Online Privacy Policy

HM Insurance Group’s Online Privacy Policy

At HM Insurance Group (HMIG)1, we take the issue of privacy very seriously. We want to assure Users of our company websites, social media tools, customer portals, and/or other online or digital resources (collectively “Consumer Platforms”) that the information collected and/or provided to us is secure and maintained in confidence, consistent with applicable state and federal laws, regulations, and corporate standards. “Users” means any individual visiting, using, and/or providing Personal Information via one of our Consumer Platforms. References to “you” or “your” in this online privacy policy mean individual Users. “Personal Information” means any individually identifiable information about a User, including, but not limited to demographic information such as name and date of birth, contact information such as address, phone number, and e-mail address, customer-related information such as account number or similar identifier, and digital presence information such as IP (internet protocol) address and cookie ID. Please read through the following pages, which describe the type of information we collect, how we use information, and our commitment to maintaining the privacy and security of information.

Please be advised that HMIG does not own or control all Consumer Platforms used by our customers. This means that HMIG does not manage data collection, use, or disclosure activities which may occur on platforms owned by a Non-affiliated Third Party2; however, we may receive information from the platform owner about Users who visit our resources located on their platform. For example, HMIG maintains a LinkedIn page, but we have no control over how LinkedIn collects, uses, or discloses information obtained from Users when they visit that HMIG page.

We cannot guarantee the security or confidentiality of Personal Information transmitted across Non-affiliated Third Party platforms that we do not own or control. For example, if a User initiates a message to HMIG through our LinkedIn page, LinkedIn may be able to view that content as the platform owner.

I. Information Collected
A. General

How you use a particular HMIG Consumer Platform will determine whether or not we collect Personal Information from you, and how much we collect. For some features, we may not require any Personal Information, nor will we ask questions about you. However, for others, we need to either verify your identity through a login process, or collect sufficient Personal Information to provide a response or to administer the service associated with that feature.

B. Secure messaging and feedback/inquiry forms
HMIG invites Users to contact us using secure messaging or feedback/inquiry forms available on our corporate-owned platforms regarding account questions or concerns, or inquiries about HMIG’s products or services. We may disclose Personal Information to contracted Service Providers3 to allow them to perform a service or function for which they have been engaged. The information provided through secure messages and feedback/inquiry forms will be used by HMIG or its contracted Service Providers to review and respond to Users’ communications and/or to help deliver products or services.

Users can also inquire about products and services offered by a Non-affiliated Third Party or Service Provider by clicking hyperlinks which may be located on our Consumer Platforms. These hyperlinks will then redirect to the Non-affiliated Third Party or Service Provider website. HMIG makes no representations or warranties regarding these websites, their content, or security. Users should review the online privacy policy of the Non-affiliated Third Party or Service Provider for information regarding their data collection, use, and disclosure practices.

C. Use of cookies
A cookie is a piece of information about an internet session that may be created when an individual accesses a website. Cookies can capture information such as your IP address, your internet browser and operating system type, the date and time you visit a website, session information such as page response times, your search history, your saved preferences and password information (if you elect to have a website remember this information), information about the referring URL (uniform resource locator) and the URL clickstream to, through, and from our Consumer Platforms, and other similar details.

HMIG’s Consumer Platforms may use cookies to monitor the performance of our resources, to enhance the User experience, and to assess aggregate information about our User base. We may also employ cookies on Non-affiliated Third Party and Service Provider websites to facilitate the delivery of our services and help follow Users’ online activities over time and across online resources to inform more relevant communication with Users. HMIG may gather and use information obtained from cookies to provide customers and prospects with tailored products and services.

HMIG may use third-party advertising cookies to serve ads on other websites and digital properties. These advertising companies may use information obtained from cookies placed on your web browser in order to measure advertising effectiveness and to provide advertisements of interest to you on other platforms. If you would like to review and manage third-party cookies used for targeted advertising, you may navigate to the following links provided by the Network Advertising Initiative (http://optout.networkadvertising.org/?c=1) and the Digital Advertising Alliance (http://optout.aboutads.info/?c=2&lang=EN).

