CCPA and CPRA Privacy Notice for California Residents
If you have any questions or concerns related to this Privacy Notice or Beam’s privacy practices, contact Beam at privacy@beambenefits.com or visit our website at https://www.beambenefits.com/
Beam may revise this policy from time to time as permitted by law. We will provide the revised policy on our website. Any changes will become effective immediately upon posting.
Last review date: December 2022
Table of Contents
Section 1: CCPA and CPRA Privacy Notice for California Residents
Section 2: Personal Information Beam may Collect
Section 3: Potential Sources from where Information is Collected
Section 4: How Beam may use or share the Information Collected
Section 5: Sale of Personal Information
Section 6: Your Rights under the CCPA and the CPRA
Section 7: Exercising Your Rights
Section 1: CCPA and CPRA Privacy Notice for California Residents
This notice is provided for California residents in compliance with the California Consumer Privacy Act of 2018 which was amended in 2023 by the California Privacy Rights Act (herein CCPA and CPRA). This notice applies solely to individuals who reside in the State of California. This notice explains your rights regarding your personal information. Under the CCPA and CPRA, you have the right to understand how Beam collects, uses, and discloses your personal information, to access your information, to request that we delete certain information, and to not be discriminated against for exercising your privacy rights. This CCPA and CPRA Privacy Notice is in addition to Beam Benefits (herein Beam) Privacy Policy and Joint Notice of Privacy Practices. Certain terms provided for in this notice are defined by the CCPA and CPRA and their meanings may differ from the meanings applied elsewhere on our website. The meanings of such CCPA and CPRA defined terms are specific to the content of this notice.
This notice does not apply to personal information outside the scope of the CCPA and CPRA, including without limitation:
- Personal information collected, processed, sold, or disclosed pursuant to the Gramm-Leach-Bliley Act, and implementing regulations, or the California Financial Information Privacy Act.
- Personal information bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living as set forth in the Fair Credit Reporting Act.
- Personal health information collected, processed, or disclosed pursuant to the Health Insurance Portability and Accountability Act.
- Publicly available information as defined by Cal. Civ. Code § 1798.140(v)(2) which includes information that is lawfully made available from federal, state, or local government records; information that Beam has a reasonable basis to believe is lawfully made available to the public by you, or from widely distributed media; and information made available by a person to whom you have disclosed the information if you have not restricted the information to a specific audience.
Section 2: Personal Information Beam may Collect
The following represent the categories of information that we may collect:
- Identifiers (such as a real name, alias, address, email address, phone number, Social Security Number, driver’s license number, online identifier, IP address, account username and password, job title, or other similar identifiers);
- Financial, medical, or health insurance information (such as bank account information, information provided on a health insurance enrollment application, or credit card information);
- Demographics (such as age, date of birth, gender, marital status or zip code);
- Device information (such as brushing data, the type of device you are using, or the operating system of your device);
- Internet or other electronic network activity information (such as information on your interaction with Beam’s website or application, or how you use your Beam account);
- When you use the beambenefits.com website, we will collect IP data that includes geolocation data.
- Visual information (such as the image you provide for your Beam profile);
- Professional or employment-related information (such as information collected from job applications and resumes, or information provided by your HR administrator);
- Education information (such as information collected from transcripts, job applications, or resumes);
- Survey information (such as survey results, or social media data);
- Other information you submit (such as requests or communications you submit to us, including emails, ratings, or customer service call recordings); and
- Inferences regarding preferences or other characteristics (such as information about your preferences, characteristics, behavior, or other trends that help us identify which products you may be interested in).
- Sensitive personal information (such as racial/ethnic data, personal identification numbers, social security number, driver’s license, passport, state ID card numbers, health, geolocation, sexual orientation.
Section 3: Potential Sources from where Information is Collected
We may collect personal information from the following categories of sources:
- Your device or browser;
- Directly from you when you provide information;
- Our affiliates and business partners;
- Data verification services;
- Marketing vendors and advertising networks;
- Social media; and
- Healthcare providers.
Section 4: How Beam may use or share the Information Collected
Beam may use your personal information in the following ways:
- To provide you with information, products, or services;
- To improve our services and products;
- To maintain and monitor the security of our systems, services, and products;
- For internal audit, data analytics, or research purposes;
- To perform services on behalf of another affiliated vendor or service provider;
- To address your inquiries, concerns, or requests;
- To find or prevent criminal activity, fraud, material misrepresentation or nondisclosure in connection with an insurance issue;
- To respond to requests from law enforcement or other government authorities as required by law; or
- For our own legal obligations and business needs.
