OneExchange from Willis Towers Watson

For Support Call Us at (855) 376-7996

Liazon Privacy Notice

Last updated: April 27, 2021

When the planned combination between Willis Towers Watson and Aon takes effect, Willis

Towers Watson, its affiliates, subsidiaries, and related entities will become part of a new Aon

PLC (“Aon”). Information on the planned combination, including updates on the timing, can

be checked here.


While we plan for the closing of the combination, the below Willis Towers Watson privacy

notice remains in effect. Please note that starting on the date that the two companies formally

combine, your personal information may be shared with Aon, its subsidiaries, and affiliates

for the purpose of this combination in accordance with applicable privacy laws and the terms

of this privacy notice, particularly the section related to disclosure of personal information.


If you have any questions, please contact privacy@willistowerswatson.com.


In this Privacy Policy (“Policy”), we describe how Liazon, a Willis Towers Watson company

(“Liazon,” “We,” or “Us” or “Company”), collects, uses, and otherwise processes personal

information when providing our services. We use personal information to guide you in making

smart benefits decisions, generate your plan rates, and enroll you with the insurance carrier(s)

that you choose.


In this privacy notice, our use of the term “personal information” includes other similar terms

under applicable privacy laws—such as “personal data” and “personally identifiable

information.” In general, personal information includes any information that identifies, relates

to, describes, or is reasonably capable of being associated, or could reasonably be linked or

linkable with a particular individual or household, either directly or indirectly.


This Policy describes our practices in connection with information that we collect through the

online information portal (the “Site”), decision support tools and enrollment system, collectively

known as “the Marketplace,” or through computers and mobile devices, as well as through

HTML-formatted email messages that we send to you that link to this Privacy Notice

(collectively, the “Services”).


When providing the Services, Liazon acts as a “service provider” under applicable privacy and

data protection laws.


Personal Information We May Collect

The personal information that we collect and process will vary depending upon the

circumstances. We may collect or receive personal information directly from individuals,

(including but not limited to automatic collection of certain personal information related to the

use of our Site) and from third parties.


Third Party Information You Provide. As part of our Services, you may provide us or our

service providers with personal information relating to other people (such as your dependents or

beneficiaries). You represent that you have the authority and/or permission to provide us with

this information and to grant us authorization to use such information in accordance with this

Policy.


Protected Health Information. Certain information that relates to health or the provision of

healthcare may constitute Protected Health Information (“PHI”) under HIPAA (the Health

Insurance Portability and Accountability Act of 1996 and 45 C.F.R. parts 142 and 160-164, as

amended) and applicable state privacy laws. Entities that create or receive this information (such

as your health insurance provider) are subject to strict rules regarding how they can share this

information. If we collect, receive, use or disclose any PHI, we do so as a “business associate”

under HIPAA. As a business associate, our collection, use and disclosure of PHI is also subject

to our applicable business associate agreements with employers and/or carriers. We will treat

PHI that we collect or receive in compliance with all applicable state and federal laws and

regulations regarding the confidentiality of such information.


Information We Receive From Third Parties. We may receive certain information from third

parties, such as your employer and carriers.


  • Employers: Employers provides us with certain personal information about eligible employees, such as: your name, address, Social Security Number, hire date, birth date, gender and information directly related to your employment. We use this information so that we can identify you and enroll you in your employee benefits.
  • Carriers: Name, address, and other information related to eligibility of individuals under certain insurance programs or plans.

Information We Collect Directly. We also collect certain personal information directly from

users of our Site.

  • Registration: When signing in as a registered user, you must provide us with your assigned username and password, and provide us with certain registration information including first name, last name, date of birth, Social Security number, phone number, and email. Additional personal information may be collected if you use single-sign-on (SSO) to authenticate into our systems.
  • Eligibility and Enrollment: When shopping for benefits plans on the Marketplace, we will ask you to provide additional personal information, such as information related to whether you smoke, your expected health care utilization, any dependents that you may have, your attitudes toward risk and other factors that would influence your insurance and benefits preferences, and any other personal information required by a relevant carrier to enroll you in a particular plan of your choice.
  • Other Information: You may be asked or have the option to submit additional information through the Site, where requested by your employer. We may also collect information from you in order to help you identify appropriate plans for you and your beneficiaries.

Information Collected Automatically. When you use our Site, we may also automatically

collect certain information about the use of our Site through cookies, web beacons and

other technologies, such as:

  • Browser and device information
  • Information collected through cookies and other technologies
  • Demographic information and other information provided by you
  • Aggregated information

Please see the section below regarding Cookies and Tracking for information on how this

information is collected and treated by Us.


