Change Healthcare – Global Marketing Website Privacy Notice

Effective Date: January 1, 2020

Privacy matters to Change Healthcare and its affiliates and subsidiaries (“Change Healthcare”, “we” and “us”), so whether you are new to Change Healthcare or a long-time user, please do take the time to get to know our practices – and if you have any questions contact us. This Global Marketing Website Privacy Notice (“Notice”) describes how Change Healthcare collects, uses, and shares your personal data, in association with the operation of our marketing website at www.changehealthcare.com (our “Sites”) and all other websites that link to or reference this Privacy Notice and do not have a separate privacy notice (collectively, “Sites and Services”). This Notice describes your rights and choices, and how you can contact us about our privacy practices. This Notice applies only to our website and does not apply to information that you may submit to us offline.

This Notice does not apply to outside websites and mobile applications, products, or services that may link to the Website or be linked to on the Website. Please consult those websites and applications directly to understand their privacy practices.

For specific disclosures related to our use of cookies and other tracking technologies, please see our Cookie Policy. We use these technologies to gather data for our internal analytics and for targeted advertising.

This Privacy Notice describes the following:

• Information We Collect
• How We Use Your Information
• How and With Whom We Disclose Your Information
• Information Security and Storage
• International Data Transfers
• Rights of Individuals Located in the EU or UK
• Your California Privacy Rights
• Changes to This Privacy Notice
• How to Contact Us

Information We Collect

 

Information We Collect About You

Change Healthcare obtains information about you from various sources to advertise our services and to keep you informed. We collect, process, and retain information from you and any devices you use when you interact with our Sites, as described below.

We collect your name; email address; contact information, including your mailing address; phone number; title; and information about the organization with which you are affiliated. We also collect any information you choose to include in your messages or responses when interacting with us through our Sites, including via online forums, inquiry forms, our support portal, or our Chatbox .

Information We Collect Automatically

We automatically collect certain information when you access, use or interact with our Sites. We use browser cookies and other tracking technologies (collectively, “Cookies”) to collect and store certain information when you use, access or interact with our Sites, including:

• Browser and device data: We collect your device type, operating system and version, IP address, general geographic location as indicated by your IP address, browser type, screen resolution, device manufacturer and model, language, plug-ins, add-ons and the language version of the Site you are visiting.
• Usage data: We collect information about the time you spend on the Sites, the content you view and features you access, the pages that led or referred you to our Sites, language preferences, how you interact with available content, and entered search terms, as well as personal information that you make available to us via a social media platform, such as by clicking on a social media icon linked from our Sites.

When you visit our Sites, we and our partners collect information about your online activities over time and across different sites to provide you with advertising about products and services tailored to your individual interests (called “interest-based advertising”). Our partners may place or recognize a unique cookie or other tracking technology on your browser (including the use of pixel tags). Where required by applicable laws, we will rely on your consent prior to processing personal data from your device or computer for the purpose of interest-based advertising.

Most web browsers automatically accept cookies but, if you prefer, you can usually modify your browser setting to disable or reject cookies. If you delete your cookies or if you set your browser to decline cookies, some features of the Services may not be available, work, or work as designed. You may also be able to opt out of or block tracking by interacting directly with the other companies who conduct tracking through our Services. You can learn more about ad serving companies and the options available to limit their collection and use of your information by visiting the websites for the  Network Advertising Initiative, the Digital Advertising Alliance, and the European Interactive Digital Advertising Initiative. Similarly, you can learn about your options to opt out of mobile app tracking by certain advertising networks through your device settings and by resetting the advertiser ID on your Apple or Android device. Please note that opting out of advertising network services does not mean that you will not receive advertising on our Sites or on other websites, nor will it prevent the receipt of interest-based advertising from other companies that do not participate in these programs. It will, however, exclude you from interest-based advertising conducted through participating networks, as provided by their policies and choice mechanisms. If you delete your cookies, you may also delete your opt-out preferences.

Your browser or device may include “Do Not Track” functionality. At this time, Change Healthcare does not respond to browser “Do Not Track” signals.

To learn more about the Cookies that are served through our Sites and how you can control our use of Cookies and third-party analytics, please see our Cookie Policy.

Information We Collect from Other Sources

We receive information about you from outside vendors through your online activities on websites and connected devices over time and across websites, devices, apps and other online features and services. These other sources help us update, expand and analyze our records; identify new customers; determine you or your organization’s advertising or purchasing preferences; or prevent or detect fraud.

