Benafica, LLC Privacy Statement

1. How to Contact Us
2. Personal Data We Collect
3. How we use personal data
4. Reasons we share personal data
5. How to access and control your personal data
6. Cookies and similar technologies
7. Products provided by your organization – notice to end users
8. Collection of data from children
9. Security of personal data
10. Where we store and process personal data
11. Our retention of personal data
12. California Consumer Privacy Act
13. Advertising
14. Preview or free-of-charge releases
15. Changes to this privacy statement
16. Location services and recordings
17. Security and safety features
18. Refunds and returns

1. How to Contact Us

Your privacy is very important to us. As a privately held company, Benafica takes matters related to privacy very seriously. Matters related to privacy are directed to the Benafica Chief Privacy Officer or the Data Protection Officer. If you have a privacy question, concern, or complaint for Benafica, please contact us by using our web form. We will respond to questions or concerns as required by law and within a period no longer than 30 days. You can also raise a concern or lodge a complaint with a data protection authority or other official with jurisdiction.
When Benafica is the data controller, our address is:

• Benafica LLC, 6701 Upper Afton Rd., St. Paul, MN 55125 USA

If you would like to exercise your rights under the California Consumer Privacy Act, you may contact Benafica at the address above, use our web form, or call our US number 651-287-3253.

If you have a technical or support question, please email Benafica Support. If you have an account password question on our Benngi software products, please email Benngi Account Support.

2. Personal data we collect

Benafica,LLC (aka Benafica) collects data from you, through our interactions with you and through our products (either our products and administration services or third party insurance and non-insurance products) for a variety of purposes described below, including to operate effectively and provide you with the best experiences with our products and services. You provide some of this data directly, such as when you create a Benafica Benngi account, administer your organization’s licensing account, upload a document to Benngi, sign up for an insurance product, a part of an organization that uses Benafica or Benngi, or contact us for support. We get some of it by collecting data about your interactions, use, and experience with our products and communications. 

We rely on a variety of legal reasons and permissions (sometimes called “legal bases”) to process data with your consent, including but not limited to, a balancing of legitimate interests necessary to enter into and perform contracts, and compliance with legal obligations, for a variety of purposes described below. 

We also obtain data from third parties. We protect data obtained from third parties according to the practices described in this statement, plus any additional restrictions imposed by the source of the data. These third-party sources vary over time and include: 

• Data brokers from which we purchase demographic data to supplement the data we collect.  
• Communication services, including email providers and social networks, when you give us permission to access your data on such third-party services or networks. 
• Service providers that help us determine your device’s location. 
• Partners with which we offer co-branded services or engage in joint marketing activities.   
• Developers who create experiences through or for Benafica Benngi products. 
• Third parties that deliver experiences through Benngi products or insurance companies that deliver insurance products. 
  Publicly-available sources, such as open public sector, academic, and commercial data sets and other data sources.
  People you have chosen to share your BenngiHealth account with and allow those people to enter data about you. 
  Employers and associations that you are a part of that have entered into an agreement with Benafica or insurance companies that you are a policyholder that have entered into an agreement with Benafica.  

You have choices when it comes to the technology you use and the data you share. Sharing health related data on BenngiHealth with other individuals that you chose to share with is at your discretion and is optional. When you are asked to provide personal data, you can decline. Many of our products require some personal data to operate and provide you with a service. If you choose not to provide data required to operate and provide you with a product or feature, you cannot use that product or feature. Likewise, where we need to collect personal data by law or to enter into or carry out a contract with you, and you do not provide the data, we will not be able to enter into the contract; or if this relates to an existing product you’re using, we may have to suspend or cancel it. We will notify you if this is the case at the time. Where providing the data is optional, and you choose not to share personal data, features like personalization that use the data will not work for you.

The data we collect depends on the context of your interactions with Benafica and the choices you make (including your privacy settings), the products and features you use, your location, and applicable law.

The data we collect can include the following:

Name and contact data. Your first and last name, email address, postal address, phone number, and other similar contact data. 

Credentials. Passwords, password hints, and similar security information used for authentication and account access. 

Demographic data. Data about you such as your age, gender, country, and preferred language. 

Payment data. Data to process payments, such as your payment instrument number (such as a debit or credit card number) and the security code associated with your payment instrument. 

Subscription and licensing data. Information about your subscriptions, licenses, and other entitlements. 

Insurance-related information. Benafica is an insurance broker and administrator.  In this regard, we collect information needed to facilitate the administration and sale of insurance products. 

Medical Information. Medical information voluntarily provided by you, about you or your family members or other people who have chosen to share their medical information with you.  Medical information that has been provided to Benafica in our role as a claims processor in the medical and benefit field.

