Privacy policy

Last modified: May 10, 2024

Blue Cross and Blue Shield of North Carolina (“Blue Cross NC,” "Company," "We," “Our” or “Us”) respects your privacy and is committed to protecting it. 

This policy describes the types of information we may collect from you or that you may provide when you visit or use our Website, including any subdomains (“Website”), our Blue Connect℠ Member Portal (“Member Portal”), our Blue Cross NC mobile application (“Application”) and any other online interfaces and digital tools, collectively referred to as our “Digital Services.” This policy also describes our practices for collecting, using, disclosing and protecting that information.

This policy applies to information we collect:

• Through our Digital Services.
• In email and other electronic messages between you and our Digital Services.
• When you interact with our advertising and applications on third-party websites if those applications or advertising include links to this policy.

This policy does not apply to information collected by:

• Us offline or through any other means, including on any other website operated by Blue Cross NC or any third party (including our affiliates and subsidiaries); or
• Any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on our Digital Services.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Digital Services. By accessing or using our Digital Services, you agree to this privacy policy. This policy may change from time to time (see Changes to our privacy policy). Your continued use of these Digital Services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Although parents and guardians may use these Digital Services on behalf of their children, our Digital Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a child under 13 years of age, do not send any information about yourself to us through our Digital Services. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information.

We collect several types of information from and about users of our Digital Services, including information:

• By which you may be personally identified, such as name, postal address, email address, and telephone number ("personal information");
• That is about you but individually does not identify you.

We collect this information:

• Directly from you when you provide it to us.
• Automatically as you navigate through our Digital Services. 
• From third parties you may interact with.

The information we collect from you on or through our Digital Services may include:

• Information that you provide by filling in forms on our Digital Services. This includes information provided at the time of registering to use Blue Connect. We may also ask you for information when you report a problem with our Digital Services.
• Records and copies of your correspondence (including email addresses) if you contact us through our Digital Services.
• Your responses to surveys that we might ask you to complete for research purposes.
• Your interactions and search queries on our Digital Services.

As you navigate through and interact with our Digital Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, including:

Details of your visits to our Digital Services, including date and time of your visit, pages you visited, time spent on each page, scroll depth and other communication data and the resources that you access and use on the Digital Services. Information about your computer and internet connection, including your IP address, domain from which you accessed the internet, operating system, browser type, approximate geographic location and other information collected through cookies, web beacons and other tracking technologies. Additionally, both our Member Portal and Application collect screen images to resolve service issues, conduct analytics, and ensure performance to enable a better experience. 

The information we collect automatically is only statistical data and does not include personal information, but we may maintain it or associate it with personal information we collect in other ways or receive from third parties. This information helps us to improve our Digital Services and to deliver a better and more personalized service, including by enabling us to:

• Estimate our audience size and usage patterns.
• Store information about your preferences, allowing us to customize our Digital Services according to your individual interests.
• Speed up your searches.
• Recognize you when you return to our Digital Services.

The technologies we use for this automatic data collection may include:

• Cookies. A cookie is a small file placed in your computer’s browser to store your preferences. We may use the following types of cookies when you visit our Digital Services:
  • Essential cookies - These cookies are essential to provide you with services available through our Digital Services and to enable you to use some of its features. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
  • Functionality cookies - These cookies allow our Digital Services to remember choices you make, such as remembering your login details. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Digital Services. 
  • Analytics and performance cookies - These cookies are used to collect information about traffic to our Digital Services and how users are using it. The information gathered does not identify any individual visitor. The information is aggregated and anonymous. The information gathered may include the number of visitors to the Service, the websites that referred them to our Digital Services, the pages they visited on our Digital Services, what time of day they visited our Digital Services, whether they have visited our Digital Services before and other similar information.  
  • Targeted and advertising cookies - These cookies track your browsing habits to enable us to show advertising that is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, third-party advertisers can place cookies to enable them to show advertisements that we think will be relevant to your interests while you are on third-party websites.
  • Social media cookies - These cookies are used when you visit any public BlueCrossNC.com page. A social networking website, such as Facebook, X (formerly known as Twitter) or LinkedIn, can record that you have visited this page and could use this information to serve you relevant ads that are in compliance with platform advertising policies.  
• Pixels. In addition to cookies, certain pages of our Digital Services may contain small electronic files known as pixels (also referred to as web beacons, clear gifs, pixel tags and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related Digital Services statistics (for example, recording the popularity of certain Digital Services content and verifying system and server integrity).

Some content or applications, including advertisements, on the Digital Services are served by third-parties, including advertisers, ad networks and servers, content providers and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Digital Services. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices about how we use and disclose your information.

We use information that we collect about you or that you provide to us, including any personal information:

• To present our Digital Services and its contents to you.
• To provide you with information, products or services that you request from us, including care recommendations in specific geographic locations.
• To fulfill any other purpose for which you provide it.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
• To notify you about changes to our Digital Services or any products or services we offer or provide though it.
• In any other way we may describe when you provide the information.
• For any other purpose with your consent.
• The above excludes text messaging originator opt-in data and consent; this information will not be shared with third parties.

We may use the information we have collected from you to enable us to display advertisements to our advertisers' target audiences. Even though we do not disclose your personal information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose personal information that we collect or you provide as described in this privacy policy:

• To our subsidiaries and affiliates.
• To contractors, service providers and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of the Company’s assets in which personal information about our Digital Services users is among the assets transferred.
• To fulfill the purpose for which you provide it. 
• For any other purpose disclosed by us when you provide the information.
• With your consent.
• The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.

We may also disclose your personal information:

• To comply with any court order, law or legal process, including to respond to any government or regulatory request.
• To enforce or apply our terms of use and other agreements, including for billing and collection purposes.
• If we believe disclosure is necessary or appropriate to protect the rights, property or safety of Blue Cross NC, our customers or others.

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information: 

• Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.
• Promotional Offers from the Company. If you do not wish to have your email address used by the Company to promote our own or third parties' products or services, you can opt out by logging in to Blue Connect and adjusting your user preferences in your account profile by checking or unchecking the relevant boxes, or you may contact us to make that request. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions or you may click the unsubscribe link in the email.

We do not control third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.

You can review and change your personal information by logging in to Blue Connect and visiting your account profile page.

You may contact us to request access to, correct or delete any personal information that you have provided to us. We cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure. All information you provide to us is stored on our secure servers behind firewalls. The chat feature and all online forms that include information captured from our users are secured using Transfer Layer Security (TLS), which encrypts the information as it travels from a desktop to our server.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Digital Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. For your protection, please don't send email to us that contains your personal information. We cannot guarantee the security of these emails before they reach us, in contrast to the security precautions in place when you send us personal information through an online form on our Digital Services. If you're a member, we suggest you use the Blue Connect Inbox to send secure messages and receive secure messages from us. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Digital Services.

It is our policy to post any changes we make to our privacy policy on this page with a notice that the privacy policy has been updated on the Digital Services home page. If we make material changes to how we treat our users' personal information, we will notify you through a notice on the Digital Services home page. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date, active and deliverable email address for you, and for periodically visiting our Digital Services and this privacy policy to check for any changes.

To ask questions or comment about this privacy policy and our privacy practices, contact us.