CERIS Privacy Policy

CERIS Inc., a wholly owned subsidiary of CorVel Corporation, (“CERIS”, “us,” “we” or “our”) has created this privacy policy (“Policy”) in order to comprehensively inform individuals about our privacy practices and to demonstrate our firm commitment to privacy. This Policy describes how we collect, use, disclose, transfer, store, retain or otherwise process your personal information in the course of performing our business and operational activities, which includes the administration of the CERIS.com web domains (the “Website”). Collectively, we shall refer to our business and operational activities and the Website as our “Services.”

When we refer to “you” or “your,” we mean the person about whom we collect personal information or data. If the person accessing the Website does so on behalf of, or for the purposes of, another person, including a business or other organization, “you” or “your” also means that other person, including a business organization, if applicable.

We provide our Services to businesses and not to individual consumers. However, in the course of providing our Services, we may process personal information of individuals, as will be described in this Policy. This may include personal information contained in the documents that we process for our customers, that we collect about you when you visit our Website, your business contact information if we provide our Services to a company that you work with, or if you are a sole proprietorship and you engage with our Services.

Please read this Policy carefully. Our Policy includes:

Our Privacy Policy Includes:

 

1. General Disclosures
2. What Information We Collect And Disclose And For What Purposes
   • When You Visit Our Website
   • If You Are An Employee of One of Our Business Partners Who Is Involved In CERIS’s Relationship With Your Employer
   • When You Interact With CERIS’s Social Media
   • When We Process Medical Bills On Behalf Of Our Customers
   • Deidentified and Aggregated Information
3. Personal Information Relating To Children
4. How Long We Retain Your Information
5. Marketing And Promotional Communications
6. Links To Other Sites
7. Security
8. Your Data Rights
9. Data Rights For California Consumers
10. Changes To This Privacy Policy
11. Contact Us

This Policy is supplemented by our: Cookies Policy

 

1. GENERAL DISCLOSURES

The intended use of this Website is business to business. Our data centers and Website are hosted in the United States. If you are visiting this Website from outside of the United States, please note that by providing us your information it is being stored or processed in the United States, which may not have privacy laws as protective as those in your home country. If you are outside the United States and do not wish to allow the collection and storage of your personal information within the United States, you should not use this Website and you should opt-out of the collection of cookies by following the guidelines in our section titled How To Restrict Cookies. For more information about how we utilize cookies, view our Cookies Policy.

This Policy applies only to CERIS’s Website and Services, and not to other companies’ or organizations’ websites, mobile applications and services. We are not responsible for the privacy practices of other businesses or the content of other websites, including any websites that may indicate a special relationship or partnership with us (such as co-branded pages or “in cooperation with” relationships). To ensure protection of your privacy, always review the privacy policy of the companies with whom you engage.

 

2. WHAT INFORMATION WE COLLECT AND DISCLOSE AND FOR WHAT PURPOSES

In the course of performing our Services, we collect a variety of different kinds of personal information from a variety of different individuals. What information we collect and the purposes for which it is collected will depend on the context of our activities or the Service that is being performed. Therefore, just because this Policy lists a particular data collection practice does not mean that we have necessarily collected that data from you. Instead, please review the applicable disclosures below to learn about how we may have collected personal information from you depending on how you have interacted with us.

CERIS provides payment integrity solutions, including medical bill review and analysis, for our customers. Other than through our Website, we generally do not directly interact with you or collect personal information directly from you. Rather, we receive your personal information from our customers and affiliates, which we process on their behalf, or from your healthcare providers who we communicate with on behalf of our customers and affilliates.

Under certain state laws, CERIS is required to disclose whether we sell, share, or use your personal data for targeted advertising purposes. Please note that CERIS does not sell your personal information in the usual sense of the word. That is, we do not give your information to third parties in exchange for money. However, under certain state laws, disclosure of your personal information to certain third parties (such as social media providers, ad networks, analytics vendors, and providers of online marketing and advertising services), including via automated technologies such as cookies, pixels, and tags, for advertising or analytics purposes may be considered a “sale” of personal information. These kinds of disclosures may constitute “targeted advertising,” or a “sale” when the personal information is exchanged for non-monetary consideration, or “sharing” when the personal information is disclosed for cross-context behavioral advertising purposes. We do not knowingly sell, share, or process personal information of consumers under 16 years of age.