Interactions. Data about your use of Benafica products. In some cases, such as search queries, this is data you provide in order to make use of the products. In other cases, such as error reports, this is data we generate. Other examples of interactions data include:

• Device and usage data. Data about your device and the product and features you use, including information about your hardware and software, how our products perform, as well as your settings. For example:
  • Payment and account history. Data about the items you purchase and activities associated with your account.
  • Device, connectivity, and configuration data. Data about your device, your device configuration, and nearby networks.  In addition, IP address, device identifiers (such as the IMEI number for phones), regional and language settings, and information about WLAN access points near your device. 
  • Error reports and performance data. Data about the performance of the products and any problems you experience, including error reports. Error reports can include details of the software or hardware related to an error, contents of files opened when an error occurred, and data about your device. 
  • Troubleshooting and help data. Data you provide when you contact Benafica for help, such as the products you use, and other details that help us provide support. For example, contact or authentication data, the content of your chats and other communications with Benafica, data about the condition of your device, and the products you use related to your help inquiry. When you contact us, such as for customer support, phone conversations or chat sessions with our representatives may be monitored and recorded.  
• Searches and commands. Search queries and commands when you use Benafica products with search or related productivity functionality. 
• Text, inking, and typing data. Text, inking, typing data and related information. For example, when we collect inking data, we collect information about the placement of your inking instrument on your device. 
• Images. Images and related information, such as picture metadata. For example, we collect the images you provide. 
• Contacts and relationships. Data about your contacts and relationships if you use a product to share information with others, manage contacts, communicate with others, or improve your productivity. 
• Social data. Information about your relationships and interactions between you, other people, and organizations, such as types of engagement (e.g., likes, dislikes, events, etc.) related to people and organizations. 
• Location data. Data about your device’s location, which can be either precise or imprecise. For example, we collect location data using Global Navigation Satellite System (GNSS) (e.g., GPS) and data about nearby cell towers and Wi-Fi hotspots. Location can also be inferred from a device’s IP address or data in your account profile that indicates where it is located with less precision, such as at a city or postal code level.
• Content. Content we collect when providing products to you include:
  • Communications, including audio, video, text (typed, inked, dictated, or otherwise), in a message, email, call, meeting request, or chat.
  • Photos, images, and other media or documents you store retrieve, or otherwise process with our cloud.

Video or recordings. Recordings of events and activities at Benafica buildings, retail spaces, and other locations. If you enter a Benafica office location or other facilities or attend a Benafica or partner event that is recorded, we may process your image and voice data.

Feedback and ratings. Information you provide to us and the content of messages you send to us, such as feedback, survey data, and product reviews you write.

Traffic data. Data generated through your use of Benngi’s communications services. Traffic data indicates with whom you have communicated and when your communications occurred. We will process your traffic data only as required to provide, maintain, and improve our communications services and we do so with your consent.

Product-specific sections below describe data collection practices applicable to use of those products.

– Back to top –

3. How we use personal data

Benafica uses the data we collect to provide you a rich, interactive experience. In particular, we use date to:

• Provide and administer our products, which includes updating, securing, and troubleshooting, as well as providing support. It also includes sharing data, when it is required to provide the service or carry out the transactions you request.
• Improve and develop our products.
• Personalize our products and make recommendations.
• Advertise and market to you, which includes sending promotional communications, targeting advertising, and presenting you relevant offers.

We also use the data to operate our business, which includes analyzing our performance, meeting our legal obligations, developing our workforce, and doing research.

For these purposes, we combine data we collect from different contexts (for example, from your use of multiple Benafica products) to make personalized recommendations.

Our processing of personal data for these purposes includes both automated and manual (human) methods of processing. Our automated methods often are related to and supported by our manual methods. For example, our automated methods include artificial intelligence (AI), which we think of as a set of technologies that enable computers to perceive, learn, reason, and assist in decision-making to solve problems in ways that are similar to what people do. To build, train, and improve the accuracy of our automated methods of processing (including AI), we manually review some of the predictions and inferences produced by the automated methods against the underlying data from which the predictions and inferences were made. This manual review may be conducted by Benafica employees or vendors who are working on Benafica’s behalf.

When we process personal data about you, we do so with your consent and/or as required to provide the products you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests of Benafica as described in this section and in the Reasons we share personal data section of this privacy statement. When we transfer personal data from the European Economic Area, we do so based on a variety of legal mechanisms, as described in the Where we store and process personal data section of this privacy statement.

While Benafica does not share your health information with outside entities, an individual with a BenngiHealth account may chose to form a Family Group and share health related information with the people in their family group. While the term Family Group is commonly used, it does not require people in such a group be family members. Instead the term is used in a communal sense to include people in your life that participate in your well-being. Your ability to share health information about yourself to others is controlled by you, and you are responsible in full for any breach of privacy related to this information. If you chose to record information about another person, not including dependent children, you do so at the express permission of the other person. The age when children are considered adults and are able to act as adults varies according to the jurisdiction and the subject matter. Often times for insurance the age of an adult is considered to be 18, 21, or 26. From a medical viewpoint children are considered adults at the age of 13.

