Privacy Policy
Acosta Insurance Group, Inc. (“Acosta Insurance Group”, “us”, “we”, or “our”) respects your privacy. This Privacy Policy is designed to help you understand how we collect, use and disclose the Personally Identifiable Information you decide to share, the type of information we receive about you from third-parties, and help you make informed decisions when communicating with us through our website located at http://www.enterate.com, by sending us email through our portal, by text, and other means as further described in this Privacy Policy (collectively, the “Services”). In this Privacy Policy, “you” means the user of our Services, including the individual applying for an insurance policy, the individual that submits an insurance application or contacts us on behalf of another individual, or the individual that enrolls into a qualified health plan.
This Privacy Policy only applies to the Personally Identifiable Information we receive from the Services. Because our Services give you the ability to search for insurance policies sold through the Federally Facilitated Marketplace, we are required by contract with the Centers for Medicare & Medicaid Services (“CMS”) to comply with all applicable federal and state laws,including the standards established to protect the privacy and security of Personally Identifiable Information under 45 C.F.R. 155.220(c) and (d) and 45 C.F.R. 155.260. However, other organizations may have their own privacy policies governing the use of information you provide to them, which may be different from our Privacy Policy. For example, we may include a link for you to connect with us on Facebook or to follow us on Twitter; each of these companies has their own privacy policy and practices and they may not be required to comply with federal laws to protect the privacy and security of Personally Identifiable Information.
BY USING THE SERVICES, YOU AGREE WITH ALL OF THE TERMS OF THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF INFORMATION AS SET FORTH IN THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, THEN PLEASE DO NOT USE THE SERVICES. You may shop for insurance directly through www.healthcare.gov
If you have any questions or comments about this Website Privacy Policy or our privacy practices, please contact us by using one of the means listed on our Contact page.
1. The Information We Collect, Use and Disclose
1.1 Personally Identifiable Information We May Collect and How We May Collect the Information
“Personally Identifiable Information” is information that identifies you or that, when combined with other available information, can be used to identify you. Personally Identifiable Information includes, for example, your name, birth date, social security number, telephone number, e-mail
address, physical address, and Federally Facilitated Exchange applicant ID or member ID. Personally Identifiable Information also includes your date and place of birth, your mother’s maiden name, and unique device identifiers.
(A) We may collect Personally Identifiable Information in a variety of ways, including when:
You use the functions or features on the Services, such as when you complete an insurance inquiry form on our website, or authorize us to send you reminders by e-mail or by text message.
You contact us to request information by sending us an email or sending us a text message. NOTE: If you are sending us e-mail through a means other than through our portal, please be aware that regular e-mail is not a secure form of communication. This means that people other than us may be able to see a copy of your e-mail. Please do not include your social security number, your birthdate, or any other sensitive information. If you cannot use our portal to communicate with us, please call us instead.
You register for an account with our Services.
You register to receive our newsletter, for a webinar, or other service through our Services.
You pay for services using your credit card or other payment option we make available to you.
You submit comments to us through a contact form.
You participate in a survey.
You authorized a third party with whom you have or had a relationship to provide us information about you. For example, we may receive Personally Identifiable Information about you under an agreement with our business partners, such as CMS and other government agencies, a health insurance issuer, licensed agents, health care providers, third party administrators and other vendors (collectively, “Business Partners”.
(B) We may use and disclose Personally Identifiable Information in the following ways:
To keep a record of your contact information and correspondence and use it to respond to your inquiries, fulfill your requests, and assist you with purchasing a qualified health plan, including, for example:
Assist you with application(s) for qualified health plan eligibility;
Support qualified health plan selection and enrollment by assisting you with plan selection and plan comparisons;
Assist with your application to receive tax credits and cost-sharing reductions for which you may be eligible and facilitate the collection of standardized attestations acknowledging the receipt of the determination for a tax credit and cost-sharing reduction, if applicable; and
Assist with filing appeals of eligibility determinations in connection with the Federally Facilitated Exchange.
To identify you to anyone to whom you contact through the Services.