Sources of Personal Information We Collect

We may collect your personal Information in a variety of ways, including:

  • We collect the information that you directly provide to us as part of the Services (e.g., when you register with our Site).
  • When you contact Us or request information about our Services.
  • When we receive information about you from your employer.
  • We may also receive information from third parties about your medical and health care expense history (to the extent you have consented to the sharing of such information with us). For the avoidance of doubt, the information that you provide to such third parties shall be governed by the third party’s privacy notice; whereas the information that we may receive from third parties shall be governed by this Policy.
Use of Personal Information

We may use personal information:

  • As permitted under the contract for services with our clients (your employer);
  • To respond to your inquiries and fulfill your requests, including to enroll you with the insurance carrier(s) that you choose;
  • To generate your plan rates;
  • To recommend the best insurance coverage for you;
  • If allowed by your employer, to send you notices or marketing communications (for example, in the form of e-mails, mailings, and the like) regarding products or services you are receiving or We think you may be interested in receiving;
  • For Our internal business operations, such as improving or modifying our Services, developing new features and services, identifying errors, and as necessary in support of our internal business operations that are ancillary to the Services;
  • As We believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations, assets and Services or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
  • For auditing, reporting, corporate governance, and internal operations: including relating to financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping and legal functions; and related to any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy or restructuring of all or part of our business.
  • To retain or hire another service provider or subcontractor.
  • For any other purposes disclosed at the time the information is collected or to which you consent.

Disclosure of Your Personal Information

We may disclose personal information for the following reasons:

  • To the carrier and vendor partners that you have selected or requested more information about, to allow them to provide you with services through the Marketplace. Use of your personal information by our carrier and vendor partners is governed by their respective privacy policies and not this Policy.
  • To your employer. We may share information with your employer, including your demographic information (name, address, etc.), smoking status, dependent information, beneficiary information, benefits elections, and information collected where we indicate that question responses will be shared with your employer (such as on the “Additional Questions” page).
  • To our affiliates for the purposes described in this Policy.
  • To our third-party service providers who provide services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services.
  • To identify you to anyone to whom you send messages through the Services.
  • To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
  • As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations, assets and Services or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

Aggregate and De-identified Information. We may share aggregate or de-identified information,

which does not identify and is not linked or linkable to a particular individual with third parties

for research, marketing, analytics and other purposes.


Cookies

Our website may use first-party and third-party cookies and similar technology to gather device and

usage information when users visit the website. We use the information for security purposes, to

facilitate navigation, to display information more effectively, to personalize your experience while

using the website, and to recognize your computer to assist your use of the website. We also gather

statistical information about use of the website to improve design and functionality and understand

how the website is used. We do not use advertising cookies on the website.


There are different types of cookies, for example:

  • Cookies transferred directly by Willis Towers Watson or the website vendor ('first party cookies') and cookies transferred on our behalf, for example by our data analytics companies ('third party cookies')
  • Cookies which endure for different periods of time, including those that only last only as long as your browser is open ('session cookies'). Session cookies are deleted automatically from your device once you close your browser. Other cookies are 'permanent cookies', meaning that they remain on your device after your browser is closed. For example, permanent cookies recognize your device when you open your browser and browse the internet again.

Below we explain the different types of cookies and similar technologies that may be used on the Sites.

Where we use third party cookies, we provide a link to the third party's cookie policy.


Strictly Necessary Cookies. Strictly necessary cookies enable you to navigate the Sites and to use their

services and features. Without these necessary cookies, the Sites will not perform as smoothly for you as

we would like them to and we may not be able to provide the Sites or certain services or features.


Functional Cookies. Functional cookies enable the website to provide enhanced functionality

and personalization. They allow us to see the overall patterns of usage on the Sites. We use the

information to analyze traffic on and improve the Sites. They may be set by us or by third party

providers whose services we have added to our pages. Without these cookies, some or all of these

services may not function properly.


Performance Cookies. Performance cookies allow us to count visits and traffic sources so we can

measure and improve the performance of our site. They help us to know which pages are the most and

least popular and see how visitors move around the site. All information these cookies collect is

aggregated and therefore anonymous. Without these cookies, we will not know when users have visited

our site and will not be able to monitor its performance.