How We Use Your Information

We use your information to send you email marketing communications about Change Healthcare products and services, invite you to participate in our events or surveys, to permit you to book sales appointments, to conduct data analysis of user experiences and behavior, and to otherwise communicate with you for marketing purposes if you have consented to us doing so in accordance with applicable law. We also use your information for direct marketing and interest-based online advertising.

If at any time you would like to unsubscribe from receiving promotional or commercial emails from us, you can click the unsubscribe link at the bottom of any email or email us at MarketingCommunications@ChangeHealthcare.com   We will comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages.

How and With Whom We Disclose Your Information

We may disclose your personal information with the following entities:

• With our vendors: We share your information with vendors that provide services on our behalf, such as marketing and survey services, payment processors, website hosting, data analysis, data storage, customer service, auditing and accounting firms and security vendors. We authorize vendors to use or disclose personal information only as necessary to perform services on our behalf or to comply with legal requirements. We require our vendors to contractually commit to protect the security and confidentiality of data they process on our behalf.
• With other Change Healthcare companies:  We share personal information with other Change Healthcare entities to provide our Services and other products and services as well as for internal administrative purposes.
• With our advertising partners: We share personal information with our advertising partners as well as with vendors that provide services on our behalf, such as marketing and survey services .
• Where required or permitted by law or in the context of an audit or other review: We share information with law enforcement agencies, courts, or other government authorities where we believe it is necessary: (i) to comply with a legal or regulatory obligation; (ii) to protect the rights, safety, and property of Change Healthcare, you or others; and (iii) to respond to requests from courts, law enforcement agencies, regulatory agencies and other public and government authorities.
• In the context of a transaction: We may share personal information in connection with the consideration, negotiation, or completion of a corporate transaction, such as a merger or acquisition or a sale or transfer of all or a portion of our assets or business, including during any due diligence process.
  

Rights of Individuals Located in the EU, Switzerland or the United Kingdom

If you reside in the EU, Switzerland or the United Kingdom, you have certain rights with respect to your personal data.

We will rely on the following legal bases for processing your personal data, depending on our purpose for such processing.

Consent. We will obtain your consent before using or sharing your data for advertising that is targeted based on your browsing history, online behaviour, or other personal data that we or others have collected about you. If you consent to our use of your personal data for any purpose, you have the right to withdraw consent at any time by contacting us.

Legitimate Interests. Change Healthcare has a legitimate interest in processing your personal data for certain business and security purposes such as product and service improvement; fraud detection and prevention; network and system security; and non-targeted marketing and advertising. Change Healthcare also has a legitimate interest in processing your personal data for compliance with applicable law.

Compliance with EU Legal Obligations. We will process your personal data where necessary to comply with our obligations under EU or EU Member State law.

If we intend to use your personal data that we have collected for a different purpose other than the purpose disclosed to you, we will provide you with information about the secondary purpose and with any other information necessary to ensure fair and transparent processing prior to such use.

You have the following rights with regard to the personal data we control about you, subject to applicable exceptions, under the GDPR and UK data protection laws:

• The right to request confirmation of whether Change Healthcare processes personal data relating to you, and if so, to request a copy of that personal data;
• The right to request that Change Healthcare corrects or updates your personal data that is inaccurate, incomplete or outdated;
• The right to request that Change Healthcare delete your personal data in certain circumstances provided by law;
• The right to request that Change Healthcare restrict the use of your personal data in certain circumstances, such as while Change Healthcare considers another request that you have submitted (including a request that Change Healthcare make an update to your personal data);
• The right to request that we export your personal data in a usable electronic format to another company, where technically feasible;
• The right to object to processing of your personal data based on Change Healthcare’s legitimate interests at any time, upon which Change Healthcare will no longer process the data, unless there are compelling legitimate grounds for our processing that override the interests, rights, and freedoms of the data subject, or the processing serves the purpose of asserting, exercising, or defending legal claims; and
• The right to withdraw consent at any time, where Change Healthcare is processing your personal data based on your consent.

You have the right to make a complaint with your local data protection authority if you believe that the processing of your personal data infringes your rights under the GDPR. Contact details for data protection authorities are available here.

In order to exercise your data protection rights, you may contact Change Healthcare as described in the How to Contact Us section below or submit a request by filling out a Consumer Data Request Form available here. In order to verify your identity, we may require you to provide us with personal data prior to accessing any records containing personal data about you.

