Effective Date: August 27, 2025
EverTrust Health Insurance ("EverTrust," "we," "us," or "our") is committed to protecting the
privacy and security of your personal information. As a health insurance company
operating in South Carolina, United States, we understand the critical importance of
maintaining the confidentiality of your health information and personal data.
This Privacy Policy explains how we collect, use, store, and protect your personal
information when you visit our website, request information about our services, or interact
with us in any capacity. This policy applies to all information collected through our website
and other digital platforms, as well as information you provide to us directly.
We are committed to transparency in our data practices and compliance with all applicable
privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA),
which establishes national standards for the protection of health information. As a covered
entity under HIPAA, we are required to provide you with this Notice of Privacy Practices and
to follow the terms outlined herein.
By using our website or providing us with your personal information, you acknowledge that
you have read and understood this Privacy Policy. If you do not agree with our privacy
practices, please do not use our website or provide us with your personal information.
2.1
Types of Personal Information
We collect several types of personal information from and about users of our website and
services, including:
Contact Information: We collect basic contact information that you voluntarily provide to
us, including your full name, email address, and phone number. This information is
typically collected when you request information about our insurance products, submit an
inquiry through our website, or contact us for customer service purposes.
Demographic Information: In some cases, we may collect demographic information such
as your age, gender, and location to better understand your insurance needs and provide
appropriate service recommendations.
Health Information: As a health insurance company, we may collect protected health
information (PHI) as defined under HIPAA. This includes information about your health
status, medical history, treatment information, and other health-related data necessary for
insurance coverage determinations and claims processing. However, such collection
typically occurs after you become a customer and through secure, HIPAA-compliant
channels separate from our general website.
2.2
How We Collect Information
Direct Collection: Most of the personal information we collect is provided directly by you
when you voluntarily submit it through our website forms, email communications, phone
calls, or written correspondence. This includes information provided when you request
quotes, submit inquiries, or seek information about our services.
Automatic Collection: Our website does not use cookies, tracking pixels, or other
automatic data collection technologies. We do not collect information about your browsing
behavior, device information, or other technical data through automated means.
Third-Party Sources: We do not collect personal information about you from third-party
sources or data brokers. All information in our possession has been provided directly by
you or through authorized representatives acting on your behalf.
3.1
HIPAA Compliance
As a health insurance company, EverTrust is a "covered entity" under the Health Insurance
Portability and Accountability Act (HIPAA). HIPAA requires us to protect the privacy and
security of protected health information (PHI) and provides individuals with certain rights
regarding their health information.
Under HIPAA, we are permitted to use and disclose PHI for the following purposes without
your authorization:
Treatment: We may use and disclose your PHI to facilitate your medical treatment by
healthcare providers.
Payment: We may use and disclose your PHI for payment purposes, including determining
eligibility for benefits, processing claims, and coordinating benefits with other insurers.
Healthcare Operations: We may use and disclose your PHI for healthcare operations,
including quality assessment, case management, and business planning activities related
to our insurance operations.
3.2
Other Legal Bases
For non-health information, our legal basis for processing includes:
Legitimate Interest: We process your contact information based on our legitimate interest
in providing you with information about our insurance products and services that you have
requested.
Consent: In some cases, we may process your information based on your explicit consent,
which you may withdraw at any time.
Legal Obligation: We may process your information to comply with legal obligations, such
as regulatory reporting requirements or responding to lawful requests from government
authorities.
4.1
Primary Uses
We use the personal information we collect for the following primary purposes:
Service Provision: Your contact information is used to respond to your inquiries about our
insurance products and services, provide you with requested information, and facilitate
communication regarding potential or existing insurance coverage.
Customer Service: We use your information to provide customer support, answer
questions about our services, and assist you with any issues or concerns you may have
regarding our insurance products.
Business Operations: Your information helps us improve our services, understand
customer needs, and develop new insurance products that better serve our community in
South Carolina.
