Health Insurance Portability and Accountability Act, please review our Notice of Privacy Practices.

You” and “your” refer to the person reading this Privacy Policy, which may include GEHA members and other individuals visiting our Sites.

To jump to a specific section of this Privacy Policy, please click on a link below:

I. Personal Information We Collect

When you visit our Sites, we may collect personal information as follows:

  1. When You Communicate with Us. When you communicate with us, such as by filling out a form on our Sites or by participating in a survey, questionnaire, or contest that we offer, we collect and process personal information, which, depending on the type of communication, form, survey, questionnaire, or contest, may include your name, address, email address, phone number, date of birth, member ID number, signature, and the GEHA plan(s) you are enrolled in.

  2. When You Create a Member or Provider Account. When you create a Member or Provider Account on our Sites, we collect and process personal information, which may include your name, email address, member ID number or Social Security number, group policy number, your chosen username and password, and answers to your selected security questions.

  3. When You Enroll in our Products. We collect and process personal information when you enroll in a product that we offer. For example, when you enroll in our Connection Dental Plus product, we may collect and process personal information which may include your name; address; email address; phone number; gender; Social Security number; whether you are a Survivor Annuitant; your employment information, including your Federal employment status and military employment status; your marriage status; dependent spouse and dependent child information, including name, date of birth, gender, and Social Security number; and Federal Employee Health Benefits ("FEHB") plan and other health plan information.

  4. When You Purchase our Products. If you purchase a GEHA product using our Bank Draft Authorization Form, then we may collect and process your personal information, which may include your name; email address; phone number; GEHA member ID number or Social Security number; bank information, including bank name, address, and phone number; and other financial information. If you purchase a GEHA product using the U.S. Bank E-Payment Service, our third-party electronic payment service provider, then U.S. Bank may collect and process your personal information, which may include your name; address; email address; phone number; GEHA member ID number; payment information, such as credit or debit card information, or bank account information; and may provide your personal information to GEHA as necessary to process your transaction. The information that you provide to U.S. Bank is subject to U.S. Bank's E-Payment Service Privacy Policy, which we recommend that you carefully review. You should also review U.S. Bank's website to help ensure you are reviewing the most current, applicable privacy policy, as well as any applicable terms of use governing U.S. Bank's E-Payment Services.

  5. When You Sign Up for Marketing Communications. We may collect and process your personal information, such as your contact details, to send you marketing information concerning GEHA's products and services. For example, when you sign up for GEHA's Health e-Report® newsletter, we may collect and process your name, address, email address, information regarding the federal agency you work for, your current health plan(s), and your age. You will be provided with the opportunity to opt-out of receiving such marketing communications, including for GEHA's Health e-Report® newsletter, through the unsubscribe link provided at the bottom of such marketing communications. For additional information, see the Your Choices Regarding Your Personal Information section, below.

  6. When You Opt-In to our SMS Texting Program. GEHA offers GEHA members and prospective members with the ability to subscribe to receive marketing, plan information, and wellness-related SMS text messages from GEHA (the "GEHA Texting Program") by texting JOIN to 47663. The GEHA Texting Program is subject to the GEHA SMS Texting Terms of Use, which you should carefully review before opting-in to the GEHA Texting Program. When you opt-in to the GEHA Texting Program, we may collect and process your personal information, which may include your phone number. You may opt-out from receiving text messages from the GEHA Texting Program at any time by replying STOP to any GEHA text message, or by texting STOP to 47663. For additional information, see the Your Choices Regarding Your Personal Information section, below.

  7. When You Use our Online Career Portal. When you create an account within the GEHA online career portal to apply for a job with us, we (with assistance from our career portal service provider) collect and process personal information which may include your name, address, email address, phone number, employment history, education history, veteran status, gender, race, language, and disability information.