To transmit information about you to authorized Business Partners and other third parties, including, for example, transmit your decision to enroll or disenroll in a qualified health plan to the Federally Facilitated Exchange or a qualified health plan, assist you with reporting changes to eligibility status (e.g., adding a dependent), or helping you correct errors in your insurance application.
To identify you to your employer or employees, as applicable.
To provide assistance with communicating with your qualified health plan or to facilitate your communication with an insurance agent, a health savings account (“HSA”) vendor, or a healthcare reimbursement account (“HRA”) vendor by, for example, providing the your Personally Identifiable Information to that vendor, its trustee, or administrator, or to an agent so that they can contact you to answer your questions.
To facilitate payment of the initial premium amount to the appropriate qualified health plan, educate you on insurance affordability programs, and if applicable, providing information on your eligibility for Medicaid or the Children’s Health Insurance Program.
To send you reminders about your insurance enrollment, including renewal notices, enrollment deadlines, missing application information, and provide you notice of life events that may impact your eligibility, such as when you may no longer be eligible to maintain your current qualified health plan because of age.
To provide you with appropriate information, materials, and programs to inform and educate you about the use and management of your health information, and services and options offered through the selected qualified health plan or among the available qualified health plan options, including, for example, the availability of an HSA or an HRA.
We may use survey information for research and quality improvement purposes, including helping us to improve information and services offered through the Services and to assess your satisfaction or resolve your complaints with our Services, your agent, your health plan, or the Federally Facilitated Exchange.
To carry out our legal responsibilities related to the efficient functions of qualified health plans, as permitted or required by our contractual relationship with qualified health plans.
To send you administrative information regarding our Services, such as information about our phone support hours, changes to our terms or policies, and updates to our Services.
To operate our business.
Our workforce members and independent contractors may need access to your Personally Identifiable Information to carry out their duties and obligations, such as to provide customer support, respond to your inquiries, and facilitate your communication with Business Partners.
Our third-party services providers may need access to your Personally Identifiable Information to carry out their duties and obligations or may receive access by virtue of the type of services they provide to us, including, for example, vendors that provide website hosting and maintenance, data or information storage, information technology and related infrastructure, customer service, email delivery, analytics, fraud prevention, chat, website analytics, website optimization, and other similar services.
To a third-party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, including a bankruptcy action, provided that, pursuant to our agreement with CMS, such transfer is permitted by CMS and the State of Florida Office of Insurance Regulation, or any other applicable state where we may be licensed to provide insurance services.
Use it in any way that you expressly authorize, provided such use is permitted by CMS and other applicable law.
When permitted by CMS and under applicable law, our subsidiaries or affiliated entities may share your Personally Identifiable Information with each other in connection with the performance of our Services, or in connection with their sales and marketing process. To the extent that any of such entities has access to your Personally Identifiable Information, it will follow the practices described in this Privacy Policy as well as applicable laws and agreements with us, if any.
Other functions substantially similar to those enumerated above and such other functions that may be approved by CMS in writing from time to time, including, to extent we are not precluded by our agreement with CMS or other applicable law, for our business purposes, such as improving or modifying our Services, identifying usage trends, and expanding our service and business offerings.
As we believe to be necessary or appropriate, but only to the extent permitted by CMS and other applicable law: (1) to comply with legal process; (2) to respond to requests from public and government authorities; (3) to enforce our terms and conditions or other applicable contracts; (4) to protect our operations and those of the Federally Facilitated Exchange against, for example, security threats, fraud or other malicious activity; (5) to protect our rights, privacy, safety or property, or that of you or others using the Services; and (6) to allow us to pursue available remedies or limit the damages that we may sustain.
(C) Personally Identifiable Information and Third Party Data Sources
We may obtain your Personally Identifiable Information from affiliated entities, publicly available databases, and other independent third-party sources (“Third Party Data Sources”), and add it to our contact database for marketing and sales purposes and to combine it with other information that we have collected or obtained from you otherwise. This may include your phone number, email address, title, or employer.
To the extent we use Third Party Data Sources, we will only do so (1) to the extent we are not precluded by our agreement with CMS or applicable law, or (2) if you authorize us to do so by, for example, using one of our other websites that is not sending data to the Federally Facilitated Marketplace or by providing us with an affirmative written consent such as checking an applicable consent box or verbal consent when you speak with your agent.
