Privacy and Security Policies

Privacy Policy

The TASC Privacy And Cookie Policy describes how we collect, use and share personal data on the tasconline.com website, other TASC-affliated websites and TASC blogs (“Sites”),   in connection with our email campaigns, SMS/text messaging campaigns, and other communications (the “Marketing”) that will result due to your use of Sites.

If you have any questions about our privacy practices, please contact us through our Confidentially Speaking Program. We encourage you to participate in our referral program to share TASC with a friend or colleague. When you provide us with a referral’s email address, we store this information for the sole purpose of sending the referral a one-time email inviting that person to register on the Sites. We will not send Marketing or any additional emails until your referral has indicated to us that they desire to receive such material.

Information We Collect

We collect information about you including your personal data. Personal data includes any information that identifies you as an individual, including but not limited to, your name, postal address, ZIP code and country, email address and telephone number, your employer’s name, your title within employer, level in organization, job function, company type, company revenue and number of company employees.

We may also collect personal data from our business partners and combine information we have collected directly from you. Personal data from our business partners is subject to the privacy policy of the business partner. TASC is not responsible for the privacy policies of our business partners.

TASC Sites interface with Social Networking Sites (SNS), for example, Facebook, LinkedIn, Twitter, or Google. If you connect to an SNS through our Sites, you authorize TASC to access, use and store the information according to your settings on that SNS. If you post content to SNSs through our site, you acknowledge and agree that you are solely responsible for the content and for your use of the SNSs. TASC is not be responsible or liable for the availability or accuracy of SNSs, their content, products or Services, or your use of any SNSs. 

Sensitive Personal Data

TASC requests that you not send or disclose any sensitive personal data to TASC on or through the Sites or otherwise. Examples, your Social Security Number, racial or ethnic origin, political opinions, religion, health, biometrics or genetic characteristics, criminal background or trade union membership. If you send or disclose any sensitive personal data to us, you consent to our processing and use of such sensitive personal data in accordance with this privacy policy.

Use of Your Information

We collect and use your personal data to:

  • provide relevant, personalized, targeted news and information via Marketing or Sites;
  • help target advertising messages, included in our Marketing;
  • enable our customer service professionals to respond to your questions, concerns and feedback; and,
  • send information, including technical notices, updates, security alerts, and support and administrative messages. 

 

We may communicate with you in writing, via email, or other means available on or through our Sites. We may communicate transactional or service messages to you, such as welcoming you to our Sites or informing you of scheduled downtime. We may also send you Marketing, on our own behalf or on the behalf of third parties. Marketing may be sent to you, even if you do not have an account. In respect of Marketing, you can opt out of receiving future Marketing, in the footer of each Marketing, we send to you. You cannot opt out of receiving transaction or service messages from us.

Personal data can be used to identify or contact you directly. We typically collect this information directly when you complete registration forms or when you provide other information through our Sites or via Marketing. When we collect this information directly, we let you know if providing the information is optional or if it is required to provide our Sites (for example, we must have your email address to provide you with Marketing).

We automatically log information about you and your computer or mobile device when you use our Sites, and read or view our Marketing. For example, when you open an email from us, what links in our emails that you select, your IP address, the website that referred you to our Sites, and information about your use of and actions on our Sites. We collect this information about you using cookies (see ’Cookies’ section) and pixel tags (see ’Pixel Tags’ section).

This data is internally used to help us administer our Sites, to improve our product offerings and in other ways set forth in this privacy policy.

Cookies

Cookies are small data files stored on your computer or mobile device by a website. Session cookies are used to aid navigation, persistent cookies allow us to maintain information between visits. A persistent cookie remains for a limited time, and is deleted by your browser. Get more information about cookies.

