Effective Date: June 10, 2021
Last Modified: November 10, 2023
Introduction
BenePass, Inc., a Delaware corporation (“Company,” “we” or “our”), respects your privacy and is committed to protecting it through our compliance with this privacy policy.
This policy describes the types of information we may collect from you or that you may provide by any of the means listed below and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies to information we collect:
- On our website, http://www.getbenepass.com, or related websites operated by the Company in connection with our services (collectively, the “Website”).
- In email, text, and other electronic messages between you and the Company or any of its representatives or agents.
- Through one of the Company’s web applications or mobile applications, which may also include administrator dashboards, accessed through or downloaded from the Website or a third-party mobile application marketplace (collectively, the “Apps”), which may provide non-browser-based interaction between you and the Company or the Website.
It does not apply to information collected by:
- Us offline or through any other means, including on any other website operated by the Company, its affiliates, or any third-party the Company utilizes, directly or indirectly, for user communications or for hosting and collecting data from online forms; or
- Any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on the Website.
Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website or our Apps; however, because we are hired by and work with employers, you may need to speak with your employer to further limit information your employer shares with the Company. By accessing or using the Website or our Apps, you agree to this privacy policy. This policy may change from time to time. Your continued use of the Website and/or our Apps after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.
Children Under the Age of 16
Our Website is not intended for children under 16 years of age. No one under age 16 may provide any information to or on the Website. We do not knowingly collect personal data from children under 16. If you are under 16, do not use or provide any information on this Website or on or through any of its features. If we learn we have collected or received personal data from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us here.
California residents under 16 years of age may have additional rights regarding the collection and sale of their personal data.
Information We Collect About You and How We Collect It
We collect several types of information from and about users of our Website and/or Apps and through use of our services, including:
- Information about you and/or information by which you may be personally identified, such as (without limitation) name, date of birth, time zone, employment information, benefits, job title, postal address, e-mail address, mailing address, telephone number, social security number, or any identifier by which you may be contacted online or offline (collectively, the “personal data”).
- Financial information, including without limitation, payment card information, bank account information, transaction data, and receipts.
- Information about your internet connection, the equipment you use to access our Website or Apps, and usage details including logging to monitor usage, performance and other data.
We collect this information:
- Directly from you when you provide it to us and/or directly from your employer.
- Automatically as you navigate through the site and/or use one or more of the Apps and/or use the payment cards or services offered by Company. Information collected automatically may include usage details, payment card usage data, transaction data, IP addresses, and information collected through cookies.
Service Providers
We may employ third party companies and individuals to facilitate use of our Website and/or Apps (“Service Providers”), provide services on our behalf, perform Website- or Apps-related services or assist us in analyzing how our Website and Apps are used. These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Such Service Providers include, without limitation (such list is provided for illustrative purposes only):
- Data/Web Analytics: Google Analytics
Google Analytics is a web analytics service offered by Google Inc. (“Google”) that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en.
We also encourage you to review the Google’s policy for safeguarding your data: https://support.google.com/analytics/answer/6004245. - Behavioral Remarketing: Google Ads (AdWords)
The Company uses remarketing services to advertise to you on third party websites after you visit our Website. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Service. Google Ads (AdWords) remarketing service is provided by Google. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en.
You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads.
Google also recommends installing the Google Analytics Opt-out Browser Add-on for your web browser: https://tools.google.com/dlpage/gaoptout. The Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics. - Payments
We may provide functionality within our Website or Apps allowing or requiring payments from you. In that case, we use third-party services for payment processing (e.g., payment processors). We will not store or collect your payment details; that information is provided directly to our third-party payment processors whose use of your personal data is governed by their respective privacy policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands such as Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
Examples of payment processors we currently work with are:
Stripe — see https://stripe.com/us/privacy for Stripe’s Privacy Policy.
Plaid — see https://plaid.com/legal/#consumers for Plaid’s Privacy Policy.
Other Service Providers may include, among others, Amazon Web Services, Inc.; Unit Finance Inc.; JotForm Inc.; LogRocket, Inc.; New relic, Inc.; Retool Inc.; Segment.io, Inc.; Amplitude, Inc.; and SmartyStreets, LLC; Zendesk, Inc.
Information You Provide to Us
The information we collect on or through our Website or Apps may include:
- Information that you provide by filling in forms on our Website or Apps. This includes information provided at the time of registering to use our Website or Apps, signing in to our services, posting material, or requesting further services. We may also ask you for information when you report a problem with our Website or Apps or otherwise reach out to the Company for support.
- Records and copies of your correspondence (including email addresses), if you contact us.
Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with our Website or Apps, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Details of your visits to our Website or Apps, including traffic data, logs, and other communication data, and the resources that you access and use on the Website or Apps.
- Information about your device and internet connection, including your IP address (which may incidentally include location data), operating system, and browser type.
