We recognize that the privacy of your information is important. This Online Services Privacy Policy ("Privacy Policy" or "Policy") describes our practices in connection with information we collect through the Sparq online and mobile websites, platforms, services, and applications (collectively, "Online Services").
As used in this Policy, terms such as "we," "us," "our," and "Company" refer to current and future affiliated entities, subsidiaries, agents, contractors, or vendors of UnitedHealth Group including, but not limited to, UnitedHealthcare, Optum, and their subsidiaries. The Online Services operate on computer servers in the United States; therefore, any Information you provide will be transferred to and processed by a computer server located in the United States.
By using the Online Services, you consent to our collection, use, disclosure, and storage of information as described in this Privacy Policy.
Our Privacy Policy explains:
This Policy applies to Online Services that we own or operate and that contain a link to this Privacy Policy. This Privacy Policy applies only to the Sparq Online Services and the information collected through the Online Services. It does not apply to information collected through other means such as by telephone or in person, although that information may be protected by employment policies and applicable law.
This Policy does not apply to the practices of other companies, other websites, platforms, or software applications that may be linked from or made available through our Online Services.
The inclusion of a link on our Online Services or the ability to utilize a third-party website or software application through our Online Services does not imply that we endorse, or otherwise monitor the privacy or security practices of that third-party website or software application or the accuracy of its content, and your use of the third-party website or software application is governed by the third-party's privacy policy.
This Privacy Policy is not intended to and does not create any contractual or other legal rights in or on behalf of any party.
We may collect two basic types of information through the Online Services: (1) information you provide directly to us, and (2) information that is automatically provided to us or collected through your use of our Online Services (collectively, "Information").
Such Information may include information that identifies you such as your full name, telephone number; email address; work location; user credentials; payroll, paid-time-off, and other information related to your employment, and other information described in this Privacy Policy.
When you use the Online Services, you may provide certain Information directly to us. For example, you may input a telephone number or email address into a webform or enter information into a chat functionality. We also may make certain information available to you on the Online Services that we collect from other sources. For example, we may pre-populate certain demographic information in an online form or make health or medical information viewable on the Online Services that you have provided to us on paper forms or maintained in other information systems.
We also may obtain Information that is automatically collected through the Online Services. The automatically collected Information may include demographic, de-identified, aggregated, or certain information from your device such as technical information about your device, web-browser information, and server log files collected by us or provided by you. See Cookies and Tracking for more information on automatically collected information.
You may limit the Information you provide or make available to us if you want to; however, that may limit your ability to access or use certain functions of the Online Services or to request certain services or information.
Mobile Devices and Applications
In addition to the Information identified above, we may collect the following Information:
Information that Identifies You
What You Do on Your Device
Device or System Data
If you share it, we may obtain location data from your device to provide location-related services (e.g., Company events occurring in or near your office location). You may withdraw consent to use precise, real-time, or network location data at any time by turning off the location-based feature on your mobile device or by not using any location-based features. If you withdraw your consent, functionality associated with precise, real-time, or network location will no longer work.
For Android Users – Required Disclosures for Certain Health Applications
Google has determined that certain applications are subject to their COVID-19 applications requirements (COVID-19 requirements). As a result, we are providing the following information related to our applications that may be deemed in scope for their COVID-19 requirements:
We may use your Information:
We may use Information to contact you through any contact information you provide through our Online Services, including any email address, telephone number, cell phone number, or fax number. We may communicate, electronically or via telephone with you about your employee benefit plan, programs, products, or services that are or may be available to you in connection with your transactions with us including, but not limited to, Online Services updates, account information related to us or your employment with us, news or developments affecting the Company, general wellness, general health information, newsletters, and surveys. You acknowledge and accept that such communications may be sent unencrypted and there is some risk of disclosure or interception of the contents of these communications.
We may, when permitted, combine your Information with other information, whether online or offline, maintained or available to us from you or from other sources, such as from our vendors, and we may use and disclose combined data for the purpose described in this Section or for internal business purposes. We may, when permitted, use and disclose de-identified and aggregated data for any purpose, which may include, without limitation, disclosures to third parties for analytics purposes such as evaluating the Online Services and providing additional benefits, programs, and services.
We will only share your Information with third parties as outlined in this Policy and as otherwise permitted by law, Company policy, or as permitted with your consent.
We may share Information if all or part of the Company is sold, merged, dissolved, acquired, or disbanded to any extent in a similar transaction, or in connection with steps that may need to be taken in anticipation of such events.