If you would like to discuss or exercise any rights you may have under law, please contact us as described in the How to Contact Us section below.

Your California Privacy Rights

Residents of the State of California have the right to request information from Change Healthcare regarding other companies to whom the company has disclosed certain categories of information during the preceding year for the other companies’ direct marketing purposes. If you are a California resident and would like to make such a request, please submit the Consumer Data Request Form available here.

The California Consumer Privacy Act provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” as well as rights to know/access, delete, and limit sharing of Personal Information. The CCPA defines “Personal Information” to mean “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Certain information we collect may be exempt from the CCPA because it is considered public information (i.e., it is made available by a government entity) or covered by a specific federal privacy law, such as the Gramm–Leach–Bliley Act, the Health Insurance Portability and Accountability Act (HIPAA), or the Fair Credit Reporting Act.

To the extent that we collect Personal Information that is subject to the CCPA, that information, our practices, and your rights are described below.

Right to Information Regarding the Categories of Personal Information Collected, Sold, and Disclosed. You have the right to obtain information regarding the categories of personal information we collect, sell, or disclose as described in this Global Marketing Website Privacy Notice. The following is a description of our data collection practices, including the personal information we collect, the sources of that information, the purposes for which we collect information, and whether we disclose that information to external parties. We may use any and all of the information for any of the purposes described in this privacy notice, unless limitations are listed. The categories we use to describe the information are those enumerated in the CCPA.

• Personal Identifiers:
  • We collect your name, phone number, email address, mailing address, and contact address when you create an account or contact us via the site. If you choose to create an account, you will also be asked to create a username, and we will assign one or more unique identifiers to your profile. We use this information to provide our services, respond to your requests, and send information and advertisements to you.
  • We collect a unique numerical identifier, assigned to you by a first-party cookie, automatically when you use our services in order to identify you, provide our services, keep you logged in to our services, prevent fraud, and provide you with targeted information and offers.
  • A service provider working on our behalf collects your payment information when you provide it to us, or to a service provider working on our behalf, when you complete a transaction. This information includes your credit card number or bank account number. We use this information to facilitate payments and transactions.
  • We do not collect your Driver’s License number or passport number.
  • We do not collect your social security number.
  • We do not collect any medical information or health information about you through this marketing website, www.changehealthcare.com.
  • We collect your IP address automatically when you use our Services. We use this information to identify you, gauge online activity on our website, measure the effectiveness of online services, applications, and tools, and serve targeted advertisements based on your online activities.
  • We collect your Device ID automatically when you use our Services. We use this information to monitor your usage and the effectiveness of our Services, to identify you, and to provide you with targeted information and offers.
• Protected Classifications: We do not collect your age, gender, racial or ethnic origin, or sexual orientation.
• Commercial Information: When you engage in transactions with us, we create records of goods or services purchased or considered, as well as purchasing or consuming histories or tendencies. We use this information to measure the effectiveness of our services and to provide you with targeted information, advertisements, and offers.
• Biometric Information: We do not collect information about your physiological, biological, or behavioral characteristics.
• Internet or Other Electronic Network Activity Information: When you navigate to and use our site, we collect information such as your Internet domain, the domain of your Internet service provider, the date and time that you access the site, the Internet address of the website from which you linked directly to the site, and the pages you visit on our sites.
• Geolocation Data: As described above, we collect your IP address automatically when you visit our sites. We can determine your general location based on your IP address.
• Audio, electronic, visual, thermal, olfactory, or similar information: We do not collect your audio, electronic, visual, thermal, olfactory, or similar information.
• Professional or employment-related information: We collect your business contact information when you contact us regarding our products and services or when you interact with us at trade shows. We otherwise do not collect your professional or employment-related information.
• Education information: We do not collect any information about the institutions you have attended or the level of education you have attained.
• Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences or characteristics: We analyze your actual or likely preferences through a series of computer processes and add our observations to your internal profile. We use this information to gauge and develop our marketing activities, measure the appeal and effectiveness of our services, applications, and tools, and to provide you with targeted information, advertisements, and offers.

We may use any of the categories of information listed above for other business or operational purposes compatible with the context in which the personal information was collected.

We may share any of the above-listed information with service providers, which are external parties that we engage for business purposes and are restricted from using personal information for any purpose that is not related to our engagement. The categories of service providers with whom we share information and the services they provide are described in this Global Marketing Website Privacy Notice.