More on the purposes of processing:

• Provide our products. We use data to operate and administer our products and provide you with rich, interactive experiences. For example, we process the documents you upload to Benngi to enable you to retrieve, delete, edit, forward, or otherwise process it, at your direction as part of the service. Or, for example, if you enter a search query, we use that query to display search results to you. Additionally, as communications are a feature of various products, programs, and activities, we use data to contact you. For example, we may contact you by phone or email or other means to inform you when a subscription is ending or discuss your licensing account. We also communicate with you to secure our products, for example by letting you know when product updates are available.
• Product improvement. We use data to continually improve our products, including adding new features or capabilities. For example, we use error reports to improve security features, search queries and clicks in Benngi to improve the relevancy of the search results, and usage data to determine what new features to prioritize.
• Personalization. Many products include personalized features, such as recommendations that enhance your productivity and ease of use. These features use automated processes to tailor your product experiences based on the data we have about you, such as inferences we make about you and your use of the product, activities, interests, and location. Many of our products provide controls to disable personalized features.
• Product activation. We use data—such as device and application type, location, and unique device, application, network, and subscription identifiers—to activate products that require activation.
• Product development. We use data to develop new products. For example, we use data, often de-identified, to better understand our customers’ computing and productivity needs which can shape the development of new products.
• Customer support. We use data to troubleshoot and diagnose product problems, repair customers’ devices, and provide other customer care and support services, including to help us provide, improve, and secure the quality of our products, services, and training, and to investigate security incidents. Call recording data may also be used to authenticate or identify you based on your voice to enable Benafica to provide support services and investigate security incidents.
• Help secure and troubleshoot. We use data to help secure and troubleshoot our products. This includes using data to protect the security and safety of our products and customers, detecting malware and malicious activities, troubleshooting performance and compatibility issues to help customers get the most out of their experiences, and notifying customers of updates to our products. This may include using automated systems to detect security and safety issues.
• Safety. We use data to protect the safety of our products and our customers. Our security features and products can notify users if malicious activity is discovered on their account. We reserve the right to block delivery of a communication or remove content if it violates our terms.
• Updates. We use data we collect to develop product updates and security patches. For example, we may use information about your device’s capabilities, such as available memory, to provide you a software update or security patch. Updates and patches are intended to maximize your experience with our products, help you protect the privacy and security of your data, provide new features, and evaluate whether your device is ready to process such updates.
• Promotional communications. We use data we collect to deliver promotional communications. You can sign up for email subscriptions and choose whether you wish to receive promotional communications from Benafica by email, SMS, physical mail, and telephone. For information about managing your contact data, email subscriptions, and promotional communications, see the How to access and control your personal data section of this privacy statement.
• Relevant offers. Benafica uses data to provide you with relevant and valuable information regarding our products. We analyze data from a variety of sources to predict the information that will be most interesting and relevant to you and deliver such information to you in a variety of ways. For example, we may predict your interest in gaming and communicate with you about new games you may like.
• Advertising. Benafica does not use what you say in email, chat, video calls, or voice mail, or your documents, photos, or other personal files to target ads to you. We use data we collect through our interactions with you, through some of our products, and on third-party web properties, for advertising in our products and on third-party properties. We may use automated processes to help make advertising more relevant to you. For more information about how your data is used for advertising, see the Advertising section of this privacy statement.
• Prize promotions and events. We use your data to administer prize promotions and events. For example, if you enter into a prize promotion, we may use your data to select a winner and provide the prize to you if you win.
• Transacting commerce. We use data to carry out your transactions with us. For example, we process payment information to provide customers with product subscriptions and use contact information to deliver goods purchased.
• Reporting and business operations. We use data to analyze our operations and perform business intelligence. This enables us to make informed decisions and report on the performance of our business.
• Protecting rights and property. We use data to detect and prevent fraud, resolve disputes, enforce agreements, and protect our property. For example, we use data to confirm the validity of software licenses to reduce piracy. We may use automated processes to detect and prevent activities that violate our rights and the rights of others, such as fraud.
• Legal compliance. We process data to comply with law. For example, we use the age of our customers to assist us in meeting our obligations to protect children’s privacy. We also process contact information and credentials to help customers exercise their data protection rights.
• Research. With appropriate technical and organizational measures to safeguard individuals’ rights and freedoms, we use data to conduct research, including for public interest and scientific purposes.

– Back to top –

4. Reasons we share personal data

We share your personal data with your consent or as necessary to complete any transaction or provide any product you have requested or authorized. For example, we share your content with third parties when you tell us to do so, such as when you link accounts with another service or use the BenngiHealth sharing feature with another user. If you use a Benafica product provided by an organization you are affiliated with, such as an employer or school, or use an email address provided by such organization to access Benafica products, we share certain data, such as interaction data and diagnostic data to enable your organization to manage the products. When you provide payment data to make a purchase or to receive payment on a reimbursement claim, we will share payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction.

We share personal data with vendors or agents working on our behalf for the purposes described in this statement. For example, companies we’ve hired to provide customer service support or assist in protecting and securing our systems and services may need access to personal data to provide those functions. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose. We may also disclose personal data as part of a corporate transaction such as a merger or sale of assets.

Finally, we will retain, access, transfer, disclose, and preserve personal data, including your content when we have a good faith belief that doing so is necessary to do any of the following:

• Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.
• Protect our customers, for example, to prevent spam or attempts to defraud users of our products, or to help prevent the loss of life or serious injury of anyone.
• Operate and maintain the security of our products, including preventing or stopping an attack on our computer systems or networks.
• Protect the rights or property of Benfica, including enforcing the terms governing the use of the services—however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Benafica, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.

Please note that some of our products include links to or otherwise enable you to access products of third parties whose privacy practices differ from those of Benafica. If you provide personal data to any of those products, your data is governed by their privacy policies.