(D) Personally Identifiable Information and Marketing
To the extent not precluded by CMS or other applicable law, we may use Personally Identifiable Information that we received from you or about you to send you marketing communications and promotional material about other products and services. If you demonstrate an interest in a particular product or service, by, for example, affirmatively clicking on a link about the product or service, and we have your contact information, we may follow-up and send you an email or initiate communication with you about this product or service, and may periodically send you additional information and news. You may opt-out of receiving these communications at any time by clicking on the unsubscribe link in the particular email or by following the opt-out option(s) provided for in the applicable communication.
We may also disclose your Personally Identifiable Information to our third-party service providers that provide marketing related services, including, for example, companies providing lead scoring, retargeting, direct marketing campaign, and other similar services. To the extent we do disclose your Personally Identifiable Information in connection with such services, we will only do so pursuant to binding contractual obligations requiring such third parties to maintain the privacy and security of your Personally Identifiable Information.
1.2. Other Information We May Collect
“Other Information” is any information that does not reveal your specific identity or does not directly relate to an individual, including, for example: (1) computer or device connection information, such as browser type and version, operating system type and version, device information, and other technical identifiers; (2) information collected through cookies and other technologies; (3) demographic information and other information provided by you such as race/ethnicity, student status, or household income; or (4) aggregated information, such as usage history and search history.
If we combine Other Information with Personally Identifiable Information, the combined information will be treated as Personally Identifiable Information for as long as it remains combined.
(A) How We May Collect Other Information
We, and our third-party service providers, may collect Other Information in a variety of ways, including:
Through your browser or mobile device: Certain information is automatically collected by most browsers or through your mobile device, such as your computer type, screen resolution, operating system name and version, device manufacturer and model, language, and Internet browser type and version.
Using cookies, web beacons, and similar technologies: Our Services may use cookies and other technologies such as pixel tags, web beacons and HTML5 local storage. These technologies help us provide better services to you, tell us which parts of our Services people visit, and allow us to better measure the usability of our features, tools, and other services. We treat information collected by cookies and other technologies as non-Personally Identifiable Information. You have a variety of tools available to control cookies and similar technologies, including controls in your browser to block and delete cookies.
IP address: Your IP Address is a number that is automatically assigned to the computer that you are using by your Internet service provider (“ISP”). An IP Address may be identified and logged automatically in our server log files, those of our website hosting vendor, a vendor providing us with website analytics services, or other similar services we may run on our Services whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited.
Analytics tools and third party services: We may use analytics tools and other third party services, such as Google Analytics, to collect information about use of our Services. These tools and technologies may collect and analyze different types of information, including cookies, IP addresses, device identifiers, referring and exit URLs, onsite behavior and usage information, feature use metrics and statistics, and other similar information.
By aggregating information: Aggregated Personally Identifiable Information does not personally identify you or any other user of the Services. We may aggregate information for a variety of reasons, for example, to calculate the percentage of our users that live in a particular state, who live in a particular area code, to perform trending analysis, to monitor which features are most popular on our Services, for product development ideas, for technical administration of our Services and similar uses.
(B) How We May Use and Disclose Other Information
In addition to the examples we provided in Section 1.2(A) above, we may use and disclose Other Information for any purpose, except where we are required to do otherwise under our agreement with CMS or under applicable law. If we are required to treat Other Information, such as IP addresses or other similar identifiers, as Personally Identifiable Information under our agreement with CMS or under applicable law, then, unless otherwise prohibited by our agreement with CMS or under applicable law, we may use it as described in “How We May Collect Other Information” section above, as well as for all the purposes for which we use and disclose
Personally Identifiable Information, but we will treat these identifiers as Personally Identifiable Information.
2. California Do Not Track Notice
We do not track you over time and across third party websites to provide targeted advertising and therefore do not respond to Do Not Track (“DNT”) signals.
Some of the third parties that may have content embedded on our Services, such as social networking connectors (e.g., Facebook, Twitter) or advertising services (e.g., Google Adsense) set cookies in your browser as well as obtain information about the fact that a web browser visited the Services from a certain IP address. These services may track you across third party websites. Please read the privacy policies of these third party companies to learn how they respond to DNT signals.