On certain occasions, we also sell information to third parties. An external party may be considered a third party either because the purpose of sharing the Personal Information is not an enumerated business purpose under California law, or because our contract does not restrict them from using Personal Information for other purposes. To “sell” information means to disclose it to an external party for monetary or other benefit. We sell the following information:

• Personal Identifiers. We provide your IP address and device ID to our vendors and online advertising partners.
• Internet or Other Electronic Network Activity Information. We provide information about your Internet or other electronic network activity information to our vendors and online advertising partners.
• Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences or characteristics. We provide our observations about you to our vendors and online advertising partners.

We also will disclose information to external parties who are not listed here when required by law or to protect our company or for other purposes, as described in this Global Marketing Website Privacy Notice.

Right to Access Information. You have the right to request access to Personal Information collected about you and information regarding the source of that information, the purposes for which we collect it, and the third parties and service providers with whom we share it. To protect our customers’ Personal Information, we are required to verify your identify before we can act on your request.

Right to Request Deletion of Information. You have the right to request in certain circumstances that we delete any Personal Information that we have collected directly from you. To protect our customers’ Personal Information, we are required to verify your identify before we can act on your request. We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

Right to Opt Out of the Sale of Personal Information to Third Parties. You have the right to opt out of any sale of your personal information to third parties. To exercise this right, please visit our “Do Not Sell My Personal Information” webpage here. Please note that your right to opt out does not apply to our sharing of personal information with service providers, who are parties we engage to perform a function on our behalf and are contractually obligated to use the personal information only for that function.

How to Submit a Request. You may submit a request to exercise your rights through either of two means: (1) By filling out a Consumer Data Request Form available here or (2) By calling us at 1-844-698-8905.

Personal Data Security and Storage

We implement and maintain organizational, technical, and administrative security measures designed to safeguard the information we process within our organization against unauthorized access, destruction, loss, alteration, or misuse. These measures are aimed at providing on-going integrity and confidentiality for your personal data. We evaluate and update these measures on an ongoing basis. Your information is only accessible to personnel who need access to the personal data to perform their duties. However, no personal data system can be 100% secure, so we cannot guarantee the absolute security of your personal data.

We retain your personal data for as long as we have a relationship with you. When deciding how long to keep your personal data after our relationship with you has ended, we consider our legal and regulatory obligations and internal personal data management policies. For example, we may retain records to investigate or defend against potential legal claims or where required by law. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

International Data Transfers

Your information may be transferred to, stored, and processed in a country that does not provide the same level of protection for personal data as the laws of your home country and may be available to the government of those countries under a lawful court order made in those countries.

We have put in place appropriate safeguards in accordance with applicable legal requirements to provide adequate protections for your Personal Data. Change Healthcare complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU or Switzerland to the United States. Change Healthcare has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/  To view Change Healthcare’s Privacy Shield Certification Notice click here. When using our website, you will be provided with the opportunity to consent to the collection, international transfer, storage, and processing of your information, by means of a process that complies with applicable law in your location.

Changes to this Privacy Notice

We may periodically update this Global Marketing Website Privacy Notice to describe new website features, products or services we offer and how it may affect our use of information about you and your controls. We will not apply material changes to this Global Marketing Website Privacy Notice retroactively to personal information we have previously collected.
Since we may change this Global Marketing Website Privacy Notice, we recommend that you check the current version available from time to time. We will notify you by means of a notice on this page or by email, prior to any material changes becoming effective.

How to Contact Us

If you have questions, requests, or complaints related to your privacy, or if you would like to exercise your data protection rights, please contact us at ChiefPrivacyOfficer@ChangeHealthcare.com . You may also contact our Data Protection Officer at  ChiefPrivacyOfficer@ChangeHealthcare.com or by physical mail at the following addresses:

Residents of the UK

Change Healthcare UK Holdings Limited, Unit 3

The Exchange, Brent Cross Gardens, Brent Cross Greater

London, NW4 3RJ, UK

Residents of Ireland

Change Healthcare Ireland Solutions Ltd, 1

Woodford Business Park, Santry,

Dublin 17, D17 EW81, Ireland

Alternative Mailing Address:

Change Healthcare

Attn.: Chief Privacy Officer, Privacy Office

5995 Windward Parkway, 5^th Floor

Alpharetta, Georgia 30005

United States