– Back to top –

5. How to access and control your personal data

You can also make choices about the collection and use of your data by Benafica. You can control your personal data that Benafica has obtained, and exercise your data protection rights, by contacting Benafica or using various tools we provide. In some cases, your ability to access or control your personal data will be limited, as required or permitted by applicable law. How you can access or control your personal data will also depend on which products you use. For example, you can:

• Control the use of your data for interest-based advertising from Benafica by visiting our Marketing opt out page.
• Choose whether you wish to receive promotional emails, SMS, telephone calls, and postal mail from Benafica.

Not all personal data processed by Benafica can be accessed or controlled. If you want to access or control personal data processed by Benafica that is not available via the tools above or directly through the Benafica products and services you use, you can always contact Benafica at the address in the How to Contact Us section or by using our web form. We will respond to requests to control your personal data as required by applicable law.

You can access and control your personal data that Benafica has obtained by contacting Benafica. For instance:

• If Benafica obtained your consent to use your personal data, you can withdraw that consent at any time.
• You can request access to, erasure of, and updates to your personal data.
• If you’d like to port your data elsewhere, you can use tools Benafica provides to do so, or if none are available, you can contact Benafica for assistance.

You can also object to or restrict the use of your personal data by Benafica. For example, you can object at any time to our use of your personal data:

• For direct marketing purposes.
• Where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party.

You may have these rights under applicable laws, including the EU General Data Protection Regulation (GDPR), but we offer them regardless of your location. In some cases, your ability to access or control your personal data will be limited, as required or permitted by applicable law.

If your organization, such as your employer, school, or service provider, provides you with access to and is administering your use of Benafica products, contact your organization to learn more about how to access and control your personal data.

You can access and control your personal data that Benafica has obtained, and exercise your data protection rights, using various tools we provide. The tools most useful to you will depend on our interactions with you and your use of our products. Here is a general list of tools we provide to help you control your personal data; specific products may provide additional controls.

• Benngi account. If you wish to access, edit, or remove the profile information and payment information in your Benngi account, change your password, add security information or close your account, you can do so by logging into your Benafica Benngi account.
• Stored Documents. You can view, download, and delete your files and photos in your Documents by signing into your Benngi account.

Not all personal data processed by Benafica can be accessed or controlled via the tools above. If you want to access or control personal data processed by Benafica that is not available via the tools above or directly through the Benafica products you use, you can always contact Benafica at the address in the How to Contact Us section or by using our Benafica Support web form. We will respond to requests to control your personal data as required by applicable law.

Your communication preferences

You can choose whether you wish to receive promotional communications from Benafica by email, SMS, physical mail, and telephone. If you receive promotional email or SMS from us and would like to opt out, you can do so by following the directions in that message. You can also make choices about the receipt of promotional email, telephone calls, and postal mail by using the Marketing Opt-Out Page.

Your advertising choices

To opt out of receiving interest-based advertising from Benafica, visit our Marketing opt out page. When you opt out, your preference is stored in a cookie that is specific to the web browser you are using. The opt-out cookie has an expiration date of five years. If you delete the cookies on your device, you need to opt out again. Because the data used for interest-based advertising is also used for other required purposes (including providing our products, analytics, and fraud detection), opting out of interest-based advertising does not stop that data collection. You will continue to get ads, although they may be less relevant to you.

You can opt out of receiving interest-based advertising from third parties we partner with by visiting their sites (see above).

Browser-based controls

When you use a browser, you can control your personal data using certain features. For example:

• Cookie controls. You can control the data stored by cookies and withdraw consent to cookies by using the browser-based cookie controls described in the Cookies section of this privacy statement.
• Tracking protections. You can control the data third-party sites can collect about you using Tracking Protection in Internet Explorer (versions 9 and up) and Microsfoft Edge. This feature will block third-party content, including cookies, from any site that is listed in a Tracking Protection List you add.
• Browser controls for “Do Not Track.” Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked.

– Back to top –

6. Cookies and similar technologies

Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. This data often consists of a string of numbers and letters that uniquely identifies your computer, but it can contain other information as well. Some cookies are placed by third parties acting on our behalf. We use cookies and similar technologies to store and honor your preferences and settings, enable you to sign-in, provide interest-based advertising, combat fraud, analyze how our products perform, and fulfill other legitimate purposes described below.

Benafica apps use additional identifiers, such as the advertising ID in Windows, for similar purposes, and many of our websites and applications also contain web beacons or other similar technologies, as described below.

Our use of cookies and similar technologies

Benafica uses cookies and similar technologies for several purposes, depending on the context or product, including:

• Storing your preferences and settings. We use cookies to store your preferences and settings on your device, and to enhance your experiences.

Sign-in and authentication.

We use cookies to authenticate you. When you sign in to a Benafica software product, we store a unique ID number, and the time you signed in, in an encrypted cookie on your device. This cookie allows you to move from page to page within the site without having to sign in again on each page. You can also save your sign-in information so you do not have to sign in each time you return to the site.

• Security. We use cookies to process information that helps us secure our products, as well as detect fraud and abuse.
• Storing information you provide to Benngi. We use cookies to remember information you shared.
• Showing advertising. Benafica uses cookies to record how many visitors have clicked on an advertisement and to record which advertisements you have seen, for example, so you do not see the same one repeatedly.
• Analytics. We use first data. For example, we use cookies to count the number of unique visitors to a web page or service and to develop other statistics about the operations of our products.
• Performance. Benafica uses cookies to understand and improve how our products perform. For example, we use cookies to gather data that helps with load balancing; this helps us keep our websites up and running.