3. How We Communicate With You
We may communicate with you through various means including:
Sending you e-mail at the e-mail address that you provide by, for example, responding to your e-mail inquiry;
Calling you at the phone number that you provide by, for example, returning a phone message that you left for customer service;
Sending you text messages, such as premium payment reminders, at the cellular phone that you provide; and
Sending you letters at the address that you provide.
By providing us with your e-mail address, cellular or landline phone number, or your mailing address, you consent to us using such means to contact you. Further, you understand that in order to contact you more efficiently, we may at times contact you using autodialed or prerecorded message calls or text messages at the telephone number(s) you have provided to us. We may place such calls or texts to (1) discuss any past, current or future services provided by us, (2) discuss the accounting, billing or financial information (such as insurance information and fees) for past, current or future services provided by us or for your qualified health plan, or (3) collections of any past due amounts. You agree that we and our service providers, may contact you using autodialed or prerecorded message calls and text messages to carry out the purposes we identified in this Privacy Policy. We may share your phone number(s), including your wireless number, with service providers with whom we contract to assist us in pursuing these interests, but will not share your phone number(s) with third parties for their own purposes without your consent.
By providing your email address and phone number, you agree to allow Enterate to send you advertising and promotional information via email and SMS. You also allow Enterate to call you.
You understand that standard telephone minute and text charges may apply.
We and our service providers will not use autodialed or prerecorded message calls or texts to contact you for marketing purposes at the telephone number(s) you designate unless we receive your prior express written consent.
You do not have to consent to receive autodialed or prerecorded message calls or texts to receive services from us. Where we are required to obtain your consent for such communications, you may choose to revoke you consent by contacting us using one of the contact options located on our Contact Us page and informing us of your preferences.
4. Our Commitment To Data Security
We care about your privacy and in offering our Services, we are required to comply with all applicable federal laws, including the standards established under 45 C.F.R. § 155.220(c) and (d) and standards established under 45 C.F.R. § 155.260 to protect the privacy and security of personally identifiable information.
4.1. Our General Security Practices
We use commercially reasonable administrative, physical and technical controls designed to protect the Personally Identifiable Information you provide to us or that we receive about you from unauthorized access, loss, misuse, disclosure, alteration, and destruction.
On our website, we use encryption technology, such as Secure Sockets Layer (“SSL”) to send some communication through the website. For example, when transmitting your information to the Federally Facilitated Exchanges, we use SSL to protect your Personally Identifiable Information during data transport. Similarly, when you register for an account with us, we use SSL to protect the Personally Identifiable Information you transmit to us.
Other communication on the website may be transmitted through the standard HTTP protocol and may be delivered using regular e-mail. Information sent over HTTP is not encrypted. Regular e-mail, while convenient, also poses several risks (e.g., e-mail is not a secure form of communication, is unreliable, can be forwarded, and so forth). We cannot guarantee the security of the information sent through such means, nor can we guarantee that information you supply to us through these means will not be intercepted while being transmitted to us. Please do not send any sensitive information (such as your social security number), confidential information or otherwise protected information through such unsecured means. If you cannot use our portal to communicate with us, please call us at the phone number provided on our Contact Us page instead.
To determine if a page on our website is delivered using SSL, look for the applicable notice in your browser (e.g., a “lock” icon) or check that the url for the page begins with “https”.
4.2. Your Obligations
While we use commercially reasonable administrative, physical and technical controls designed to protect the Personally Identifiable Information, no security controls are perfect.
Security is also not a one-person job. You must also take reasonable measures to protect your information by, for example:
Securing your computer and mobile device.
Using an antivirus software on your computer and mobile device.
Using a firewall on your computer.
Changing default passwords on your router, Wi-Fi device, or other similar Internet or network connection device.
Using secured Wi-Fi. For example, the Wi-Fi at your local coffee shop, mall, or any public facility is generally not secured. If you are in doubt, please do not use it with the Services. You may find additional information on security your wireless network at the Federal Trade Commission website here.
Use strong passwords. You can find additional information on creating strong passwords from the Electronic Frontier Foundation website here.