We may share Information in response to a court order, subpoena, search warrant, or to comply with law or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting activities that are illegal, violate our rules, or may be harmful to other visitors.
We may also share Information within the Company, including among affiliates, or with our parent company, or subsidiaries.
We may also share Information with other third-party companies with which we have a business relationship or hire to perform services on our behalf. For example, we may hire a third-party company to help us send and manage email, and we might provide that third-party company with your email address and certain other Information for them to send you an email message on our behalf. Similarly, we may hire third-party companies to host or operate some of our Online Services and related computers and software applications.
Our Online Services may permit you to view your profile, if applicable, and access related Information about you and to request changes to such Information. Please remember, however, if we have already disclosed some of this Information to third parties, we may not have access to that disclosed information and may not be able to force the modification of any Information by the third parties to whom we have made those disclosures.
Communication Preference Management
Our Online Services may permit you to select how you would like to receive certain communications. You can also view and update your communication preferences by going to the "Personal Information" tab on the Global Self Service page.
We may offer mobile applications that enable us to communicate with you through push notifications. Where mobile applications are offered, you may be able to manage push notifications in your mobile phone or tablet settings. You may also be able to control preview settings in your email applications.
If you need additional assistance in opting-out of a communication, please Contact Us for assistance. Please be aware that opt-outs may not apply to certain types of communications, such as account status, Online Service updates, or other communications.
The Company may use various technologies, including cookies, tokens, tags, web logs, web beacons, scripts, and web server logs to gather automatically collected information and may aggregate this information from users of our Online Services or to enable certain features of our Online Services. This information may include demographic data, technical information about the technology (e.g., phone, computer) you use to connect to the Online Services, web browser information, your IP address, and browsing behavior such as pages visited and how often they are visited (collectively, "Activity Information"). We may also use third-party analytics companies to provide these services.
We may also allow third parties to use cookies and other technologies to collect Activity Information and to track browsing activity over time and across third-party websites such as web browsers used to read our Online Services, which websites are referring traffic or linking to our Online Services, and to track your engagement with the Online Services. We do not control these third-party technologies, and their use of such technologies is governed by their own privacy policies. For more information about third-party advertising networks and similar entities that use these technologies, see youradchoices.com/control, and to opt-out of such ad networks' and services' advertising practices, go to optout.aboutads.info and optout.networkadvertising.org/. Once you click the links, you may choose to opt out of such advertising from all participating advertising companies or only from advertising provided by specific advertising companies. Please note that, to the extent advertising technology is integrated into the Online Services, you may still receive advertisements even if you opt out of tailored advertising. In that case, the ads will just not be tailored. Also, we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.
Activity Information is captured using various technologies and may include cookies. "Cookies" are small text files that may be placed on your computer or mobile device when you visit an Online Service or click on a URL using your web browser. Cookies may include "single-session cookies" which generally record information during only a single visit to a website and then are erased, and "persistent" cookies which are generally stored on a computer or mobile device unless or until they are deleted or are set to expire. You may disable cookies and similar items by adjusting your browser preferences at any time; however, this may limit your ability to take advantage of all the features on our Online Services. In addition, you may also have additional means to manage the collection of Activity Information by:
Please note that we do not currently respond to web browser "Do Not Track" signals that provide a method to opt out of the collection of Information about online activities over time and across third-party websites or online services because, among other reasons, there is no common definition of such signals and no industry-accepted standards for how such signals should be interpreted.
We gather Activity Information about you to improve the quality of our services, such as the best method and time to contact you. Without limiting the other ways in which we may use Information as described herein, we may otherwise use and disclose your Activity Information unless restricted by this Policy or by law. Some examples of the ways we use your Activity Information include:
As described above, we may use tracking technologies that allow us to recognize your device when you return to our Online Services within a period of time, as determined by us, and to support automatic login to your Online Services. To maintain your privacy, you should affirmatively log out of your account prior to your session ending (whether you end your session or we end your session, for example if our Online Services has "timed out" - i.e., we have ended your session automatically after a period of inactivity as determined by us in our sole discretion). Unless you affirmatively log out of your account, you may be automatically logged back in the next time you or any user of your devices visits the Online Services.
