Alert icon BSM Consulting is excited to announce we have partnered with VMG Health as of 5/1/23. Click here to read press release.

California Privacy Policy

NOTE:  IF YOU ARE NOT A CALIFORNIA CONSUMER, THIS POLICY DOES NOT APPLY TO YOU. Instead please refer to BSM  United States Website Privacy Statement .

California Privacy Policy (Privacy Notice)

Effective Date: January 1, 2020

What is the scope of this Privacy Notice?

The California Consumer Privacy Act of 2018 (CCPA) gives certain consumers that reside in California (“California Consumers”) the right to know what categories of Personal Information BSM plc, including our affiliated entities (referred to collectively as “BSM,” “we,” “our,” or “us”), collects about them and how and for what purposes we use and share that information.

This California Privacy Policy (“Privacy Notice”) provides the information required under the CCPA and applies to both BSM online and offline activities relating to California Consumers’ Personal Information.  This Privacy Notice supplements BSM  United States Website Privacy Statement .

As used in this Privacy Notice, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. Personal Information includes, but is not limited to, the categories of Personal Information identified below if such information identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular individual or household.

What Personal Information may we collect, use and share about you and for what purposes? 

If you are a California Consumer, the following table details what Personal Information we collect, use and share about you:

Categories of Personal Information Collected –

we may collect these types of information:

Source(s) of Personal Information –

Entities or individuals we may collect this information from:

Representative Data Elements –

may include:

Purpose(s) for Collecting –

how we could use this information:



Categories of Third Parties –

we may share or disclose this information to:

Contact Information

 

  • You
  • Your authorized representatives, family members, caregivers
  • Third parties, such as data aggregators that help us complete and enhance our records, entities that maintain the accuracy of our data, provide patient assistance and reimbursement and program enrollment services, provide payment and fulfillment services, perform identity validation, marketing and analytics services
  • Health Care Providers, including doctors and pharmacies
  • Health Insurance companies
  • Registration data
  • Full name, nicknames or previous names (such as maiden names)
  • Honorifics and titles, preferred form of address
  • Mailing address
  • Email address
  • Telephone number
  • Mobile number
  • Contact information for related persons, such as authorized users of your account

 

  • To identify you and communicate with you
  • To send transactional messages (such as account statements or confirmations)
  • To send marketing and promotional communications
  • To personalize our communications and provide customer service
  • To process payments, conduct points and loyalty programs, reimbursement services
  • To undertake data hygiene and management activities
  • For market research purposes
  • For our Everyday Business Purposes
  • Our affiliates
  • Our Service Providers
  • Where you have initiated the transaction or agreed, we may share with Health Care Providers, including doctors and pharmacies and with Health Insurance companies; where you have consented or directed, withsocial media companies, such as Facebook who may use the data to deliver ads on their platform and for their own secondary uses,
  • Third parties who deliver our communications, such as the postal service and couriers
  • Other third parties (including government agencies) as required by law

Government-issued identification information numbers

  • You
  • Third parties, such as consumer and credit reporting agencies, which verify the information you provided
  • Social security number
  • Driver’s license number
  • Passport number
  • Other government-issued identifiers as may be needed for compliance or given the nature of the relationship
  • To identify you
  • To maintain the integrity of our records
  • For customer verification, credit and reference checks
  • For security and risk management, fraud prevention and similar purposes
  • For market research purposes
  • For our Everyday Business Purposes
  • Our affiliates
  • Our Service Providers
  • Third parties, including Consumer reporting agencies
  • Our lawyers, auditors, consultants
  • Other third parties as required by law

Biometric identifiers

  • You, when you enroll in our biometric identity program
  • Data collection devices in our facilities when you use them after enrolling
  • Biometric identifier, including facial recognition data, voiceprint, fingerprint
  • Mathematical representation of your biometric identifier, such as the template maintained for comparison
  • To identify and authenticate you
  • For security and similar purposes such as tracking access in our facilities.
  • For market research purposes
  • Our affiliates
  • Our Service Providers
  • Third parties who assist with fraud prevention, detection and mitigation
  • Our lawyers, auditors and consultants
  • Other third parties as required by law

Unique Identifiers

We assign an BSM number to you when you open an account and/or join our rewards programs.