To learn more about ways to secure your information online, please visit the Federal Trade Commission website for additional security tips.
If you have reason to believe that your interaction with us has been compromised, please notify us immediately of the problem by contacting us using the means on our Contact Us page.
5. Third Party Services and Links
This Privacy Policy addresses only the collection, use, and disclosure of information that we collect from you through our Services, through our interaction with you, or from interaction with our Business Partners about you.
Our Services, including this website, may contain links to other websites and third party services. The inclusion of a link on our Services to a website or third party service does not imply endorsement of the linked site or service by us, our affiliates, or third-party vendors. We do not exercise control over third party websites or their privacy practices. For example, we may include a link for you to connect with us on Facebook or to follow us on Twitter; each of these companies has their own privacy policy and practices and they may not be required to comply with federal laws to protect the privacy and security of Personally Identifiable Information. To understand how these entities use information that they receive from you or collect about you, please read their privacy policies or statements.
We are not responsible for the collection, usage and disclosure policies and practices of other organizations, such as your Internet service provider or wireless carrier.
6. Choices, Access, Corrections, and Data Retention
We strive to give you control of how you use our Services and how we interact with you. You have certain rights when using our Services:
Right to amend, correct, substitute, or delete Personally Identifiable Information: You may request that we amend, correct, substitute, or delete Personally Identifiable Information that we maintain or store about you if you believe that it is not accurate, timely, complete, relevant, or necessary to accomplish our Services. To do so, please contact us using one of the Contact Us means listed on our contact page and let us know what you need. We may require that you submit your request in writing, provide evidence of your legal or personal authority to access, receive notification of, or seek amendment, correction, substitution, or deletion of the Personally Identifiable Information, and provide a copy of legally permissible identification (such as your driver’s license or school identification card). We may not be able to or permitted to grant your request because, for example, the requested information is no longer available, cannot be modified or deleted using commercially reasonable means, or we did not originate the information. To the extent permissible under applicable law, we may charge you to make any requested changes before making any such change. If we deny your request, we will provide you an explanation for this denial and your appeal options, if any. We will respond to your request within no more than 10 working days of receipt.
Right to obtain a list of the disclosures: You may submit a written request for a list of our disclosures of your Personally Identifiable Information to third parties. We are not required, however, to inform you of disclosures we made to the following: (1) our workforce members (which includes, for example, our employees, agents, contractors, subcontractors, and representatives who use Personally Identifiable Information in the performance of their duties), (2) that are necessary to perform our services, (3) made more than 10 years prior to your request, (4) for which the Personally Identifiable Information record no longer exists. To the extent permissible under applicable law, we may charge you to produce an accounting of disclosures.
Right not to provide information: You can choose not to provide us with any information, or not to respond to certain questions. However, if you wish to obtain access to certain content, ask us a question, apply for products or services, or to take advantage of certain features of our Services, you may be required to provide certain information, such as your zip code, number of dependents, and other information as indicated in the relevant form.
Right to object to new uses or disclosures of your Personally Identifiable Information: If at any time we wish to disclose, or use your Personally Identifiable Information in a way, or for a purpose other than as described in this Privacy Policy or other agreement or authorization between us, or as permissible by applicable law, we will ask for your authorization.
Right to revoke your authorization: If you have given to us an authorization to use or disclose your Personally Identifiable Information in a specific manner, you have the right to revoke that authorization, at any time, by contacting us using one of the means set forth on our Contact Us page. Your revocation will not impact any information that we already used or disclosed about you. If you revoke your authorization, we may no longer be able to deliver you with the Services.
Right to request restrictions on our use or disclosure of Personally Identifiable Information: You have the right to request restrictions on how we may use or disclose your Personally Identifiable Information, limiting our use solely to providing you with assistance in applying for a qualified health plan or for fulfill our obligations specified in the relevant agreement. If you restrict how we may use your Personally Identifiable Information, we may no longer be able to deliver you with all of the Services. To do so, please contact us using one of the Contact Us means listed on our contact page and let us know what you need. We may require that you submit your request in writing and provide verification of your identity and authority.