Most internet browser settings can be modified by individuals to block or disable cookies (“do not track”). If a User decides to turn on do not track in their internet browser settings, HMIG’s Consumer Platforms may not respond to these settings, and our use of cookies may not be affected. Users should be aware that blocking or disabling cookies could prevent a particular Consumer Platform or certain features from fully functioning, so Users are encouraged to keep cookies enabled.

D. Non-affiliated Third Party and Service Provider use of cookies
A Non-affiliated Third Party or Service Provider may employ cookies on our Consumer Platforms to facilitate the delivery of their services and help follow Users’ online activities over time and across online resources. Any cookie data shared by HMIG with a Non-Affiliated Third Party or Service Provider is subject to the provisions of this online privacy policy. Users should also review the online privacy policy of the Non-Affiliated Third Party or Service Provider to understand their data collection, use, and disclosure practices.

E. Note about Children’s Online Privacy Protection Act and other laws
Please be advised that HMIG’s Consumer Platforms are intended for general audience Users. Our Consumer Platforms are not directed at children under the age of 13, nor do we make attempts to collect, use, or disclose information from children under the age of 13, in accordance with the federal Children’s Online Privacy Protection Act (COPPA). HMIG also makes attempts to comply with applicable state laws governing advertising and marketing to children, including the Delaware Online Privacy Protection Act, which prohibits marketing to children under the age of 18.

II. Use of Information Collected

HMIG does not sell Personal Information of Users collected through our Consumer Platforms. In the event that HMIG were deemed to sell information under applicable law, Users may submit requests to HMIG directing us not to sell Personal Information by sending an email to the address hyperlinked at the end of this document – please provide sufficient information to allow us to verify your identity, along with details supporting your request, so that we can respond accordingly. All information submitted to us may be retained to provide a record of communications and to comply with any applicable legal and/or regulatory requirements, and may also be verified for accuracy.

In addition: HMIG uses Personal Information of Users collected through HMIG’s Consumer Platforms to i) provide relevant product and service-related information, ii) provide information regarding general health or insurance-related topics, iii) provide updates, news, event notices and announcements, iv) update information we have about Users, and v) monitor the effectiveness of our Consumer Platforms and features.

If you receive e-mail updates, news, announcements and/or event notices from HMIG, we will use the name, demographic, phone number, e-mail address, and other contact information you provide us in order to deliver that information. You may remove yourself from these communications at any time by following the removal instructions included in our communications. Your name, demographic, phone number, e-mail address and other contact information will be used only for HMIG-related communications and will not be given, sold, or rented to any external party without your prior approval.

Personal Information may also be anonymized by HMIG (i.e. stripped of individual identifiers), aggregated with other data, and used for general research, quality improvement, marketing, or other internal business purposes without permission.

III. Access to Information Collected

A. Employees
Certain HMIG employees may be provided with Personal Information of Users in order to respond to their needs, assist with customer service and related account issues, and provide requested information regarding specific products or services. Certain employees will also be provided with Personal Information of Users in order to monitor the effectiveness of our Consumer Platforms and features. HMIG employees are required, by written confidentiality statements, corporate policies, and state or federal laws or regulations, to maintain the confidentiality of Personal Information, and to use strict standards of care in handling information. Employees who do not conform to these confidentiality requirements are subject to disciplinary sanctions, up to and including dismissal.

B. HMIG’s parent company and its affiliates
HMIG may disclose Personal Information of Users collected through its Consumer Platforms to its parent company, Highmark Inc., and its affiliates as necessary to carry out its business operations. It may also disclose Personal Information to contracted Service Providers that are contracted by HMIG to provide certain services or perform certain functions on its behalf.