  • You, when you interact with us using your BSM number
  • Third parties, such as when you redeem rewards or participate in a joint promotion
  • Third parties, such as ad delivery companies who place cookies containing advertising IDs on your devices for us
  • BSM ID number, including customer number, account number, subscription number, rewards program number etc.
  • System identifiers (e.g., usernames or online credentials)
  • Device identifier
  • Advertising ID
  • Online User ID
  • To identify you or your device, including to associate you with different devices that you may use
  • For record-keeping and reporting, including for data matching
  • For metrics and analytics,
  • To track your use of products, services, websites, including for ad delivery and personalization
  • For market research purposes
  • To send marketing and promotional communications
  • For our Everyday Business Purposes.
  • Our affiliates
  • Our Service Providers
  • Third parties who assist with fraud prevention, detection and mitigation
  • Our lawyers, auditors and consultants
  • Other third parties as required by law

Relationship Information

  • You
  • Third parties that provide access to information you make publicly available, such as social media
  • Service Providers and Third Parties that provide information that helps us understand our customers, including data aggregators, Customer Relationship Management (CRM) platform entities, Direct marketing agencies, and public records providers.
  • We may also infer information about you based on information that you have given us and your past interactions with us and other companies.
  • Personal characteristic and preferences, such as your age range, martial and family status, shopping preferences, languages spoken
  • Loyalty and rewards program data
  • Household demographic data, including from real estate records and census data
  • Data from social media profiles, such as Facebook, Twitter, LinkedIn and similar platforms
  • Education information
  • Professional information
  • Hobbies and interests
  • Preferences for being contacted
  • Propensity scores obtained from third parties, such as likelihood that you may be interested in certain purchases or experiencing life events
  • To better understand you and to understand our customers generally
  • To design, develop, market, sell, and/or improve our products, services, and programs, including loyalty programs
  • To send marketing and promotional communications
  • To identify prospective customers
  • For market research purposes
  • For internal business purposes, such as quality control, training and analytics
  • For our Everyday Business Purposes
  • Our affiliates
  • Our Service Providers
  • Third parties with whom we have joint marketing and similar arrangements where you have initiated or agreed
  • Our lawyers, auditors and consultants
  • Other third parties as required by law

 

Transaction and Interaction Information

 

  • You
  • Third parties that process transactions for us, such as resellers and sales agents

 

  • Customer account information, qualification data, purchase history and related records (returns, product service records, records of payments, credits etc .)
  • Marketing and ad campaign data and history
  • Records related to downloads and purchases of products applications, including website and app usage and records relating to in-app purchases
  • Patient engagement and support data
  • Non-biometric data collected for consumer authentication (passwords, account security questions)
  • Customer service records
  • Visitor logs
  • To fulfill our business relationship with you, including customer service
    • For recordkeeping and compliance, including dispute resolution
  • To design, develop, market, sell, and/or improve our products, services, and programs, including loyalty programs
  • For market research purposes
  • To send marketing and promotional communications
  • For internal business purposes, such as finance, quality control, training, , reporting and analytics
  • For risk management, fraud prevention and similar purpose
  • For our Everyday Business Purposes
  • Our affiliates
  • Our Service Providers
  • Third parties with whom we have joint marketing and similar arrangements where you have initiated or agreed
  • Third parties as needed to complete the transaction you initiated or agreed to, including delivery companies, agents and manufacturers
  • Our lawyers, auditors and consultants
  • Customers, in connection with their audits of BSM
  • Other third parties as required by law

Inferred and Derived Information

  • We create inferred and derived data elements by analyzing our relationship and transactional information.
  • Propensities, attributes and/or scores generated by internal analytics programs and used for marketing and advertising
  • Propensities, attributes and/or scores generated by internal analytics programs and used for information security and fraud purposes

We combine inferred data with other relationship information and use this type of information:

  • To better understand you and to understand our customers generally
  • To design, develop, market, sell, and/or improve our products, services, and programs, including loyalty programs
  • To identify prospective customers
  • For market research purposes
  • For internal business purposes, such as quality control, training and analytics
  • For our Everyday Business Purposes
  • Our affiliates
  • Our Service Providers
  • Third parties with whom we have joint marketing arrangements where you have initiated or agreed
  • Our lawyers, auditors and consultants
  • Other third parties as required by law

Online & Technical Information

  • You and from your computer or devices when you interact with our platforms, websites and applications. For example, when you visit our websites, our server logs record your IP address and other information.
  • Automatically, via technologies such as cookies, web beacons, when you visit our website or other websites.
  • Third parties, including computer security services and third party advertising network companies and Social Media and CRM platform partners
  • We also associate information with you using unique identifiers collected from your devices or browsers.

