Support Get started

WEX Health CCPA notice

Effective as of January 1, 2020

What We Do
Collection and Uses of Your Personal Information
Sources of Information
Categories of Information
Sharing Your Personal Information
Sale of Personal Information
Security
Retention of Personal Information
Your CCPA Rights
How to Contact Us
Updates to this Privacy Statement

WEX Health (collectively referred to as “we”, “us”) take its data protection responsibilities seriously. This CCPA Notice explains who we are, how we collect, use and share personal information about you, and your rights under the California Consumer Privacy Act (“CCPA”). It applies if we have collected information about you and you are a California consumer as defined by the law. We recommend that you read this CCPA Notice in full to ensure you are fully informed.

As described below, we collect personal information about consumers on behalf of our customers in connection with the provision of our software and services. We take measures to protect this personal information and limit the ways in which it is used and disclosed. Because we receive and collect data on behalf of our customers, our customers generally need to tell us when, with who, whether, and how we may disclose personal information.

For more information about the specific pieces of personal information we have collected about you in connection with HRA, FSA, HSA or similar accounts, or to request disclosure of that information, please contact your health plan or the bank at which you opened your HSA. For more information about the specific pieces of personal information we have collected about you in connection with COBRA health benefit continuation or health insurance premium billing, or to request disclosure of that information, please contact your COBRA administrator or health insurer.

What we do

WEX Health provides software and services to support the administration of health-related financial accounts, such as health savings accounts and flexible spending accounts. We also provide software and services to support the administration of COBRA health benefit continuation and health insurance premium billing. Our customers are health plans, insurance companies, third party administrators, banks, financial institutions, and similar organizations that work directly with employers and, in some instances, consumers, to offer health reimbursement accounts (HRAs), flexible spending accounts (FSAs), health savings accounts (HSAs), and similar accounts, as well as COBRA health benefit continuation and insurance premium billing. You can find out more about WEX Health on our website.

Collection and uses of your personal information

“Personal information” is any information that can be used to identify an individual, is capable of being associated with an individual, or could reasonably be linked with a particular individual or household, and may include name, address, email address, phone number, login information, or payment information.

We collect and use information about you if you are enrolled in a benefit plan administered by one of our customers or if you sign up for or open a health-related financial account with one of our customers.

Sources of information

WEX Health collects personal information from our customers, such as health plans, insurance companies, third party administrators, banks, financial institutions, and similar organizations. We also collect personal information when consumers or their employers provide it to us directly. We may collect personal information such as medical claims from you, your health insurer, or similar companies. We may collect payment card transaction data from merchants and banks. We may generate personal information in the course of providing our software and services (such as unique identifiers or payment card data), or when you use our software or services (such as data about how users interact with our web portals and software).

Categories of information

When you engage our services, we collect and use personal information which is necessary for the performance of those services. The majority of the personal information we collect and use to provide our services is supplied voluntarily by you, your employer, and our customers, and most of that personal information is available for you to review by accessing our software and services. Because of this, it will be generally obvious to you what personal information we collect and use. This information broadly falls into the following categories:

  • Basic information such as your name, the company you work for, and your relationship to a person;
  • Contact information such as postal address, email address and telephone number(s);
  • Identifiers such as unique personal identifier, online identifier, or user id. We collect social security number if your employer or health plan uses your social security number as your unique personal identifier, and, in some circumstances, such as when you use our services to open a bank account, we are required to collect images of documents from you reflecting your social security number, driver’s license number, or passport number to verify your identity.
  • Insurance information such as insurance policy number and other health insurance information when we provide COBRA continuation and similar services. We may also receive insurance information in the course of administering your HRA, FSA, or HSA account.
  • Financial information (such as bank account information, credit and debit card numbers, tax registration information, billing details) in order to manage and process any payments that you make to us, we make to you, or you make to others using accounts that we administer for you.
  • Medical information associated with medical bills if you use your HRA, FSA or HSA to pay medical bills.
  • Demographic information such as gender and health insurance coverage levels (such as individual or family coverage) if your health plan or health insurer requires it.
  • Information such as your Internet Protocol address and geolocation data, which we use when we receive a request to log into our software using your credentials to help us decide whether to allow access.
  • Information about your interactions with our software and services.

