At B & B Benefits (“we”, “us”, “our”) we want you to feel comfortable on our website and not have to worry about the security of your data. That is why data protection is an important part of our philosophy.
In this Privacy Policy you will find all the information about which PII we collect and process and for what purpose. You will also find out what rights you have and how you can assert them.
In addition, we take all reasonable steps to keep the use or disclosure of protected health information to an absolute minimum in order to provide the promised services. As such we work hard so that our services meet or exceed industry standards with respect to the U.S. Health Insurance Portability and Accountability Act ("HIPAA") of 1996. For further information on our Practices in regard to your protected health information, please refer to our HIPAA Statement.
The Data Controller Responsible for the collection and processing of your PII is B & B Benefits of 8101 Perry Hwy, Suite 105, Pittsburgh, PA 15237 hereinafter “B & B Benefits”, “we”, “us”, or “our”). Please read this Privacy Policy together with our Cookie Policy and contact us using our Contact Form, or call (412) 366-6334 or write to us at the above address, if you have any questions.
What law applies? We recognize the current lack of consistent and comprehensive Federal and Pennsylvania State Privacy legislation and have as such voluntarily adopted the current gold standard deriving from the EU`s General Data Protection Regulation (“GDPR”). Thus, we act as the data controller in accordance with the GDPR. Whilst it is expected that current legislative uncertainty is to be resolved in due course, we would like to ask you to regularly check this policy for any changes.
What is Personal Identifiable Information (PII)? According to the GDPR, PII are "any information relating to an identified or identifiable natural person. This is, for example, name or address data, telephone number, mobile number, bank details or insurance number.
General information on data processing All PII that we obtain from you via the website will be processed for the purposes described in more detail below. This is done within the framework of the GDPR or with your consent. And of course, only when data processing is permitted and if:
you have given your consent,
the data is necessary for the fulfillment of a contract / pre-contractual measures,
the data is necessary for the fulfillment of a legal obligation or
the data is necessary to protect the legitimate interests of our company, provided that your interests are not overridden.
We process and store your PII only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period (in particular commercial and tax law) exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.
What data does B & B Benefits process? B & B Benefits offers you a wide range of services and in the process, various data are always collected. Most of the data we process is provided by you when you use our services or contact us.
Further, we also automatically collect technical device and access data that occur during your interaction with our website. And we collect further data through website analyses in order, for example, to optimize our offers for you personally (e.g., to optimize our offers for you).
a) Log files, Cookies and Analytical data Even if you do not log in or register on our website, but simply browse our website, data is collected and stored and processed by us. Specifically, this requires the IP address of your computer, Date and time of access, Name and URL of the accessed file, Browser used, number of bytes transferred, Status of the page retrieval, Session ID, Referrer URL.
b) Contacting us You can easily contact us via our contact form, e-mail, or phone. In this case, we store and process the following data from you: Name, e-mail address, telephone number as well as other PII that you provide when contacting us.
This data is collected and processed exclusively for the purpose of contacting you and processing your request and then deleted, provided there is no legal obligation to retain it. The legal bases for processing are contract and our legitimate interest.
c) Processing of PII when using our services PII will be collected, processed, or used in connection with the services offered. This is always done in compliance with the provisions of the GDPR and HIPAA. Insofar as we use your PII for a purpose that requires your consent according to the legal provisions, we will always ask for your express consent.
Some of the data you choose to provide may be considered non-PII and/or “sensitive”, for example your financial data. By choosing to provide this data, you consent to our processing of that data. We ask you not to provide us with any such information from the outset.
d) Administration, financial accounting, office organization, contact management We process data in the context of administrative tasks as well as organization of our operations, financial accounting, payment, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services (see sections b, and c above).
The processing bases are contract and our legitimate interest and in individual cases your consent. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the data mentioned in these processing activities mentioned above. In this context, we disclose or transfer data to other members in our global offices if so required, the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers.
e) Data management and customer support For optimal customer support, we use first name, last name, e-mail address, and the data related to your contract with us. Your data will be stored on our website and or our customer relationship management systems provided by AgencyBloc and GoGuru ("CRM system"). This data processing is based on our legitimate interest in providing our service.
Transfer of Personal data We will not disclose or otherwise distribute your Personal data to third parties unless this is necessary for the performance of our services, you have consented to the disclosure, or the disclosure of data is permitted by relevant legal provisions.
However, we are entitled to outsource the processing of your Personal data in whole or in part to external service providers acting as processors for us within the framework of the GDPR and HIPAA. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services as indicated above, as well as the implementation and fulfillment of reporting obligations.
The service providers commissioned by us process your data exclusively in accordance with our instructions. We remain responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organizational measures, and additional controls by us.
Personal data may also be disclosed to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfill our legitimate interests.
Recipients outside the USA We may transfer your PII to other companies and/or business partners as necessary for the purposes described in this Privacy Policy. In doing so, your PII may be transferred to countries outside the USA. In order to provide adequate protection for your PII when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organizational measures to protect the PII we transfer.
How is my data protected? We want you to feel and be safe on our website. Therefore, we take various measures to meet both the legal requirements and our own very high standards of data protection and data security.
B & B Benefits takes the protection of your PII seriously. All data is handled and processed in accordance with the GDPR and HIPAA, which ensures the highest standards of data protection.
