Strong relationships are built on trust.
At Trustmark Mutual Holding Company and its subsidiaries, we want to earn your trust by informing you of the personal information we collect from you, the purposes for which we collect that information, the types of parties we share it with, the measures we take to protect your information, and the rights and choices you have with respect to the information we process about you. We encourage you to read through the privacy notice (“Notice”) to learn more about our privacy practices.
If you have any questions about our privacy practices, you may contact us at the following address:
Trustmark Companies
Privacy Request
Attn: Privacy Office
PO Box 7961
Lake Forest, IL 60045-7961
Email: privacyoffice@trustmarkbenefits.com
Notice of Privacy Practices
Last Updated: August 1, 2023
PDF version
This notice applies exclusively to our insurance products and describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Privacy Notice
Last Updated: March 1, 2024
PDF version
This Notice is issued on behalf of Trustmark Mutual Holding Company and its subsidiaries* (“Trustmark”, “we”, “our” “us”) and provides specific information about how we collect, use, share, retain, and protect personal information when you engage with us.
Personal information, also known as “personal data” or “personally identifiable information”, is any information about, or that can reasonably be expected to be related to, associated with, or linked directly or indirectly to an identifiable individual. Personal information does not include data that has been rendered in such a way that the individual is not or no longer identifiable.
Trustmark will only use your personal information for the purposes described within this Notice. We do not sell your personal information to third parties, and we do not allow third parties to use the personal information we provide to them to offer you their products or services.
Depending on where you live, you may have additional rights afforded to you. Please review the “U.S. state-specific information and privacy rights” section below for more information.
* This Notice does not apply to Health Fitness Corporation or its subsidiaries or PFT Employee Benefits Solutions, Inc. which have their own privacy notices.
This Notice will address the following:
- The categories of personal information we collect
- Purposes for processing personal information
- Sharing your personal information
- Data retention
- How we protect your personal information
- U.S. state-specific information and privacy rights
- How to submit a privacy rights request under state law
- Online Platforms and Cookies Policy
- Changes to our Notice
- How to contact us
The categories of personal information we collect
The personal information we collect depends upon things such as the nature our relationship, the method you communicate with us, and the type of products or services you have or use.
The tables below describe the categories of personal information that we may collect and that we have collected in the previous twelve (12) months.
From consumers
For example, when you engage in our products or services such as applying for or modifying your insurance coverage, managing your account, paying premiums, filing claims, or interacting with customer service.
Category | Categories of Sources | Disclosed for a Business Purpose? | Sold or Shared with Third-Party so They Can Market to You |
Personal identifiers or records.
|
|
Yes | No |
Protected classification characteristics.
|
|
Yes | No |
Commercial information.
|
|
Yes | No |
Internet or other similar network activity.
|
|
Yes | No |
Geolocation data.
|
|
Yes | No |
Sensory data.
|
|
Yes | No |
Professional or employment-related information.
|
|
Yes | No |
From B2B contacts
For example, when you have a business relationship with us, such as when you interact with us as a representative, employee, or contact person of one of our business customers, when you sell or market our insurance products or services, or when you interact with us when providing your services to us as vendor.
Category | Categories of Sources | Disclosed for a Business Purpose? | Sold or Shared with Third-Party so They Can Market to You |
Personal identifiers or records.
|
|
Yes | No |
Commercial information.
|
|
Yes | No |
Internet or other similar network activity.
|
|
Yes | No |
Sensory data.
|
|
Yes | No |
Professional or employment-related information.
|
|
Yes | No |
Purposes for processing personal information
As further detailed throughout this Notice, to the extent permitted or required by applicable law, we may use personal information for the following purposes:- To operate, manage, and maintain our business including performing necessary and appropriate internal functions such as accounting, auditing, risk management, information technology and security, legal, compliance, and records maintenance.
- To comply with our legal and regulatory obligations, or to respond to a subpoena or court order.
- To fulfill our contractual obligations as a data processor.
- To resolve disputes.
- To help maintain the safety, security, and integrity of our products and services, websites, databases and other technology assets, and business.
- As necessary or appropriate to protect the rights, property, or safety of us, our clients, or others.
- To improve our existing websites, online platforms, applications, products, and services.
- For the research and development of new products, services, and functionalities.
- To prepare for and complete corporate transactions, such as a merger, acquisition, financing, bankruptcy or other sale of all or a portion of our assets or that of a Trustmark group entity; investments by or in Trustmark or other Trustmark group entities, or reorganization of assets or operations.
- To determine eligibility for our products or services; to deliver and administer the products and services you requested directly or under an agreement established with your employer/plan sponsor, or reasonably anticipated within the context of our ongoing business relationship.
- To provide you with support and to respond to your inquiries or requests, including to investigate and address your concerns.
- To facilitate transactions and payments.
- To verify your identity for security purposes.
- To create, maintain, customize, and secure user accounts on our platforms or applications.
- To tailor and improve our services to you, for analytics, and to improve functionalities.
