Privacy Policy

Last Modified: May 25, 2018 

Government Employees Health Association, Inc. (“GEHA”) is a self-insured, not-for-profit association providing health and dental plans to federal employees and retirees and their families through the Federal Employees Health Benefits Program (FEHBP) and the Federal Employees Dental and Vision Insurance Program (FEDVIP).

GEHA respects your privacy and your rights to control your personal data. We are committed to protecting your privacy through our compliance with this policy.

This policy describes the types of information we may collect from you or that you may provide, directly or indirectly, through use of our services provided through our website, electronic communications, mobile applications, and any other websites, applications, or communications that link to this policy. This policy describes how we use that information, and our practices for collecting, maintaining, protecting, and disclosing that information. As used in this policy, personal data means any information that may be used, either alone or in combination with other information, to personally identify an individual. Please note, information about how we use or disclose your health information is addressed in our Notices of Privacy Practices.

Information we collect
There are three basic categories of information we collect:

  • Information you choose to give us.
  • Information we get when you use our services.
  • Information we get from third parties.

Here’s a little more detail on each of these categories.

Information You Choose to Give Us
When you interact with our services, we collect the information that you choose to share with us. For example, most of our services may require you to set up a basic account, so we need to collect a few important details about you, such as: a unique username, a password, an email address, a phone number, and your date of birth, etc. Other services, such as commerce products, may also require you to provide us with a debit or credit card number and its associated account information.

Information We Get When You Use Our Services
We collect information about which of those services you’ve used and how you’ve used them. Here’s a list of the types of information we may collect when you use our services:

  • User and Usage Information. We may collect information about your activity through our services directly from you, including information:
    • You provide directly to us, by which you may be personally identified, such as name, postal address, e-mail address, telephone number or any other information our website or mobile applications collects that is defined as personal or personally identifiable information under applicable law (“personal information”);
    • Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
  • Device Information. We may collect information about your mobile device and internet connection, including the device's unique device identifier, IP address, operating system, browser type, and mobile network information.
  • Location Information. When you use our services we may collect information about your location. With your consent, we may also collect information about your precise location using methods that include GPS, wireless networks, cell towers, Wi-Fi access points, and other sensors, such as gyroscopes, accelerometers, and compasses.
  • Information Collected by Cookies and Other Technologies. Like most online services and mobile applications, we may use cookies and other technologies, such as web beacons, web storage, unique advertising identifiers, and click tracking and visualization tools to collect information about your activity, browser, and device. We may also use these technologies to collect information when you interact with services we offer through one of our partners.
  • Log Information. We also collect log information when you use our website or mobile application. That information includes, among other things:
    • details about how you’ve used our services.
    • device information, such as your web browser type and language.
    • access times.
    • pages viewed.
    • identifiers associated with cookies or other technologies that may uniquely identify your device or browser.
    • pages you visited before or after navigating to our website.
  • Unique application numbers. Certain services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to Google when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.

Information We Collect from Third Parties We may collect information that other users provide about you when they use our services. For example, if another user allows us to collect information from their device phonebook – and you’re one of that user’s contacts – we may combine the information we collect from that user’s phonebook with other information we have collected about you. We may also obtain information from our affiliates, or any other third-party sources, and combine that with the information we collect through our services.

How We Use Information
We use information that we collect about you or that you provide to us for our legitimate interests to do the following:

  • Develop, operate, improve, analyze, administer, deliver, maintain, and present our website or mobile application and its contents to you.
  • Protect our products and services.
  • Send you communications and notices about changes to our website or mobile application or any products or services we offer or provide through it.
  • Send you updates and promotional materials that you have registered for.
  • Monitor and analyze trends and usage.
  • Enhance the safety and security of our products and services.
  • Verify your identity and authenticate your access to the parts of our services that you are authorized to access (e.g., our member portal) and prevent fraud or other unauthorized or illegal activity.
  • Recruiting and human resources administration purposes.
  • Use information we’ve collected from cookies and other technology to enhance the services and your experience with them.
  • Enforce our Terms of Service and other usage policies.
  • For any other purpose with your consent.

We may also store some information locally on your device. For example, we may store information as local cache so that you can open the app and view content faster.

Please note, information about how we may use or disclose your health information is contained in our Notices of Privacy Practices.

How We Share Information
We do not sell, lease, rent, or otherwise disclose the personal data collected to third parties unless otherwise stated below or with your consent. We may share information about you in the following ways:

  • For the intended purpose. We may share information specifically for the purpose disclosed by us when you provide the information, such as sending you electronic communications about services GEHA provides.
  • With our affiliates. We may share information with our business entities, subsidiaries and affiliates.
  • With third parties. We may share your information with the following third parties:
    • With service providers, sellers, and partners. We may share information about you with service providers who perform services on our behalf, sellers that provide goods through our services, and business partners that provide services and functionality. For example, we employ service providers who help us analyze website traffic and demographics (Google Analytics).
    • With third parties for legal reasons. We may share information about you if we reasonably believe that disclosing the information is needed to:
      • Comply with any valid legal process, governmental request, or applicable law, rule, or regulation.
      • Investigate, remedy, or enforce potential Terms of Service violations.
      • Protect the rights, property, and safety of us, our users, or others.
      • Detect and resolve any fraud or security concerns.
    • With third parties as part of a merger or acquisition. We may share with a buyer or other successor entity in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of GEHA’s assets.
    • With your consent. We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.