Regulatory Compliance: We use your information as necessary to comply with applicable
laws, regulations, and industry standards governing the insurance industry and health
information privacy.
4.2
Communication Purposes
We may use your email address and phone number to:
• Send you information about insurance products and services you have requested
• Provide updates about your insurance coverage or claims (for existing customers)
• Send important notices about changes to our policies or services
• Respond to your customer service inquiries
• Provide educational information about health insurance topics
We do not use your information for unsolicited marketing purposes or share it with third
parties for their marketing use.
4.3
Data Accuracy and Currency
We take reasonable steps to ensure that the personal information we maintain is accurate
and current. We encourage you to review and update your information regularly by
contacting us directly. If you believe any information we have about you is inaccurate or
incomplete, please contact us using the information provided in the "Contact Us" section of
this policy.
5.1
No Third-Party Sharing
EverTrust does not sell, rent, trade, or otherwise share your personal information with third
parties for their marketing or commercial purposes. We maintain strict control over your
personal information and limit access to authorized personnel who need the information to
perform their job functions.
5.2
Limited Disclosure Circumstances
We may disclose your personal information only in the following limited circumstances:
Legal Requirements: We may disclose your information when required by law, such as in
response to a court order, subpoena, or other legal process. We will make reasonable
efforts to notify you of such requests unless prohibited by law.
Regulatory Compliance: We may share information with insurance regulators, government
agencies, or other authorities as required for regulatory compliance or oversight purposes.
Business Associates: For HIPAA-covered information, we may share PHI with business
associates (such as claims processors or IT service providers) who perform services on our
behalf. All such business associates are required to sign agreements ensuring they will
protect your information in accordance with HIPAA requirements.
Emergency Situations: We may disclose information if we believe in good faith that
disclosure is necessary to protect the safety, rights, or property of EverTrust, our customers,
or others.
5.3
Corporate Transactions
In the event of a merger, acquisition, or sale of all or part of our business, customer
information may be transferred as part of the transaction. We will provide notice of such
transfers and any changes to this Privacy Policy.
6.1
Security Measures
We implement appropriate technical, administrative, and physical safeguards to protect
your personal information against unauthorized access, use, disclosure, alteration, or
destruction. Our security measures include:
Administrative Safeguards: We have designated privacy and security officers responsible
for overseeing our privacy and security programs. We provide regular training to our
employees on privacy and security requirements and maintain policies and procedures
governing the handling of personal information.
Physical Safeguards: We maintain physical security measures to protect our facilities,
equipment, and records containing personal information. Access to areas where personal
information is stored is restricted to authorized personnel only.
Technical Safeguards: We use industry-standard technical measures to protect electronic
personal information, including encryption, access controls, and secure data transmission
protocols. Our computer systems are protected by firewalls and other security technologies.
6.2
Data Storage and Retention
We store your personal information in secure systems located in the United States. We
retain personal information only for as long as necessary to fulfill the purposes for which it
was collected, comply with legal obligations, resolve disputes, and enforce our agreements.
For health information subject to HIPAA, we follow HIPAA requirements for retention and
disposal of PHI. Generally, we retain health information for at least six years from the date it
was created or last in effect, whichever is later, or as required by applicable law.
6.3
Data Breach Response
In the unlikely event of a data breach involving your personal information, we will take
immediate steps to contain the breach, assess the scope of the incident, and notify affected
individuals and relevant authorities as required by applicable law. For HIPAA-covered
information, we will follow HIPAA breach notification requirements.
7.1
HIPAA Rights
If you are a customer and we maintain protected health information about you, you have
the following rights under HIPAA:
Right to Access: You have the right to request and receive a copy of your protected health
information that we maintain. We will provide you with access to your information within
days of your request, or notify you if we need additional time.
Right to Amendment: You have the right to request that we amend protected health
information about you that you believe is incorrect or incomplete. We will respond to your
request within
days.
Right to Restriction: You have the right to request restrictions on how we use or disclose
your protected health information. While we are not required to agree to all requested
restrictions, we will consider each request carefully.