  8. When You Interact with Us on Social Media Platforms and Networks. If you connect or interact with us on social media platforms and networks such as Facebook or Instagram (“Social Media Platforms”), for example, by liking our page or sharing something we post, the Social Media Platforms may provide us with information concerning you, such as your name and location information. In addition, the Social Media Platforms will have access to information about you and your use of the Social Media Platforms. The information that we collect relating to your connections or interactions with us on Social Media Platforms is subject to this Privacy Policy. The information collected by the Social Media Platforms remains subject to the Social Media Platforms' privacy practices.

  9. From Third-Party Service Providers. We may receive personal information about you from our third-party service providers, such as analytics providers and payment processing providers.

  10. From Other Third Parties. We may collect and process personal information about you from other third parties that provide us with such information to enhance the personal information that we already maintain about you, improve the accuracy of our records and our ability to contact you, and increase the relevance of our marketing.

  11. Automated Information Collection. We use automated information collection technologies for reporting and analysis purposes. For example, we consider metrics such as how visitors interact with our Sites and how easy our Sites are to navigate. For additional information, see the Cookies & Similar Technologies section, below.

II. Purposes for Collecting Personal Information

We may collect the above-described types of personal information for one or more of the following purposes:

  • To provide you with GEHA products and services, such as by processing claims and payments, administering your GEHA plan(s), and providing you with information regarding your GEHA plan(s).
  • To manage and to secure your Member or Provider account with us, if you choose to create one.
  • To communicate with you, such as when you enroll in a GEHA plan, contact us, make a request or inquiry, or share comments or concerns; and to send you communications and notices about your GEHA plan(s), changes to our Sites, or changes to any products or services we offer.
  • To administer promotions, surveys, questionnaires, and contests.
  • For marketing and advertising purposes, such as to send you our Health e-Report® newsletter or other marketing and advertising communications.
  • To develop, operate, and present our Sites to you.
  • To conduct analytics to understand how you use our Sites; determine the methods and devices used to access our Sites; enhance our products and services; and to make improvements to our Sites.
  • To personalize your experience with us, including to retain information about your interests and preferences; customize the products and services we share with you; and enrich your experience on our Sites.
  • For our business purposes, such as identifying and implementing improvements to our business operations; creating and maintaining our products, services, accounts, and records; and conducting market and other business-related research.
  • To recruit and hire employees, including evaluating employment applications and communicating with applicants.
  • To detect and prevent fraud or other unauthorized or illegal activity.
  • To meet our regulatory reporting requirements and to comply with our legal and regulatory obligations, including those that require employers to maintain specified records.
  • To protect our legal interests.
  • To respond to law enforcement requests, to meet obligations in legal proceedings and government investigations, and as otherwise required by applicable law, court order, or government regulations.
  • To provide information pertinent to an actual or potential merger, acquisition, or other reorganization.
  • As necessary or appropriate to protect the rights, property, or safety of GEHA, our members, or others.
  • As otherwise described to you when collecting your personal information.

III. Third-Party Recipients of Personal Information

In connection with the purposes set forth in this Privacy Policy, we may share your personal information with one or more of the following categories of third parties:

  • Affiliates: We may share personal information with any of our business entities, including our affiliates.

  • Third-party service providers, partners, suppliers, and subcontractors that perform services on our behalf: We may share personal information with third-party service providers, partners, suppliers, and subcontractors that perform services on our behalf, including billing and payment processing, marketing, advertising, data analysis and insight, research, web hosting, technical support, customer service, content management, identity management, printing, data storage, security, fraud prevention, and legal services.

  • Governmental entities and third parties in connection with legal matters: We may disclose personal information to governmental entities, such as regulatory agencies, law enforcement, and judicial authorities, as well as other third parties under any of the following conditions: (a) if we have your valid consent to do so; (b) to comply with a valid subpoena, legal order, court order, warrant, legal process, or other legal obligation; (c) to enforce or apply any of our terms and conditions, policies, or other agreements; (d) to exchange information with other companies and organizations for the purposes of fraud protection and credit risk reduction; or (e) as necessary to pursue available legal remedies or defend legal claims.