Personal Information collected through Consumer Platforms by Highmark Inc. and its affiliates may also be disclosed to HMIG as necessary to carry out their business operations. All Personal Information will be disclosed in order to respond to a User’s needs, and/or to provide information about products or services offered by or through HMIG, Highmark Inc. and its affiliates, or contracted Service Providers. Personal Information is treated with the same strict standards of confidentiality that HMIG applies to other types of confidential information. Highmark Inc. and its affiliates are subject to substantially similar corporate policies regarding privacy and confidentiality, and their contracted Service Providers and business associates are legally bound by contract to follow the same, or no less restrictive, standards of confidentiality as followed by HMIG.

C. Third parties
Other than as set forth herein, HMIG does not transmit any Personal Information collected through its Consumer Platforms to any third party without the permission of the User. However, Personal Information may be transmitted if there is a specific need to complete a transaction requested by the User or if necessary for providing a service or benefit to the User. For example, group insurance plan administrators have access to online enrollment applications and certain other Personal Information which is required for their plan administration purposes.

D. Consumer Platform communication services
HMIG has access to communications sent by or to Users who choose to utilize any Consumer Platform communication features. HMIG will not release the content of specific communications to any third party without the User’s consent, other than as set forth above, or unless permitted or required under applicable state or federal law or regulation. Please be reminded that the platform owner may be able to view the content of communications, and HMIG cannot guarantee the security or confidentiality of Personal Information transmitted across platforms which we do not own or control.

IV. Compliance Assurance

A. Security
HMIG uses industry standard information security practices and technology to protect the information we maintain, and to help ensure compliance with the security and privacy standards described in this online privacy policy. For Users who choose to communicate with HMIG using their personal e-mail account, please be aware that there is always some risk in sending information over the internet. Although we make reasonable efforts to protect your information from unauthorized access, use, disclosure, or alteration, you should be aware there is always some risk in transmitting information over the internet, such as the potential for interception or misuse of your information before we receive it.

B. Account access
Consistent with the requirements set forth under certain state and federal laws, HMIG grants access to Personal Information only to those employees, corporate affiliates, and contracted Service Providers as necessary to provide appropriate products and services, or as Users authorize. All such employees, corporate affiliates, and contracted Service Providers are subject to confidentiality statements, privacy policies, and/or other contractual obligations at least, or no less restrictive, as the standards followed by HMIG.

C. Internal compliance with privacy and security programs
HMIG maintains internal privacy and security programs to help ensure compliance with this online privacy policy, and to maintain the privacy and security of Personal Information. These programs include oversight by a Chief Privacy Officer and a Chief Information Security Officer who oversee the maintenance of the privacy and security programs, as well as the enforcement of privacy and security practices. Additionally, our privacy and security programs include on-going employee training, on-going maintenance and updating of security systems and internal processes, and monitoring customer feedback and complaint resolution processes.

D. Questions and concerns
If you have questions about this online privacy policy, or concerns regarding your Personal Information, please send us your inquiry by emailing us or calling 1-866-228-9424.

V. Changes to Online Privacy Policy
HMIG reserves the right to change, modify, or update this online privacy policy at any time and for any reason. HMIG will promptly post changes, modifications, and updates to its Consumer Platforms accordingly. Continued use of our Consumer Platforms constitutes your acceptance of the terms of our online privacy policy.

(© 2014 HMIG – last revised September 2019)


Disclaimer [1] HMIG includes all wholly and majority-owned subsidiaries and affiliates making up the HMIG corporate family, including, among others, HM Life Insurance Company and Highmark Casualty Insurance Company. References to “us”, “we”, and “our” in this online privacy policy mean HMIG.
[2] Non-affiliated Third Party refers to an entity that offers a tool, service, product, or forum that HMIG may utilize, but there is no ownership relationship between HMIG and the entity (e.g., Facebook, LinkedIn, Google Analytics).
[3] Service Provider means a vendor that has been contracted by HMIG to provide a service or perform a function on behalf, or for the benefit, of HMIG, including but not limited to technical support, system or account administration, website design/maintenance, marketing, and data analytics.