 

When You Visit Our Website

Further, we may collect personal information from you in the form of cookies. For information regarding how we collect, process and disclose personal information in the context of cookies, view our Cookies Policy.

 

If You Are An Employee of One of Our Business Partners Who Is Involved In CERIS’s Relationship With Your Employer

When You Interact With CERIS’s Social Media

 

When We Process Medical Bills On Behalf Of Our Customers

 

Deidentified and Aggregated Information

We may process your personal information into aggregated, anonymized or de-identified form for any purpose. Aggregated, anonymized or de-identified information is information that can no longer reasonably identify a specific individual and is no longer “personal information.” We will only maintain and use this type of information in deidentified form and we will not attempt to reidentify this information, except for the purposes of validating our deidentification process.

 

3. PERSONAL INFORMATION RELATING TO CHILDREN

The Children’s Online Privacy and Protection Act (COPPA) regulates online collection of information from persons under the age of 13. It is our policy to refrain from knowingly collecting or maintaining personal information relating to any person under the age of 13. If you are under the age of 13, please do not supply any personal information through the Website. If you are under the age of 13 and have already provided personal information through the Website, please have your parent or guardian contact us immediately using the information provided under Contact Us so that we can remove such information from our files. Please delete all CERIS related cookies and restrict further collection of cookies using the methods outlined in the section How to Restrict Cookies in our Cookies Policy.

 

4. HOW LONG WE RETAIN YOUR INFORMATION

We generally retain your information as long as reasonably necessary to provide you the Services or to comply with applicable law and in accordance with our document retention policy. To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means and the applicable legal requirements. We may retain copies of information about you and any transactions or Services you have used for a period of time that is consistent with applicable law, applicable statute of limitations or as we believe is reasonably necessary to comply with applicable law, regulation, legal process or governmental request, to detect or prevent fraud, to collect fees owed, to resolve disputes, to address problems with our Services, to assist with investigations, to enforce other applicable agreements or policies or to take any other actions consistent with applicable law.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. This allows the specific information collected (name, email, address, phone number, etc.) to become anonymous, but allows CERIS to keep the transaction or engagement data.

 

5. MARKETING AND PROMOTIONAL COMMUNICATIONS

You may opt-out of receiving marketing and promotional messages from us, if those messages are powered by us, by following the instructions in those messages. If you decide to opt-out, you will still receive non-promotional communications that are necessary in the performance of our Services.

 

6. LINKS TO OTHER SITES

This Website has links to other websites. Once you link to another site, you are subject to the privacy policy of the new site and its operator. We encourage you to carefully review the privacy policy of each entity to which you provide information.

 

7. SECURITY

We use administrative, technical, and physical safeguards, to protect your information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. We hold information about you at our own premises and with the assistance of service providers. Further public disclosure here of our security measures could aid those who might attempt to circumvent those security measures. If you have additional questions regarding security, please contact us directly using the information provided under Contact Us.

 

8. YOUR DATA RIGHTS

There are a number of U.S. states that provide specific data rights to residents of those jurisdictions regarding their personal information. This section of this Policy describes the rights available to those individuals who are entitled to them under applicable state privacy laws. If you have questions, or want more information about how to exercise your data rights, please contact us using the information provided under the section titled Contact Us.

Please note that if you are an insured individual for one of our customers or a patient of a healthcare provider, when it comes to your health information, you may have certain rights under the Health Insurance Portability and Accountability Act (“HIPAA”) that you can exercise directly with these covered entities. Please contact them directly to exercise any such applicable rights.

A. What Data Rights Do You Have?

Depending on your state of residence, you may have the below rights with regards to your personal information.  If you are a resident of California, you have access to special data rights and disclosures, which are described in this Policy under a separate section titled Data Rights For California Consumers.