- To provide you with alerts or other notices, including via electronic mail, concerning our products, services, payments, events, or news that may be of interest to you that you or your employer/plan sponsor has requested.
- For other purposes for which we obtain your consent.
- For our client contacts, to perform our contractual obligations to your employer, communicate with you and your employer about our products and services, answer questions and other requests from you, provide customer support, and communicate with you and your employer about business opportunities, including new products or services and other information we think may be of interest to you.
- For producers or enrollers, to determine your eligibility and to onboard you to sell, market, or delivery our products or services, and to otherwise maintain our ongoing business relationship.
- For vendor contacts, to vet to manage our contracts with your employer, to ensure we are receiving products or services appropriately and on terms most beneficial to us, for vendor management purposes, including vendor risk management.
- To facilitate transactions and payments.
- To operate and expand our business activities and evaluate, develop, and improve the quality of our products and services.
Sharing your personal information
To the extent permitted or required by applicable law, we may share personal information with the following categories of data recipients in connection with performance of our services and for our business operations:
To employers/plan sponsors
We may share personal information through agreements with employers/plan sponsors who offer our products and services.
Service providers
We may share personal information with service providers that perform services on our behalf, and with whom we have a contractual relationship and are bound to keep your personal information confidential and use it only for the purposes for which we disclose it to them.
Financial professionals
We may share information with financial professionals (e.g., producers, enrollers) that help us deliver our products and services.
Authorized parties
We may share personal information with third parties that you affirmatively authorize, or direct us to share with, or as otherwise permitted by law.
Regulatory bodies
We may share personal information with regulators, licensing authorities, law enforcement authorities, or tax authorities.
Trustmark companies
We may share personal information with member companies within Trustmark.
Successor companies
We may share personal information with another entity acquiring all, or a portion of, our business. The information shared will remain subject to this Notice and the privacy preferences you have expressed to us. However, personal information submitted or collected after a transfer may be subject to a new privacy policy adopted by the successor entity.
Data retention
We retain personal information for only as long as is necessary, which may be for the duration of the relevant business relationship to provide you with services, receive services from you or your employer, for our own business purposes, or where required or allowed under applicable law. We may also retain personal information for longer than the duration of the business relationship should we need to retain it to protect ourselves against legal claims, use it for analysis or historical record-keeping, comply with our information management policies and schedules, or as may be permitted or required by applicable laws.How we protect your personal information
We have implemented physical, technical, and administrative security measures designed to safeguard and protect your data from unauthorized access and use.
The security of your data also depends on you. Where we have given you, or where you have chosen, a password for access to certain parts of our website, you are responsible for keeping this password confidential. Please do not share your password with anyone. If you suspect someone else obtained access to your password, please immediately change it.
No security measures are impenetrable. We cannot guarantee the security of your personal information transmitted to us. If you choose to communicate with us by email, you should be aware that internet email is not secure. We strongly encourage you to use encrypted email when sending sensitive, personal, private and/or confidential information by email. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our websites, systems, or services.
U.S. state-specific information and privacy rights
This privacy policy is intended to comply with all applicable state privacy laws. Depending on your state of residence and/or the type of product you have with us, you may have privacy rights afforded to you. These include, but are not limited to:
- Right to access. To confirm whether we are processing your personal information and request access to it.
- Right to request correction. To correct inaccurate or incomplete personal information held by us.
- Right to request deletion. Subject to certain exceptions, to request we delete your personal information.
- Right to restrict processing. To restrict how we process personal information for purposes such as targeted advertising or profiling.
- Right to request data portability. To receive personal information in a structured format and to transmit that information to another data controller.
- Right to withdraw consent.
- Right to opt-out of profiling or automated decision-making. To opt out of the processing of personal information for profiling or automated decision-making in furtherance of decisions that produce legal or similarly significant effects concerning you.
- Right to appeal. To receive information about denials and contact information for applicable government authorities to submit a complaint.
To protect you and your personal information, we will only respond to requests after reasonably verifying a requestor’s identity or their authority to make the request. To exercise your rights, please use this form.
Please note that certain state privacy laws contain several exemptions and exceptions that apply to our company that may prevent us from honoring your request. Completion and submission of this form does not guarantee that we will fulfill your request.
How to submit a privacy rights request under state law
You may initiate a privacy rights request under the state law where you reside by using this request form or by contacting us toll-free at 866-816-1727.
Verification process. To protect you and your information, we must reasonably verify that you are the person that is the subject of the request. You will be asked to provide us with your full name, the last four digits of your social security number, your birthdate (day and month), your email address, and your mailing address. If the personal information you provide is inadequate based on the sensitivity of the request, we may request additional information from you. The information you provide us with for this purpose will not be further processed. If after a good faith attempt, we cannot reasonably verify your identity, or the authority under which the request is made, we will not be able to fulfill your request.