We use the following cookies for our site:


Cookie Name Cookie Type Description or Purpose Persistent or Session 1st or 3rd Party Cookie
LoginTokenV1 Strictly Necessary This cookie holds the username that is typed in on the login page. It is used as a reference for the entire MFA login process. Persistent First Party
SessionId Strictly Necessary Holds a unique key to get the signed-in user's session as required by the portal framework. Persistent First Party
.LZN_PORTAL_AUTH Strictly Necessary Holds a unique key to get the signed in user's authorization as required by the portal framework. Persistent First Party
LoginToken Strictly Necessary Same as LoginTokenV1. Persistent First Party
_ga Performance This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. Persistent First Party
_gid Performance This cookie name is associated with Google Universal Analytics. Persistent First Party
JSESSIONID Performance This domain is controlled by New Relic, which provides a platform for monitoring the performance of web and mobile applications. Persistent Third Party
showWarnings_18BEE06CE877E512BD3A345496A95A10 Functionality Used to show user warnings during Life Event workflow. Session First Party
SsoInboundLogoutUrl Functionality Sets the logout url specified in the SSO Inbound profile for the consumer who entered the portal via an SSO connection. This cookie only stores a url that is used to send the consumer back to where their organization configured them to go after an SSO logout. Persistent First Party
languageculture_18BEE06CE877E512BD3A345496A95A10 Functionality Sets users preferred language. Session Third Party

You can control the way in which cookies are used by altering your browser settings. You may refuse to

accept cookies by activating the setting on your browser that allows you to reject cookies. Information

about the procedure to follow to enable or disable cookies can be found on your Internet browser

provider's website via your help screen.


To find out more about cookies, including how to see what cookies have been set and how to manage

and delete them, visit www.aboutcookies.org, www.allaboutcookies.org, or www.youronlinechoices.eu.



Pixel tags and other similar technologies. Pixel tags (also known as web beacons and clear GIFs)

may be used in connection with some websites to, among other things, track the actions of users

of the website (including email recipients), measure the success of our marketing campaigns and

compile statistics about usage of the website and response rates. We and our service providers

may also use pixel tags in HTML emails to you and our customers, to help us track email

response rates, identify when our emails are viewed, and track whether our emails are forwarded.


Log files. Most browsers collect certain information, such as your IP address, device type, screen

resolution, operating system version and internet browser type and version. This information is

gathered automatically and stored in log files.


Third Party Analytics Tools. Our Site uses automated devices and applications operated by third

parties (e.g., Google Analytics), which use cookies and similar technologies to collect and

analyze information about use of the Site and report on activities and trends.


Do-Not-Track signals. Please note that our Site does not recognize or respond to any signal

which your browser might transmit through the so-called 'Do Not Track' feature your browser

might have. If you wish to disable cookies on our Site, you should not rely on any 'Do Not Track'

feature your browser might have.


Third Party Services

We may include links in the Services to third-party companies, such as carriers, health and

wellness providers or other service providers. When you access those links or utilize those

products or services, you will be leaving the Services and your usage of those third party sites

will not be governed by this Privacy Notice, but by the privacy policies of such third party.


Information About Children

The Services are not directed at children under the age of 13, and we request that they not

provide personal information through the Services.


Please note that we do collect information about dependent children as it pertains to their

benefits coverage.


How We Protect Your Information

We seek to use organizational, technical and administrative measures to protect personal

information within our organization. Unfortunately, no data transmission or storage system can

be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no

longer secure (for example, if you feel that the security of your account has been compromised)

please immediately notify us in accordance with the "How to Contact Us" section below.


Choices and Access

If you would like to review, correct, update, suppress or delete personal information that you

have previously provided to us, you may contact us at the address below.


In your request, please make clear what personal information you would like to have changed,

whether you would like to have your personal information suppressed from our database or

otherwise let us know what limitations you would like to put on our use of your personal

information. For your protection, we may only implement requests with respect to the personal

information associated with the particular email address that you use to send us your request, and

we may need to verify your identity before implementing your request. We will try to comply

with your request as soon as reasonably practicable.


Please note that we may need to retain certain information for recordkeeping purposes and/or to

complete any transactions that you began prior to requesting a change or deletion. There may

also be residual information that will remain within our databases and other records, which will

not be removed.


Changes to This Policy

This Policy is effective as of the date stated at the top of this Policy. We reserve the right to

revise and update this Policy from time to time. By accessing the Site or using the Services after

we make any such changes to this Policy, you are deemed to have accepted such changes.


Please refer back to this Policy on a regular basis.


How to Contact Us

If you have questions about this Policy, you may contact us via email at

privacy@willistowerswatson.com (noting LIAZON PRIVACY NOTICE in the subject) or in

writing to us at the following address:


Liazon Corporation, a Willis Towers Watson Company

Attn: Privacy Team

800 N. Glebe Road

Arlington, VA 22203


If you would like to submit a request regarding your personal information (e.g., a request to

access or delete your personal information) collected or held by us, please email us at

dataccessrequest@willistowerswatson.com. We will refer your request to your employer or the

relevant carrier as appropriate and will assist them in responding to your request. You can also

copy your employer or the carrier directly.