Beam may share your personal information for a business purpose with the following:
- Entities that we are required to share with pursuant to law or for legal proceedings;
- Vendors and service providers;
- Beam affiliates and business partners;
- Advertising networks;
- Prospective purchasers; or
- Outside auditors and lawyers.
Beam may also share all categories of personal information as part of corporate transactions such as mergers, acquisitions, or divestitures as well as with its affiliates or subsidiaries.
For more information on how Beam may use or share the information collected, please review the sections entitled
“How the Information is Used” and “How the Information is Shared” in Beam’s Privacy Policy found on our website at https://www.beambenefits.com/.
Section 5: Sale of Personal Information
CCPA and the CPRA define a “sale” of personal information broadly to include more than just the exchange for monetary value. Under the CCPA and the CPRA, a sale can include the exchange of personal information with a third party for “valuable consideration,” or information shared with a third party (even if they are performing services on our behalf) if they are permitted to use the information for their own purposes.
Beam does not sell your personal information, but we do work with partners who provide us with advertising services as described in the “Tracking Technologies Used” and “Remarketing” sections of Beam’s Privacy Policy found on our website at https://www.beambenefits.com/.
Section 6: Your Rights under the CCPA and the CPRA
- Right to know. You have the right to request that we disclose certain information to you about our collection of your Personal Information. Such information shall cover the 12-month period preceding our receipt of your request. This includes the right to have access to and request additional information related to:
○ The categories of personal information Beam has collected about you;
○ The categories of sources from which the personal information is collected;
○ The business or commercial purpose for collecting or selling your personal information;
○ The categories of third parties with whom Beam shares your personal information; and
○ The specific pieces of personal information Beam has collected about you.
○ The specific pieces of sensitive personal information Beam has collected about you. - Right to access. You have the right to access your own personal information that is stored with Beam. Such a request must be made to Beam following the provisions of the Exercising Your Rights section as detailed below.
- Right to deletion. Subject to certain exceptions, you may request that we delete personal information that we have collected. Upon such a request, Beam will also direct any service providers to delete your personal information from their records. Please note that Beam may deny a deletion request due to the application of an exception or as otherwise permitted by law. We will ensure that you understand what we will delete and what we cannot, and the reason for retention.
- Right to correction. You may request that we correct inaccurate personal information that we have collected. Upon such a request, Beam will also direct any service providers to correct your personal information. Please note that Beam may deny a correction request if deemed to be accurate based on records.
- Right to opt-out: As stated above, Beam does not sell your personal information or sensitive personal information to third parties, so you do not need to request an opt-out of the sale of your personal information.
- Right to limit use and disclosure of sensitive personal information: Subject to certain exceptions, you may request we limit the use of your sensitive personal information to use which is necessary to perform the services or provide the goods. Please note that Beam may deny a limit of use request due to the application of an exception or as otherwise permitted by law. We will ensure that you understand what we will limit and what we cannot, and the reason for retention.
- Right to Non-discrimination: Beam is prohibited from discriminating against you if you choose to exercise any of your rights under the CCPA and the CPRA.
Section 7: Exercising Your Rights
If you are a California resident and would like to exercise one of your rights, please contact us by completing this
CPRA Request Form, emailing privacy@beambenefits.com or calling us toll free at 1-(800) 648-1179. We will honor your request in compliance with the CCPA and the CPRA but we may be required to continue to retain or share portions of your personal information to comply with regulatory or legal obligations.
Both a request to delete or access personal information must be a “verifiable consumer request.” Only you, or a person or entity that you authorize to act on your behalf, may make a request related to your personal information. This means that Beam is required to verify that you are the person that is the subject of the request or verify you have the legal authority to request personal information on an individual’s behalf, before Beam is able to fulfill your request. You may also make a request on behalf of your minor child. If you are making a request on behalf of another person, you must provide written legal documentation that you are authorized to act on behalf of that individual.
The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or are an authorized representative; and
- Describe your request with sufficient detail so that we are able to properly understand, evaluate, and respond to it.
If we cannot verify your identity or authority to make the request and confirm that the personal information requested relates to you, we may not be able to fulfill your request. We reserve the right to take additional steps, as necessary, to verify your identity if we have reason to believe a request is fraudulent.
Beam may retain your personal information and sensitive personal information as outlined within our internal document retention schedule. Document retention is based on regulatory timeframes as defined by state and federal laws and regulations, operational, and contractual requirements.