Retention of Data
We will retain your personally identifiable information (PII) and Activity Information for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your PII to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Posting Messages, Comments and Content
Our Online Services may have voluntary collaboration areas, including but not limited to "blogs," "bulletin boards," "leader boards," and "health games," that permit users to have collaborative discussions and/or share Information. Some of our Online Services may permit you to select a display name or image that will be your "nickname" on the Online Service. Please note, any Information you submit or post to these collaboration areas, including your display name or image, may be visible by other users of the Online Service, and such users may be able to identify you and make information public. Out of respect for the privacy of others, please avoid referring to the full names of others in your response and refrain from sharing other users' identities or comments outside of these discussions.
Also see our Yammer Acceptable Use Policy to learn about our practices related to posting on our Yammer social media accounts.
We maintain administrative, technical, and physical safeguards designed to protect the Information that you provide on our Online Services. These safeguards vary based on the sensitivity of the Information that is being collected, used, and stored. For more information about the processing of your personal information see the Personal Information Handling Policy for your jurisdiction.
We cannot guarantee the security of our Online Services, nor can we guarantee the security of the Information you transmit to us over the Internet, including your use of email. We are not liable for the illegal acts of third parties such as criminal hackers.
It is your responsibility to safeguard the devices you use to access our Online Services (such as laptops, tablets and mobile devices), and to use appropriate security settings on those devices. If those devices are lost, stolen or misplaced, others may be able to access your account and your personal Information using those devices. You should affirmatively log out of your account (i) prior to ending your session, or (ii) if you will be inactive on the Online Services for more than a few minutes; otherwise, the next user of that computer or device, particularly a public one or one not owned by you, may be able to access your account and the Information in your account if your session has not ended.
You agree that we are not responsible for any harm that may result from someone accessing your account or personal Information on any computer or device where you do not, for any reason, take the necessary steps to log out of your account prior to ending a session on such device or computer.
We retain Information for as long as necessary for the purpose for which it is collected, subject to a longer period if the Information is relevant to a legal challenge.
We will not intentionally collect any personal information (as that term is defined in the Children's Online Privacy Protection Act) from children under the age of 13 through our Online Services without receiving parental consent. If you think that we have collected such personal information from a child under the age of 13 through our Online Services, please Contact Us immediately.
California "Shine the Light" Privacy Rights
California law permits our customers who are California residents to request certain information regarding the disclosure of certain personal information to third parties for their direct marketing purposes.
If we have disclosed any personal information to third parties for direct marketing purposes, we will provide a list of the categories of personal information, along with the names and addresses of these third parties to you at your request. To make such a request, write us at the postal or email address found in the Contact Us section of this Policy.
This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the specified email or postal address. You should put "California Privacy Rights-Direct Marketing" in the email subject line and in the body of your request. You must provide us with specific information regarding yourself so that we can accurately respond to the request.
California Minors Under 18
If you are a California resident under the age of 18 and are a registered user of our Online Services, you may request that we remove from our Online Services any content you post to our Online Services that can be accessed by any other user (whether registered or not). Please note that any content that is removed from visibility on our Online Services may still remain on our servers and in our systems. To request removal of content under this provision, please write or email us at the postal or email address found in the Contact Us section of this Policy. When you write to us, please provide us with a description of the content and the location of the content on our Online Services, along with any other information that we may require to consider your request. Please note that removal of content under this provision does not ensure complete or comprehensive removal of the content or information posted on the Online Services by you.
This State Consumer Privacy Notice applies to residents of California and sets forth their rights under California's comprehensive privacy law.
This State Consumer Privacy Notice supplements our Privacy Policy. It explains what Personal Information (PI) we collect about you, where and from whom we obtain it, why we collect it, and your respective state rights regarding it. If you are a California resident, this notice applies to any PI that we collect about you.
