New: Download the Compass Rose Health Plan App!

Website Privacy Policy

Compass Rose Benefits Group (CRBG) is a self-insured, not-for-profit association providing health benefits to civilian employees and retirees of the Intelligence Community, Department of State, Department of Defense, and Department of Homeland Security and their families through the Federal Employees Health Benefits Program (FEHBP). CRBG also provides ancillary products such as term life insurance and group accident insurance, available to all active civilian federal employees.

CRBG respects your privacy and is committed to protecting it by following this policy.

This policy describes the types of information you give us and that we may collect from you through using our website, electronic communications, mobile applications, and any other websites, applications, or communications (collectively, “e-services”) that link to this policy.

This policy describes how we use that information and our practices for collecting, maintaining, protecting, and disclosing that information. Please note, information about how we use or disclose your health information is addressed in our Notice of Privacy Practices. If you do not agree to the terms of this policy, do not use our e-services. By proceeding with using any of our e-services, you agree with the terms of this policy.

Information we collect

There are three basic categories of information we collect: (1) Information you choose to give us; (2) Information we get when you use our e-services; and (3) Information we get from third parties (subject to certain limitations as set forth in this policy).

  1. Information you choose to give us


    Examples of information you may provide directly to us to use our services includes your full name, date of birth, social security number, telephone number, email address, postal address, certain account numbers, username and any other information our website or mobile applications collect that is defined as personal or personally identifiable information under applicable law (“personal information”). You may have access to your individual health information via the myCompass site. This may include, but is not limited to, the following:
    1. Name and contact information, such as address, phone number, or email address
    2. Medical history, conditions, treatments, medications, and care team
    3. Health plan account numbers and insurance information
    4. Demographic information, such as your age and gender
    Other e-services, such as for ancillary plans, may also require you to provide us with a debit or credit card number and its associated account information.

    We may request information through surveys or questionnaires. We use this information to learn more about your experience with our e-services, and how we can improve your experience.

    We will only use your personally identifiable information to provide the service you have requested.

  2. Information that is automatically collected when you use our e-services


    We use Google Analytics to allow tracking technologies on the publicly available Compass Rose Benefits Group site to collect information about the e-services you have used and how you have used them. Here is a list of the types of information we may collect when you use our e-services:

    User and usage information. We may collect information about you automatically as you navigate through the site or mobile app. Information collected automatically may include demographic, de-identified, or aggregated information, usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.

    Device information. We may collect information about your device and internet connection, including the device’s unique device identifier, IP address, operating system, browser type, and mobile network information.

    Location information. When you use our e-services we may collect information about your location. With your consent, we may also collect information about your precise location using methods that include GPS, wireless networks, cell towers, Wi-Fi access points, and other sensors, such as gyroscopes, accelerometers, and compasses.

    Information collected by cookies and other technologies. Like most online e-services and mobile applications, we may use cookies and other technologies, such as web beacons, web storage, unique advertising identifiers, and click tracking and visualization tools to collect information about your activity, browser, and device. We may also use these technologies to collect information when you interact with e-services we offer through one of our partners.

    Log information. We also collect log information when you use our website or mobile application. That information includes, among other things:
    1. Details about how you have used our e-services.
    2. Device information, such as your web browser type and language.
    3. Access times.
    4. Pages viewed.
    5. Identifiers associated with cookies or other technologies that may uniquely identify your device or browser.
    6. Pages you visited before or after navigating to our website. 
    Unique application numbers. Certain e-services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to Google when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.

  3. Information we collect from third parties

    We may collect information that other users provide about you when they use our e-services. We may also obtain information from our affiliates, or any other third-party sources, and combine that with the information we collect through our e-services.

We retain Information for as long as necessary for the purpose for which it is collected, subject to a longer period if the information is relevant to a legal challenge.

How we use information

We use information that we collect about you or that you provide to us to do the following:

  • Develop, operate, improve, analyze, administer, deliver, maintain, and present our website or mobile application and its contents to you.
  • Protect our products and e-services.
  • Communicate with you.
  • Help protect someone’s health, safety, or welfare.
  • Keep a record of our transactions and communications.
  • Provide you with content through our myCompass site or other e-services that we may offer.
  • Personalize your experience on our myCompass site.
  • Send you communications and notices about changes to our website or mobile application or any products or e-services we offer or provide on it.
  • Provide you with informational or promotional materials, as permitted by law, that may be useful to you, such as information about products or services provided by us or one of our vendors.
  • Process an application for a product or service as requested by you.
  • Monitor and analyze trends and usage to improve our products, websites and advertising.
  • Enhance the safety and security of our products and e-services.
  • Verify your identity and authenticate your access to the parts of our e-services that you are authorized to access (e.g., our myCompass Member Portal and with vendors acting on our behalf) and prevent fraud or other unauthorized or illegal activity.
  • Recruiting and human resources administration purposes.
  • Use information we have collected from cookies and other technology to enhance the e-services and your experience with them.
  • For any other purpose as otherwise necessary or useful to conduct business with your consent.