We use the following types of cookies for the purposes set out below:

  • Essential Cookies. Used to provide you access to our Sites and enable you to use the features of our Sites.
  • Functionality Cookies. Allow us to remember your choices when you use our Sites, providing you with a more personal experience and to avoid you having to re-enter preferences.
  • Analytics and Performance Cookies. Used to collect information about traffic on our Sites and how users use our Sites. The information is anonymous.
  • Targeting Cookies. These track your browsing habits to enable us to measure our effectiveness and the reach of ads and services. These cookies use information about the industries you are interested in and your browsing history to group you with other users who have similar interests. Based on that information we will send advertisements that we think will be relevant to your interests.
  • Social Media Cookies. Created when you share information on a SNS, “like” our Sites, link your account, or engage with our content on a SNS such as Facebook, Twitter, LinkedIn or Google+.

 

You can remove or reject cookies via your browser settings. Follow the instructions provided by your browser, located within the “settings”, “help”, “tools” or “edit” menus. If you reject cookies, you still may use our Site but will have limited functionality.

Pixel Tags

Pixel tags (web beacons and clear GIFs) track the actions of users on our Sites. A pixel tag is placed on a website or in an email that monitors user behavior and show how relevant our content is to our users, measure Marketing success, and compile statistics about use of the Sites.

Information Sharing and Disclosure

We do not share your Personal Data with any third parties except as described and limited by this TASC Privacy Policy.

Aggregated Data

We aggregate de-identified data about our subscribers and their use of our Sites. We use this information for market research purposes and to improve the quality of our Sites. We reserve the right to disclose aggregated, anonymous data we have collected to third parties for any purpose.

Other Disclosures

TASC may disclose your information to third parties (a) when obligated to do so by law, or in connection with a subpoena, court orders or legal process, (b) to investigate, prevent, or take action regarding suspected or actual prohibited activities, including but not limited to fraud and situations involving potential threats to the physical safety of any person, (c) to enforce our privacy policy, and (d) to protect our rights, privacy, safety or property, and/or that of you or others. We reserve the right to disclose aggregated, anonymous data we have collected to third parties for any purpose.

Security

TASC has security measures in place designed to protect the loss, misuse and alteration of the information under our control. Our hardware infrastructure is housed in a controlled access facility that restricts access to authorized individuals with positive identification. The network infrastructure is protected by a firewall and traffic is monitored and logged both on the firewall and servers. Administrative access is limited not only to authorized employees but also to specific remote administration protocols. All employees with access to personal data are trained in TASC’s security policies and practices. TASC will continue to conduct internal reviews of its security systems and make all necessary enhancements to ensure the safety of the Sites and its users. No method of transmission over the internet or method of electronic storage is 100% secure; therefore, while TASC strives to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Children's Privacy

Sites are designed for those ages 18 and older. Sites do not intentionally gather Personal Data from visitors who are under the age of 13. If a child under 13 submits Personal Data to us and we learn that the Personal Data is the information of a child under 13, TASC will delete the information as soon as reasonably practicable. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should log into MyTASC and submit a service request.

Unsubscribe

TASC email contains an easy, automated way for you to stop receiving that Marketing. Select the “unsubscribe” link in the footer of an email from TASC and follow the directions. Or, you may reply to your TASC email and type the word “UNSUBSCRIBE” in the subject line.

You may opt out of receiving Marketing and communications at any time. By using a TASC Site, you consent to TASC collecting your personal data. You can stop using our site at any time, which will end our collection of your personal data.

Amend

You can update or correct any inaccuracies in your personal data. To change such information, follow the link provided in the confirmation email you received upon registering.

Data Retention and Deletion

TASC will retain your personal data as long as reasonably required for you to use the Sites, unless a longer retention period is required or permitted by law. TASC will delete your personal data when no longer necessary to provide access to our Sites. TASC will retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion.

Your Rights

Please register any complaint, concern or request regarding your personal data through our Confidentially Speaking Program. In your request, please make clear what personal data is concerned. For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and, in any event, within one month of your request.

International Data Transfer

Your personal data may be transferred, used and stored by us and our third-party service providers outside the country in which you reside, including but not limited to the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. By using our Sites, you agree to this storing, processing or transfer.

If you use our Sites, you consent to the capture, storage, transfer, use and processing of your information under the laws of the United States. This does not affect your rights and freedoms under the General Data Protection Regulation 2016/679 (GDPR) and any successor legislation. You agree that all transactions relating to TASC shall be deemed to have occurred in the United States, where we currently have our personnel and operations.