 

  • IP Address
  • MAC Address, SSIDs or other device identifiers or persistent identifiers
  • Password
  • Device characteristics (such as browser information)
  • Web Server Logs
  • Application Logs
  • Browsing Data
  • Viewing Data (TV, Streaming)
  • First Party Cookies
  • Third Party Cookies, including Ad IDs
  • Flash Cookies
  • Silverlight Cookies

    Web beacons, clear gifs and pixel tags

  • Preference Management including Opt-in and Opt-out management
  • For system administration, technology management, including optimizing our websites and applications and data analytics
  • For information security and cybersecurity purposes, including detecting threats
  • For recordkeeping, including logs and records that maintained as part of Transaction Information
  • To design, develop, and/or improve our products, services, and programs, including loyalty programs
  • To better understand our customers and prospective customers and to enhance our Relationship Information, including by associating you with different devices and browsers that they may use
  • When you consent through our cookie banner, for online targeting and advertising purposes where our advertisements are placed on other websites when you visit them
  • For market research purposes
  • For our Everyday Business Purposes
  • Our affiliates
  • Our Service Providers
  • Third parties who assist with our information technology and security programs, including companies such as network security services who retain information on malware threats detected
  • Third parties who assist with fraud prevention, detection and mitigation
  • When you consent through our cookie consent banner, to third party network advertising partners who may in turn disclose to additional advertising providers
  • When you consent through our cookie consent banner, to Social Media platform companies
  • Our lawyers, auditors and consultants
  • Other third parties as required by law

Audio Visual Information

 

 

  • You
  • Automatically, such as when we record calls to our call center and use CCTV cameras in our facilities.
  • Third parties that provide access to information you make publicly available, such as social media

 

  • Photographs
  • Video images,
  • CCTV recordings
  • Call center recordings and call monitoring records
  • Voicemails
  • For internal business purposes, such as call recordings used for training, coaching or quality control
  • For relationship purposes, such as use of photos and videos for social media purposes
  • For market research purposes
  • For premises security purposes and loss prevention
  • For our Everyday Business Purposes
  • Our affiliates
  • Our Service Providers
  • Our lawyers, auditors and consultants
  • Other third parties as required by law

Financial information

  • You
  • Payment processors and other financial institutions
  • Consumer reporting agencies
  • Third parties that provide security and fraud prevention services
  • We may infer financial information (such as credit risk) about you based on your existing account status and lifestyle factors.
  • Bank account number and details (if you use automated payments)
  • Payment card information
  • Credit reports, credit scores

Financial information is maintained in our transaction data. We use this type of information:

  • To fulfill our business relationship with you, including processing payments, issuing refunds and collections
  • For recordkeeping and compliance, including dispute resolution
  • For internal business purposes, such as finance, audits, training, reporting and analytics
  • For risk management, fraud prevention and similar purpose
  • For our Everyday Business Purposes
  • Our affiliates
  • Our Service Providers
  • Payment processors, financial institutions and others as needed to complete the transactions you initiate or agree to and for authentication, security and fraud prevention
  • Our lawyers, auditors and consultants
  • Customers, in connection with their audits of BSM
  • Consumer reporting agencies
  • Other third parties as required by law

Health and Other Sensitive Information

 

 

  • You
  • Healthcare providers
  • Health insurance companies
  • Third parties that provide occupational health consulting and similar services to us
  • We may infer health information about you based on other information, including and lifestyle factors.
  • Information about physical or mental health, disease state, medical history or medical treatment or diagnosis, medicines taken
  • Name/Contact of a patient’s healthcare providers
  • General disease or product interest
  • Health insurance company
  • Insurance account number
  • Information on payment for healthcare services (EOB forms, HSA statements. claims data, claims assistance records)
  • Health plan beneficiary names/numbers
  • Information needed to accommodate disabilities
  • Information about workplace accidents and occupational safety

Heath information is maintained in our transaction data. We use this type of information:

  • To fulfill our business relationship with you, including to provide you information
  • To design, develop, market, sell, and/or improve our products, services, and programs, including loyalty programs
  • For market research purposes
  • For recordkeeping and compliance, including dispute resolution
  • For internal business purposes, such as finance, audits, training, reporting and analytics
  • For risk management, fraud prevention and similar purpose
  • For our Everyday Business Purposes
  • Our affiliates
  • Our Service Providers
  • Healthcare providers, health insurance companies and others as needed to provide the contemplated services or transactions involving the data, such as for processing health care payments
  • Our lawyers, auditors and consultants.
  • Other third parties as permitted by HIPAA and/or CMIA for treatment, payment and authorization
  • Other third parties as required by law