 

• Right to Confirmation and Access: You may have the right to confirm whether or not CERIS is processing your personal information and to access such personal information. The general categories of personal information that we collect, process and disclose are listed in the general Policy under the section: What Information We Collect And Disclose And For What Purposes. If you wish to access the specific pieces of personal information that we process about you, please submit a request as directed in the section titled How To Submit A Data Rights Request.

 

• Right to Correct: You may have the right to request that CERIS correct inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes of the processing of the personal information.

 

• Right to Delete: You may have the right to request that CERIS delete the personal information that CERIS maintains about you.

 

• Right to Opt-Out of Sales/Targeted Advertising: We may provide your personal information to third parties for “targeted advertising” purposes or in ways that constitute “sales” or “sharing” under applicable laws. You can choose to opt-out of targeted advertising, selling, and sharing of your personal information by clicking “Reject All” on the cookie banner when you first visit the Website.  You may also choose which specific non-strictly necessary cookies to reject by clicking “Cookie Settings” from the cookie banner and selecting the cookie category boxes for the cookies you’d like to reject, and making your selection by toggling the switches for each cookie category so that they turn grey.  Please click on “Confirm My Choices” after choosing which cookies to reject.  If you are not presented with a cookie banner, please delete your cookies and re-visit the website.  You may alternatively opt-out by clicking the “Do Not Sell or Share My Personal Information” link at the footer of our Site, and following the instructions in that link.

Additionally, in California and Colorado and other states as applicable law requires, residents may use an opt-out preference signal to opt-out of targeted advertising or the sale or personal information. CERIS recognizes the Global Privacy Control (GPC) browser setting that allows individuals to automatically signal their opt-out of the sale of their personal information or sharing of their personal information for the purposes of targeted advertising. You can opt-out of this sale or share by activating the opt-out preference signal or Global Privacy Control (GPC) on your browser. More information regarding GPC is available here.

 

• Right to Appeal: If you submit a data rights request and we do not take the action you requested, you may have the right to appeal our decision within a reasonable period of time after your receipt of our decision. Please see Section 8(e) below for additional information.

B. How To Submit A Request

You can submit your request to exercise a data rights through:

 

• Submitting a request through our online Privacy Webform
• Calling us toll-free number at 855-872-6674

As stated above, you can opt out of the “sale,” “sharing,” or use of your personal data for “targeted advertising” by selecting “Reject All” from our Cookie Banner or by broadcasting a GPC on your browser.

C. How We Process Data Rights Requests

Once we receive your request to exercise a right, we will confirm receipt and begin to evaluate, and if appropriate, process the request.

 

• We may require that you provide additional information to confirm your identity, including providing us with at least two or more pieces of personal information to match against personal information that we currently maintain about you. We reserve the right to reject your request if we are unable to verify your identity to a sufficiently high level of certainty. The information you provide to verify your identity will only be used for verification purposes, and a record of your request, including certain information contained within it, will be maintained by CERIS for our files.
• To authenticate any request to correct personal information, you may be required to provide authentication information.
• We will make every effort to comply with your request to delete their personal information, however, certain laws or other legal requirements might prevent some personal information from being deleted.

If you fail or refuse to provide the necessary information, we may not be able to process your request.

If we reject a request for any reason, we will inform you of the basis of the rejection. Not all individuals about whom we possess information will have access to these rights and we may not be able to provide these rights to everyone due to legal and jurisdictional limitations. We may not be able to comply with your request for a number of reasons, including:

 

• you do not live in a state that grants you the specific right that you have requested;
• the information that you’ve requested is not subject to the regulation that grants you the right to make a request in relation to your personal information;
• we are prevented or exempted by law, regulation or rule from complying with your request;
• we do not maintain your personal information in a manner that is connected to your identity;
• we are not able to comply with your request without incurring disproportionate burden or expense; or
• if complying with your request conflicts with the integrity of our Services, the ability to administer our Website, to administer our business and related relationships or to establish, defend or administer legal claims.

