Noridian Privacy Policy

PRIVACY POLICY

Policy effective and last reviewed December 29, 2022

Noridian Healthcare Solutions (“Noridian,” “we,” or “us”) understands that privacy is important to you and values your trust. This Privacy Policy (“Privacy Policy”) explains how we handle and protect your personal information.

This Privacy Policy generally covers Noridian’s privacy practices with respect to (1) NoridianSolutions.com (“Site”), and/or (2) services otherwise provided by Noridian—either online or offline—that are not pursuant to a government contract (“Services”).

Please read this Privacy Policy carefully to better understand how we collect, use, and disclose your personal information, to the extent you engage with our Site and/or Services. If you are a resident of California, please note that there is an additional Privacy Notice at Collection and Privacy Policy Supplement for California Residents (“California Privacy Notice”), included below, that applies only to you.

Your use of the Site or Services indicates your acceptance of the terms of this Privacy Policy.

INFORMATION WE COLLECT

The information we collect from you varies, depending on the way you use our Site and/or Services. We collect information from or about you in the ways described below.

The categories of information we may collect include:

• Identification information, such as name, title, and organization;
• Contact information, such as physical address, email address, fax number, and phone number;
• Preference information, such as your areas of interest; and
• Device and online usage information, such as information about your computer, browser, mobile, or other device that you use to access our Site. As described more below, we may use cookies, pixels, log files and other techniques to collect such information, including IP address, device identifiers and other unique identifiers, browser type, browser language, operating system name and version, device name and model, version, referring and exit pages, dates and times of Service access, links clicked, pages visited, forms submitted, features used, crash reports and session identification information.

HOW WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES

Cookies

We use cookies to make interactions with our Site easy and meaningful. A cookie is a small piece of information that is sent to your browser when you access a website. There are two kinds of cookies, a session cookie and a persistent cookie. Noridian primarily uses session cookies. A session cookie is text that is stored temporarily in your computer’s memory but never written to a drive. It is destroyed as soon as you close your browser.  Noridian also may use persistent cookies, which are saved to a file on your hard drive.

Web Beacons and Similar Tracking Technologies

We may record information about how users access our websites. This information may include your IP address (or the DNS name associated with it) and what Web software you are using (browser and version). Information provided will be used only for statistical purposes to help improve this site.

Opting-Out

If you do not wish to have temporary or persistent cookies placed on your computer, you may disable them using your Web browser. You can remove any cookies that have been created in the cookie folder of the most popular Internet browsers. Select the “Help” function on your browser and enter “cookies” to search for information on how to remove all or individual cookies.

HOW WE USE INFORMATION

We use the information we collect or that you submit for a variety of purposes relating to our business. More specifically, we may use your information to:

• Provide, support, analyze, administer, develop, improve, and personalize our Site and/or Services;
• Act in accordance with your direction, for example, if you direct us to share your information with a third party, we will do so in order to facilitate that interaction;
• Fulfill or meet the purpose for which you provided the information;
• Communicate with you, including to respond to your requests, to investigate and address your concerns, to respond to any other inquiry or correspondence you send to us, and to monitor and improve our responses;
• Send you information, updates, and/or promotional materials about our Site and/or Services, programs, partnerships, offerings, and/or events that may interest you;
• Personalize your Site experience and deliver content and product and service offerings relevant to your interests;
• Store and share user-generated content on social media platforms;
• Enter into or perform a contract or business relationship with you;
• Protect our rights or our property and to ensure the technical functionality, safety, security, and integrity of the Sites or Services databases, and other business assets;
• Conduct research, analysis, and business development, including to develop and improve our Site and/or Services;
• Comply with applicable laws and regulations (including recordkeeping and tax obligations), assist and respond to law enforcement requests, and respond to regulatory or other legal inquiries, including court orders;
• Evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Noridian’s assets, in which personal information held by Noridian about our consumers is among the assets transferred;
• Retrieve, inspect, monitor or disclose information received or transferred using Noridian’s information systems when required by law or contract, when there is reason to believe that there have been violations of Noridian policy, law, or personal courtesy, and in exceptional cases, when required to meet time dependent, critical operational needs; and
• Fulfill any other purpose for which you provide consent.

HOW WE DISCLOSE INFORMATION

We may disclose information we collect or that you submit in the following situations:

• With Our Service Providers, Vendors, or Third Parties. We may disclose information to these entities to assist us in providing, supporting, analyzing, administering, developing, improving, and/or personalizing our Site and/or Services.
• With Affiliates. We may disclose personal information to our Noridian affiliates.
• With Advertising Partners. We may engage advertising services to assist us in advertising our brand and Services.
• In the Event of Merger, Sale, or Change of Control. We may transfer or assign this Privacy Policy and any personal information to a third-party entity that acquires or is merged with us as part of a merger, acquisition, sale, or other change of control (such as the result of a bankruptcy proceeding).
• Other Disclosures.
  • We may disclose personal information about you if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies including investigations of potential violations thereof; (iii) detect, prevent, or otherwise address fraud or security issues; or (iv) protect against harm to the rights, property or safety of Noridian, our users, or the public.
  • We may also disclose personal information or other information pursuant to your consent or direction.

DATA SECURITY

We take the protection of your information seriously and take reasonable and appropriate physical, administrative, and technical measures to protect the information collected through our Site and Services. While we implement commercially reasonable security measures to protect your privacy, please keep in mind that the Internet is not a 100% secure medium for communication, and we cannot guarantee that the information collected about you will always remain private when using our Site and/or Services. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

DO NOT TRACK SIGNALS

We do not currently respond or take any action with respect to web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information about an individual consumer’s online activities over time and across third-party websites or online services.