  • Third parties in connection with a potential reorganization: We may share personal information to a prospective seller or buyer in the event of a potential reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of GEHA's assets, including, without limitation, in connection with any bankruptcy or similar proceeding.

  • Social Media Platforms: Social Media Platforms may offer plugins, widgets, or tools in connection with our Sites (e.g., to allow you to connect to Facebook to “Like” our page). If you choose to use these plugins, widgets, or tools, certain information may be shared with or collected by such Social Media Platforms, and is subject to such Social Media Platforms' privacy practices.

IV. Cookies & Similar Technologies

To help analyze how you and other visitors navigate our Sites and to compile aggregated information regarding usage of our Sites, we, with assistance from third-party analytics service providers, collect certain information pertaining to your use of our Sites and the devices and programs from which you access our Sites ("Usage Data") using cookies and similar technologies that automatically collect Usage Data. Usage Data may include IP address; geographic location of your device; browser information; date and time of request; time(s) of visit(s) to our Sites; page views and page elements clicked; device information, such as unique device identifiers and operating system; and mobile network information. We use Usage Data to automate and personalize your experience on our Sites, to identify and fix problems on our Sites, and to make improvements to our Sites.

If you do not want Usage Data collected through the use of cookies and similar technologies, there is a simple procedure in most browsers that allows you to automatically decline many of these technologies, or to be given the choice of declining or accepting them. Cookies that are required to enable core site functionality cannot be disabled. We may also engage third-party service providers to provide online advertisements on our behalf on other websites and mobile applications. These third parties may place or recognize a cookie or similar technology on your device to collect Usage Data or other information relating to your use of our Sites and other websites or mobile applications, and may use such information to provide you with more relevant advertisements when you visit other websites and mobile applications.

We neither have access to, nor does this Privacy Policy govern, the use of cookies and similar technologies that may be placed on your device you use to access our Sites by such third parties. If you are interested in more information about tailored advertising, you may visit the Network Advertising Initiative's Consumer Opt-Out link or the Digital Advertising Alliance's Consumer Opt-Out link to opt-out of receiving tailored advertising from companies that participate in those programs.

V. Third-Party Privacy Practices

Our Sites may contain links to third-party websites, include third-party integrations and search results, or offer a co-branded or third-party-branded product or service. Through these links, third-party integrations, and co-branded or third-party-branded services, you may be providing information (including personal information) directly to the third party, us, or both. We provide these links, third-party integrations, and co-branded or third-party-branded services as a service to you and are not responsible for the privacy practices of such third parties. You should always review any available privacy policy for any third-party service, website, or integration that you visit or use, including those third parties that you interact with through our Sites.

VI. Children’s Privacy

Our Sites are not directed to or intended for individuals under the age of 18. We do not knowingly collect or use any personal information from users of our Sites who are under the age of 18. No personal information should be submitted to our Sites by individuals who are under 18 years of age. If we learn that we have collected personal information from someone who is under 18, we will take steps to delete the personal information as soon as possible. If you believe we may have collected personal information from someone under 18, please contact us at privacy@geha.com.

VII. Protecting Your Personal Information

We implement administrative, technical, and organizational measures designed to assist in maintaining the security and confidentiality of your personal information; safeguarding against anticipated threats to the confidentiality, integrity, and availability of your personal information; and protecting your personal information against accidental or unlawful destruction, loss, alteration, and unauthorized access or disclosure.

However, whenever personal information is processed, there is a risk that such data could be lost, misused, modified, hacked, breached, and/or otherwise accessed by an unauthorized third party. No system or online transmission of data is completely secure. In addition to the administrative, technical, and organizational measures that we have in place to protect your personal information, you should use appropriate security measures to protect your personal information. If you believe that any personal information you provided to us is no longer secure, please notify us immediately by phone at 800.821.6136 or by email at privacy@geha.com.

