Privacy Policy

Spectrum Benefits, Inc. (“SBI”, “us”, “our” or “we”) understands that visitors to our website (www/spectrumbenefitsinc.com) (“website”) are concerned about the privacy of personal information. We have established policies and procedures concerning the collection, processing and security of personal information that will help protect the privacy of our website users.

Our information privacy standards are designed to help us serve our users while maintaining our own strict security standards and are intended to comply with the applicable privacy and data protection laws where we do business. We want you to understand how and why we collect, use and disclose personal information about you on our website.

This Data Privacy Statement (“Statement”) provides you with information concerning our practices and procedures as they relate specifically to information we collect on this Website. This Statement is not intended to, and does not, create any contractual or other legal right in or on behalf of any party.

WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL INFORMATION?

This Website is operated by:

Spectrum Benefits, Inc.
2332 Galiano Street, 2nd Floor Coral Gables, FL 33134 USA

This legal entity would be called the “data controller” or “controller” in some data protection laws.

Our Data Protection Officer

You can send us your questions regarding the collection and use of your personal data by us or send us your request regarding your rights (see below).

INFORMATION WE COLLECT AND USE
We process personal information of our website visitors (e.g. customers, prospective customers).

CATEGORIES OF PROCESSED DATA

  • Contact data and content data as far as you submit such data actively through our website (e.g. by entering into web forms or subscribing to our newsletter).
  • Data requested by our webserver in order to deliver the website content (refer to section “Data We Collect Automatically” and “Data We Collect Optionally” for more details).

LEGAL BASES AND PURPOSE
In the following, you will find an overview of the legal bases on which we process your personal data. Please note that the wording we use (e.g. Performance of a contract) may vary slightly depending on the jurisdiction in which you reside. If you have any further questions on the legal bases on which we rely for our processing activities, feel free to contact us. If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in this Statement or another applicable data protection statement.

  • Consent: The data subject has given consent to the processing of his or her personal data for one or more specific purposes, e.g. if you consent to the use of cookies on our website or if you subscribe to our newsletter
  • Performance of a contract and prior requests: Performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.
  • Compliance with a legal obligation: Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
  • Permitted by law: When processing is permitted by applicable law.

Users of our website are not required to share data through the website that is deemed as sensitive by applicable data protection laws. Such data may include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. If it is necessary to share such data through the website, you can reach out to your contact person in our company or feel free to contact [email protected] so that we can find a quick and safe way together.

We will collect personal information from visitors to this website, including automated data collected in server log files; personal data deliberately provided by the website user through web forms, subscription pages and similar means; and personal data collected through cookies, web beacons and similar technology as far as you consent to us using such technology while you are visiting our website.

DATA WE COLLECT AUTOMATICALLY
When you use our website, we automatically collect your IP address, traffic source, search keywords, page views, visits, language (aggregate), location (aggregate), browser and operating systems (aggregate), network (aggregate), device (aggregate), as well as other connection data such as time and transferred data (collectively referred to as “automated data”). That data is necessary for the functionality of the website.

We store and use this automated data in server log files for the reason of system integrity and security and in order to be able to investigate and prosecute infringements or abuse of our website and to cooperate with authorities involved (security and prosecution purposes). We also use this information to improve our services and to provide you with a positive user experience (marketing and analytics purposes).

We store the information required for security and prosecution purposes on a legitimate interest basis, for the period necessary to pursue the purposes outlined in this section, or as permitted by statutory laws.

We do not rely on our legitimate business interests (but obtain your prior consent) if they are overridden by your personal interests or fundamental rights and freedoms which require protection of personal data.

For some data processing activities that we can rely on our legitimate interests, we may utilize third-party service providers that provide sufficient technical and organizational measures to ensure an adequate level of data protection.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online services and usability.
  • Legal basis: Legitimate interests.

DATA WE COLLECT OPTIONALLY
Apart from the data mentioned above, which are necessarily collected, we would like to process additional data, e.g. in order to make the website more user-friendly, to use third-party plug-ins/providers (as listed below) or to statistically evaluate pseudonymised user data to know how we can improve the website in the future.
We will process only data covered by the use-cases described in the following subsections upon consent or if the processing is strictly necessary for us to provide our website. This consent can be given with our cookie management tool when visiting our website the first time. Clicking the button below will allow you to review how we use cookies, and depending on the local laws where you reside, update these preferences.

PLUG-INS AND EMBEDDED FUNCTIONS AND CONTENT
Within our online services, we integrate functional and content elements that are obtained from the servers of their respective providers (“third-party providers”). These may, for example, be graphics, videos or city maps (“content”).