If allowable under applicable law, and subject to limitations, you may designate an authorized agent to submit a privacy rights request on your behalf. We may request that you provide evidence that establishes the agent’s authority or may ask you and your agent to verify your identity directly with us. We will deny a request from an authorized agent that does not submit evidence that they have been authorized by you to act on your behalf.
Response timing and process. We will confirm receipt of requests within ten (10) business days. We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time or additional information to fulfill your request, we will tell you why.
- If we are unable to fulfill your request, or if we deny your request in whole or in part, we will provide you with an explanation. We may direct you to our general business practices for collecting personal information.
- Under no circumstances will we provide a requestor with a Social Security number, driver’s license number, or other government-issued identification number, financial account numbers, any health insurance or medical identification numbers, any account passwords, or any security questions and answers.
- We will use reasonable security measures when transmitting information to a requestor and will deliver data in a readily useable format.
- We are not required to retain any personal information about you that we collected for a single one-time transaction if we do not retain that information in the ordinary course of business. We are also not required to re-identify or otherwise link data that we do not maintain in a manner that would be considered personal information in the ordinary course of business.
- Where permitted under the law, we may charge you a reasonable fee to process your request.
- Please note, we may not be able to fulfill your request to delete your personal information if it falls within a legal exception, including, but not limited to retaining such information to:
- Comply with federal, state, or local laws, rules, or regulations.
- Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities.
- Investigate, establish, exercise, prepare for, or defend legal claims.
- Provide a product or service specifically requested by you; perform a contract to which you are a party, including fulfilling the terms of a written warranty, or take steps at the request of you prior to entering into a contract.
- Prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities or any illegal activity, preserve the integrity or security of systems or investigate, report, or prosecute those responsible for any such action.
- Identify and repair technical errors that impair existing or intended functionality.
- Perform internal operations that are reasonably aligned with your expectations based on your existing relationship with us.
Online Platforms and Cookies Policy
This Policy applies to certain privacy practices while using our websites and mobile applications (“Online Platforms”). It includes the use of technologies such as cookies, beacons, tags, or similar tracking technologies (collectively, “cookies”) to collect information from individuals when using Online Platforms.
What is a cookie? Cookies are small text files placed on your browser, device, or the page you are viewing, that enables the cookie owner to recognize the device when it visits websites or uses online services.
- Session cookies are temporary bits of information that are erased once you exit your web browser window, or otherwise turn your computer off. Session cookies are used to improve navigation on websites and to collect aggregate statistical information. Trustmark websites use session cookies.
- Persistent cookies are more permanent bits of information that are placed on the hard drive of your computer and stay there unless you delete the cookie. Persistent cookies store information on your computer for several purposes, such as retrieving certain information you have previously provided (for example, passwords), helping to determine what areas of the website visitors find most valuable, and customizing the website based on your preferences. Trustmark websites use persistent cookies.
Most browsers allow you to control cookies through their settings preferences. However, if you limit the ability of websites to set cookies, you may worsen your overall user experience, since it will no longer be personalized to you. It may also stop you from saving customized settings like login information.
Why we use cookies. Trustmark uses cookies in a range of ways to improve your experience on our website(s), including:
- keeping you signed in,
- to allow for single sign on,
- understanding how you use our website, and
- improving your experience when you use our website.
Cookie choices. If you visit our websites, you consent to our use third-party cookies such as Google Analytics, which uses cookies to collect non-personally identifiable information. Google Analytics uses cookies to track visitors, providing reports about website trends without identifying individual visitors.
If you use our mobile applications, you consent to our use of Azure Application Insights, which uses telemetry data, including IP addresses to track visitors, providing reports about mobile usage, and performance trends without identifying individual visitors.
We use information received from Google Analytics and Azure Application Insights as aggregate data to help us maintain and improve our websites and mobile applications. We do not send such information to other third parties. You can opt out of Google Analytics without affecting how you visit our websites. For more information on opting out of Google Analytics tracking across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
Do not track. Some web browsers and mobile operating systems offer a “Do Not Track” setting you can activate to signal your preference not to have data about your online browsing activities monitored and collected. Currently, our Online Platforms may not recognize “Do Not Track” signals.
Children’s online privacy. We do not knowingly collect personal information online or otherwise from any person under the age of 16, and we do not offer, otherwise market or direct our products or services to any person under the age of 16. If you suspect that we have collected personal information from a person under the age of 16, please contact us.
Privacy policies and notices of other sites. Our Online Platforms may link to and from third-party websites. If you click on a link to another website, that third party’s privacy policy/notice will apply to your use of their website. We do not have control over the content or operation of these third-party sites. We recommend that you review all third parties’ terms of use agreements and privacy policies before using their websites, goods, or services.
Changes to this Notice
We may change, update, or modify this Notice from time to time. If we make changes to this Notice, we will revise the Last Updated date identified at the top of the first page. Any changes will become effective upon our posting of the revised Notice on our websites.
Contact Details
Privacy Officer
Privacy Request
Trustmark Companies
PO Box 7961
Lake Forest, IL 60045-7961
Email: privacyoffice@trustmarkbenefits.com