Privacy Policy - What Care Costs

illumifin Website Privacy POLICY

Effective Date: 12.11.2019

1. Introduction

Purpose

illumifin Corporation (“illumifin,” “we,” “our” or “us”) is committed to controlling the collection, use and disclosure of your personal information and protecting your privacy online.

This “Privacy Policy” describes the types of information we may collect from you or that you may provide when you visit this website (the “Website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it before using this Website and engaging illumifin for products and services. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using our Website, you agree to this Privacy Policy. This Privacy Policy may change from time to time. Your continued use of our Website after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.

Scope; Applicability to You

We are a third party administrator for long term care insurance products. As part of our services, our clients (typically your long term care insurance provider) may share your information with us for illumifin to perform administrative support services including, but not limited to, application processing, commission administration, provider databases, underwriting, policy administration, claims and care management, and cognitive and functional assessments. To facilitate these services, we also host web portals, on behalf of our clients to provide services related to your long term care needs. When we are collecting information from you on behalf of our clients, we will only collect, use, and otherwise process your information as directed by our clients, as set forth in our contractual agreements with such clients or as otherwise permitted by applicable law. Accordingly, this Privacy Policy does not apply to the extent we process your Personal Data (as defined below) in the role of a data processor on behalf of our clients.

To this end, if you register for an account or log in to an existing account on the Website, this Privacy Policy does not apply to any information you provide as part of the registration process or that you may provide upon or after logging in to your account, as we merely collect this information on behalf of our clients. For detailed privacy information related to our collection and use of your information on behalf of the illumifin client (the insurance carrier) who uses our products and services, please reach out to the insurance carrier directly. We are not responsible for the data security practices of our clients, which may differ from those set forth in this Privacy Policy. For more information, please also see Section 6 below.

In the event that illumifin is not acting as a data processor, and your Personal Data is not otherwise excluded as set forth above, the following information applies to how we, collect, use, and share your Personal Data.

2. Information We Collect About You and How We Collect It

Generally

We collect the following types of information from and about users of our Website (“Personal Data”), specifically information:

· by which you may be personally identified, such as name and email address;

· that is about you but individually does not identify you, such as traffic data, location, logs, referring/exit pages, date and time of your visit to our Website, error information, clickstream data, search query (keywords entered into a search engine) and other communication data and the resources that you access and use on the Website; or

· about your Internet connection, the equipment you use to access our Website and usage details.

We collect this information:

· directly from you when you provide it to us; and

· automatically as you navigate through the Website. Information collected automatically may include usage details, IP addresses, and information collected through cookies and other tracking technologies;

Information You Provide to Us

The information we collect on or through our Website is:

· information that you provide by filling in forms on our Website.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, specifically:

· details of your visits to our Website, such as traffic data, location, logs, referring/exit pages, date and time of your visit to our Website, error information, clickstream data, search query (keywords entered into a search engine) and other communication data and the resources that you access and use on the Website; and

· information about the equipment you use to access our Website, usage details and your Internet connection.

The information we collect automatically may include Personal Data, or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service to you. The technologies we use for this automatic data collection may include:

· Cookies (or browser cookies) . We and our service providers may use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with our Website through your computer or mobile device. A cookie is a small file or piece of data sent to your computer or mobile device when you visit a website. When you visit the website again, the cookie allows the website to recognize your browser. Cookies may store unique identifiers, user preferences and other information. On your computer, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.

· Google Analytics . We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”) to collect certain information relating to your use of the Website. Google Analytics uses cookies to help the Website analyze how users use the site. You can find out more about how Google uses data when you visit our Website by visiting “How Google uses data when you use our partners' sites or apps,” (located at www.google.com/policies/privacy/partners/ ). For more information regarding Google Analytics please visit Google's website, and pages that describe Google Analytics, such as www.google.com/analytics/learn/privacy.html .

No Information from Children Under the Age of 18

Our Website is not intended for children under 18 years of age. We do not knowingly collect or solicit Personal Data from children under 18. If you are under 18, do not use or provide any information on our Website including, but not limited to, your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Data from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from a child under 18, please contact us at compliance@ltcg.com.

3. How We Use Your Information

We use information that we collect about you or that you provide to us, including any Personal Data:

· to fulfill or meet the reason you provided the information;

· to provide, support, personalize, develop and improve the Website;

· to provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;

· to provide you with notices about your account and to contact you in response to a request;

· to help maintain the safety, security, quality, and integrity of our Website, databases and other technology assets, and business, including to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity, and to debug to identify and repair errors that impair existing intended functionality;

· to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;

· to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of illumifin’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by illumifin about our Website users is among the assets transferred in any other way we may describe when you provide the information; and

· for any other purpose with your consent.

