CUSTOMIZED SERVICES ADMINISTRATORS, INC.

WASHINGTON MY HEALTH MY DATA ACT

PRIVACY POLICY

Customized Services Administrators, Inc. (“CSA” or “We”) values the privacy of our Washington users (collectively “Users” or individually each a “User”) who visit and use any CSA website and its associated services (the “Website”). This Washington My Health My Data Act Privacy Policy (“Washington Privacy Policy”) specifically addresses our collection, use, and protection of Consumer Health Data as defined under the Washington My Health My Data Act (RCW 19.373), in addition to other personal information. This Washington Privacy Policy governs information provided to us by you as a User of the Website (“You”), or that we learn from Your use of the Website. BY ACCESSING, BROWSING, OR USING THE WEBSITE, YOU ACKNOWLEDGE THAT YOU HAVE RECEIVED, READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS WASHINTON PRIVACY POLICY, INCLUDING THE PROVISIONS RELATING TO CONSUMER HEALTH DATA UNDER THE WASHINGTON MY HEALTH MY DATA ACT, AND ANY UPDATES TO IT. This Washington Privacy Policy incorporates by reference the terms and provisions of the CSA Privacy Policy, the CSA CCPA Privacy Policy and the CSA Terms of Service.

What is Consumer Health Data?

Under the Washington My Health My Data Act (RCW 19.373), “Consumer Health Data” is defined as personal information that is linked or reasonably linkable to a consumer and that identifies, or can be used to identify, the consumer’s past, present, or future physical or mental health status.

How We Use Consumer Health Data

For CSA’s travel insurance and assistance services, Consumer Health Data may include, but is not limited to:

  • Information provided in connection with claims, such as medical documentation, physician statements, hospital records, and details about injuries, illnesses, or treatments received during travel.
  • Health-related travel risk assessments, including information about pre-existing conditions, vaccination status, and other health factors relevant to travel planning and coverage eligibility.
  • Data collected for administering travel insurance policies and benefits, such as health status disclosures required for policy issuance, renewal, or modification.
  • Information processed for claims management, including the evaluation, adjudication, and payment of claims involving medical expenses, emergency care, or repatriation.
  • Details obtained to provide emergency medical assistance and related support, such as coordination with healthcare providers, emergency transportation, and communication with family members or authorized representatives.
  • Records maintained to comply with applicable legal and regulatory obligations, including reporting requirements, fraud prevention and cooperation with regulatory authorities.

This data is collected and processed solely for the purposes of delivering travel insurance products and services, supporting emergency medical needs, managing claims, and fulfilling our legal and regulatory responsibilities.

Sale and Sharing

We do not sell Consumer Health Data, nor do we use it for targeted advertising or marketing purposes. Your Consumer Health Data is treated with the highest level of confidentiality and is only shared in limited circumstances necessary to deliver our services and comply with legal obligations. Specifically, we may share Consumer Health Data with:

  • Affiliated entities within our corporate group: Sharing occurs only as needed to administer travel insurance policies, process claims, provide emergency medical assistance, or fulfill other legitimate business purposes, and always in accordance with applicable privacy laws.
  • Service providers and business partners: This includes claims handlers, reinsurers, emergency medical assistance providers, IT vendors, and other third parties who support our operations. All such service providers are required to adhere to strict contractual obligations regarding the protection and use of Consumer Health Data and may only process this data as instructed by us for the purposes specified in our privacy policies.
  • Regulators, government authorities, or as required by law: We may disclose Consumer Health Data to regulatory agencies, law enforcement, or other government entities when required to comply with applicable laws, regulations, legal processes or enforceable governmental requests.
     

We do not permit these third parties to use Consumer Health Data for their own independent purposes, and we take reasonable steps to ensure that any sharing is limited to what is necessary, is subject to appropriate safeguards, and is consistent with your rights under the Washington My Health My Data Act.