The information we collect automatically may include personal data. It helps us to provide and improve our Website and services, and to deliver a better and more personalized service, including by enabling us to:
- Estimate and analyze our audience size and usage patterns;
- Store information about your preferences, allowing us to customize our Website and Apps according to your individual interests;
- Speed up your searches;
- Recognize you when you return to our Website or Apps;
- Notify you about changes to our services;
- Allow you to participate in interactive features of our Website and Apps when you choose to do so;
- Provide customer support, detect and address technical issues, and monitor usage of our Website and Apps;
- Carry out our legal obligations and enforce our rights arising from any contracts that you enter into with us, including for billing and collection, if applicable;
- Provide you with notices about your account and/or subscription, including but not limited to expiration and renewal notices and email instructions, or news, special offers, and general information about goods, services and events that we offer;
- In any other way we may describe when you provide the information, or for any other purpose with your consent;
The technologies we use for this automatic data collection may include:
- Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
- Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Choices About How We Use and Disclose Your Information.
- Session Cookies. We use Session Cookies to operate our services.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
- Web Beacons. Pages of the Website, the Apps and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email, clicked through, or unsubscribed from an email list and for other related Website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal data:
- To present our Website and Apps, and their contents, to you;
- To provide you with information, products, or services that you request from us;
- To fulfill any other purpose for which you provide it;
- To provide you with notices about your account;
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
- To carry out our obligations and enforce our rights arising from any contracts entered into between your employer and us, including for billing and collection;
- To notify you about changes to our Website or any products or services we offer or provide though it;
- In any other way we may describe when you provide the information;
- For any other purpose to provide the services through our Website and Apps, or as otherwise required pursuant to agreement between the Company and your employer;
- For any other purpose with your consent;
Disclosure of Your Information
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
We may disclose personal data that we collect or you provide as described in this privacy policy:
- To our subsidiaries and affiliates;
- To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them;
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by the Company. about our Website or Apps users is among the assets transferred;
- To fulfill the purpose for which you provide it;
- For any other purpose disclosed by us when you provide the information;
- With your consent;
- As required by banking partners to satisfy KYC/CIP requirements.
We may also disclose your personal data:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request;
- To comply with other agreements, including our terms of use or for billing and collection purposes;
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others;
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal data you provide to us. We have created mechanisms to provide you with certain control over your information. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of the Website or Apps may then be inaccessible or not function properly.
Links to Other Sites
Our services may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
Data Security
We have implemented measures designed to secure your personal data from accidental loss and from unauthorized access, use, alteration and disclosure. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions and other collected information will be encrypted using SSL technology.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website or Apps, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Website or Apps. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website or Apps.
GDPR Data Protection Rights
If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights provided by the General Data Protection Regulation (GDPR). We aim to take reasonable steps to allow you to correct, amend, delete or limit the use of your personal data. If you are an EU resident and wish to learn what personal data we hold about you and/or wish to remove it from our systems, please contact us here. Please note that we may ask you to verify your identity before responding to any such requests. Your request to delete personal data may prevent us from providing some or all of our services to you, including provision of services within the Website or Apps.
The GDPR provides the following data protection rights in certain circumstances:
- The right to access, update or delete the personal data we possess from or about you.
- The right of rectification, which provides you the ability to correct personal data about you if that personal data is inaccurate or incomplete.
- The right to object, which provides you the ability to object to our processing of your personal data.
- The right of restriction, which provides you the ability to request that we restrict the processing of your personal data.
- The right to data portability, which provides you the ability to be provided with a copy of your personal data in a structured, machine-readable and commonly used format.
- The right to withdraw consent at any time where we rely on your consent to process your personal data.
If you are an EU resident, you also have the right to file a complaint with a Data Protection Authority about our collection and use of your personal data. For more information, please contact your local data protection authority within the EEA.
California Residents’ Data Protection Rights, including CCPA and CalOPPA
If you are a California resident, California law may provide you with additional rights regarding our use of your personal data.
We do not meet the minimum requirements obligating us to abide by the provisions of the California Consumer Privacy Act (“CCPA”). However, we voluntarily offer many of the protections of the CCPA. The categories of personal data that we collect are name, phone number, mailing address, e-mail address, social security number, banking and payment card information (including balances, but not including identifying card details – see the Service Providers section above), and employment information. We use these categories of personal data to fulfill orders made on our Website or Apps and to promote and provide our own goods and services to you.
We currently do not sell any of your personal data to third parties. We do disclose personal data as necessary to provide our services.
If you wish to opt out of any such disclosure of your personal data, please contact us here. However, please note that any such opt out may prevent us from fulfilling our obligations to you or otherwise providing services to you.
The California Online Privacy Protection Act (“CalOPPA”) requires commercial websites and online services to comply with a series of privacy protections. The provisions of this Privacy Policy comply with CalOPPA, as revised by California AB 370.
We do not currently disclose personal data to third parties for their direct marketing purposes. However, if you wish to request information about our disclosure of personal data to third parties for their direct marketing purposes in compliance with California’s “Shine the Light” law (Civil Code Section §1798.83), please contact us here. Please allow us 30 days for a response.
Data Retention Period
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Criteria for Determining Data Retention
In instances where a precise retention period cannot be specified, we determine the period of processing based on the following criteria: the nature and scope of our relationship with you, the type of data in question, the purposes for which the data is processed, the legal and regulatory obligations to retain the data for a certain period, and our operational retention requirements, including data security and business continuity.
Changes to Our Privacy Policy
It is our policy to post any changes we make to our privacy policy on this page. If we make material changes to how we treat our users’ personal data, we will notify you through a notice on the Website home page or through our Apps. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this privacy policy to check for any changes.
Contact Information
To ask questions or comment about this privacy policy and our privacy practices, contact us here.