4. Disclosure of Your Information

We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Policy or any applicable state-specific addenda to this Privacy Policy. However, we may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose Personal Data that we collect or you provide as described in this Privacy Policy:

· To affiliates, contractors, service providers, and other third parties we use to support our business;

· to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by illumifin about our Website users are among the assets transferred;

· to the insurance carrier who has ordered illumifin’s products or services;

· to fulfill the purpose for which you provide it;

· for any other purpose disclosed by us when you provide the information; and

· with your consent.

We may also disclose your Personal Data:

· to comply with any court order, law, or legal process, including to respond to any government or regulatory request;

· to enforce or apply our Terms of Use; and

· if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of illumifin, our clients, or others.

If you have questions or concerns about the disclosure of your personal information, or if you believe your information has been improperly disclosed by illumifin, please contact us at the contact information below.

5. Choices About How We Use and Disclose Your Information

In addition, we strive to provide you with choices regarding the Personal Data you provide to us. We have created mechanisms to provide you with control over your Personal Data:

Tracking Technologies and Advertising. Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals and we do not modify what information we collect or how we use that information based upon whether such a signal is broadcast or received by us.However, you can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

6. Your Rights Regarding Your Information and Accessing and Correcting Your Information

You may notify us at the contact information below of any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect or if we don’t maintain sufficient Personal Data to validate you.

As described above, we may also process Personal Data submitted by or for a client to our cloud products and services, including web portals. To this end, if not stated otherwise in this Privacy Policy, in any state-specific addendum to this Privacy Policy or in a separate disclosure, we process such Personal Data in the role of a mere processor on behalf of our clients (and/or its affiliates) who is the responsible controller of the Personal Data concerned. We are not responsible for and have no control over the privacy and data security practices of our clients, which may differ from those set forth in this Privacy Policy. If your data has been submitted to us by or on behalf a illumifin client and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable client directly.

7. State-Specific Privacy Rights

The law in some states may provide you with additional rights regarding our use of Personal Data. To learn more about any additional rights that may be applicable to you as a resident of one of these states, please see the privacy addendum for your state that is attached to this Privacy Policy.

Your California Rights

As of January 1, 2020, you have the additional rights described in the California Addendum if you are a California resident.

8. Security of Your Information

illumifin is committed to the security of your personal information and illumifin has policies and procedures in place to protect the privacy of your Personal Data. Personal Data shall be protected in a manner commensurate with its sensitivity and reasonable steps will be taken to secure it from accidental loss, and from unauthorized access, use, alteration and disclosure.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to the Website. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

9. Changes to Our Privacy Policy

We may change this Privacy Policy at any time. It is our policy to post any changes we make to our Privacy Policy on this page with a notice that the Privacy Policy has been updated on the Website’s home page. If we make material changes to how we treat our users’ Personal Data, we will notify you by email, if applicable, to the email address specified, or through a notice on the Website’s home page. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for periodically visiting our Website and this Privacy Policy to check for any changes.

10. Contact Information

If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy, have any requests related to your Personal Data pursuant to applicable laws, or otherwise need to contact us, you may do so by emailing compliance@ltcg.com, or writing to us at:

illumifin Corporation

Attn: Privacy Officer

11000 Prairie Lakes Drive, Suite 600

Eden Prairie, MN 55344

illumifin CALIFORNIA ADDENDUM TO PRIVACY POLICY

Effective Date: January 1, 2020

This Privacy Addendum for California Residents (the “ California Addendum ”) supplements the information contained in illumifin Corporation’s (“illumifin,” “we,” “our,” or “us”) Privacy Policy aboveand applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this California Addendum to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and, unless defined in this California Addendum or the Privacy Policy, any terms defined in the CCPA have the same meaning when used in this California Addendum. If you are a California resident with disabilities, and need to be provided with an accessible version of this California Addendum, please contact us at the information below.

Applicability

Generally, illumifin acts as a service provider (as defined by the CCPA) and assists insurance carriers by acting as a third party administrator for long-term care insurance products. As part of our services, our clients (typically your long term care insurance provider) may share your information with us for illumifin to perform administrative support services including, but not limited to, application processing, commission administration, provider databases, underwriting, policy administration, claims and care management, and cognitive and functional assessments. To facilitate these services, we also host web portals, such as this Website, on behalf of our clients to provide services to you related to your long term care needs.

To this end, if not stated otherwise in this California Addendum, our Privacy Policy above, or in a separate disclosure, we process your CCPA Covered Personal Information (as defined below) in the role of a mere service provider on behalf of our clients (and/or its affiliates) who is the responsible business for your CCPA Covered Personal Information. When acting as a service provider, we will only collect, use, and otherwise process your CCPA Covered Personal Information as directed by our clients, as set forth in our contractual agreements with such clients and as otherwise permitted by the CCPA and applicable law. If your data has been submitted to us by or on behalf of our client and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable client directly (i.e., the insurance carrier you purchased or sold a policy through).

For detailed privacy information related to our collection and use of your data on behalf of the illumifin client (the insurance carrier you purchased or sold a policy through) who uses our products and services, please reach out to the insurance carrier directly. We are not responsible for and have no control over the privacy and data security practices of our clients, which may differ from those set forth in our Privacy Policy and California Addendum.