Right to Alternative Communications: You have the right to request that we communicate
with you about your health information in a particular way or at a particular location to
protect your privacy.
Right to an Accounting: You have the right to request an accounting of disclosures of your
protected health information that we have made for purposes other than treatment,
payment, or healthcare operations.
Right to File a Complaint: You have the right to file a complaint with us or with the U.S.
Department of Health and Human Services if you believe your privacy rights have been
violated.
7.2
General Privacy Rights
For all personal information we collect, you have the following rights:
Right to Information: You have the right to know what personal information we collect
about you and how we use it.
Right to Access: You may request access to the personal information we maintain about
you.
Right to Correction: You may request that we correct inaccurate or incomplete personal
information about you.
Right to Deletion: In certain circumstances, you may request that we delete personal
information about you. However, we may need to retain certain information for legal or
business purposes.
Right to Opt-Out: You may opt out of receiving marketing communications from us at any
time by contacting us using the information provided below.
7.3
Exercising Your Rights
To exercise any of these rights, please contact us using the contact information provided in
Section of this policy.
We will respond to your request within a reasonable timeframe
and in accordance with applicable law. We may need to verify your identity before
processing your request to protect your privacy and security.
8.1
No Cookies Policy
EverTrust does not use cookies, web beacons, tracking pixels, or other similar tracking
technologies on our website. We do not collect information about your browsing behavior,
device characteristics, or online activities through automated means.
8.2
Third-Party Analytics
We do not use third-party analytics services such as Google Analytics or other web analytics
tools that would track your behavior on our website. Our website operates without any
tracking or analytics technologies that would collect personal information about your visit.
8.3
Social Media and External Links
Our website may contain links to third-party websites or social media platforms. This
Privacy Policy does not apply to those external sites, and we are not responsible for the
privacy practices of third parties. We encourage you to review the privacy policies of any
external websites you visit.
9.1
Age Restrictions
Our website and services are not intended for children under the age of
18. We do not
knowingly collect personal information from children under
18 years of age. If we become
aware that we have collected personal information from a child under
18, we will take steps
to delete such information promptly.
9.2
Parental Rights
If you are a parent or guardian and believe that your child under
18 has provided us with
personal information, please contact us immediately using the contact information
provided below. We will work with you to address the situation and delete any such
information if necessary.
10.1
Policy Modifications
We may update this Privacy Policy from time to time to reflect changes in our practices,
technology, legal requirements, or other factors. When we make material changes to this
policy, we will notify you by:
• Posting the updated policy on our website with a new "Last Updated" date
• Sending you an email notification if we have your email address
• Providing other appropriate notice as required by applicable law
10.2
Continued Use
Your continued use of our website or services after we post changes to this Privacy Policy
constitutes your acceptance of the updated policy. We encourage you to review this policy
periodically to stay informed about how we protect your information.
10.3
Previous Versions
We will maintain previous versions of this Privacy Policy for our records and will make them
available upon request for a reasonable period of time.
11.1
Privacy Officer
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy
practices, please contact our Privacy Officer:
EverTrust Health Insurance
Privacy Officer
4316 Windy Heights Drive
South Carolina, United States
Email: [email protected]
Phone: +1 704-617-5151
11.2 HIPAA Complaints
EverTrust Health Insurance Privacy Officer (contact information above)
OR
U.S. Department of Health and Human Services Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/
You will not be retaliated against for filing a complaint.
11.3
Business Hours
Our Privacy Officer is available to assist you during regular business hours, Monday through Friday, 9:00 AM to 5:00 PM Eastern Time. We will respond to privacy-related inquiries within five (5) business days.
Effective Date: August 27, 2025
Last Updated: August 27, 2025
This Privacy Policy represents EverTrust Health Insurance's commitment to protecting your privacy and complying with all applicable privacy laws and regulations. We appreciate your trust in us and will continue to safeguard your personal information with the highest standards of care and security.