HIPAA Business Associate Privacy Policy

We take privacy very seriously. We share a commitment with Covered Entities to protect the privacy and confidentiality of Protected Health Information (PHI) that we obtain subject to the terms of a Business Associate Agreement.

This policy is provided to help you better understand how we  use, disclose, and protect PHI in accordance with the terms of Business Associate Agreements.

Definitions

  • Business Associate Agreement (BA Agreement). A formal written contract between TASC and a Covered Entity that requires TASC to comply with specific requirements related to PHI.
  • Covered Entity. A health plan, healthcare provider, or healthcare clearinghouse that must comply with the HIPAA Privacy Rule.
  • Protected Health Information (PHI). PHI includes all “individually identifiable health information” that is transmitted or maintained in any form or medium by a Covered Entity. Individually identifiable health information is any information that can be used to identify an individual and that was created, used, or disclosed in (a) the course of providing a health care service such as diagnosis or treatment, or (b) in relation to the payment for the provision of health care services. 

Use and Disclosure of PHI

We may use PHI for our management, administration, data aggregation and legal obligations to the extent such use of PHI is permitted or required by the BA Agreement and not prohibited by law. We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of fulfilling our service obligations to them, if such use or disclosure of PHI is permitted or required by the BA Agreement and would not violate the Privacy Rule.

In the event that PHI must be disclosed to a subcontractor or agent, we will ensure that the subcontractor or agent agrees to abide by the same restrictions and conditions that apply to us under the BA Agreement with respect to PHI, including the implementation of reasonable and appropriate safeguards.

We may also use PHI to report violations of law to appropriate federal and state authorities.

Safeguards

We use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for in the BA Agreement. We have implemented administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that we create, receive, maintain, or transmit on behalf of a Covered Entity. Such safeguards include:

  • Maintaining appropriate clearance procedures and providing supervision to assure that our workforce follows appropriate security procedures;
  • Providing appropriate training for our staff to assure that our staff complies with our security policies;
  • Making use of appropriate encryption when transmitting PHI over the Internet;
  • Utilizing appropriate storage, backup, disposal and reuse procedures to protect PHI;
  • Utilizing appropriate authentication and access controls to safeguard PHI;
  • Utilizing appropriate security incident procedures and providing training to our staff sufficient to detect and analyze security incidents; and
  • Maintaining a current contingency plan and emergency access plan in case of an emergency to assure that the PHI we hold on behalf of a Covered Entity is available when needed.

Mitigation of Harm

In the event of a use or disclosure of PHI that is in violation of the requirements of the BA agreement, we will mitigate, to the extent practicable, any harmful effect resulting from the violation. Such mitigation will include:

  • Reporting any use or disclosure of PHI not provided for by the BA Agreement and any security incident of which we become aware to the Covered Entity; and
  • Documenting such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request for an accounting of disclosure of PHI in accordance with HIPAA.

Access to PHI

As provided in the BA Agreement, we will make available to Covered Entities, information necessary for Covered Entity to give individuals their rights of access, amendment, and accounting in accordance with HIPAA regulations.

Upon request, we will make our internal practices, books, and records including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by the BA on behalf of a Covered Entity available to the Covered Entity or the Secretary of the U.S. Department of Health and Human Services for the purpose of determining compliance with the terms of the BA Agreement and HIPAA regulations.

mytasc logo

Universal Benefit Account, AgriPlan/BizPlan and COBRA/Benefit Continuation

Legacy Systems

Compliance and Distributor Access

For inquiries regarding your TASC service offerings:

Call: 608-241-1900 or 800-422-4661, M-F, 8-5, based on the area code where the call is coming from.

Every Wednesday morning phones are not available until after 9:00 am (CST), as our customer care team is in training.

Support Request: Log in to your MyTASC account and click on Contact Us.

Mail: Total Administrative Services Corporation
2302 International Lane
Madison, WI 53704

Distributor Login

To access MyTASC as a Distributor, click here!   For general information on your current TASC clients, contact our Provider Service team and please have your TASC ID ready: 888-595-2261, option 2, then 3.