We may also store some information locally on your device. For example, we may store information as a local cache so that you can open the app and view content faster. We may, when permitted, combine your Information with other information, whether online or offline, maintained or available to us from you or from other sources, such as from our vendors, and we may use and disclose combined data for the purpose described in this Section or for internal business purposes. We may, when permitted, use and disclose de-identified and aggregated data for any purpose, which may include, without limitation, disclosures to third parties for analytics purposes such as evaluating the myCompass site and providing additional benefits, programs, and services. Please note, information about how we may use or disclose your health information is contained in our Notice of Privacy Practices. The content provided in your myCompass account is not intended to be a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of your physician or other qualified health provider with any questions you may have regarding a medical condition. Never disregard professional medical advice or delay in seeking it because of something you have read in your myCompass account.

Cookies and Tracking

When you visit our e-services, we may place a temporary "session" or a permanent cookie on your computer.

On our e-services, cookies do several different jobs. They let you navigate between pages efficiently and generally improve your experience on our e-services. They can also help to ensure that advertisements that you see online are more relevant to you and your interests.

The cookies used on our e-services can be categorized in three ways: (1) cookies that are strictly necessary; (2) cookies that assist with the performance of the Services; and (3) targeting cookies. Each of these is further explained below.

  1. Strictly Necessary Cookies

    These cookies are essential in order to enable you to move around our e-services and use its features, such as accessing secure areas of our e-services. Without these cookies, services that you have requested, such as inquiring about healthcare information, cannot be provided. These cookies do not gather information about you that could be used for marketing purposes. By using these e-services, you agree that we may place these types of cookies on your device.

  2. Performance Cookies

    These cookies collect information about how you use our e-services. For example, they may collect information on which pages you visit most often. These cookies do not directly collect information that identifies you. When you provide information that identifies yourself, we may use these cookies to provide relevant information on our e-services based on information that you have provided and your activities on our e-services. By using our e-services, you agree that we may place these types of cookies on your device.

  3. Targeting Cookies

    These cookies collect several pieces of information about your browsing habits. They are usually placed by advertising networks such as, but not limited to, Google, Facebook, LinkedIn, Twitter or Instagram. They remember that you have visited our e-services and share this information with other organizations, such as advertisers. They do this in order to provide you with targeted advertisements that are more relevant to you and your interests. Although these cookies can track your visits to sites on the Internet, the cookies themselves do not usually know who you are. Without these cookies, online advertisements that you encounter will be less relevant to you and your interests. We By using our e-services, you agree that we may place these types of cookies on your device.

We do not use third-party targeting cookies on our myCompass site. We utilize the strictly necessary and performance cookies to make our myCompass site functional.

You may use your browser controls to refuse to allow cookies to be placed on your computer. On our public website, refusing cookies disables our ability to include information about your visit in our regular monitoring of traffic. However, our myCompass site will not operate without the use of strictly necessary cookies, as described above. Our myCompass site logs all access and traffic, regardless of cookie settings.

How we share information

We do not sell, lease, rent, or otherwise disclose the personal data collected to third parties unless otherwise permitted by law or as permitted with your consent. We may share information about you in the following ways:

  • For the intended purpose. We may share information specifically for the purpose disclosed by us when you provide the information, such as sending you electronic communications about e-services CRBG provides.
  • With our affiliates. We may share information with our business entities, subsidiaries, and affiliates.
  • With third parties. We may share your information with the following third parties:
    • With service providers, sellers, and partners. We may share information about you with service providers who perform e-services on our behalf, sellers that provide goods through our e-services, and business partners that provide e-services and functionality. For example, we employ service providers who help us analyze website traffic and demographics (Google Analytics).
    • With third parties as part of a merger or acquisition. We may share with a buyer or other successor entity in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all CRBG’s assets.
    • With third parties for legal reasons. We may share information about you if we reasonably believe that disclosing the information is needed to:
      • Comply with any valid legal process, governmental request, or applicable law, rule, or regulation.
      • Protect the rights, property, and safety of us, our users, or others.
      • Detect and resolve any fraud or security concerns.
  • With your consent. We will ask for consent before using information for a purpose other than those set out in this Privacy Policy.

Any third party we share your information with will provide you with at least the same level of privacy our e-services do.

Third party content and integrations

The e-services may also contain third-party links and search results, include third-party integrations, or offer a co-branded or third-party-branded service. Through these links, third-party integrations, and co-branded or third-party-branded e-services, you may be providing information (including personal information) directly to the third party, us, or both. We encourage you to review the privacy policies of every third-party service that you visit or use, including those third parties you interact with through our e-services.

