Highmark Health Data Protection Statement and Informed Consent for EU Data Subjects

The purpose of this Data Protection Statement is to notify you of the practices that will govern the processing of your personal data and to obtain your explicit consent for the processing of your personal data consistent with it, in particular in accordance with the legal requirements of the European Union’s (“EU”) General Data Protection Regulation (“GDPR”):

The personal data collected may include your address, city, postal code, country, phone number, email address, IP address, as well as any other personal information you choose to provide (“Personal Data”). This information will be used for purposes of performing services to, or on behalf of, our enterprise customers and prospective customers as part of and in relation to matters regarding our provider, health plan, and subsidiary enterprise care delivery, administration and operations. We will retain the information in our system in accordance with applicable law and our Data Protection Policy:https://www.highmark.com/hmk2/gdpr.shtml

Your email address and phone number may be used to contact you. All reasonably appropriate measures will be taken to prevent disclosure of your Personal Data beyond the scope provided directly or indirectly herein or as may be reasonably inferred from the content contained in this notice or the website.

Your Personal Data will be disclosed to appropriate personnel for purposes of performing services to, or on behalf of, our enterprise customers and prospective customers as part of and in relation to matters regarding our provider, health plan, and subsidiary enterprise care delivery, administration and operations. Notwithstanding the above disclosures, we will disclose the Personal Data we collect from you under the following circumstances:

We use third-party service providers to process Personal Data, including, without limitation, for information storage and other similar purposes. These services providers are located in the United States. These service providers will be bound by sufficient guarantees to implement appropriate technical and organizational measures in such a matter that their processing will meet the requirements of applicable law.

Your Personal Data will remain on file for: any period required by applicable law; and, to the extent necessary for any purpose(s) provided directly or indirectly herein or as may be reasonably inferred from the content contained in this notice or the website, but no longer than permitted by applicable law. After that, all Personal Data will be deleted or the documents with such data will be anonymized. If you have questions regarding how we process your Personal Data and what we store about you, please contact PrivacyInternational@HighmarkHealth.org or write us:

Data Protection Officer Highmark Health 120 Fifth Avenue, Suite 2114 Pittsburgh, PA 15222, USA

Consent

By agreeing to the terms and conditions set out in this Data Protection Statement, and by providing us with your Personal Data, you consent to the collection, use and disclosure of any information you provide in accordance with the above purposes and this Data Protection Statement.

You also explicitly consent to the automated decision making by us, which may include the processing of your health data, to the extent that it is necessary to process your health claim swiftly and efficiently.

Notes: This consent is given voluntarily and can be revoked at any time in writing by sending an email to PrivacyInternational@HighmarkHealth.org If you want to exert your withdrawal right or your rights to access, rectify, block, transfer or delete your personal data pursuant to the GDPR, please contact us and provide us at least with your full name, address and the data processing you are inquiring about. If you are not satisfied with our data processing you have the right to lodge a complaint to the data protection authority in your country of residence.