Our data processing is subject to the principle that we only process the PII that is necessary for the sensible and economic use of our offer. In doing so, we take great care to ensure that your privacy and the confidentiality of all PII are always guaranteed.
All transmitted data is protected by TLS encryption. Transport Layer Security (TLS) is a protocol used to ensure secure data transmission on the Internet. The public-private key procedure is used here. This means that data encrypted with a publicly accessible key can only be decrypted again with a separate private key.
B & B Benefits uses technical and organizational security measures (TOMs) throughout the company to protect the data we manage from you against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. For example, we regularly train all employees on current IT security topics.
Duration of data storage We store PII on our secure server and only for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 6 years, irrespective of the processing purposes.
Marketing Insofar as you have also given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.
Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out.
Your GDPR Rights You may rely on the following rights:
the right to information,
the right to rectification,
the right to erasure,
the right to restriction of data processing,
the right to data portability,
the right to object to data processing,
the right to revoke any consent you have given, and
Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.
Your HIPPA Rights When it comes to your health information, you have additional rights. To exercise any of these rights, contact us at the contact information listed above.
In particular:
You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you.
You can ask us to correct health information about you that you think is incorrect or incomplete.
You can ask us to contact you in a specific way (for example, home or office phone) or at a specific location (for example, to send mail to a different address).
You can tell us your choices about what we share.
You can ask us to limit what we use or share
You can get a list of those with whom we have shared information
You can get a copy of this Notice
You can choose someone to act for you
You can file a complaint if you feel your rights are violated
We encourage you to contact us if you have any information requests, requests for information or objections about data processing or concerns. However, you also have the right to file a complaint with your local supervisory authority. However, we would appreciate it if you would contact us with your concern before turning to a supervisory authority.
Updating your information If you believe that the information, we hold about you is inaccurate or request its rectification, deletion, or object to its processing, please do so by contacting us.
Withdrawing your consent You can withdraw consents you have given at any time by contacting us.
Access Request In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any PII or to make a correction requested by you, we will tell you why.
PII and children Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose PII from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.
Welcome to B & B Benefits and our website at www.bb-benefits.com operated by B & B Benefits 8101 Perry Hwy, Suite 105, Pittsburgh, PA 15237 acting as the Data Controller.
Below you will find more information about cookies, what they are cookies, which cookies do we use, what is our purpose for using them and how to block or delete cookies.
What is a cookie? Cookies are text files containing small amounts of information that are downloaded to your device when you visit a website. Cookies are then sent to the original website or to another website that recognizes this cookie on each subsequent visit. Cookies are useful because they allow a website to recognise a user's device.
There are two types of cookies. One type of cookie stores a file on your device for an extended period of time and is used, for example, for functions that describe what information has been added since you last visited our website.
A second type of cookie is a so-called "session cookie". A session cookie is temporarily stored on your computer while you are visiting our website.
Session cookies are not stored on your computer for a longer period of time but are deleted immediately when you close your internet browser. You can find more information about cookies at www.allaboutcookies.org.
What do we use cookies for? We use cookies to improve the functionality of our website. For example, cookies help authenticate the user, information can be stored in a cookie so that the user can enter and leave the website without having to enter the same information over and over again. Cookies are also used to help you store certain information on the website, such as text entries in forms etc. They are also used to collect anonymous statistics about user behavior so that we can make better use of the website.
Cookies used on our website We have divided our cookies and third-party cookies into five categories:
Technically Necessary Cookies
These cookies are necessary for good website functionality and cannot be turned off in our systems. They are usually only set based on your behavior in relation to selected features, such as choosing your privacy settings, logging in or filling in forms. You can set your browser to block these cookies or to alert you to them. However, this will cause some parts of the website to stop working. These cookies do not store any personal data.
Performance cookies
Performance cookies allow us to count visits and entry pages, which is an important source of information for improving our website. They help us to know which pages are most and least popular and to see how visitors move around the site. All the information these cookies collect is aggregated and is anonymous. If you do not agree to these cookies, we will not know when you have visited our website and will not be able to monitor the performance of our website.
Functional cookies
Functional cookies enable the website to offer improved functionality and personalization. They may be set by us or by third parties whose services we have added to our pages. If you do not allow these cookies, some or all of these services may not work properly. Third party service providers may process your information, including personal data, when these cookies are enabled.
Marketing cookies
Targeted cookies may be set through our website by our advertising partners. They may be used by these companies to profile your interests and show you relevant advertising on other websites. They are based on the unique identification of your browser type and the type of internet device you are using. If you do not allow these cookies, you will receive less targeted advertising.
Social media cookies
Social media cookies are set by a number of social media services that we have added to the website to enable you to share our content with your friends and networks. They are able to track your browser on other websites and build a profile of your interests. This may affect the content and messages you see on other websites you visit. If you do not agree to these cookies, you may not be able to use or see these sharing features.
Duration and quantity We only set the duration for our own cookies; third party cookies are set by the third-party providers. Please visit the websites of the external providers and read their cookie policies to find out more.
How to block and/or delete cookies If you do not wish to accept cookies, you can also change your web browser settings (Google Chrome,Mozilla Firefox,Microsoft Internet Edge, Opera,Safari) to automatically block the storage of cookies or to inform you when a website wishes to store cookies on your device.