Right to block cookies: You can choose to block cookies using the applicable technical means available in your browser. If you refuse to accept cookies from our Services, you may not be able to access certain portions of the website or use certain features.
Right to block marketing communications: To the extent not prohibited by our agreement with CMS or other applicable law, we may use your Personally Identifiable Information for marketing purposes such as to provide you the newsletters to which you subscribed or to advise you of changes and additions to our services. You may opt-out of receiving these marketing messages by selecting the appropriate unsubscribe option included in the notice.
We may, from time to time, send you electronic notices regarding security, privacy and other administrative issues related to your usage of the Services. Because this information is important to your interaction with us, you cannot opt-out from receiving administrative messages.
You may update the information you provide to us through the Services. To change your information, contact us using one of the means listed on our Contact Us page.
We will retain your information for as long as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements.
7. Use of Services by Minors
We do not knowingly collect Personally Identifiable Information from individuals under the age of 13 and the Services are not directed to individuals under the age of 13. We request that these individuals not use the Services.
8. International Visitors
The Services are controlled and operated from the United States, and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. If any material on the Services is contrary to the laws of the place where you are when you access them, then we ask you not to use the Services. You are responsible for informing yourself of the laws of your jurisdiction and complying with them.
By using the Services, you consent to the transfer of information to the United States, which may have different and less restrictive data protection rules than those of your country.
9. Updates To This Privacy Policy
We may change this Privacy Policy from time to time. Please take a look at the “Last Modified” legend at the top of this page to see when this Privacy Policy was last revised.
Any non-material changes to this Privacy Policy will become effective when we post the revised Privacy Policy on the Services.
When we change this Privacy Policy in a material way, we will either (1) post a notice on this website along with the updated Privacy Policy, or (2) send you an e-mail to the e-mail address we have for you with a link to the updated Privacy Policy.
Your use of the Services following the non-material changes or 10 days after any material changes means that you accept the revised Privacy Policy.
10. Performance, Governing Law, and Jurisdiction
We will use commercially reasonable efforts to comply with this Privacy Policy.
The laws of the State of Florida, without regard to any conflicts of laws principles thereof, will govern the construction and interpretation of this Privacy Policy and the rights of the parties hereunder. The parties hereunder agree on behalf of themselves and any person claiming by or through them that the exclusive jurisdiction and venue for any action or proceeding arising out of or relating to this Privacy Policy will be an appropriate state or federal court located in Miami-Dade County, Florida and each party irrevocably waives, to the fullest extent allowed by applicable law, the defense of an inconvenient forum.
We strive to provide you with excellent services. If you believe that we have not me this goal or that we did not comply with this Privacy Policy,please contact us using one of the means set forth on the Contact Page to give us the opportunity to address your concern.
11. Official Version of this Privacy Policy
We may make this Privacy Policy available in multiple languages. In the event of a dispute between us regarding the interpretation or application of the terms of this Privacy Policy, the English language version of this Privacy Policy will be controlling. All proceedings related to this Privacy Policy will be conducted in the English language.
12. Severability and Waiver
Our failure to exercise or enforce any right or provision of this Privacy Policy will not constitute a waiver of such right or provision. If any provision of this Privacy Policy is unlawful, void, or unenforceable, for any reason, the remaining provisions will remain in full force and effect to the fullest extent under applicable law.
13. How To Contact Us and How to File a Complaint
Should you have other questions or concerns about this Privacy Policy, our privacy practices, or our use of your Personally Identifiable Information, please contact us by using one of the means listed on our Contact Us page.
Should you have a complaint that you believe is not being adequately resolved through customer service, you may file a complaint with our headquarters office. You will not be penalized or denied services for filing a complaint. To file a privacy complaint with us, please contact headquarters:
Attn: Privacy Officer
Acosta Insurance Group, Inc.
8000 NW 7 Street, Ste. 200
Miami,FL 33126
You may also file a complaint with our Federal regulator:
Department of Health and Human Services
Centers for Medicare and Medicaid Service
Center for Consumer Information & Insurance Oversight
200 Independence Avenue SW
Washington, DC 20201
Secretary of the Department of Health and Human Services
Office of Civil Rights
http://www.hhs.gov/ocr