How to control cookies

Most web browsers automatically accept cookies but provide controls that allow you to block or delete them. For more information about how to delete your cookies see your browser’s instructions.

Where required, we obtain your consent before placing optional cookies that are not (i) strictly necessary to provide the website or (ii) for the purpose of facilitating a communication.

Our use of web beacons and analytics services

Some Benafica webpages contain electronic tags known as web beacons that we use to help deliver cookies on our websites, count users who have visited those websites, and deliver co-branded products. We also include web beacons or similar technologies in our electronic communications to determine whether you open and act on them.

In addition to placing web beacons on our own websites, we sometimes work with other companies to place our web beacons on their websites or in their advertisements. For Example, this helps us to develop statistics on how often clicking on an advertisement on a Benafica website results in a purchase or other action on the advertiser’s website. It also allows us to understand your activity on the website of a Benafica partner in connection with your use of a Benafica product or service.

– Back to top –

7. Products provided by your organization – notice to end users

If you use a Benafica product with an account provided by an organization you are affiliated with, such as your work or school account, that organization can:

• Control and administer your Benafica product and product account, including controlling privacy-related settings of the product or product account.
• Access and process your data, including the interaction data, diagnostic data, and the contents of your communications and files associated with your Benafica product and product accounts.

If you lose access to your work or school account (in event of change of employment, for example) or through a Family Group account, you may lose access to products and the content associated with those products, including those you acquired on your own behalf, if you used your work or school account to sign in to such products. BenngiHealth can be re-activated as an individual account if you choose to become a direct pay client.

Many Benafica products are intended for use by organizations, such as schools and businesses. If your organization provides you with access to Benafica products, your use of the Benafica products is subject to your organization’s policies, if any. You should direct your privacy inquiries, including any requests to exercise your data protection rights, to your organization’s administrator. When you use social features in Benafica products, other users in your network may see some of your activity. To learn more about the social features and other functionality, please review documentation or help content specific to the Benafica product. Benafica is not responsible for the privacy or security practices of our customers, which may differ from those set forth in this privacy statement.

When you use a Benafica product provided by your organization, Benafica’s processing of your personal data in connection with that product is governed by a contract between Benafica and your organization. Benafica processes your personal data to provide the product to your organization and you. As mentioned above, if you have questions about Benafica’s processing of your personal data in connection with providing products to your organization, please contact your organization. If you have questions about Benafica’s business operations in connection with providing products to your organization as provided in the Product Terms, please contact Benafica as described in the How to Contact Us.

Benafica account

With a Benafica Benngi account, you can sign in to Benafica Benngi products, as well as those of select Benafica partners. Personal data associated with your Benafica account includes credentials, name and contact data, payment data, device and usage data, and if provided and relevant your dependents, and information about your healthcare and insurance. Signing in to your Benafica account enables personalization, consistent experiences across products and devices, permits you to use cloud data storage, allows you to make payments using payment instruments stored in your Benafica account, and enables other features.

There are three types of Benafica account:

• When you create your own Benafica account tied to your personal email address, we refer to that account as a Benafica Personal account.
• When you or your organization (such as an employer or your school) create your Benafica account tied to your email address provided by that organization, we refer to that account as a Benafica Work account.
• When you access Benafica products or services because you are a member of a Benafica Family Group. A Benafica Family Group exists when you are a dependent family member of a person who has a Benafica Personal account or a Benafica Work account. Family Groups are common place for the purpose of accessing insurance. Developing or being a part of a BenngiHealth Family Group with the purpose of documenting health related information for the purpose of recordkeeping or assisting with the care of a family member or friend requires everyone in the Family Group to adhere to this privacy statement.

Personal Benafica accounts. The data associated with your personal Benafica account, and how that data is used, depends on how you use the account.

• Creating your Benafica account. When you create a personal Benafica account, you will be asked to provide certain personal data and we will assign a unique ID number to identify your account and associated information. Some data you provide, such as your display name, email address, and phone number, can be used to help others find and connect with you within Benafica products.
• Signing in to Benafica Benngi account. When you sign in to your Benafica account, we create a record of your sign-in, which includes the date and time, information about the product you signed in to, your sign-in name, the unique number assigned to your account, a unique identifier assigned to your device, your IP address, and your operating system and browser version.
• Signing in to Benafica products. Signing into your account enables improved personalization, provides seamless and consistent experiences across products and devices, permits you to access and use cloud data storage, allows you to make or receive payments using payment instruments stored in your Benafica account, and enables other enhanced features and settings. When you sign into your account, you will stay signed in until you sign out.
• Signing in to third-party products. If you sign into a third-party product with your Benafica account, you will share data with the third party in accordance with the third party’s privacy policy. The third party will also receive the version number assigned to your account (a new version number is assigned each time you change your sign-in data); and information that describes whether your account has been deactivated. If you share your profile data, the third party can display your name or username and your profile photo (if you have added one to your profile) when you are signed in to that third-party product. If you chose to make payments to third-party merchants using your Benafica Benngi account, Benafica will pass information stored in your Benafica Benngi account to the third party or its vendors (e.g., payment processors) as necessary to process your payment and fulfill your order (such as name, credit card number, billing and shipping addresses, and relevant contact information). The third party can use or share the data it receives when you sign in or make a purchase according to its own practices and policies. You should carefully review the privacy statement for each product you sign in to and each merchant you purchase from to determine how it will use the data it collects.

