Last update March 2023
Your privacy is important to us. This online privacy notice ("Privacy Notice") describes how Cigna (as defined below) uses and protects any personal data that we collect:
Collectively, we refer to the Websites, the Apps and our Social Media Pages, as the “Services”.
This Privacy Notice supplements other applicable policies, practices and privacy notices that Cigna has provided to you and which relate to our relationship with you and the ways in which we may process your Personal Data.
This Service is operated by Cigna Corporation and its affiliates (collectively, "Cigna", "we", "our" or "us"). Cigna is made up of a number of companies. Which of those is the company responsible for the collection, use and disclosure of your Personal Data* under this Privacy Notice will depend on which of our products or services you buy, use or inquire about, or which of the Services you access.
For further information about Cigna or this Privacy Notice, or if you have any questions about how we collect, store or use your information or are unsure about which Cigna company is responsible as data controller for your Personal Data is, please contact us using the contact details noted in the “Contact Us” section (Section 13) below.
* 'Personal Data' means any information that identifies you as an individual or relates to an identifiable individual.
We may collect Personal Data about you from a variety of sources, including:
You may choose not to provide us with any Personal Data. In that case, you can still access and use many portions of the Services. We may sometimes need to collect Personal Data in order to provide the requested Services to you. If you do not provide the information requested, we may not be able to provide the Services.
If you disclose any Personal Data relating to other people in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Notice.
Please note that unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Data (such as, information related to racial or ethnic origin, health, political opinions, religion or other beliefs, criminal background or trade union membership) on or through the Services or otherwise to us.
The Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect Personal Data directly from individuals under 18.
We may collect the following types of Personal Data:
We receive and store Personal Data that you provide in relation to your use of the Services. For example:
We automatically receive and store certain types of information when you access the Services. For example:
We may use and subsequently process Personal Data for the following legitimate business purposes:
We will engage in these activities to manage our contractual relationship with you and/or to comply with our legal obligations.
We will only engage in this activity with your consent or where we have a legitimate interest.
We will provide personalized services either with your consent or because we have a legitimate interest.
We use this information to manage our contractual relationship with you.
We will engage in this activity where we have a legitimate interest.
We engage in these activities to manage our contractual relationship with you, to comply with our legal obligations, and/or because we have a legitimate interest.
“Other Data” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual, such as:
If we are required to treat Other Data as Personal Data under applicable law, then we may use and disclose it for the purposes for which we use and disclose Personal Data as detailed in this Privacy Notice.
We and our service providers may collect Other Data in a variety of ways, including:
We may use and disclose Other Data for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Data with Personal Data. If we do, we will treat the combined data as Personal Data for as long as they are combined.
Cigna will share your Personal Data with the following recipients:
Your Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers. By using the Services you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data.
Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your Personal Data. You may obtain a copy thereof by contacting our Data Protection Officer at GDPR@Cigna.com.
Cigna seeks to take appropriate physical, technical, and organizational measures to safeguard and protect your Personal Data. We use a variety of security measures, including encryption and authentication where required, to maintain the confidentiality of your Personal Data. We store your Personal Data on systems behind firewalls that are only accessible to a limited number of persons, each of whom is required to keep the information confidential.
Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us by using the contact details given in section 13 below.
Cigna employees, agents, and contractors who have access to Personal Data are required to protect this information in a manner that is consistent with this Privacy Notice, and may not use the data for any purpose other than those described in this Privacy Notice.
This Privacy Notice does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.
In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Data you disclose to other organizations through or in connection with the Apps or our Social Media Pages.
Determining the period of time for which information must be retained is important to Cigna in order to ensure that the information is not kept beyond its useful life unnecessarily but at the same time complying with any relevant legal requirements.
The criteria used to determine our retention periods include:
Your choices regarding our use and disclosure of your Personal Data
We give you choices regarding the ways in which we contact you and our use and disclosure of your Personal Data for marketing purposes. You may opt-out from:
We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt-out.
How you can access, change or delete your Personal Data
You may request to review, correct, update, suppress, restrict or delete your Personal Data, object to the processing of your Personal Data, or request to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law). The company responsible for collection, use and disclosure of your Personal Data under this Privacy Notice will respond to your request consistent with applicable law.
We will respond to your request in line with any requirements of applicable law. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase, you may not be able to change or delete the Personal Data provided until after the completion of such purchase or promotion).
If you are a resident of California, under 18 and a registered user of the Services, you may ask us to remove content or information that you have posted to the Services. Please note that your request does not ensure complete or comprehensive removal of the content or information, as, for example, some of your content may have been reposted by another user.
You may exercise these rights by using contact details in “Contact Us” section (section 13) below.
Additional Information Regarding the EU/EEA/UK
You may also:
We may change the terms of this Privacy Notice at any time. The “LAST UPDATED” legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes will become effective when we post the revised Privacy Notice on the Services. Your use of the Services following these changes means that you acknowledge the revised Privacy Notice.