Privacy Policy

Last Modified: May 13, 2019

Government Employees Health Association, Inc. (“GEHA”) is a self-insured, not-for-profit association providing health and dental plans to federal employees and retirees and their families through the Federal Employees Health Benefits Program (FEHBP) and the Federal Employees Dental and Vision Insurance Program (FEDVIP). GEHA provides additional services for members and providers through the oversight of GEHA Holdings Inc.® This holding company provides overall ownership, financial control, management and administration of the various subsidiary corporations under the GEHA umbrella.

GEHA respects your privacy and is committed to protecting your privacy by following this policy.

This policy describes the types of information you give us and that we may collect from you through using our website, electronic communications, mobile applications, and any other websites, applications, or communications (collectively, "services") that link to this policy. This policy describes how we use that information, and our practices for collecting, maintaining, protecting, and disclosing that information. Please note, information about how we use or disclose your health information is addressed in our Notice of Privacy Practices. If you do not agree to the terms of this policy, do not use our services. By proceeding with using any of our services, you are agreeing with the terms of this policy.

Information we collect

There are three basic categories of information we collect:

  • Information you choose to give us.
  • Information we get when you use our services.
  • Information we get from third parties (subject to certain limitations as set forth in this policy).

Here’s a little more detail on each of these categories.

Information you choose to give us
As you use our services, we collect the information that you choose to share with us. For example, if you set up a basic account, we need a few important details about you, such as: a unique username, a password, an email address, a phone number, and your date of birth, etc. We will only use your personally identifiable information to provide the service you’ve requested.

Other services, such as commerce products, may also require you to provide us with a debit or credit card number and its associated account information. We may request information through surveys or questionnaires, as well as contests. We use this information to learn more about your experience with our services, and how we can improve your experience.

Information we get when you use our services
We collect information about which of those services you’ve used and how you’ve used them. Here’s a list of the types of information we may collect when you use our services:

  • User and usage information. We may collect information about your activity through our services directly from you, including information:
    • You provide directly to us, by which you may be personally identified, such as name, postal address, e-mail address, telephone number or any other information our website or mobile applications collects that is defined as personal or personally identifiable information under applicable law (“personal information”);
    • Automatically as you navigate through the site or mobile app. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
  • Device information. We may collect information about your mobile device and internet connection, including the device's unique device identifier, IP address, operating system, browser type, and mobile network information.
  • Location information. When you use our services we may collect information about your location. With your consent, we may also collect information about your precise location using methods that include GPS, wireless networks, cell towers, Wi-Fi access points, and other sensors, such as gyroscopes, accelerometers, and compasses.
  • Information collected by cookies and other technologies. Like most online services and mobile applications, we may use cookies and other technologies, such as web beacons, web storage, unique advertising identifiers, and click tracking and visualization tools to collect information about your activity, browser, and device. We may also use these technologies to collect information when you interact with services we offer through one of our partners.
  • Log information. We also collect log information when you use our website or mobile application. That information includes, among other things:
    • Details about how you’ve used our services.
    • Device information, such as your web browser type and language.
    • Access times.
    • Pages viewed.
    • Identifiers associated with cookies or other technologies that may uniquely identify your device or browser.
    • Pages you visited before or after navigating to our website.
  • Unique application numbers. Certain services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to Google when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.

 

Information we collect from third parties

We may collect information that other users provide about you when they use our services. We may also obtain information from our affiliates, or any other third-party sources, and combine that with the information we collect through our services.

How we use information

We use information that we collect about you or that you provide to us to do the following:
  • Develop, operate, improve, analyze, administer, deliver, maintain, and present our website or mobile application and its contents to you.
  • Protect our products and services.
  • Send you communications and notices about changes to our website or mobile application or any products or services we offer or provide through it.
  • Send you updates and promotional materials that you have registered for.
  • Monitor and analyze trends and usage.
  • Enhance the safety and security of our products and services.
  • Verify your identity and authenticate your access to the parts of our services that you are authorized to access (e.g., our member portal) and prevent fraud or other unauthorized or illegal activity.
  • Recruiting and human resources administration purposes.
  • Use information we’ve collected from cookies and other technology to enhance the services and your experience with them.
  • Enforce our Terms of Service and other usage policies.
  • For any other purpose with your consent.

We may also store some information locally on your device. For example, we may store information as local cache so that you can open the app and view content faster.

Please note, information about how we may use or disclose your health information is contained in our Notice of Privacy Practices.

