Privacy & Compliance

Privacy & Compliance

At PayFlex, we value the trust you place in us and take great care to protect the information you share with us. The policies and procedures we follow are strict. Furthermore, we strive to safeguard all information in order to protect your right to privacy. We continually review our policies and practices aimed at maintaining the security and confidentiality of personal information.

Types of information we collect

We collect only information necessary to consistently deliver responsive, high quality service and to fulfill legal and regulatory requirements. The sources and types of information collected may include demographic, payroll, and banking data, Social Security number or other identification, email address and any additional information needed to process transactions, respond to inquiries, and fulfill administrative services requirements. Failure to provide requested information may limit access to the services we can provide.

Protecting the confidentiality and security of participant information

We have adopted and adhere to stringent security standards designed to protect non-public personal information against accidental or unauthorized access or disclosure. We maintain physical, electronic, and procedural safeguards to secure the information and comply with federal standards.

Parties to whom we disclose information

Access to client and customer information is strictly limited. We do not disclose any personal information obtained in the course of our relationship unless required or permitted by law, or if necessary to fulfill our contracted administrative services. Permitted disclosures include but are not limited to, providing information to our employees who need to know the information in order to perform administration services, and in limited situations, to unrelated third parties as permitted or required by law, for example, to protect against fraud, to protect the confidentiality or security of our business records, or to comply with applicable legal requirements. In all such situations, we stress the confidential nature of the information being shared and require the third party receiving the information to keep it confidential. Information will not be distributed or shared for marketing purposes or for any other purpose outside the scope of our business requirements.

Collecting and using non-personally identifiable information

When you visit our website, we collect certain information about you to help us analyze and improve the usefulness of the information we provide on this website. The information we collect does not identify you personally. It’s anonymous "usage data," such as the number of unique visitors we receive, what pages are visited most often and the navigation preferences and characteristics of our visitors. We have included some information below on what we collect and how we do it.

•Web browser information - Web browsers collect and store information about the type of device and operating system you are using to access our website, as well as your device’s MAC (media access control) address for facilitating network communications. Accessing this information helps us establish a secure and consistent connection to you during your visits to our website.

•"Cookie" technology-A "cookie" is an element of data that a website can send to your browser when you link to a website. It is not a computer program and has no ability to read data residing on your computer. It also does not instruct your computer to perform any step or function. By assigning a unique data element to each visitor, the website is able to recognize repeat users, track usage patterns and better serve you when you return to that site. The cookie does not extract other personal information about you, such as your name or address.

•Client-side page tagging - This technology uses code on each web page to write certain information about the page and the visitor to a log when a page is rendered to you by your web browser. "Tagging" does result in a JavaScript program running in your browser, but it is limited to providing information about the page that you are requesting and the configuration of your browser. It will not read any of your data files and will notexecute any additional programs. It does not extract any personal information about you, such as your name or email address. You can prevent tagging by disabling JavaScript in your browser, but that may prevent you from using all of our website's functions.

•Tracking pixels or beacons - These techniques use electronic files to track your navigation of our website, your completion of transactions and other browsing behavior.

•IP Address - When you subscribe to an Internet Service Provider (ISP), your computing device is assigned an IP Address. We track and store this address to help us manage security and monitor usage volume and patterns.

HIPAA Compliance

We conform to all applicable regulatory requirements that pertain to the services it provides, including Health Insurance Portability and Accountability Act of 1996/Health Information Technology for Economic Clinical Health Act (HIPAA/HITECH) compliance. We have established appropriate technical and physical safeguards to prevent Personal Health Information from intentionally or unintentionally being used or disclosed in violation of HIPAA’s requirements. Technical and Physical safeguards are in place to protect and secure member data.

In addition, we maintain rigorous employee education requirements and documented privacy policies that are used to help ensure confidential information is not disclosed.

Changes to this statement

PayFlex may change this statement from time to time. When updates are made, we’ll also update the privacy statement version date located at the bottom of this privacy statement. We encourage you to periodically review this privacy statement to see if there have been any changes that may affect you. This statement is not intended to and does not create any contractual or other legal rights in or on behalf of any party.

Privacy statement updated:March 30, 2015