Consent

We obtain your explicit, informed consent before collecting or processing any Consumer Health Data. This consent is requested separately from any other personal information you may provide, and we clearly explain the specific purposes for which your Consumer Health Data will be used. You have the right to withdraw your consent at any time, without penalty or impact to your eligibility for other services. To withdraw consent, you may contact us using any of the methods described in the “Contact Information” section below, such as email, mail, or our online Personal Data Request Form. Upon receiving your withdrawal request, we will promptly cease processing your Consumer Health Data for the purposes to which you had previously consented, unless continued processing is required by law or necessary to complete a transaction you initiated. We will not collect, use, or share your Consumer Health Data for any purpose without your explicit consent, except where permitted or required by applicable law. Please note that withdrawing consent may limit CSA’s ability to process claims, administer benefits, or provide emergency assistance services when that information is necessary to fulfill contractual or legal obligations.

Your Rights

Washington residents have specific rights regarding their Consumer Health Data under the Washington My Health My Data Act (RCW 19.373). These rights include:

  • Access: You have the right to request and receive a copy of the Consumer Health Data that we have collected about you.
  • Correction: You may request that we correct any inaccuracies in your Consumer Health Data.
  • Deletion: You may request that we delete your Consumer Health Data, subject to certain legal or contractual retention requirements.
  • Withdrawal of Consent: You may withdraw your consent for the collection, use, or sharing of your Consumer Health Data at any time.
  • Restriction of Processing: You may request that we restrict the processing of your Consumer Health Data in certain circumstances.
  • Appeal: If we deny your request to exercise any of these rights, you have the right to appeal our decision. We will provide information on how to submit an appeal and will respond within the timeframe required by law.
  • Non-Discrimination: You have the right not to be discriminated against for exercising any of your privacy rights under this Act.

To exercise any of these rights, you or your authorized agent may contact us using any of the methods described in the “Contact Information” section below, such as email, mail, or our online Personal Data Request Form. We may require verification of your identity and residency before fulfilling your request. We are committed to responding to all requests in accordance with applicable laws and within the timeframes specified by the Washington My Health My Data Act.

Our Commitment to Data Security

No method of transmitting data over the internet or storing information can be guaranteed to be completely secure. While we implement measures designed to protect your information, we cannot guarantee absolute security. Once we receive Your transmission of information, CSA implements reasonable administrative, technical and physical safeguards designed to ensure the security and confidentiality of Your information, protect against any anticipated threats or hazards to the security or integrity of such information, and protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any User. Our data security practices expressly exclude the use of geofencing technology for collecting or tracking consumer health data related to healthcare facilities These safeguards include use of a firewall, content filtering, intrusion detection, SSL encryption and access controls. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical or administrative safeguards. If CSA learns of a security systems breach, then we may attempt to notify You electronically so that You can take appropriate protective steps. By using the Website, You agree that CSA can communicate with You electronically regarding security, privacy and administrative issues relating to Your use of the Website. CSA may post a notice on the Website if a security breach occurs. Depending on where You live, You may have a legal right to receive notice of a security breach in writing.

Links to Other Sites

This Website may contain links to other sites and other products and services that are not owned or controlled by CSA. Please be aware that we are not responsible for the privacy practices or content of such other sites, products and services. CSA encourage you to be aware when you leave our Website. We encourage you to review the privacy policies of each and every third-party website that collects personal information as their privacy policy may differ from ours.

Contact Information
For questions or to exercise your rights, contact us at:

By Mail:
Attn: Customer Privacy Management Office
P.O. Box 939057
San Diego, CA 92193-9057

By Phone:
866-757-0010

By Email:
consumerprivacy@us.generaliglobalassistance.com

By Internet Form:
Using the Personal Data Request Form on the CSA website.


Changes and Updates to this Washington Privacy Policy

CSA may occasionally update this Washington Privacy Policy. Your agreement to this Washington Privacy Policy and any updates.  Updates will only apply after the effective date of the update.

Effective Date. This Washington Privacy Policy was last revised on, and is effective as of, January 23, 2026.