How we share information

We do not sell, lease, rent, or otherwise disclose the personal data collected to third parties unless otherwise stated below or with your consent. We may share information about you in the following ways:
  • For the intended purpose. We may share information specifically for the purpose disclosed by us when you provide the information, such as sending you electronic communications about services GEHA provides.
  • With our affiliates. We may share information with our business entities, subsidiaries and affiliates.
  • With third parties. We may share your information with the following third parties:
    • With service providers, sellers, and partners. We may share information about you with service providers who perform services on our behalf, sellers that provide goods through our services, and business partners that provide services and functionality. For example, we employ service providers who help us analyze website traffic and demographics (Google Analytics).
    • With third parties for legal reasons. We may share information about you if we reasonably believe that disclosing the information is needed to:
      • Comply with any valid legal process, governmental request, or applicable law, rule, or regulation.
      • Investigate, remedy, or enforce potential Terms of Service violations.
      • Protect the rights, property, and safety of us, our users, or others.
      • Detect and resolve any fraud or security concerns.
    • With third parties as part of a merger or acquisition. We may share with a buyer or other successor entity in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of GEHA’s assets.
    • With your consent. We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.

    Any third party we share your information with will provide you with at least the same level of privacy our services do.

Third-party content and integrations
The services may also contain third-party links and search results, include third-party integrations, or offer a co-branded or third-party-branded service. Through these links, third-party integrations, and co-branded or third-party-branded services, you may be providing information (including personal information) directly to the third party, us, or both. We encourage you to review the privacy policies of every third-party service that you visit or use, including those third parties you interact with through our services.

Linking to other websites
This site contains hypertext links to other websites or applications we think might be helpful or useful to you. However, GEHA has no control over the content in these sites, their availability or accuracy and assumes no responsibility for the privacy practices of such websites. These links are provided for convenience and reference purposes only, therefore we are not liable for any information or materials contained in them.

Control over your information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following tools:

  • Access, updates and revoking permissions. You can review and change some of your personal information by logging into the website and visiting your account profile page. You may also contact us to request access to any personal information that you have provided to us. If you change your mind about our ongoing ability to collect information from certain sources that you have already consented to, you can simply revoke your consent by contacting us. Please send all such requests to:  privacyofficer@geha.com, or write to us at:

        GEHA
        Attn: Privacy Officer
        310 NE Mulberry St.
        Lee's Summit, MO 64086

You can also take steps through your browser to control what information is shared by adjusting the settings to reject all or some cookies and to alert you when a cookie is placed on your device. If you do this, you may not be able to access or use all or parts or functionalities of GEHA’s digital properties.

Data security

We take industry standard security measures to protect your information. But no method of transmission over the internet, or method of electronic storage, is 100% secure, and we cannot guarantee that our security measures will prevent third parties from illegally obtaining access.

Email sent to our sites does not provide a means for completely secure and private communications between us. Your email, like most non-encrypted internet email communications, may be accessed and viewed without your knowledge or permission while in transit to us. To send a secure email to Customer Service you will need to use our Contact Us form. Please note that any attachments will not be encrypted. Email sent to us will be shared with our customer service representatives or the staff members who are best able to address your questions or concerns. Once we have responded to your communication, it may be discarded or archived, depending on the nature of the inquiry. Outgoing emails containing protected health information (PHI) are also sent through a secured system where recipients access the email with user ID and password verification procedures.

Children

Our website and mobile application are not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13. No one under age 13 should use our website, provide any personal information to the website or download the mobile application. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at privacyofficer@geha.com.

General

GEHA provides the information on this website as a courtesy. We attempt to keep information as accurate as possible; however, we make no express or implied warranties or representations about its accuracy, completeness or appropriateness for a particular purpose. You assume full responsibility for using the information at this site, and you understand and agree that GEHA is neither responsible nor liable for any claim, loss or damage resulting from its use. The mention of specific products or services at this site does not constitute or imply a recommendation or endorsement by GEHA, unless such recommendation or endorsement is explicitly stated. GEHA may improve, delete, update or otherwise change this website without notice, and GEHA has no obligation to update out-of-date information in any specified length of time.

The GEHA name, logos, service names, design marks and slogans are the trademarks or service marks of GEHA. Unauthorized use of any GEHA name or mark in any advertisement, publicity or in any other commercial manner without prior written consent of GEHA is prohibited.

Revisions to the Privacy Policy

We may change this Privacy Policy from time to time. We will post any changes on this page by revising the date at the top of the Privacy Policy that’s available on our website and through our mobile application. We encourage you to periodically reread this Privacy Statement to see if there have been any changes that may affect you. This Privacy Statement is not intended to and does not create any contractual or other legal rights in or on behalf of any party.

Contact information

To ask questions or comment about this privacy policy and our privacy practices, you can contact the Privacy Officer at privacyofficer@geha.com.