Privacy Policy

Effective Date: January 3, 2024

Protecting your privacy is very important to us. This privacy policy explains what information we collect, why we collect it, and how we use it. This notice relates to HealthCare.gov and its subdomains. Throughout this notice, the website is referred to as the Crown Health Agency (CHA) or simply CHA. Please note that CHA is not maintained, operated, or affiliated with the Centers for Medicare & Medicaid Services (CMS). However, this privacy policy aligns with the CMS Privacy Policy.

CHA does not collect your name, contact information, Social Security Number, or similar personal data unless you choose to provide it. However, we do collect limited information from visitors to understand how the site is being used and to improve the user experience.

Personally Identifiable Information (PII) refers to any data that can be used to identify an individual, such as a name or Social Security Number, as defined by the Office of Management and Budget (OMB). PII also includes indirect information, such as a combination of date of birth and location, that can be linked to an individual.

We collect PII when you:

• Create a user account.
• Complete an application for health insurance coverage.
• Use tools provided by HealthCare.gov, such as identity verification services.

This information helps us:

• Compare health insurance plans based on costs, benefits, and other features.
• Determine eligibility for coverage and cost-sharing reductions.
• Facilitate plan selection and enrollment.

CHA will never sell your information.

1. Automatically Collected Information
   When you visit CHA, we collect:

• Domain from which you accessed the internet (e.g., comcast.com)
• IP Address (used to approximate your location)
• Operating system and browser type
• Date, time, and duration of your visit
• Pages visited and referring websites (e.g., google.com)
• Device type (desktop, tablet, or mobile)
• Screen resolution and browser language
• Time spent on pages and scroll depth (amount of a page viewed)
• User events (e.g., button clicks)

This data helps us track performance, improve the user experience, and optimize our public outreach efforts, including targeted advertising. We may also personalize content shown to you on third-party websites.

1. Information You Provide

• Subscription Requests:
  We collect your email address or phone number when you request alerts or newsletters. You can opt-out of communications anytime by adjusting your preferences.
• Insurance Applications:
  When you apply for health insurance, we collect your name, email address, and other personal data to verify your eligibility. If you use Multi-Factor Authentication (MFA), we collect your phone number or email to send verification codes via text, call, or email. Learn more at granicus.com/wireless/healthcare.
  CHA partners with Experian and Symantec to verify your identity during the application process.
• Optional Information on Sexual Orientation or Gender Identity:
  CHA may collect optional data to assist the U.S. Department of Health and Human Services (HHS) in improving access to healthcare. Your responses will not affect eligibility or coverage options.

After you apply for coverage, we may share information with the following agencies to verify eligibility:

• Social Security Administration (SSA)
• Internal Revenue Service (IRS)
• Department of Homeland Security (DHS)
• Department of Defense (DoD)/TRICARE
• Veterans Health Administration (VHA)
• Medicaid and CHIP agencies
• Office of Personnel Management (OPM) and Peace Corps
• Equifax Workforce Solutions (for employment verification)

We may also share limited data with employers listed on your application to verify eligibility for employer-sponsored coverage or premium tax credits.

• Specific Opt-In for SMS Only:
  
  • Consent for SMS messages will be separate from email and phone call consent.
• New SMS Privacy Policy Language:
  
  • All the above categories exclude SMS opt-in data and consent, which will not be shared with any third parties.
  • We will not share your SMS opt-in data with third parties for purposes unrelated to your campaign. However, we may share your SMS opt-in or consent status with platform providers, phone companies, or vendors necessary to deliver text messages.

CHA’s SMS programs will include the following disclosures:

• Program (brand) name
• Message frequency disclosure (if applicable)
• Product description of the campaign or service
• Customer care contact information
• Opt-out instructions (not required for single-message programs)

CHA uses cookies and tracking tools to analyze site traffic, enhance performance, and personalize your experience. You can manage your cookie preferences through your browser settings.

We use industry-standard security practices to protect your personal data from unauthorized access. CHA does not sell your data.

We retain your data only as long as necessary to provide services or comply with legal requirements.

CHA does not knowingly collect data from children under 13 without parental consent.

CHA may link to third-party websites. We are not responsible for the privacy practices of these external sites.

• You can opt out of newsletters or alerts by updating your preferences.

This policy reflects our commitment to protecting your personal information. For more details, visit www.crownhealthagency.com/privacy.