LINKS TO OTHER SITES

Our Site may include links to other third-party websites as a convenience to you. If you click on one of those links you will be taken to websites we do not control, and this Privacy Policy does not apply to those third-party websites. The inclusion of any link does not imply our endorsement of any other company, its site(s), or its product(s) and/or service(s). Noridian is not responsible for the content of linked third-party sites and does not make any representations regarding the privacy practices of, or the content or accuracy of materials on, such third-party web sites. Your use of third-party web sites is subject to the terms of use for such sites.

CHILDREN’S INFORMATION

Our Sites and Services are intended for adult use only. We do not direct any part of our Site or Services to children less than 18 years old and children are not eligible to use our Services. Nor do we knowingly collect personal information from children. By using our Site and/or our Services, you represent and warrant to Noridian that you are at least 18 years of age.

CHANGES TO THIS PRIVACY POLICY

As our organization changes over time, this Privacy Policy may change as well. We reserve the right to amend the Privacy Policy at any time. Any changes to this Privacy Policy will appear on this page, so we encourage you to review it periodically.

CONTACT US

Any comments, concerns, complaints, or questions regarding this Privacy Policy may be addressed to:

Noridian Healthcare Solutions
Attn: Privacy Officer
PO Box 6055
Fargo ND 58103
1-800-667-8519 (Privacy concerns only)

Noridiancompliance@noridian.com

ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

Notice at Collection and Privacy Policy Supplement for California Residents (“California Privacy Notice”)

This California Privacy Notice, which supplements our general Privacy Policy, only applies to residents of California who use our Site or Services.  If you are not a resident of California, this section does not apply to you.

Note that Noridian has separate notices for employees and applicants who are California residents.

• If you are a California employee or contractor, please refer to our Notice at Collection & Privacy Policy for Employees Residing in California
• If you are a California applicant, please see the Notice at Collection & Privacy Policy for Applicants Residing in California

Noridian provides this California Privacy Notice pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively the “CCPA”), to the extent our practices may be covered under the CCPA. Terms that are capitalized are defined in the California law.

This California Privacy Notice includes information about the Personal Information collected about Consumers in the preceding 12 months and Personal Information that will be collected about Consumers.

Categories of Personal Information Collected

We may collect the following categories of Personal Information from or about you:

• Identifiers
• Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
• Characteristics of protected classifications under California or federal laws
• Commercial information
• Internet or other similar network activity
• Geolocation data
• Professional or employment-related information

For additional details, please see INFORMATION WE COLLECT, above.

Categories of Sources of Personal Information

Noridian obtains the categories of Personal Information listed above from the following categories of sources:

• Directly from you. We collect Personal Information that you provide to us. For example, we collect Personal Information from forms you complete online or from RFP responses.
• Indirectly from you. For examples, we collect information by observing your actions on our Site or from information your computer or other device transmits when interacting with our Site, among other things.
• From Service Providers, Vendors, and Other Third Parties.  We may collect information about you from our partners.

Purposes for Collecting Personal Information

We may collect Personal Information for the business or commercial purposes listed above in HOW WE USE INFORMATION.

Personal Information Disclosed for Business Purposes

Categories of Entities to Whom Noridian Discloses Personal Information for a Business Purpose. Noridian may disclose your Personal Information for a business purpose, including to our service providers, affiliates, and third parties with whom you direct us to share your Personal Information.  For more information, see HOW WE DISCLOSE INFORMATION above.

Categories of Personal Information Disclosed for a Business Purpose. Noridian has disclosed the following categories of Personal Information for a business purpose:

• Identifiers
• Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
• Characteristics of protected classifications under California or federal laws
• Commercial information
• Internet or other similar network activity
• Geolocation data
• Professional or employment-related information

“Selling” and “Sharing” Personal Information

As defined by the CCPA, we do not Sell and Share Personal Information. Noridian does not have actual knowledge that it Sells or Shares Personal Information about Consumers under 16 years of age.

Retention Policy

The criteria we may use to determine retention of information: the type of data; whether you have provided your consent and have not withdrawn it; whether the information is subject to a deletion request; and whether retention is necessary to comply with legal obligations.

Your CCPA Consumer Rights

The CCPA provides Consumers with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.

• The right to know what Personal Information the business has collected about the Consumer, including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom the business discloses Personal Information, and the specific pieces of Personal Information the business has collected about the Consumer;
• The right to delete Personal Information that the business has collected from the Consumer, subject to certain exceptions;
• The right to correct inaccurate Personal Information that a business maintains about a Consumer;
• To the extent the business Sells or Shares Personal Information, the right to opt-out of the sale or sharing of Personal Information by the business;
• If the business uses or discloses sensitive Personal Information for certain reasons, the right to limit the use or disclosure of sensitive Personal Information by the business; and
• The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicant’s, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights.

Exercising Your CCPA Rights

To exercise the access, data portability, correction and deletion rights described above, please submit a verifiable Consumer request to us by either:

• Calling us at 1-800-667-8519
• Emailing us at Noridiancompliance@noridian.com

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. The verifiable Consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

You may only make a verifiable Consumer request for access or data portability twice within a 12-month period.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

Making a verifiable Consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable Consumer request to verify the requestor’s identity or authority to make the request.

CCPA Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.  The response we provide will also explain the reasons we cannot comply with a request, if applicable.

If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.