If any of the above or other reasons apply, we will let you know in our response to your request.

D. Submitting A Request Through An Authorized Agent

You may designate an authorized agent to make a request to “opt-out” of sale, profiling or targeted advertising, as those rights are described above. Any authorized agent should make a request through the same mechanisms that are available to individuals. The request should clearly identify that the request is being made by an authorized agent and must include evidence of authorization. If we receive a request from an individual or an entity purporting to making the request on behalf of another individual, we can only comply with the request if we are able to sufficiently authenticate both the identity of the individual as well as the authorized agent’s authority to act on that individual’s behalf.

California has special rules regarding submitting requests through agents, so please review the appropriate disclosure in the section titled Data Rights For California Consumers.

E. Appeals And Complaints

If you disagree with our decision to reject your request or to any portion of our request, you have the right to appeal our refusal within a reasonable period of time. If you wish to appeal, please clearly and plainly describe your basis of disagreement with our decision by responding through the same means by which we communicated our refusal or by submitting your appeal through the information provided under Contact Us. We will review your appeal and either change our decision or reject your appeal, and in either case, we will provide a written explanation of the reason for the decision. This decision will be final.

However, if you still disagree with our decision, you have the right to submit a complaint to your attorney general of your state of residence. Your attorney general will have an online portal with details regarding how to submit complaints, and we will provide you with the applicable contact information if we deny your appeal.

 

9. DATA RIGHTS FOR CALIFORNIA CONSUMERS

The California Consumer Privacy Act (“CCPA”) provides the residents of California with the right to request the data rights as described in this section. For more information, or if you have questions, you can contact us using the information provided under Contact Us.

 

• Right to Know: California residents have the right to know what personal information CERIS has collected about them, including the categories of personal information, the categories of sources from which the personal information is collected in the past 12 months, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom CERIS discloses personal information, and the specific pieces of personal information CERIS has collected about them.

The categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for which we collect personal information and the categories of third parties to whom we disclose personal information are found in the general Policy under the section: What Information We Collect And Disclose And For What Purposes.

California residents have a right to know if we are “selling” or “sharing” their personal information, what categories of personal information are “sold” or “shared,” and to whom.  The disclosure of your online, web-browsing information when you visit our website as described in the above chart to our online marketing and analytics providers may constitute a “sale” and “sharing” under California law. However, please note that CERIS does not sell your personal information in the usual sense of the word. That is, we do not give your information to third parties in exchange for money. We do not knowingly “sell” or “share” the information of individuals under the age of sixteen years old.

 

• Right to Delete: California residents have the right to request the deletion of their personal information maintained by CERIS.

 

• Right to Correct: California residents have the right to request that CERIS correct inaccurate personal information that CERIS maintains about them. However, we reserve the right to delete your inaccurate personal information instead of correcting it, if permitted by the CCPA.

 

• Right to Non-Discrimination: California residents have the right to not be discriminated against due to the exercise of their CCPA privacy rights. However, note that the exercise of certain privacy rights may make it so that we are no longer able to provide you with certain services or communications. For example, if we delete all of your personal information, we cannot send you e-mails or other communications.

 

• Right to Opt-Out of Selling and Sharing: California residents have the right to opt-out of the “sale” or “sharing” of their personal information. You can choose to opt-out of the selling and sharing of your personal information by clicking “Reject All” on the cookie banner when you first visit the Website. You may also choose which specific non-strictly necessary cookies to reject by clicking “Cookie Settings” on the cookie banner and selecting the cookie category boxes for the cookies you’d like to reject, and making your selection by toggling the switches for each cookie category so that they turn grey.  Please click on “Confirm My Choices” after choosing which cookies to reject.  If you are not presented with a cookie banner, please delete your cookies and re-visit the website.  You may alternatively opt-out by clicking the “Do Not Sell or Share My Personal Information” link at the footer of our Site, and following the instructions in that link.   Additionally, California residents may use an opt-out preference signal to opt-out of the sale or sharing of your personal information. CERIS recognizes the Global Privacy Control (GPC) browser setting that allows individuals to automatically signal their opt-out of the sale of their personal information or sharing of their personal information for the purposes of targeted advertising. You can opt-out of this sale or share by activating the opt-out preference signal or Global Privacy Control (GPC) on your browser.