In the event that we are not acting as a service provider, and your CCPA Covered Personal Information is not otherwise excluded as set forth above, the following information applies to how we, collect, use, and share your CCPA Covered Personal Information.

Further, this California Addendum does not apply to information or organizations excluded from the CCPA’s scope, including:

· Medical information governed by the California Confidentiality of Medical Information Act (CMIA), protected health information collected by a covered entity or business associate governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), or a provider of health care governed by the CMIA or covered entity governed by HIPAA to the extent the provider or covered entity maintains patient information in the same manner as medical information or protected health information under the CMIA or HIPAA, respectively;

· Publicly available information from government records;

· Deidentified or aggregated consumer information; and

· Other exclusions as set forth under applicable California law.

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“ CCPA Covered Personal Information ” or “ personal information ”). In particular, this website(the “Website”), has collected the following categories of personal information from consumers within the last twelve (12) months:

Category	Examples	Collected
A. Identifiers.	A real name, online identifier, Internet Protocol address, or other similar identifiers.	YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name. *Note: Personal information included in this category may overlap with other categories.	YES
C. Internet or other similar network activity.	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	YES

illumifin obtains the categories of personal information listed above from the following categories of sources:

· We collect Category A and B directly from you when you provide it to us. For example, from forms or applications you complete.

· We collect Category A and C indirectly from you. For example, from observing your actions on our Website.

Use of Personal Information

We have used or disclosed all the above categories of personal information we collect for one or more of the following business purposes:

· To fulfill or meet the reason you provided the information.

· To provide, support, personalize, and develop our Website, products, and services.

· To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.

· To help maintain the safety, security, quality, and integrity of our Website, products and services, databases and other technology assets, and business, including to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity, and to debug to identify and repair errors that impair existing intended functionality.

· For testing, research, analysis, and product development and demonstration, including to develop and improve our Website, products, and services.

· To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

· To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of illumifin’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by illumifin about our Website users is among the assets transferred.

· As described to you when collecting your personal information or as otherwise set forth in the CCPA.

illumifin will not collect additional categories of personal information or use the personal information we collected for additional purposes without providing you notice.

Sharing Personal Information

Disclosures of Personal Information for a Business Purpose

In the past twelve months, illumifin has disclosed identifiers and internet or other similar network activity to its affiliates, contractors service providers or other third parties we use to support our business.

Sales of Personal Information

illumifin does not sell consumers’ personal information and has not sold consumers’ personal information in the preceding twelve (12) months.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that illumifin disclose certain information to you about our collection of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights ), we will disclose to you:

· The categories of personal information we collected about you.

· The categories of sources for the personal information we collected about you.

· Our business or commercial purpose for collecting or selling that personal information.

· The categories of third parties with whom we share that personal information.

· The specific pieces of personal information we collected about you (also called a data portability request).

· If we disclosed your personal information for a business purpose, two separate lists disclosing:

· sales, identifying the personal information categories that each category of recipient purchased; and

· disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that illumifin delete any of your personal information that we have collected or maintained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights ), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.

2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

3. Debug products to identify and repair errors that impair existing intended functionality.

4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).

6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.

7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

8. Comply with a legal obligation.

9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

· Emailing compliance@ltcg.com .

· Mailing a request to: illumifin Corporation

Attn: Privacy Officer

11000 Prairie Lakes Drive, Suite 600

Eden Prairie, MN 55344

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf (an “Authorized Agent”), may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

Please note that illumifin is not obligated to provide information to a consumer in response to a request more than twice in a twelve (12) month period. The verifiable consumer request must:

· Provide sufficient information (first name, last name and address) that allows us to reasonably verify you are the person about whom we collected personal information or an Authorized Agent. Before completing your request to exercise the below, we will verify that the request came from you by validating your first name, last name and address.

· Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We are unable to fulfill your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. With few exceptions, we will only review and fulfill a request from your Authorized Agent if (a) you grant the Authorized Agent written permission to make a request on your behalf, (b) you or the Authorized Agent provides us notice of that written permission, and (c) we are able to verify your identity in connection with that notice and the request.

Making a verifiable consumer request does not require you to create an account with us.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the twelve (12) month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

· Deny you goods or services.

· Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

· Provide you a different level or quality of goods or services.

· Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Changes to Our Privacy California Addendum

illumifin reserves the right to amend this California Addendum at our discretion and at any time. When we make changes to this California Addendum, we will post the updated California Addendum on the Website and update the California Addendum’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes .

Contact Information

If you have any questions or comments about this California Addendum, the ways in which illumifin collects and uses your information described below, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Email: compliance@ltcg.com

Mailing Address:illumifin Corporation

Attn: Privacy Officer

11000 Prairie Lakes Drive, Suite 600

Eden Prairie, MN 55344