Effective Date: January 1, 2020
Privacy matters to Change Healthcare and its affiliates and subsidiaries (“Change Healthcare”, “we” and “us”), so whether you are new to Change Healthcare or a long-time user, please do take the time to get to know our practices – and if you have any questions contact us. This Global Marketing Website Privacy Notice (“Notice”) describes how Change Healthcare collects, uses, and shares your personal data, in association with the operation of our marketing website at www.changehealthcare.com (our “Sites”) and all other websites that link to or reference this Privacy Notice and do not have a separate privacy notice (collectively, “Sites and Services”). This Notice describes your rights and choices, and how you can contact us about our privacy practices. This Notice applies only to our website and does not apply to information that you may submit to us offline.
This Notice does not apply to outside websites and mobile applications, products, or services that may link to the Website or be linked to on the Website. Please consult those websites and applications directly to understand their privacy practices.
This Privacy Notice describes the following:
Change Healthcare obtains information about you from various sources to advertise our services and to keep you informed. We collect, process, and retain information from you and any devices you use when you interact with our Sites, as described below.
We collect your name; email address; contact information, including your mailing address; phone number; title; and information about the organization with which you are affiliated. We also collect any information you choose to include in your messages or responses when interacting with us through our Sites, including via online forums, inquiry forms, our support portal, or our Chatbox .
We automatically collect certain information when you access, use or interact with our Sites. We use browser cookies and other tracking technologies (collectively, “Cookies”) to collect and store certain information when you use, access or interact with our Sites, including:
When you visit our Sites, we and our partners collect information about your online activities over time and across different sites to provide you with advertising about products and services tailored to your individual interests (called “interest-based advertising”). Our partners may place or recognize a unique cookie or other tracking technology on your browser (including the use of pixel tags). Where required by applicable laws, we will rely on your consent prior to processing personal data from your device or computer for the purpose of interest-based advertising.
Most web browsers automatically accept cookies but, if you prefer, you can usually modify your browser setting to disable or reject cookies. If you delete your cookies or if you set your browser to decline cookies, some features of the Services may not be available, work, or work as designed. You may also be able to opt out of or block tracking by interacting directly with the other companies who conduct tracking through our Services. You can learn more about ad serving companies and the options available to limit their collection and use of your information by visiting the websites for the Network Advertising Initiative, the Digital Advertising Alliance, and the European Interactive Digital Advertising Initiative. Similarly, you can learn about your options to opt out of mobile app tracking by certain advertising networks through your device settings and by resetting the advertiser ID on your Apple or Android device. Please note that opting out of advertising network services does not mean that you will not receive advertising on our Sites or on other websites, nor will it prevent the receipt of interest-based advertising from other companies that do not participate in these programs. It will, however, exclude you from interest-based advertising conducted through participating networks, as provided by their policies and choice mechanisms. If you delete your cookies, you may also delete your opt-out preferences.
Your browser or device may include “Do Not Track” functionality. At this time, Change Healthcare does not respond to browser “Do Not Track” signals.
We receive information about you from outside vendors through your online activities on websites and connected devices over time and across websites, devices, apps and other online features and services. These other sources help us update, expand and analyze our records; identify new customers; determine you or your organization’s advertising or purchasing preferences; or prevent or detect fraud.
We use your information to send you email marketing communications about Change Healthcare products and services, invite you to participate in our events or surveys, to permit you to book sales appointments, to conduct data analysis of user experiences and behavior, and to otherwise communicate with you for marketing purposes if you have consented to us doing so in accordance with applicable law. We also use your information for direct marketing and interest-based online advertising.
If at any time you would like to unsubscribe from receiving promotional or commercial emails from us, you can click the unsubscribe link at the bottom of any email or email us at MarketingCommunications@ChangeHealthcare.com We will comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages.
We may disclose your personal information with the following entities:
If you reside in the EU, Switzerland or the United Kingdom, you have certain rights with respect to your personal data.
We will rely on the following legal bases for processing your personal data, depending on our purpose for such processing.
Consent. We will obtain your consent before using or sharing your data for advertising that is targeted based on your browsing history, online behaviour, or other personal data that we or others have collected about you. If you consent to our use of your personal data for any purpose, you have the right to withdraw consent at any time by contacting us.
Legitimate Interests. Change Healthcare has a legitimate interest in processing your personal data for certain business and security purposes such as product and service improvement; fraud detection and prevention; network and system security; and non-targeted marketing and advertising. Change Healthcare also has a legitimate interest in processing your personal data for compliance with applicable law.
Compliance with EU Legal Obligations. We will process your personal data where necessary to comply with our obligations under EU or EU Member State law.
If we intend to use your personal data that we have collected for a different purpose other than the purpose disclosed to you, we will provide you with information about the secondary purpose and with any other information necessary to ensure fair and transparent processing prior to such use.
You have the following rights with regard to the personal data we control about you, subject to applicable exceptions, under the GDPR and UK data protection laws:
You have the right to make a complaint with your local data protection authority if you believe that the processing of your personal data infringes your rights under the GDPR. Contact details for data protection authorities are available here.
In order to exercise your data protection rights, you may contact Change Healthcare as described in the How to Contact Us section below or submit a request by filling out a Consumer Data Request Form available here . In order to verify your identity, we may require you to provide us with personal data prior to accessing any records containing personal data about you.
If you would like to discuss or exercise any rights you may have under law, please contact us as described in the How to Contact Us section below.