 

• Right to Limit Use and Disclosure of Sensitive Personal Information: California residents have the right to direct a business to limit its use and disclosure of their “sensitive” personal information. California residents can request that a business limit its use or disclosure of their “sensitive” personal information to that use or disclosure which is necessary to perform the services or provide the goods reasonably expected by an average consumer, or to those uses or disclosures otherwise authorized by California law.

However, we do not use or disclose your “sensitive” personal information for any purpose other than for the specific purposes described under the CCPA regulation § 7027(m) and always in a manner reasonably necessary and proportionate for these permitted purposes. For information on how we use or disclose your “sensitive” personal information, please see the applicable disclosures in the section titled: What Information We Collect From You And For What Purposes.

 

• Right to Make Requests Through an Authorized Agent: California residents can designate an authorized agent to make a request under the CCPA on their behalf.

California residents can designate an authorized agent to make requests under the CCPA on their behalf relating to the residents’ personal information. Only you as a California resident, or a person you have designated in writing as your authorized agent, may make a consumer request related to your personal information.

If you wish to have an authorized agent make a verifiable consumer request on your behalf, they will need to provide us with sufficient written proof that you have designated them as your authorized agent, such as a power of attorney pursuant to California Probate Code sections 4000 to 4465. We will still require you to provide sufficient information to allow us to reasonably verify that you are the person about whom we have collected personal information. We can deny any request made by a purported authorized agent who does not submit proof that they has been authorized by the California resident to act on the California resident’s behalf.

 

• Notice of Financial Incentives: California residents are entitled to certain information about a business’s financial incentive programs. However, CERIS does not offer any financial incentive programs to California consumers.

 

• Do Not Track (“DNT”): DNT is an optional browser setting that allows you to express your preferences regarding tracking across websites. Most modern web browsers give you the option to send a Do Not Track signal to the websites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a website should respond to this signal, so we do not take any action in response to this signal. We do not have a mechanism in place to respond to DNT signals. Instead, in addition to publicly available third-party tools, we offer you the choices described in this Privacy Policy to manage the collection and use of information about you.

 

10. CHANGES TO THIS PRIVACY POLICY

We may amend this Policy at any time by posting revisions on our Website. If we make any material changes in the way we collect or process your personal information, we will notify you by prominently posting notice of the changes on our Website.

 

11. CONTACT US

To submit questions, make a complaint, or to inquire about or submit a request relating to data rights, you can contact us by:

 

• Calling us toll-free number at 855-872-6674
• Submitting your inquiry in the inquiry form here.

If you have any questions or concerns regarding our Privacy Policy, or if you believe our Privacy Policy or applicable laws relating to the protection of your personal information have not been respected, you may file a complaint with CERIS using the contact information listed above, and we will respond to let you know who will be handling your matter and when you can expect a further response. We may request additional details from you regarding your concerns and may need to engage or consult with other parties in order to investigate and address your issue. We may keep records of your request and any resolution.

 

COOKIES POLICY

LAST MODIFIED:  November 24, 2024

Effective as of the date listed above, CERIS Inc. (“CERIS” or “we” or “us” or “our”) has adopted this Cookies Policy. This Cookies Policy is designed to be read in conjunction our general Privacy Policy. For the purposes of this Cookies Policy, we say the “Website,” we mean CERIS.com.

Like many website operators, CERIS and its analytics vendors use server logs and automated data collection tools, such as browser cookies, pixel tags, scripts and web beacons. These tools are used for analytics purposes to enable us to understand how users interact with the Website.

What is a cookie?