The integration always presupposes that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We strive to use only those contents whose respective offerers use the IP address only for the distribution of the content.

Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, as well as may be linked to such information from other sources.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses); inventory data (e.g. names, addresses); contact data (e.g. email, telephone numbers); content data (e.g. text input, photographs, videos).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online services and usability; provision of contractual services and customer support; profiles with user-related information (creating user profiles); marketing; feedback (e.g. collecting feedback via online form).
  • Legal basis: Legitimate interest.

MARKETING AUTOMATION, CUSTOMER RELATIONSHIP MANAGEMENT (CRM), PUBLICATIONS AND INVITATIONS
We use marketing automation software, databases and other tools (the “tools”) to disseminate our marketing content, such as publications, blogs, event invitations and other information. If you register for one of our offers via a web form, contact data such as name, email address, company name, address, and telephone number are collected and stored.

Furthermore, we use the data to optimize our services, products and marketing measures.

  • Processed data types: Contact data (e.g. email, telephone numbers); content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Contact requests and communication; feedback (e.g. collecting feedback via online form); marketing.
  • Legal basis: Consent.

INFORMATION YOU SUBMIT THROUGH WEB FORMS AND SUBSCRIPTION PAGES (E.G. NEWSLETTERS)
On our website, you have the opportunity to pose questions or get in touch with us through web forms, ordering pages, subscribing to our blogs and e-newsletters or event alerts, or by registering for special services, such as receiving special publications.

We may collect, store and use your name, company name, email address, IP address, documents or files, content of your request or query and other personal information you provide with your submission for the purpose of getting in contact with you, responding to your request, answering your questions or providing information as requested.

We will also collect data about the content visitors access through this website, such as newsletters or articles visitors read or the information topics contained therein, or by sending information to an SBI email address provided on an SBI website. We will use this data to manage visitor subscriptions and to inform visitors about SBI services and information that may be of interest, unless visitors inform us that they no longer wish to receive any publications/promotional material from SBI.

  • Processed data types: Contact data (e.g. name, addresses, email, telephone numbers); content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Communication partners (recipients of emails, letters, etc.); users (e.g. website visitors, users of online services).
  • Purposes of processing: Contact requests and communication; feedback (e.g. collecting feedback via online form); direct marketing (e.g. by email or post).
  • Legal basis: Consent; performance of a contract (in case you send us a message that is aimed at entering into a contract with us).
  • Opt-out/withdrawal of consent: You can cancel the receipt of our newsletter at any time, i.e. withdraw your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can otherwise use one of the contact options listed above, preferably email.

YOUR ENQUIRIES SENT BY EMAIL
When you are contacting us (e.g. via contact form, email, telephone or via social media) as well as in the context of existing user and business relationships, the information of the enquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.

The response to the contact enquiries as well as the management of contact and inquiry data in the context of contractual or pre-contractual relationships is carried out to fulfil our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of legitimate interests in responding to the enquiries and maintaining user or business relationships.

  • Processed data types: Contact data (e.g. email, telephone numbers); content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Communication partners (recipients of emails, letters, etc.).
  • Purposes of processing: Contact requests and communication; managing and responding to inquiries; feedback (e.g. collecting feedback via online form); provision of our online services and usability; provision of contractual services and customer support.
  • Legal basis: Performance of a contract and prior requests; legitimate interests.
    Further information on processing methods, procedures and services used:
  • Contact form: When users contact us via our contact form, email or other communication channels, we process the data provided to us in this context to process the communicated request. For this purpose, we process personal data in the context of pre-contractual and contractual business relationships to the extent necessary for their fulfillment and otherwise on the basis of our legitimate interests as well as the interests of the communication partners in responding to the concerns and our legal archiving requirements.
  • Legal basis: Performance of a contract and prior requests; legitimate interests.

CLIENT LOGIN/REGISTRATION DATA
Some of our services and content of the website are reserved for “clients only” and require access to a closed membership area. We will use your registration data (name, company name, email address, phone number, password) for authentication purposes and store your registration data until you opt out from the services.

  • Processed data types: Registration data (name, company name, email address, phone number, password).
  • Data subjects: Clients.
  • Purposes of processing: Offer industry-specific knowledge and support customers with a professional database.
  • Legal basis: Performance of a contract.

DISPLAY OF VIDEOS
The videos available on our website are offered via third-party video platforms. When a video is opened, the respective website is called up and data is transmitted to the provider.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times).
  • Data subjects: User of the website.
  • Purposes of processing: to provide industry-specific knowledge.
  • Legal basis: Legitimate interest.