Residents of the State of California have the right to request information from Change Healthcare regarding other companies to whom the company has disclosed certain categories of information during the preceding year for the other companies’ direct marketing purposes. If you are a California resident and would like to make such a request, please submit the Consumer Data Request Form available here.
The California Consumer Privacy Act provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” as well as rights to know/access, delete, and limit sharing of Personal Information. The CCPA defines “Personal Information” to mean “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Certain information we collect may be exempt from the CCPA because it is considered public information (i.e., it is made available by a government entity) or covered by a specific federal privacy law, such as the Gramm–Leach–Bliley Act, the Health Insurance Portability and Accountability Act (HIPAA), or the Fair Credit Reporting Act.
To the extent that we collect Personal Information that is subject to the CCPA, that information, our practices, and your rights are described below.
Right to Information Regarding the Categories of Personal Information Collected, Sold, and Disclosed. You have the right to obtain information regarding the categories of personal information we collect, sell, or disclose as described in this Global Marketing Website Privacy Notice. The following is a description of our data collection practices, including the personal information we collect, the sources of that information, the purposes for which we collect information, and whether we disclose that information to external parties. We may use any and all of the information for any of the purposes described in this privacy notice, unless limitations are listed. The categories we use to describe the information are those enumerated in the CCPA.
We may use any of the categories of information listed above for other business or operational purposes compatible with the context in which the personal information was collected.
We may share any of the above-listed information with service providers, which are external parties that we engage for business purposes and are restricted from using personal information for any purpose that is not related to our engagement. The categories of service providers with whom we share information and the services they provide are described in this Global Marketing Website Privacy Notice.
On certain occasions, we also sell information to third parties. An external party may be considered a third party either because the purpose of sharing the Personal Information is not an enumerated business purpose under California law, or because our contract does not restrict them from using Personal Information for other purposes. To “sell” information means to disclose it to an external party for monetary or other benefit. We sell the following information:
We also will disclose information to external parties who are not listed here when required by law or to protect our company or for other purposes, as described in this Global Marketing Website Privacy Notice.
Right to Access Information. You have the right to request access to Personal Information collected about you and information regarding the source of that information, the purposes for which we collect it, and the third parties and service providers with whom we share it. To protect our customers’ Personal Information, we are required to verify your identify before we can act on your request.
Right to Request Deletion of Information. You have the right to request in certain circumstances that we delete any Personal Information that we have collected directly from you. To protect our customers’ Personal Information, we are required to verify your identify before we can act on your request. We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.
Right to Opt Out of the Sale of Personal Information to Third Parties. You have the right to opt out of any sale of your personal information to third parties. To exercise this right, please visit our “Do Not Sell My Personal Information” webpage here. Please note that your right to opt out does not apply to our sharing of personal information with service providers, who are parties we engage to perform a function on our behalf and are contractually obligated to use the personal information only for that function.
How to Submit a Request. You may submit a request to exercise your rights through either of two means: (1) By filling out a Consumer Data Request Form available here or (2) By calling us at 1-844-698-8905.
We implement and maintain organizational, technical, and administrative security measures designed to safeguard the information we process within our organization against unauthorized access, destruction, loss, alteration, or misuse. These measures are aimed at providing on-going integrity and confidentiality for your personal data. We evaluate and update these measures on an ongoing basis. Your information is only accessible to personnel who need access to the personal data to perform their duties. However, no personal data system can be 100% secure, so we cannot guarantee the absolute security of your personal data.
We retain your personal data for as long as we have a relationship with you. When deciding how long to keep your personal data after our relationship with you has ended, we consider our legal and regulatory obligations and internal personal data management policies. For example, we may retain records to investigate or defend against potential legal claims or where required by law. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
Your information may be transferred to, stored, and processed in a country that does not provide the same level of protection for personal data as the laws of your home country and may be available to the government of those countries under a lawful court order made in those countries.
We have put in place appropriate safeguards in accordance with applicable legal requirements to provide adequate protections for your Personal Data. Change Healthcare complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU or Switzerland to the United States. Change Healthcare has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/ To view Change Healthcare’s Privacy Shield Certification Notice click here. When using our website, you will be provided with the opportunity to consent to the collection, international transfer, storage, and processing of your information, by means of a process that complies with applicable law in your location.
We may periodically update this Global Marketing Website Privacy Notice to describe new website features, products or services we offer and how it may affect our use of information about you and your controls. We will not apply material changes to this Global Marketing Website Privacy Notice retroactively to personal information we have previously collected.
Since we may change this Global Marketing Website Privacy Notice, we recommend that you check the current version available from time to time. We will notify you by means of a notice on this page or by email, prior to any material changes becoming effective.
If you have questions, requests, or complaints related to your privacy, or if you would like to exercise your data protection rights, please contact us at ChiefPrivacyOfficer@ChangeHealthcare.com . You may also contact our Data Protection Officer at ChiefPrivacyOfficer@ChangeHealthcare.com or by physical mail at the following addresses:
Residents of the UK
Change Healthcare UK Holdings Limited, Unit 3
The Exchange, Brent Cross Gardens, Brent Cross Greater
London, NW4 3RJ, UK
Residents of Ireland
Change Healthcare Ireland Solutions Ltd, 1
Woodford Business Park, Santry,
Dublin 17, D17 EW81, Ireland
Alternative Mailing Address:
Attn.: Chief Privacy Officer, Privacy Office
5995 Windward Parkway, 5th Floor
Alpharetta, Georgia 30005