Linking to other websites

This site contains hypertext links to other websites or applications we think might be helpful or useful to you. However, CRBG has no control over the content in these sites, their availability or accuracy, and assumes no responsibility for the privacy practices of such websites. These links are provided for convenience and reference purposes only; therefore, we are not liable for any information or materials contained in them.

Control over your information

You may contact us to request access to any personal information that you have provided to us. If you change your mind about our ongoing ability to collect information from certain sources that you have already consented to, you can revoke your consent by contacting us. Please send all such requests to privacyofficer@compassrosebenefits.com or write to us at:

Compass Rose Benefits Group
Attention: Privacy Officer
11490 Commerce Park Drive
Suite 220
Reston, VA 20191

You can take steps through your browser to control shared information by adjusting settings to reject all or some cookies and to alert you when a cookie is placed on your device. If you do this, you may not be able to access or use all or parts or functionalities of CRBG’s digital properties.

Data Security

We use reasonable industry-standard administrative, technical and physical security measures to protect your information. Information you enter into our myCompass site is encrypted during transit and stored securely. However, no security system is impenetrable and we cannot guarantee that our security measures will prevent third parties, such as criminal hackers, from illegally obtaining access

Email sent to our sites does not provide a means for completely secure and private communications between us. Your email, like most non-encrypted internet email communications, may be accessed and viewed without your knowledge or permission while in transit to us. Email sent to us will be shared with our customer service representatives or the staff members who are best able to address your questions or concerns. Once we have responded to your communication, it may be discarded or archived, depending on the nature of the inquiry. Outgoing emails containing protected health information (PHI) are sent through a secure system.

It is your responsibility to safeguard the devices you use to access our e-services (such as laptops, tablets and mobile devices), and to use appropriate security settings on those devices. If those devices are lost, stolen or misplaced, others may be able to access your account and your personal information using those devices. If you log into the myCompass site using a public computer or device, or the computer or device of another person, you should affirmatively log out of your account (i) prior to ending your session, or (ii) if you will be inactive on myCompass for more than a few minutes otherwise, the next user of that computer or device may be able to access your account and the Information in your account if your session has not ended. Unless you affirmatively log out of your account, you may be automatically logged back in the next time you or any user of your devices visits myCompass.

You agree that we are not responsible for any harm that may result from someone accessing your account or personal information on a lost, stolen or misplaced device or on a public computer or kiosk where you do not for any reason take the necessary steps to log out of your account prior to ending a session on such public computer or kiosk.

Children

Our website and mobile application are not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13. No one under age 13 should use our website, provide any personal information to the website, or download the mobile application. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at privacyofficer@compassrosebenefits.com.

General

CRBG provides the information on this website as a courtesy. We attempt to keep information as accurate as possible; however, we make no express or implied warranties or representations about its accuracy, completeness, or appropriateness for a particular purpose. You assume full responsibility for using the information at this site, and you understand and agree that CRBG is neither responsible nor liable for any claim, loss, or damage resulting from its use. The mention of specific products or e-services at this site does not constitute or imply a recommendation or endorsement by CRBG, unless such recommendation or endorsement is explicitly stated. CRBG may improve, delete, update, or otherwise change this website without notice, and CRBG has no obligation to update out-of-date information in any specified length of time.

The Compass Rose Benefits Group name, logos, service names, design marks, and slogans are the trademarks or service marks of CRBG. Unauthorized use of any CRBG name or mark in any advertisement, publicity or in any other commercial manner without prior written consent of CRBG is prohibited. The website is made available for your personal, noncommercial use only. As part of such use, you may download and/or print pages from the site for your personal, noncommercial uses that are reasonably related to the website’s purposes, and you may link to portions of the website that are not password protected. However, you may not distribute or display any CRBG Content contained in the password-protected website without express written authorization from the CRBG President or his/her designee.

When this policy applies

This Policy applies to any CRBG e-service site that we own or operate and that contain a link to this Privacy Policy. Our Policy does not apply to information collected through other means or when accessing one of our vendor’s sites.

Our Policy does not apply to the practices of our vendors that may be linked from or made available through our e-services.

This Privacy Policy is not intended to and does not create any contractual or other legal rights in or on behalf of any party.

Revisions to the Privacy Policy

We may change this Privacy Policy from time to time. We will post any changes on this page by revising the date at the top of the Privacy Policy that is available on our website and through our mobile application. We encourage you to periodically reread this Privacy Statement to see if there have been any changes that may affect you. This Privacy Statement is not intended to, and does not, create any contractual or other legal rights in or on behalf of any party.

Contact Information

To ask questions or comment about this privacy policy and our privacy practices, you can contact the Privacy Officer at privacyofficer@compassrosebenefits.com.

Effective Date: May 1, 2022