A cookie is a small text file that is placed on your hard drive by a web page server. Cookies contain information that can later be read by a web server in the domain that issued the cookie to you.  There are several types of cookies:

 

• Session cookies provide information about how a website is used during a single browser session while a user is visiting a website and usually expire after the browser is closed.
• Persistent cookies remain on your device between different browser sessions for a set amount of time in order to enable the website to remember user preferences, settings, or actions across other sites. A persistent cookie will remain on a user’s device for a set period of time specified in the cookie.
• First-party cookies are cookies set by the operator of the website you are visiting.
• Third-party cookies are cookies set by third parties that are different from the operator website you are visiting.
• Web beacons, tags and scripts may be used in the Website or in our emails to help us to deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon.

Our collection of cookies

We, our marketing partners, affiliates, and analytics or service providers use cookies and other similar technologies. You can see what cookies we place and/or collect and for what purposes by clicking “Cookie Settings” on the cookie banner when you first visit the Website. If you are not presented with a cookie banner, please delete your cookies and re-visit the Website.

We group the cookies that we collect into the following categories based upon their function (note that all types of cookies, as described above, will be found in each category):

Third-party cookies

The Website allows third-parties to place cookies on your Internet-connected device in order to deliver advertisements based upon your web-browsing habits and history. Further, in order to provide interoperability and plug-ins (like YouTube), the Website allows these third-parties to place and collect cookies on your Internet-connected device. However, you can restrict the third-party collection of cookies through the instructions provided in the section How to Restrict Cookies below. Further, you can choose to reject third-party cookies by clicking “Deny” on the cookie banner when you first visit the Website.

Do Not Track

Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking across websites. Most modern web browsers give you the option to send a Do Not Track signal to the websites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a website should respond to this signal, so we do not take any action in response to this signal. CERIS does not have a mechanism in place to respond to DNT signals. Instead, in addition to publicly available external tools, we offer you the choices described in this Cookies Policy to manage the collection and use of information about you.

How to Restrict Cookies

You can choose to opt-out of targeted advertising, selling, and sharing of your personal information by clicking “Reject All” on the cookie banner when you first visit the Website.  You may also choose which specific non-strictly necessary cookies to reject by clicking “Cookie Settings” from the cookie banner and selecting the cookie category boxes for the cookies you’d like to reject, and making your selection by toggling the switches for each cookie category so that they turn grey.  Please click on “Confirm My Choices” after choosing which cookies to reject.  If you are not presented with a cookie banner, please delete your cookies and re-visit the website.  You may alternatively opt-out by clicking the “Do Not Sell or Share My Personal Information” link at the footer of our Site, and following the instructions in that link.

You can also adjust the settings in your browser in order to restrict or block cookies that are set by the Website (or any other website on the Internet). Your browser may include information on how to adjust your settings. Alternatively, you may visit the U.S. Federal Trade Commission’s website www.consumer.ftc.gov to obtain comprehensive general information about cookies and how to adjust the cookie settings on various browsers.

You can control and delete these cookies through your browser settings through the following:

 

• Google Chrome
• Mozilla Firefox
• Safari
• Opera
• Microsoft Internet Explorer
• Microsoft Edge
• Safari for iOS (iPhone and iPad)
• Chrome for Android

Or you can also use the following cookie management and disposal tool from Google Analytics by downloading and installing the browser plug-in from the following link: http://tools.google.com/dlpage/gaoptout.

Please be aware that restricting cookies may impact the functionality of the Website. For example, refusing cookies will not allow CERIS to present the Website in your preferred language. Additional general information about cookies, including how to be notified about the placement of new cookies and how to disable cookies, can be found at www.allaboutcookies.org.

Changes to this policy

If there are any material changes to this Policy, you will be notified by the posting of a prominent notice on our Websites prior to the change becoming effective. We encourage you to periodically review this page for the latest information on the Policy. Your continued use of the Websites constitutes your agreement to be bound by such changes to this Policy. Your only remedy, if you do not accept the terms of this Policy, is to discontinue use of and access to the Websites. The content of this Policy is for your general information and use only. These cookies are subject to change without notice. You acknowledge that this information may contain inaccuracies or errors and is subject to change and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.