Benafica Work and Benafica Family accounts. The data associated with a work account or a family account, and how it will be used, is generally similar to the use and collection of data associated with a personal Benafica account.

If you sign in to Benafica products with a work or family account, note:

• The owner of the domain associated with your email address may control and administer your account, and access and process your data, including the contents of your communications and files, including data stored in products provided to you by your organization.
• Your use of the products is subject to your organization’s policies, if any. You should consider both your organization’s policies and whether you are comfortable enabling your organization to access your data before you choose to use your work or school account to sign into products you acquire for yourself.
• If you lose access to your work or family group account (if you change employers, for example), you may lose access to products, including content associated with those products, you acquired on your own behalf if you used your work or school account to sign into such products. You may reinstate your BenngiHealth account as a direct pay customer and continue to access the information in your Medical Vault.
• Benafica is not responsible for the privacy or security practices of your organization or within your Family Group account, which may differ from those of Benafica.
• If your organization is administering your use of Benafica products, please direct your privacy inquiries, including any requests to exercise your data subject rights, to your administrator. See also the notice to end users section of this privacy statement.
• If you are uncertain whether your account is a work or school account or a family group account, please contact your organization or the individual who controls your family group account.

Third-party accounts. The data associated with a third-party Benafica account, for example accounts at insurance companies for a policy obtained through using Benafica’s services, and how it will be used, is generally similar to the use and collection of data associated with a personal Benafica account. Your service provider has control over your account, including the ability to access or delete your account. You should carefully review the terms the third party provided you to understand what it can do with your account.

– Back to top –

8. Collection of data from children

When a Benafica product collects age, and there is an age in your jurisdiction under which parental consent or authorization is required to use the product, the product will either block users under that age or will ask them to provide consent or authorization from a parent or guardian before they can use it. We will not knowingly ask children under that age to provide more data than is required to provide for the product.

Once parental consent or authorization is granted, the child’s account is treated much like any other account.

Parents or guardians can change or revoke the consent choices previously made, and review, edit, or request the deletion of the personal data of the children for whom they provided consent or authorization. As the organizer of a Benafica family group, the parent or guardian can manage a child’s information and settings.

Accessing child data. As the organizer of a Benafica family group, a parent can view and delete a child’s data on their Profile Dashboard. The dashboard allows you to review your child’s personal information, have it deleted, and refuse to permit further collection or use of your child’s information.

If you collect health care data regarding a child, you may only share that child data with person who is entitled by law to see and access that data. This is at your discretion, and we ask you exercise this discretion with extreme caution. Whether you keep your child health data manually on paper or electronically using BenngiHealth, the same privacy standards apply that guard and protect children’s health information.

– Back to top –

9. Security of personal data

Benafica is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. For example, we store the personal data you provide on computer systems that have limited access and are in controlled facilities. When we transmit highly confidential data (such as a credit card number or password) over the internet, we protect it through the use of encryption. Benafica complies with applicable data protection laws, including applicable security breach notification laws.

– Back to top –

10. Where we store and process personal data

Personal data collected by Benafica may be stored and processed in your region, in the United States, and in any other country where Benafica or its affiliates, subsidiaries, or service providers operate facilities.

We transfer personal data from the European Economic Area, the United Kingdom, and Switzerland to other countries, some of which have not yet been determined by the European Commission to have an adequate level of data protection. For example, their laws may not guarantee you the same rights, or there may not be a privacy supervisory authority there that is capable of addressing your complaints. When we engage in such transfers, we use a variety of legal mechanisms, including contracts such as the standard contractual clauses published by the European Commission under Commission Implementing Decision 2021/914, to help protect your rights and enable these protections to travel with your data. To learn more about the European Commission’s decisions on the adequacy of the protection of personal data in the countries where Benafica processes personal data, see this article on the European Commission website.

Benafica, LLC complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States, although Benafica does not rely on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of personal data in light of the judgment of the Court of Justice of the EU in Case C-311/18. If third-party agents process personal data on our behalf in a manner inconsistent with the principles of either Privacy Shield framework, we remain liable unless we prove we are not responsible for the event giving rise to the damage.

If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

Individuals whose personal data is protected by Japan’s Act on the Protection of Personal Information should refer to the article on the Japanese Personal Information Protection Commission’s website (only published in Japanese) for more information on the Commission’s review of certain countries’ personal data protection systems.

– Back to top –

11. Our retention of personal data

Benafica retains personal data for as long as necessary to provide the products and fulfill the transactions you have requested, or for other legitimate purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types, the context of our interactions with you or your use of products, actual retention periods can vary significantly.