DELETION AND RESTRICTION OF PROCESSING
We store our documentation on obtained consents for up to three years after unsubscribing based on our legitimate interests before deleting them to provide evidence that such prior consent has been given. Please note that under certain circumstances your email address may also be processed in other systems (e.g. in case of business relations, etc.). The processing of these data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of a consent is confirmed at the same time. In the case of an obligation to permanently observe an objection, we reserve the right to store the email address solely for this purpose in a blocklist.

The logging of the registration process takes place on the basis of our legitimate interests for the purpose of proving its proper course. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure sending system.

USE OF COOKIES
Cookies are small data files or other data records that store information on end devices and read information from the end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the contents accessed, or the functions used. Cookies can also be used for various purposes, e.g. for purposes of functionality, security and convenience of online offers as well as the creation of analyses of visitor flows.

Processing cookie data on the basis of consent: We use a cookie management solution in which users’ consent to the use of cookies, or the procedures and providers mentioned in the cookie management solution, can be obtained, managed and revoked by the users. The declaration of consent is stored so that it does not have to be retrieved again and the consent can be proven in accordance with the legal obligation. Storage can take place server-sided and/or in a cookie (so-called opt-out cookie or with the aid of comparable technologies) in order to be able to assign the consent to a user or and/or his/her device. Subject to individual details of the providers of cookie management services, the following information applies: the duration of the storage of the consent can be up to two years. In this case, a pseudonymous user identifier is formed and stored with the date/time of consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and used end device.

Legal basis: The legal basis under data protection law on which we process users’ personal data with the use of cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is their declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g. in a business operation of our online services and improvement of its usability) or, if this is done in the context of the fulfilment of our contractual obligations. For which purposes the cookies are processed by us, we do clarify in the course of this privacy policy or in the context of our consent and processing procedures.
Retention period: With regard to the retention period, a distinction is drawn between the following types of cookies:

  • Temporary cookies (also known as “session cookies”): Temporary cookies are deleted at the latest after a user has left an online service and closed his or her end device (i.e. browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the terminal device is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again.
  • General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also file an objection to processing in accordance with the legal requirements in Article 21 GDPR. Users can also declare their objection by means of the settings of their browser, e.g. by deactivating the use of cookies (whereby this may also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/

RECIPIENTS OF YOUR DATA
In the context of our processing of personal data, it may happen that the data is transferred to other places, companies or persons or that it is disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are embedded in a website. In such a case, the legal requirements will be respected and corresponding contracts or agreements, which serve the protection of your data, will be concluded with the recipients of your data.

Data transmission within the group of companies: We may transfer personal data to other companies within our group of companies or otherwise grant them access to this data. Insofar as this disclosure is for administrative purposes, the disclosure of the data is based on our legitimate business and economic interests or otherwise, if it is necessary to fulfil our contractual obligations or if the consent of the data subjects or otherwise a legal permission is present.

Data transfer within the organization: We may transfer or otherwise provide access to personal information to other locations within our organization. Insofar as this disclosure is for administrative purposes, the disclosure of the data is based on our legitimate business and economic interests or otherwise, if it is necessary to fulfil our contractual obligations or if the consent of those concerned or otherwise a legal permission is present.
We entered into data processing agreements as required with third-party recipients in order to protect your personal information and interests. In these data processing agreements, the service providers undertake measures to protect the data of our users, to process them on our behalf in accordance with the applicable data protection regulations and, in particular, not to pass the data on to third parties. SBI thus ensures that your data are processed at an adequate level of data protection at all times that corresponds to the level of data protection in the areas we are doing business in.

Your data will not be passed on to other third parties for other purposes, in particular for advertising purposes unless you have given your explicit consent.

DATA TRANSMISSION TO OTHER COUNTRIES
If we process data e.g. by way of transmission in a third country (e.g. outside the EU, or the European Economic Area [EEA]) or the processing takes place in the context of the use of third-party services or disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the applicable legal requirements.

Subject to express consent or transfer required by contract or law, we process or have processed the data only (i) in third countries with a recognized level of data protection, (ii) on the basis of special guarantees, such as a contractual obligation (e.g. through so-called standard protection clauses of the EU Commission for transfers from the EU/EEA to third countries), (iii) in case the transfer is made between a data exporter in the EU/EEA and a data importer in the U.S., and the data importer in the U.S. is self-certified under the EU U.S. Data Privacy Framework, or (iv) if certifications or binding internal data protection regulations justify the processing.

ERASURE OF DATA
The data processed by us will be erased in accordance with the statutory provisions as soon as their processing is revoked or other permissions no longer apply (e.g. if the purpose of processing this data no longer applies or they are not required for the purpose). If the data is not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data will be restricted and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or for which storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

CHILDREN
We are committed to preserving online privacy for all of the visitors to our website, including children. Our website is a general audience website, and we do not knowingly collect information about children or provide services to children. Consistent with applicable laws, we will not knowingly collect any information from children under the age of 13. The website is not designed to attract anyone under the age of 18.

