*Last revised on, and is effective as of, November 3, 2020.
wanderwell.com (eatapea LLC - dba wanderwell insurance services) and its affiliates (“we/us/our”) is committed to keeping your personal information and your privacy protected. This notice describes how personal data, and, where applicable, medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. By using our products, services or website, you are consenting to our collection and use of your personally identifiable data under this Policy.
What information do we collect
Personal Data. “Personal Data” means non-public personal information that identifies a specific individual. It doesn’t include data that does not identify a specific individual or data that is encoded, anonymized or aggregated. We collect information necessary to your trip, such as name, date of birth, email address, phone number, beneficiary information, date of departure and return, the date of the initial trip deposit payment and the plan of choice. All of this information will be shared, as necessary, to provide accurate quotes and for the acquisition of travel insurance.
Sensitive Data. “Sensitive Data” means personal information about an individual’s race or ethnicity; political, religious, ideological or trade union memberships, opinions, views or activities; medical conditions or other protected health information (“PHI”) as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”); financial account information (e.g. bank account number); government-issued ID numbers; sexuality; or administrative or criminal proceedings that are treated outside pending proceedings. In addition, Sensitive Data includes information we receive from a third party who treats and identifies the information as sensitive. This information is mainly collected if and when you apply for a long-term, major medical international health insurance plan through our agency.
Agent. “Agent” means any third party that collects or uses Personal Data to perform tasks on our behalf.
Privacy Policies and Practices
We strive to comply with the laws of the countries in which we do business regarding the protection of your Personal Data.
1. Notice. We collect Personal Data from you as stated in this notice, including information: (i) from forms, such as application or claim forms; or by telephone, website, email or correspondence; (ii) from your entrance into any contests, competitions, or promotions we may run; (iii) to complete your transaction with us (e.g. so we can provide you with a quote for plan options and to arrange and manage your travel insurance policies); (iv) to assist you with processing claims; (v) we receive from a consumer reporting agency; or (vi) you provide to us or have authorized others to provide to us or for us to collect from others
We may use the Personal Data we have collected: (i) to offer, solicit, sell, or otherwise make available to you insurance and assistance products and services; (ii) to provide you with information or services for such products and services; (iii) to administer your insurance and assistance products and services for you, including but not limited to providing travel-related or concierge services, assistance with processing claims, conducting quality/satisfaction assessments, and fraud prevention; or (iv) for purposes to which you’ve otherwise consented. This may in some cases include disclosing your Personal Data to Agents, but only for the purposes described in this notice, or for everyday business purposes or as required or permitted by law (such as to process transactions, maintain accounts, respond to court orders and legal investigations, or report to credit bureaus). These Agents may be affiliated or nonaffiliated and may include financial services providers (e.g. underwriting insurers) and non-financial companies (e.g. medical service providers, travel service providers, service providers assisting us with our marketing).
For circumstances in which we are subject to HIPPA, we are required to provide you with notice of our duties and practices with respect to PHI. Under HIPAA, we may use and disclose your PHI to assist you with processing claims with the carrier(s).
We may also in some specific cases need to use or disclose your PHI for one or more of the following purposes:
for public health and safety issues;
to comply with legal or regulatory requirements;
to address or comply with workers’ compensation, law enforcement, or other governmental mandates or requests; or
to respond to lawsuits or legal actions.
In cases where we are subject to HIPAA, uses and disclosures of your PHI not described above will be made only with your express authorization.
Finally, we may use and disclose your name, email address, or contact information for marketing administration purposes (e.g. we may need to disclose your email address to an Agent providing marketing services on our behalf to help ensure that your opt-out choices are respected and that you do not receive duplicate communications).
If we collect your Personal Data for any reason other than as stated in this notice, we’ll notify you before using or disclosing that data, stating our purpose for collecting and using the data, the types of non-Agent third parties to which we disclose the data, and the means we offer you to limit the use and disclosure of the data. If we receive Personal Data from any entity in the EU, we’ll use that data according to the instructions such entity gives us regarding notices it provided and the choices made by the individuals to whom such data relates.
2. Choice. Federal and some states’ laws allow you the right to choose in some cases opt out of us sharing your Personal Data—you may exercise this right by notifying us as provided below. However, except as required or authorized by law (e.g. for fraud prevention), we do not share, sell or otherwise disclose your Personal Data to non-Agent third parties or use it for any purpose other than for which it was originally collected [including the procurement of travel insurance] or as you subsequently authorize). However, if ever we wish to do so, we will offer you the opportunity to opt out of this use by sending an appropriately detailed request to the address provided below. In the event that we wish to disclose your Sensitive Data to a non-Agent third party or use such data for a purpose other than for which it was originally collected or as you subsequently authorize, we will provide you the affirmative, explicit choice of whether you wish to permit such disclosure (“opt-in”).