Other criteria used to determine the retention periods include:

• Do customers provide, create, or maintain the data with the expectation we will retain it until they affirmatively remove it? Examples include a document you store in Benngi. In such cases, we would aim to maintain the data until you actively delete it. (Note that there may be other reasons why the data has to be deleted sooner, for example if you exceed limits on how much data can be stored in your account.)
• Is there an automated control, such as in the Benafica privacy dashboard, that enables the customer to access and delete the personal data at any time? If there is not, a shortened data retention time will generally be adopted.
• Is the personal data of a sensitive type? If so, a shortened retention time would generally be adopted.
• Has the user provided consent for a longer retention period? If so, we will retain data in accordance with your consent.
• Benafica subject to a legal, contractual, or similar obligation to retain or delete the data? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data retained for the purposes of litigation. Conversely, if we are required by law to remove unlawful content, we will do so.

– Back to top –

12. California Consumer Privacy Act

If you are a California resident, we process your personal data in accordance with the California Consumer Privacy Act (CCPA). This CCPA section of our Privacy Statement contains information required by the CCPA and supplements our Privacy Statement.

Sale. We do not sell your personal data. So, we do not offer an opt out to the sale of personal data.

Rights. You have the right to request that we (i) disclose what personal data we collect, use, disclose, and sell and (ii) delete your personal data. You may make these requests yourself or through an authorized agent.

If you have a Benafica account, you must exercise your rights through the Benafica Profile dashboard, which requires you to log in to your Benafica account. If you have an additional request or questions after using the dashboard, you may contact Benafica at the address in the How to Contact Us section, use our web form, or call our US headquarters 651-287-3253. We will respond to requests as required by applicable law. If you do not have an account, you may exercise your rights by contacting us as described above. We may ask for additional information, such as your country of residence, email address, and phone number, to validate your request before honoring the request.

You have a right not to receive discriminatory treatment if you exercise your CCPA rights. We will not discriminate against you if you exercise your CCPA rights.

Personal Information Processing

In the bulleted list below, we outline the categories of personal data we collect, the sources of the personal data, our purposes of processing, and the categories of third-party recipients with whom we share the personal data. For a description of the data included in each category, please see the personal data we collect section.

Categories of Personal

• Data Name and contact data
  • Sources of personal data: Interactions with users and partners with whom we offer co-branded services
  • Purposes of Processing (Collection and Sharing with Third Parties): Provide our products; respond to customer questions; help, secure, and troubleshoot; and marketing
  • Recipients: Service providers and user-directed entities
• Credentials
  • Sources of personal data: Interactions with users and organizations that represent users
  • Purposes of Processing (Collection and Sharing with Third Parties): Provide our products; authentication and account access; and help, secure and troubleshoot
  • Recipients: Service providers and user-directed entities
• Demographic data
  • Sources of personal data: Interactions with users and purchases from data brokers Purposes of Processing (Collection and Sharing with Third Parties): Provide and personalize our products; product development; help, secure, and troubleshoot; and marketing
  • Recipients: Service providers and user-directed entities
• Payment data
  • Sources of personal data: Interactions with users and financial institutions Purposes of Processing (Collection and Sharing with Third Parties): Transact commerce; process transactions; fulfill orders; help, secure, and troubleshoot; and detect and prevent fraud
  • Recipients: Service providers and user-directed entities
• Subscription and licensing data
  • Sources of personal data: Interactions with users and organizations that represent users
  • Purposes of Processing (Collection and Sharing with Third Parties): Provide, personalize, and activate our products; customer support; help, secure, and troubleshoot; and marketing
  • Recipients: Service providers and user-directed
• entities Interactions
  • Sources of personal data: Interactions with users including data Benafica generates through those interactions regarding insurance and health aliments and information.
  • Purposes of Processing (Collection and Sharing with Third Parties): Provide and personalize our products; product improvement; product development; marketing; and help, secure and troubleshoot
  • Recipients: Service providers and user-directed entities
• Content
  • Sources of personal data: Interactions with users and organizations that represent users
  • Purposes of Processing (Collection and Sharing with Third Parties): Provide our products; safety; and help, secure, and troubleshoot
  • Recipients: Service providers and user-directed entities
• Video or recordings
  • Sources of personal data: Interactions with users and publicly available sources Purposes of Processing (Collection and Sharing with Third Parties): Provide our products; product improvement; product development; marketing; help, secure, and troubleshoot; and safety
  • Recipients: Service providers and user-directed entities
• Feedback and ratings
  • Sources of personal data: Interactions with users
  • Purposes of Processing (Collection and Sharing with Third Parties): Provide our products; product improvement; product development; customer support; and help, secure, and troubleshoot
  • Recipients: Service providers and user-directed entities

While the bulleted list above contains the primary sources and purposes of processing for each category of personal data, we also collect personal data from the sources listed in the Personal data we collect section, such as developers who create experiences through or for Benafica products. Similarly, we process all categories of personal data for the purposes described in the How we use personal data section, such as meeting our legal obligations, developing our workforce, and doing research.

Disclosures of personal data for business or commercial purposes. As indicated in the Reasons we share personal data section, we share personal data with third parties for various business and commercial purposes. The primary business and commercial purposes for which we share personal data are the purposes of processing listed in the table above. However, we share all categories of personal data for the business and commercial purposes in the Reasons we share personal data section.

See the CCPA Notice for additional information.