Personal Information (PI) We Collect and Disclose for Business Purposes
In the preceding twelve (12) months, we may have collected the following PI about California residents and have disclosed it for the business purposes described below:
Category of PI | Examples | Collected | Categories of Third Parties to Which We Disclose PI for Business Purposes | Shared for Advertising Purposes | Categories of Third Parties with Which We Share PI for Advertising Purposes |
Some Personal Information included in the categories below may overlap with other categories. | |||||
Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, government-issued identification numbers or other similar identifiers. | Yes | Vendors | No | None |
Personal information categories | A name, signature, address, telephone number, government-issued identification numbers, insurance policy number, education, employment, employment history, bank account number, or any other financial information, medical information, or health insurance information. | Yes | Vendors | No | None |
Protected classification characteristics | Age, race, color, national origin, citizenship, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), veteran or military status. | Yes | Vendors | No | None |
Sensitive personal data categories ("Sensitive Personal Data") | Government-issued identification number, precise geolocation information, contents of an email or text messages, racial or ethnic origin, biometrics data, health data, mental or physical health condition or diagnosis, sexual orientation, citizenship or immigration status. | Yes | Vendors | No | None |
Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | No | None | No | None |
Biometric information | Fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, or exercise data. | Yes | Vendors | No | None |
Internet and/or network activity | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | Yes | Vendors | No | None |
Geolocation data | Physical location or movements. | Yes | Vendors | No | None |
Sensory data | Audio, electronic, visual, or similar information. | No | None | No | None |
Professional or employment-related information | Current or past job history or performance evaluations. | Yes | Vendors | No | None |
Education information subject to the Family Educational Rights and Privacy Act | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, or student disciplinary records. | No | No | No | None |
Inferences drawn from other personal information | Profile reflecting a person's preferences, characteristics, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | No | None | No | None |
We will retain the foregoing categories of PI consistent with our internal record-retention policies and for as long as is necessary to provide products and services to you or as required by law. | |||||
PI Does Not Include:
Categories of Sources of PI
We obtain the categories of PI listed above from:
Collection from these sources may occur online, in person, via paper or other electronic means, and may occur automatically where state law permits such profiling absent an explicit request to opt-out.
Why We Collect PI
We collect your PI for one or more of the following business purposes:
Sharing or Selling Your PI
In the preceding twelve (12) months, we have not sold or shared any PI.
Third parties are not allowed to use or disclose your PI other than as specified in our contract and as permitted by law.
If we seek to use your PI for a materially different purpose than we previously disclosed in this notice, we will notify you and will not use your PI for this new purpose without your explicit consent.
Sensitive Personal Data
We only process Sensitive Personal Data to process transactions necessarily related to your employment and to manage our workforce.
Your Rights
You have the right to request that we disclose certain information to you about our collection and use of your PI. Once we receive and confirm your verifiable consumer request, we will disclose to you:
Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why and you may appeal this decision (see additional information in Appeals section below).
How to Exercise Your Rights
Timing
Appeals
Changes
We will review this notice annually and update it from time to time. Any changes will be posted on this page and will become effective as of the "Last Revised" date. We encourage you to review this notice periodically to be sure you are aware of those changes.
Scope
For purposes of this Section, the collection, use, disclosure, storage, alteration, and disposal of personal information shall be collectively referred to as "processing."
The UnitedHealth Group company that processes your personal information is the primary data controller, as detailed in the Personal Information Handling Policy for your jurisdiction.
Types of Personal Information Processed
A description of the type of personal information processed can be found in the What Information We Collect About You Section of this Policy.
Basis, Purposes, and Manner of Processing
Our bases to process your personal information is based on the following:
The purpose of the processing of your personal information is to deliver the Online Services to you. The scope and manner of the processing is described above and in the How We Use Your Information Section of this Policy.
Disclosure of Personal Information
We will only share your personal information where necessary for legitimate business purposes or as described in the How We Share Your Information Section of this Policy. The Personal Information We Collect and Disclose for Business Purposes Section also describe the categories of third parties with whom your personal information may be shared.
Additional Rights
You may request access to your personal information to correct any mistakes, to request deletion, or to object to or withdraw consent to the processing of your personal information in accordance with applicable law. Such requests must be submitted in writing to the Human Resources department. We may be unable to comply with requests where doing so would conflict with applicable laws, regulation or codes of practice. If you withdraw consent, the Online Services may be impacted or disrupted.
Supplemental Information
For more information about the processing of your personal information see the Personal Information Handling Policy for your jurisdiction.
In addition to the information found in the Contact Us Section of this Policy, you may also contact our Data Protection Officer at uhg_privacy_office@uhg.com.
It is our policy to protect the confidentiality of Social Security numbers ("SSNs") that we receive or collect in the course of business. We secure the confidentiality of SSNs through various means, including physical, technical, and administrative safeguards that are designed to protect against unauthorized access. It is our policy to limit access to SSNs to that which is lawful and to prohibit unlawful disclosure of SSNs.
We may change this Policy at any time. If we do so, such change(s) will appear on this page. You may always visit this Policy to learn of any updates. Your continued access to or use of the Online Services constitutes your consent to these changes to this Policy.
Contact us regarding this Policy or related privacy practices. If you believe we or any company associated with us has misused your Information, please contact us immediately.
Email: uhg_privacy_office@uhg.com
Last Revised
July 11, 2023