Third-Party Content and Integrations
The services may also contain third-party links and search results, include third-party integrations, or offer a co-branded or third-party-branded service. Through these links, third-party integrations, and co-branded or third-party-branded services, you may be providing information (including personal information) directly to the third party, us, or both. You acknowledge and agree that we are not responsible for how those third parties collect or use your information. As always, we encourage you to review the privacy policies of every third-party service that you visit or use, including those third parties you interact with through our services.

Linking to Other Websites
This site contains hypertext links to other websites or applications we think might be helpful or useful to you. However, GEHA has no control over the content in these sites, their availability or accuracy and assumes no responsibility for the privacy practices of such websites. These links are provided for convenience and reference purposes only, therefore we are not liable for any information or materials contained in them.

Control over Your Information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following tools:

  • Access, Updates and Revoking Permissions. You can review and change some of your personal information by logging into the website and visiting your account profile page. You may also contact us to request access to, correction of, erasure of, or export of (where applicable) any personal information that you have provided to us. If you change your mind about our ongoing ability to collect information from certain sources that you have already consented to, you can simply revoke your consent by contacting us. You may also submit an objection to or request a restriction of the processing of personal data that we collect to the same email address. We will promptly review all such requests in accordance with applicable laws. Please send all such requests to: privacyofficer@geha.com, or write to us at:

        GEHA
        Attn: Privacy Officer
        P.O. Box 438
        Independence, MO 64051-0438

    Depending on where you live, you may have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of your rights concerning personal data about you. We encourage you to first reach out to us at privacyofficer@geha.com, so we have an opportunity to address your concerns directly before you do so.
  • Opting-Out of Promotional Emails. You may choose not to receive future promotional or advertising emails from us by selecting an unsubscribe link at the bottom of each email that you receive from us. Additionally, you may send a request specifying your communications preferences to privacyofficer@geha.com. You cannot opt out of receiving transactional emails related to the performance of our services. Please note that even if you opt out of receiving promotional emails, we may still send you a response to any Contact Us request, as well as administrative, maintenance, and operational emails (for example, in connection with a password reset request).
  • Revoking Permissions. We will promptly review all such requests in accordance with applicable laws.
  • Retention of Personal Data. We reserve the right to retain any personal data as long as they are needed to:
    • Fulfill the purposes described in “How We Use Information” and “How We Share Your Information”.
    • Comply with any applicable law.
    Once we no longer need personal data for the purposes for which it was collected, we will take all reasonable steps to remove it from our systems.

Data Security
Email sent to our sites does not provide a means for completely secure and private communications between us. Your email, like most non-encrypted internet email communications, may be accessed and viewed without your knowledge or permission while in transit to us. To send a secure email to Customer Service you will need to use our Contact Us email form. Please note that any attachments will not be encrypted. Email sent to us will be shared with our customer service representatives or the staff members who are best able to address your questions or concerns. Once we have responded to your communication, it may be discarded or archived, depending on the nature of the inquiry. Outgoing emails containing protected health information (PHI) are also sent through a secured system where recipients access the email with user ID and password verification procedures.

We take appropriate technical and organizational data security measures to protect your personal data. We follow generally accepted industry standards to protect the personal data submitted to us. However, no method of transmission over the internet, or method of electronic storage, is 100% secure. Further, while we attempt to ensure the integrity and security of Personal Data, we cannot guarantee that our security measures will prevent third-parties from illegally obtaining access. Therefore, while we strive to protect your personal data, we cannot guarantee its absolute security.

Children
Our website and mobile application are not intended for children under 16 years of age. No one under age 16 should provide any personal information to the website or download the mobile application. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on this website or download the Web Application. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at www.geha.com.

General
GEHA provides the information on this website as a courtesy. We attempt to keep information as accurate as possible; however, we make no express or implied warranties or representations about its accuracy, completeness or appropriateness for a particular purpose. You assume full responsibility for using the information at this site, and you understand and agree that GEHA is neither responsible nor liable for any claim, loss or damage resulting from its use. The mention of specific products or services at this site does not constitute or imply a recommendation or endorsement by GEHA, unless such recommendation or endorsement is explicitly stated. GEHA may improve, delete, update or otherwise change this website without notice, and GEHA has no obligation to update out-of-date information in any specified length of time.

The GEHA name, logos, service names, design marks and slogans are the trademarks or service marks of GEHA. Unauthorized use of any GEHA name or mark in any advertisement, publicity or in any other commercial manner without prior written consent of GEHA is prohibited.

Revisions to the Privacy Policy
We may change this Privacy Policy from time to time. It is our policy to post any changes we make to our privacy policy on this page by revising the date at the top of the Privacy Policy that’s available on our website and mobile application. We encourage you to periodically reread this Privacy Statement to see if there have been any changes that may affect you. This Privacy Statement is not intended to and does not create any contractual or other legal rights in or on behalf of any party.

Contact Information
To ask questions or comment about this privacy policy and our privacy practices, you can contact the Privacy Officer at privacyofficer@geha.com.