Except as authorized by law, we will not use or disclose psychotherapy notes, use or disclose your PHI for marketing purposes, or use or disclose your PHI in a way that would constitute a sale of PHI under HIPAA unless you expressly authorize us to do so. You may revoke this authorization at any time, except that such revocation will not be effective as to actions we have already taken in reliance on that authorization. You may request restrictions on our use and disclosure of certain health information for treatment, payment, or our operations. However, we are not required to agree to your request, except as otherwise required by HIPAA.
You may opt out of receiving non-essential communications from us by notifying us as provided below and disabling cookies in your web browser as described above.
Though we make every effort to preserve your privacy, we may need to disclose Personal Data or Sensitive Data if we have a good-faith belief that it is necessary to protect or defend our or your rights, interests or property; comply with any applicable law, regulation, judicial rule or order, or other mandate; or other such purposes as required or authorized by law. In any such case, we will take reasonable care to disclose only as much Personal Data as is necessary.
3. Onward Transfer. We may disclose your Personal Data to our Agents, but only for the purposes described in this notice. We will take reasonable steps to obtain assurances from our Agents that they will safeguard your Personal Data consistent with this Policy. Upon discovery, we will take reasonable steps to stop the Agent from using or disclosing Personal Data that is contrary to this Policy.
4. Security. We take reasonable precautions to protect your data from loss, misuse, or unauthorized access, disclosure, alteration and destruction. To help maintain the security of your data, we employ physical, electronic and procedural safeguards, including utilizing policies to take reasonable precautions to (a) securely and confidentially maintain your Personal Data; (b) assess and protect against threats/hazards to the security or integrity of such data; and (c) prevent unauthorized access to or use of such data.
We employ a Secure Socket Layer encryption (SSL) certificate, as well as an Extended Validation SSL (EV SSL) certificate, to protect the privacy of your information. Encryption is a way of scrambling messages and data. Only a person who has the decryption key can access the data. We are able to make sure no unauthorized persons can view the date you have shared with us by encrypting your personal information using these certificates.
Additionally, except where required or permitted by law, we limit use of your Personal Data to the minimum necessary to accomplish the purposes for which that data was collected and to be used as described in this notice, and we restrict access to your Personal Data to only those who need to access that data to accomplish those purposes. To make your online transaction with us as safe and secure as possible, we use advanced encryption technology and treat your credit card information with the highest standard of confidentiality and safety. We are required by law to maintain the privacy and security of your PHI. In the unlikely event of a “breach” as defined under HIPAA of your unsecured PHI, we are required by law to provide you with notification of that breach.
5. Data Integrity. To help maintain the integrity of your data, we will take reasonable steps to ensure that Personal Data is reliable for its intended use, relevant, accurate, complete and current.
6. Access. If you discover that the data we hold about you is inaccurate or incomplete, please let us know by contacting us as indicated below. We will grant you reasonable access to the Personal Data we hold about you and will take reasonable steps to allow you to correct, amend or delete your Personal Data that you show to be inaccurate or incomplete, so long as it can be done without imposing an undue burden or expense on us.
Where we are subject to HIPPA, you have the right to request to receive confidential communications of your PHI, as applicable. Subject to HIPPA, at your request, you may inspect, amend, and copy PHI we maintain about you, and receive an accounting of certain disclosures of your PHI (e.g. health payment records), in accordance with and as permitted by HIPAA.
7. Enforcement. Any complaint or dispute about how we handle your Personal Data should be directed to the address provided below. Additionally, complaints about how we handle your PHI may be directed to us or to the U.S. Secretary of Health and Human Services. We will investigate and attempt to resolve any such complaints or disputes internally; You will not be retaliated against for filing a complaint.
Our websites may provide links to non-affiliated third party websites. Be aware when visiting such websites that we are not responsible for and make no representations regarding the content, privacy policies and practices (security or otherwise) regarding these or any other third party websites. You should read the policies of the websites you visit to understand their policies for the collection and treatment of data.
Changes to Policy
This Policy reflects our business practices and is not a contract. However, we are required to and will abide by the terms of this Policy as currently in effect. We may amend this Policy at any time and will notify you of any updates by posting a revised policy on our website. The revised policy will apply to all information collected by us, including previously collected information to the extent permissible. Your continued use of our website, products or services following any such amendment shall constitute acceptance of the revised policy. You are responsible to regularly review this Policy. You have the right to a paper copy of this Policy upon request.
If you have any questions or comments regarding this Policy or the way that we collect or handle your Personal Data, or if you would like to obtain a paper copy of this Policy, or if you wish to opt out as described above, please contact our Chief Privacy Officer by e-mail at:
eatapea, LLC (dba wanderwell insurance services)
3519 NE 15th Ave #395
Portland, OR 97212