IoT and Sensor data

  • We collect this type of information automatically when you use our internet-enabled products.
  • Smart device records
  • IoT products
  • Vehicle onboard device records
  • Product/Device generated data
  • To enable product functionality
  • For internal business purposes, such product development, security, and quality control
  • To design, develop, market, sell, and/or improve our products, services, and programs, including loyalty programs

 

  • For relationship purposes, including analytics regarding product usage
  • For market research purposes
  • For our Everyday Business Purposes
  • Our affiliates
  • Our Service Providers
  • Third parties who assist with our information technology and security programs, including network security services and cybersecurity consortia
  • Third parties who assist with fraud prevention, detection and mitigation
  • Third parties as needed to complete the transactions you initiate or agree to
  • Where you consent through our online cookie banner, third party network advertising partners
  • Our lawyers, auditors and consultants
  • Other third parties as required by law

Geolocation data

We collect this type of information automatically from your mobile device.

  • Precise location
  • Provide the information, products or services requested
  • For information security and fraud prevention
  • For our Everyday Business Purposes
  • Our affiliates
  • Our Service Providers
  • Third parties who assist with fraud prevention, detection and mitigation
  • Our lawyers, auditors and consultants
  • Other third parties as required by law

Children’s data

We do not collect personal information directly from children under 16. We receive children’s data from parents and guardians.

  • Child’s name
  • Product usage data
  • Provide the information, products or services requested by the child or by the child’s parent or guardian
  • For market research purposes
  • For our Everyday Business Purposes
  • Our affiliates
  • Our Service Providers
  • Other third parties as required by law

Compliance data

  • You
  • Third parties, including companies that help us conduct internal investigations
  • Third parties, such as consumer reporting agencies and data aggregators who conduct background screening for us
  • Compliance program data, including customer screening records, and other record maintained to demonstrate compliance with applicable laws, such as tax laws, ADA
  • Patient registries and device tracking
  • Occupational and environmental safety records
  • Records relating to complaints and internal investigations, including compliance hotline reports, legal requests
  • Records of privacy and security incidents involving HR records, including any security breach notifications

 

  • To comply with and demonstrate compliance with applicable laws
  • For legal matters, including litigation and regulatory matters, including for use in connection with civil, criminal, administrative, or arbitral proceedings, before regulatory or self-regulatory bodies, including service of process, investigations in anticipation of litigation, execution or enforcement of judgments and orders
  • For internal business purposes, such as risk management, audit, internal investigations, reporting, analytics
  • For our Everyday Business Purposes
  • Our affiliates
  • Our Service Providers
  • Our lawyers, auditors and consultants.
  • Customers, in connection with their audits of BSM
  • Other third parties (including government agencies, courts and opposing law firms, consultants, process servers and parties to litigation) in connection with legal matters

Everyday Business Purposes encompasses the Business Purposes (as defined in the CCPA) and the following related purposes for which personal information may be used:

  • To provide the information, product or service requested by the individual or as reasonably expected given the context in which with the personal information was collected (such customer credentialing, providing customer service, personalization and preference management, providing product updates, bug fixes or recalls, and dispute resolution)
  • For identity and credential management, including identity verification and authentication, system and technology administration
  • To protect the security and integrity of systems, networks, applications and data, including detecting, analyzing and resolving security threats, and collaborating with cybersecurity centers, consortia and law enforcement about imminent threats
  • For fraud detection and prevention
  • For legal and regulatory compliance, including all uses and disclosures of personal information that are required by law or for reasonably needed for compliance with company policies and procedures, such as anti-money laundering programs, security and incident response programs, intellectual property protection programs, and corporate ethics and compliance hotlines, as well as for compliance with civil, criminal, judicial, or regulatory inquiries, investigations, subpoenas, or summons.
  • To exercise or defend the legal rights of BSM and its employees, affiliates, customers, contractors, and agents.
  • To comply with applicable tax, health and safety, anti-discrimination, immigration, labor and employment, and social welfare laws.
  • For corporate audit, analysis and reporting,
  • To enforce our contracts and to protect against injury, theft, legal liability, fraud or abuse, to protect people or property, including physical security programs
  • To de-identify the data or create aggregated datasets, such as for consolidating reporting, research or analytics,
  • To make back-up copies for business continuity and disaster recovery purposes, and
  • For corporate governance, including mergers, acquisitions and divestitures.


