Your use of the HRx Service indicates that you have read and have accepted this Policy in its entirety and consent to the use of your information as described in this Policy. If you do not accept this Policy in its entirety, please do not use the HRx service. Additional information relating to these protections is provided below.
“Authorized User” means, an individual whom a Client has allowed access to the HRx Service and has been granted an associated user identification and password.
“Client Full Access Administrator” – is an Authorized User who has top level access to manage all aspects of the Client’s interaction with the HRx service on behalf of the Client.
“Client” means any company or other entity that has a Company Profile on the GoCo Platform that contains data, documents, policy configurations, workflows, and other information relating to the entity and its Authorized Users and that has executed a subscription agreement for access to the HRx service.
GoCo.io maintains administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Authorized User data. GoCo.io applies state-of-the-art data collection, storage, processing and security tools and practices to protect against unauthorized access, disclosure, alteration, and destruction of Authorized User Data, as well as each Authorized User’s (and all other users’) username, password, transaction information and data stored on GoCo.io servers associated with the operation of the GoCo Platform. Unfortunately, however, no data transfer or data storage system can offer complete security from intrusion or attack. Accordingly, GoCo.io cannot ensure, and expressly disclaims any warranty relating to, the security of any information that you transfer or extract using the GoCo Platform. Correspondingly, you as Authorized User are hereby on notice that you provide information and extract information via the GoCo Platform at your own risk. You can read more about GoCo.io’s security policy here: https://www.goco.io/legal-stuff/hrx-security/
GoCo.io adheres to all privacy laws and regulations regarding the collection, storage and use of Authorized User data, including all personally identifiable information.
GoCo.io may share your data with authorized third-parties that have a legitimate processing interest. These third parties may include (but are not limited to) insurance brokers, insurance carriers, payroll companies, and consumer directed benefit administrators.
Your data can be used for several reasons that include but are not limited to:
Processing enrollment, disenrollments, and changes with insurance carriers and/or consumer directed benefit administrators
Processing changes in payroll
Providing and managing your access to the site
Authorized recordkeeping for your employer
Communicating key employment and/or insurance related issues to you
With specific regard to personal information, GoCo.io takes commercially reasonable steps to maintain the storage and security of the personally identifiable information that is collected, including controlling the number of people who have electronic access to our database servers, as well as physical access including the installation of security systems that guard against unauthorized access.
When an Authorized User gains access to and uses the GoCo Platform, the Authorized User’s identity and related information remains confidential to the outside world. Such data, in its raw form, may only be accessed by employees or contractors with a need to know solely to ensure continued access, consistent use, or to provide repairs or updates, to the GoCo Platform. Once in a while, such data in aggregated (combined with a larger population of Authorized Users) and anonymized (compiled such that no individual Authorized User can be identified or an Authorized User’s data can be isolated) form may be used to improve the GoCo Platform, benchmark or market the GoCo Platform or other products of GoCo.io, or provide necessary information to investors or regulatory bodies. Such data in aggregated or anonymized form may be provided to third parties in order to assist such third parties in providing us information. It is expected that, on a very infrequent basis (if at all), such data in either raw or aggregated and anonymized form may be subject to an order of a court or tribunal that mandates disclosure but GoCo.io will use its best efforts to effect related protective orders that include a requirement of strict confidentiality and best e-Discovery practices that use commercially reasonable means to protect the confidentiality of such data.
All Authorized User data will be maintained in the GoCo Platform and associated storage systems during the Term associated with the applicable GSA between you as Authorized User and GoCo.io. At the termination of such GSA, your access will be terminated (unless picked up through a different employer or you personally) and GoCo.io will neither have an obligation to continue retaining such Authorized User data (except as otherwise required under the law or any applicable regulations) nor to erase such Authorized User data. However, while such Authorized User data is in the possession of GoCo.io, it will continue to protect the confidentiality of such Authorized User data, subject to the terms and conditions of this Policy.
Upon an explicit written request from the Client Full Access Administrator, GoCo.io will make every reasonable effort to delete all Client data from the GoCo.io platform within 30 days. If more than 30 days are required, GoCo will communicate the expected timeline and the reason for the delay to the Client Full Access Administrator.
In the absence of a request from a Client Full Access Administrator, data of Authorized Users will be retained indefinitely. Records are retained indefinitely because GoCo.io is used as the primary system of record by Clients and stores what may be the only copies of employment contracts, employment verification documents, performance assessments, time off usage, payroll information, insurance benefits, and other areas where legitimate processing interests exist.
EXPORT / IMPORT OF AUTHORIZED USER DATA
The GoCo Platform is operated from, and Authorized User data is currently stored within, servers located in the United States. In situations in which you access and use the GoCo Platform from locations outside the United States, GoCo.io needs or desires to operate a portion or all of the GoCo Platform and/or its associated storage systems outside the United States, or GoCo.io expands the scope of GoCo.io’s operations overseas, your Authorized User data including personally identifiable information may be stored outside of the United States. By accessing and using the GoCo Platform, you as Authorized User consent to the transfer of your Authorized User Data including personally identifiable information into and out of the United States.
This Policy may be updated by GoCo.io at any time, and the associated date of last update is provided below. Please check this Policy often to ensure that you as Authorized User are aware of its modifications and are correspondingly apprised of its applicable terms and conditions.
INFORMATION ABOUT US
Goco.io is owned and operated by GoCo.io, Inc.
Which is a C-Corp registered at:
4747 Research Forest Dre, Ste 180 #246
The Woodlands, TX 77381
The HRx service is offered by Unum Group
Which is located at:
One Fountain Square
Chattanooga, TN 37402
This document was last updated on October 22, 2019.