– Back to top –

13. Advertising

Advertising allows us to provide, support, and improve some of our products. Benafica does not use what you say in email, chat, video calls or voice mail, or your documents, photos, or other personal files to target ads to you. We use other data, detailed below, for advertising in our products and on third-party properties. For example:

• Benafica may use data we collect to select and deliver some of the ads you see on Benafica web properties.
• When the advertising ID is enabled in Windows as part of your privacy settings, third parties can access and use the advertising ID (much the same way that websites can access and use a unique identifier stored in a cookie) to select and deliver ads in such apps.
• We may share data we collect with partners so that the ads you see in our products and their products are more relevant to you.
• Advertisers may choose to place our web beacons on their sites, or use similar technologies, in order to allow Benafica to collect information on their sites such as activities, purchases, and visits; we use this data on behalf of our advertising customers to provide ads.

The ads that you see may be selected based on data we process about you, such as your interests and favorites, your location, your transactions, how you use our products, your search queries, or the content you view.

The ads that you see may also be selected based on other information learned about you over time using demographic data, location data, search queries, interests and favorites, usage data from our products and sites, and the information we collect about you from the sites and apps of our advertisers and partners. We refer to these ads as “personalized advertising” in this statement. To provide personalized advertising, we combine cookies placed on your device using information that we collect (such as IP address) when your browser interacts with our websites. If you opt out of receiving personalized advertising, data associated with these cookies will not be used.

Further details regarding our advertising-related uses of data include:

• Advertising industry best practices and commitments. Benafica adheres to the NAI Code of Conduct. We also adhere to the following self-regulatory programs:
  • In the US: Digital Advertising Alliance (DAA)
  • In Europe: European Interactive Digital Advertising Alliance (EDAA)
  • In Canada: Ad Choices: Digital Advertising Alliance of Canada (DAAC) / Choix de Pub: l’Alliance de la publicité numérique du Canada (DAAC)
• Health-related ad targeting. In the United States, we provide personalized advertising based on a limited number of standard, non-sensitive health-related interest categories, including allergies, arthritis, cholesterol, cold and flu, diabetes, gastrointestinal health, headache / migraine, healthy eating, healthy heart, men’s health, oral health, osteoporosis, skin health, sleep, and vision / eye care. We will also personalize ads based on custom, non-sensitive health-related interest categories as requested by advertisers.
• Children and advertising. We do not deliver personalized advertising to children whose birthdate in their Benafica account identifies them as under 18 years of age.
• Data retention. For personalized advertising, we retain data for no more than 13 months, unless we obtain your consent to retain the data longer.
• Data sharing. In some cases, we share with advertisers reports about the data we have collected on their sites or ads.

Data collected by other advertising companies. Advertisers sometimes include their own web beacons (or those of their other advertising partners) within their advertisements that we display, enabling them to set and read their own cookie. Additionally, Benafica partners with third-party ad companies to help provide some of our advertising services, and we also allow other third-party ad companies to display advertisements on our sites.

– Back to top –

14. Preview or free-of-charge releases

Benafica offers preview, insider, beta or other free-of-charge products and features (“previews”) to enable you to evaluate them while providing Benafica with data about your use of the product, including feedback and device and usage data. As a result, previews can automatically collect additional data, provide fewer controls, and otherwise employ different privacy and security measures than those typically present in our products. If you participate in previews, we may contact you about your feedback or your interest in continuing to use the product after general release.

– Back to top –

15. Changes to this privacy statement

We update this privacy statement when necessary to provide greater transparency or in response to:

• Feedback from customer, regulators, industry, or other stakeholders.
• Changes in our products.
• Changes in our data processing activities or policies.

If there are material changes to the statement, such as a change to the purposes of processing of personal data that is not consistent with the purpose for which it was originally collected, we will notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to periodically review this privacy statement to learn how Benafica is protecting your information.

– Back to top –

16. Location services and recordings

Location service. Benafica operates a location service that helps determine the precise geographic location of a specific device. Depending on the capabilities of the device, the device’s location can be determined with varying degrees of accuracy and may in some cases be determined precisely. When you have enabled location on a Windows device, or you have given permission for Benafica apps to access location information on non-Windows devices, data about cell towers and Wi-Fi access points and their locations is collected by Benafica and added to the location database after removing any data identifying the person or device from which it was collected.

– Back to top –

17. Security and safety features

Device encryption: Device encryption helps protect the data stored on your device by encrypting it. We strongly recommend you have device encryption on any device that runs Benafica products.

Malicious Software Removal Tool: Benafica strongly recommends that you check your devices regularly, at least monthly, for malicious software using a malicious software removal tool.

Sharing of Passwords and Accounts: It is prohibited to share the passwords from your Benafica products.

18. Returns and refunds

Benafica offers Third Party Administrative (TPA) Services in the Insurance Industry. A rough outline of our services is not limited to but including: Third Party Billing, collection, and remittance of premiums for specific insurance products, administrative services for benefit enrollments, applications, and customer service, limited insurance claim assistance and administration, and lastly very limited Software as a Service, (SaaS) services if specified in contracting with our clientele.

Benafica’s clients will not purchase actual retail products from Benafica, but rather the services to administer the products on behalf of retail entities. Due to our nature as a TPA, Benafica will not offer Refunds or Returns for these products that are sold, rather the company of which the product belongs will offer their own terms and conditions for refunds and returns.

For Benafica’s own services, we will not offer refunds and returns, however any contractual obligation will offer a termination of services and next steps thereafter.