Targeted Advertising Disclosure – When You Consent to the Cookie Consent

We use third party advertising companies to place our ads on other websites. One way we do so is by allowing network advertising companies and social media  (“Network Advertisers”) with whom we work to place their own cookies on the browser of an individual who visits one or more of our sites and who clicks “accept” on the cookie consent banner on the site. This enables these Network Advertisers to place a cookie on your computer and to receive information (including for example your IP Address, internet tracking data, and advertising IDs) from that cookie that may include information about your visits to this and other websites.  This data received by Network Advertisers allows them to measure advertising effectiveness and to provide advertisements on other websites about our goods and services that are tailored to you and that may be of interest to you on these other websites.  These Network Advertisers may in turn disclose your cookie data to other network advertisers to allow these advertisers to display ads to you as well.  Under CCPA these additional disclosures may be considered a sale of personal information

To revoke your consent or opt-out after you have consented to the cookie consent banner, or to manage your cookie preferences, you can delete the cookies on your browser or use the cookie settings on your browser.   All browsers are different, so visit the “Help” section of your browser to learn how to delete the cookies we set in your browser, including the cookie consent, and about cookie preferences and other privacy settings that may be available.  You can opt-out of receiving targeted advertising from Network Advertisers by clicking the “Ad Options” icon on the advertisements or by going to  www.networkadvertising.org .  In addition, the Digital Advertising Alliance maintains a web site where consumers can opt out from receiving interest-based advertising from some or all of the network advertising companies participating in the program ( www.AboutAds.info/choices ).

You can read more about our general advertising and cookie practices in our  United States Website Privacy Statement .

Does BSM “Sell” Your Personal Information?

BSM does not sell Personal Information of California Consumers and will not sell this information unless we modify this Privacy Notice and take the additional steps required under the CCPA.

What are your rights?

If you are a California Consumer you have certain rights with respect to BSM use and disclosure of your Personal Information:

  • Right of Access | Right to Notice.
    You have the right to request from us: 
    • the categories of Personal Information we have collected about you, the categories of sources from which the Personal Information is collected, the business purpose or commercial purpose for collecting the Personal Information, the categories of third parties with whom we share Personal Information, the categories of Personal Information we have shared and the reasons we shared it.
    • a copy of the specific pieces of Personal Information we have collected about you in the preceding 12 months.
  • Right to Deletion
    You have the right to request that BSM delete the Personal Information we collect from you.  However, in certain situations we are not required to delete your Personal Information, such as when the information is necessary in order to complete the transaction for which the Personal Information was collected, to provide a good or service requested by you, to comply with a legal obligation, to engage in research, to secure our websites or other online services, or to otherwise use your personal information internally in a lawful manner that is compatible with the context in which you provided the information.
  • Right Not to Be Subject to Discrimination .

Should you exercise any of your privacy rights as a California Consumer, we will not discriminate against you by offering you different pricing or products, or by providing you with a different level or quality of services, based solely upon your request.  However, in some circumstances, for example where you have requested or consented to our services that use your Personal Information to provide the service, we may not be able to provide a service if you choose to delete your Personal Information.

To exercise any of these rights, or to designate an agent or authorized representative to act on your behalf, you can contact us through our designated CCPA processes by calling us at 1-800-344-1659 or by going to our  CCPA Data Subject Rights Management System  to submit an electronic form.  When you submit a Data Subject Rights request through one of these designated methods, we will use the information you submit and the information we have in our systems (or through the systems of our Service Provider if we use a Service Provider) to try to verify your identity and to match the personal information we have collected about you, if any, to your identity.  If we are successful in validating your identity, we will respond to your request within the time and in the manner required by CCPA. If we cannot validate your identity, we will attempt to contact you to inform you of this issue. 

How do you contact us if you have any questions or concerns?

If you have any questions regarding this Notice, you can contact BSM US Privacy Office at  IR-USLPO@bsm.com .  Please submit all data subject rights requests through our designated methods either by going to our  CCPA Data Subject Rights Management System  or by calling us at 1-800-344-1659.

This Privacy Notice was last updated January 1, 2020.

Accept Deny