We use this information in the following ways and where we are satisfied that we have an appropriate legal basis to do so. These uses broadly fall into the following categories:

  • Providing our services and necessary functionality: We process your personal information so that you may use our services consistent with our contracts with our customers and so that we may meet the obligations in our contracts with our customers;
  • Developing and improving our services: We process your personal information to analyze trends and to track your usage of and interactions with our services consistent with our legitimate interest in developing and improving our services and providing our users with more relevant service offerings, or where we seek your valid consent;
  • Assessing and improving user experience: We process usage data, which in some cases may be associated with your personal information, to analyze trends in order to assess and improve the overall user experience consistent with our legitimate interest in assessing and improving our services offerings, or where we seek your valid consent;
  • Promoting the security of our services: We process your personal information by tracking the use of our services; establishing access controls to our systems like user names, passwords, and other forms of user authentication; creating aggregated, non-personal data; verifying accounts and activity, investigating suspicious activity; and enforcing our terms and policies, in support of our legitimate interest in promoting the safety and security of our services, systems and applications and in protecting our rights and the rights of others;
  • Managing Payments: If you have provided financial information in connection with payments you make to us, we process your personal information to verify that information and to process payments to the extent that doing so is necessary to complete the transaction;
  • Complying with legal obligations: We process your personal information when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of personal information to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our services, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes or to respond to lawful requests.

Sharing your personal information

We may disclose your personal information with third parties for the purposes of operating our business, delivering, improving, and customizing our services, and for other legitimate purposes permitted by applicable law or otherwise with your consent.

We may share your personal information in the following ways with the following categories of third parties:

  • Employers to administer their benefits programs.
  • Banks to process payments and administer accounts or benefits programs.
  • Health insurance companies to administer accounts or benefits programs and receive accurate claims information.
  • Within WEX Health and any of our global affiliates for purpose of data processing or storage.
  • With service providers, authorized third-party agents, or contractors to provide a requested service or transaction.
  • In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or to another company.
  • In response to a request for information by a competent authority if we believe disclosure is in accordance with, or is otherwise required by, any applicable law, regulation or legal process.
  • With law enforcement officials, government authorities, or other third parties as necessary to comply with legal process or meet national security requirements; protect our rights, property, or safety and the rights, property or safety of our business partners, you, or others; or as otherwise required by applicable law.
  • In aggregated, anonymized, and/or de-identified form, which cannot reasonably be used to identify you.
  • If we otherwise notify you and you consent to the sharing.

Sale of personal information

WEX Health does not sell personal information to third parties for a business or commercial purpose.

Security

We intend to protect the personal information entrusted to us and treat it securely in accordance with this CCPA Notice. WEX Health implements reasonable physical, administrative, and technical safeguards designed to protect your information from unauthorized access, use, or disclosure. For example, we encrypt personal information in our systems and when we transmit such information over the Internet. We also contractually require that our suppliers protect such information from unauthorized access, use, and disclosure. The Internet, however, cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any personal information you provide to us.

Retention of personal information

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this CCPA Notice. In some circumstances, we may store your personal information for longer periods of time, for instance if we are required to do so in accordance with legal, regulatory, tax, or accounting requirements. In specific circumstances, we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

Your CCPA rights

WEX Health respects your rights in knowing what personal information we have about you and how that information is collected, used and shared. This CCPA Notice provides a description of the categories of personal information we collect and how that information is collected, used and shared. As a reminder, you should contact your health plan, health savings account bank, COBRA administrator, or health insurer to request any specific pieces of your personal information that we have collected or to request that any specific pieces be corrected or deleted. You have a right to designate an authorized agent to make a request on your behalf. If you request a change to or deletion of your personal information, please note that we may still need to retain certain information for recordkeeping purposes, and/or to provide our services as requested by our customer. Some of your information may also remain within our systems and other records where necessary for compliance with applicable law.

In addition, you have a right not to receive discriminatory treatment for the exercise of your privacy rights.

How to contact us

If you want to contact WEX Health about this notice or the information in it, you may contact us at 833-299-5095 or by submitting a request here: https://www.wexinc.com/wh/ccpa-request/.

Updates to this CCPA notice

We may amend this notice from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check for the latest version of this notice. If we make significant changes to this CCPA Notice, we will seek to inform you by notice on our website or by email.