CONFIDENTIALITY AND SECURITY
We restrict access to personal information collected about you at our website to our employees, our affiliate’s employees, or others who need to know that information to provide services to you or in the course of conducting our normal business operations. For this we have taken security measures to meet the highest requirements of the law as well as our own. These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, transmission, securing and separation of the data. In addition, we have established procedures to ensure that data subjects’ rights are respected, that data is erased, and that we are prepared to respond to data threats rapidly. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and service providers, in accordance with the principle of privacy by design and privacy by default.

In order to protect your data transmitted via our online services in the best possible way, we use SSL encryption.

YOUR RIGHTS AS A DATA SUBJECT
We have taken all necessary and adequate steps to protect your personal data and ensure your rights as a Data Subject.

According to the applicable data protection laws, you may have certain rights as described below. Please note that limitations may apply to your ability to exercise these rights, for example, when your right to obtain the information is found to be overwritten by essential considerations of overriding interests. Furthermore, depending on the jurisdictions you are residing in, the rights as described below may vary.

    • Right of access. You have the right to request access to the personal data we process about you. We will provide you with a copy of the personal data undergoing processing as a starting point, free of charge or by electronic means, if the request has been submitted in a commonly used electronic form.
    • Right to rectification. You have the right to rectification of inaccurate personal data concerning you, including completion of incomplete personal data.
    • Right to erasure (right to be forgotten). Under certain circumstances, you have the right to the erasure of the personal data concerning you.
    • Right to restriction. Under certain circumstances, you have the right to restrict our processing of personal data concerning you.
    • Right to data portability. Where processing is based on consent or a contract and the processing is carried out by automated means, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format. You have the right to transmit this personal data to a third party without hindrance from us, if technically possible.
    • The right to object. Under certain circumstances, you have the right to object at any time to our processing of personal data concerning you. For example, if you have requested to receive information from us, e.g. newsletters, but do not wish to receive further information, you can easily opt out of receiving further information from us.
    • Automated individual decision-making, including profiling. As a general rule you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or affects you significantly. This does not apply if among other things automated decision-making and profiling is necessary for entering into, or performance of, a contract between you and us.
    • Right to withdraw from consent with effect for the future. If processing of your personal data is based on your consent, you may withdraw your consent at any time with effect for the future, e.g. by unsubscribing from a newsletter or by sending us an email specifying the consent that you wish to withdraw. Please note that this does not affect the processing of your personal data prior to the withdrawal of your consent.
    • Exercising your rights. If you want to exercise any of your rights as described above or have any question to that, please contact our Data Protection Officer by sending an email to the email address specified below.
    • Filing of a complaint. If you wish to file a complaint regarding our processing of your personal data, you can choose to file a complaint to a competent supervisory Data Protection Authority. You can always lodge complaints with the data protection authority in the state or country you are residing in. For more information, please refer to section “Competent Data Protection Authorities” of this Statement.

VISITING OUR WEBSITE FROM OUTSIDE THE U.S.
If you are visiting our website or purchasing our products or services from outside of the United States or otherwise contacting us from outside of the U.S., please be aware that your personal information may be transferred to, stored or processed in the U.S. The data protection and other laws of the U.S. and other countries might not be as comprehensive as those in your country, but please be assured that we take steps to protect your privacy. For example, our service providers will be contractually bound to process personal information only on behalf of and under the instructions of SBI and to adhere to similar data privacy standards as provided by the EU. By using our services or purchasing our products, you understand that your information may be transferred to our facilities and those third parties with whom we share it as described in this Statement.

LINKS TO OTHER SITES
For your convenience, we may provide links to other websites and web pages that we do not control. We cannot be responsible for the privacy practices of any websites or pages not under our control, and we do not endorse any of these websites or pages, the services or products described or offered on such sites or pages, or any of the content contained on those sites or pages. Please check the applicable privacy policies of the respective operator of those third-party websites.

COMPETENT DATA PROTECTION AUTHORITIES
We are a global benefits Managing General Underwriter and administrator operating from the USA and with representation in London, England, UK. According to the applicable data protection laws, you may lodge complaints with the data protection authority of your residency. You may also contact the data protection authority responsible for the controller or processor that processes your personal data.

Changes to Our Data Privacy Statement
We may change this Statement at any time and from time to time. This Statement is not intended to, and does not, create any contractual or other legal right in or on behalf of any party.
Last Update: November 2024