VIII. Social Security Numbers

It is GEHA's policy to protect the confidentiality of Social Security numbers ("SSNs") that we receive or collect in the course of business. We secure the confidentiality of SSNs through various means, including physical, technical, and administrative safeguards that are designed to protect against unauthorized access. It is our policy to limit access to SSNs to that which is lawful and necessary for our business purposes, and to prohibit unlawful disclosures of SSNs.

IX. Your Choices Regarding Your Personal Information

You have the following choices and abilities with respect to your personal information:

  • Opting-Out of the GEHA Texting Program. If you opt-in to receiving text messages from the GEHA Texting Program, you may subsequently opt-out from receiving such text messages at any time by replying STOP to any GEHA text message, or by texting STOP to 47663. Additionally, you can receive help at any time by replying HELP to any GEHA text message, texting HELP to 47663, or by contacting GEHA by emailing editor@geha.com or calling 800.821.6136.

  • Opting-Out of Marketing Emails. If you sign up to receive GEHA's Health e-Report® newsletter, you will be provided with the opportunity to opt-out of receiving the Health e-Report® newsletter through the unsubscribe link provided at the bottom of emails delivering such Health e-Report® newsletters. Similarly, you will be provided with the opportunity to opt-out of receiving further marketing communications through an unsubscribe link provided at the bottom of all of our marketing-related emails.

  • Accessing and Updating Personal Information, Revoking Consent and Exercising Other Legal Rights. It is GEHA's intent to comply with all applicable laws relating to personal information rights of users of our Sites, including but not limited to complying with any laws providing users with rights to access or amend their personal information. You can review and change certain personal information by logging into your Member or Provider Account via our Sites. You also may contact us to request to exercise any rights you have under applicable laws, such as any rights to access the personal information that you have provided to us, or to revoke any consent you have provided to us to collect or to use your personal information for specific purposes. Please send all such requests to: privacy@geha.com, or write to us at: GEHA, Attn: Privacy Officer, 310 NE Mulberry St., Lee's Summit, MO 64086.

X. California Shine the Light Law

Under California's "Shine the Light" law, California residents can annually request (i.e., once per calendar year) certain information about the personal information, if any, we shared with third parties for their direct marketing purposes in the immediately preceding twelve (12) months. You may request this information by contacting our Privacy Officer by email at privacy@geha.com or by writing us at the following address: GEHA, Attn: Privacy Officer, 310 NE Mulberry St., Lee's Summit, MO 64086.

XI. Disability Assistance

We are committed to ensuring that this Privacy Policy is accessible to everyone. Individuals with difficulty accessing information in this Privacy Policy are encouraged to contact us by email at privacy@geha.com or by calling us at 800.735.2966 (TTY) or 800.821.6136.

XII. Do Not Track

We do not track our Site users over time and across third-party websites and online services (e.g., mobile apps), and therefore we do not respond to Do Not Track signals. However, third parties may collect information relating to your online activities over time and across different sites and apps when you use our Sites in order to provide you with content that is likely to be of interest to you.

XIII. Privacy Policy Updates

We may update this Privacy Policy from time to time as we add new services or offerings; as we improve our current services and offerings; and as technologies and laws change. It is our policy to post any changes we make to our Privacy Policy on our Sites. Any changes will become effective thirty (30) days after our posting of the revised Privacy Policy on the Sites. The date this Privacy Policy is effective is identified at the top of the first page. If we make material changes to how we treat the personal information that falls within the scope of this Privacy Policy, we will notify you through a prominent notice on the homepage of our Site.

XIV. How to Contact Us

If you have any questions about this Privacy Policy or our privacy practices, any complaints, or need assistance relating to your personal information, you may contact our Privacy Officer via email at privacy@geha.com, by calling us at 800.821.6136, or by writing us at the following address: GEHA, Attn: Privacy Officer, 310 NE Mulberry St., Lee's Summit, MO 64086.