Online and mobile privacy notice

Effective date: October 17, 2025

This Privacy Policy (“Policy”) explains how Blue Shield of California and its subsidiary Blue Shield of California Life & Health Insurance Company (together, “Blue Shield,” “we,” “us,” or “our”) collect, use, and share your personal information when you use or visit our websites or mobile application. In this Policy, our mobile application is referred to as the “App,” and our websites and App together are referred to the “Sites.” This Policy only applies to information that identifies you personally (“Personal Information”). It does not apply to anonymous or aggregated data that cannot be linked to you.

Blue Shield is a data controller (i.e., the company responsible for, and that controls, the processing of your Personal Information). We process Personal Information based on our legitimate interest in running and growing our business and as necessary to enter into a contractual relationship with you. Should we process Personal Information in any other way, we will notify you of that basis prior to undertaking such processing.

If you're a Blue Shield member or policyholder, please log into your account to view privacy notices related to your medical or financial information, including HIPAA and GLBA notices.

The information we collect

We collect Personal Information about people using our Sites in two ways:

1. Information you provide

We collect Personal Information from you directly when you fill out any forms on the Sites or email us requesting information. Also, depending on the Site or the services available to you on a Site, we may ask for specific Personal Information necessary to perform the services. For example, when you create your account through one of our Sites, Blue Shield will request that you provide an email address and password, and when you register your online Blue Shield accounts through one of our Sites, you may be required to share certain Personal Information with us, such as your name, address, date of birth, social security number, and/or other information that can be used to identify you.

You are under no obligation to provide any such information. However, if you should choose to withhold requested information, we may not be able to provide you with the services.

2. Information we collect automatically

As with all websites, there are certain elements of Personal Information that we automatically collect simply as a part of your interaction with the Sites. Along with the normal information necessary for us to present the Sites to you, we also use tools like cookies and tracking technologies to collect Personal Information in connection with your use of the Sites.

Our web pages may incorporate “pixel tags,” “web beacons,” or other similar tracking technologies that allow us, or our agents, to track the actions of users of our Sites (known as “click-stream data”). Click-stream data can include Personal Information, such as the IP address of the computer you are using, the type of operating system and browser software that you use, the date and time of your access to our Sites, the website address, if any, from which you linked directly to our Sites, the website address, if any, to which you then travel from our Sites, and any similar traffic-related information.

We may also aggregate your click-stream data with similar data collected from other users in order to help us improve our Sites and the services we provide through our Sites. If we combine information that is not personal with Personal Information, we will consider the combined information to be Personal Information.

2.1 Cookies

Besides pixel tags and similar technologies, we use cookies to manage information related to how our Site operates, and who visits it. Cookies are text files containing small amounts of information that are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies are useful because they allow a website to recognize a user’s device.

Cookies perform various functions, such as letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience. The kinds of cookies that may be used on the Sites are set out below:

• Strictly necessary cookies are essential for you to move around the Sites and use their features, such as accessing secure areas of the Sites. Without these cookies, certain services you have asked for cannot be provided.
•  Performance cookies collect information about how you use the Sites, for instance, which pages visitors go to most often and if they get error messages from web pages. These cookies do not collect information that identifies a visitor. Generally, the information these cookies collect is aggregated and therefore anonymous. It is used to improve how a website works. However, if we combine data from these kinds of cookies with Personal Information, we treat this kind of cookie data as Personal Information as well.
• Functionality cookies allow the website to remember choices you make (such as your username, language, or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts, and other parts of web pages that you can customize. They may also be used to provide services you have asked for.
•  Targeting cookies are used to better understand your interests related to our, and our trusted partner’s, products and services. We use these technologies to track the actions of our Site users and email recipients, measure the success of marketing campaigns, and compile statistics about usage and response rates. These cookies do collect Personal Information and can be “turned off” (or “opted out of”) through your browser settings or the Site preferences manager.
  
  

The Site preferences manager can be found by selecting Cookie preferences at the bottom of this webpage.

Most internet browsers allow you to remove or manage cookie functions and adjust your privacy and security preferences. Outside of the use of the cookie settings in your browser, there are also browser-specific settings like “Do Not Track” (“DNT”) or “Global Privacy Control” (“GPC”). The DNT signal is not widely adopted and is not a finalized standard, so we don’t respond to DNT signals. However, GPC signals are generally recognized but as we don’t sell or share Personal Information (as these terms are defined in applicable law), nothing further needs to be done as a result of a generic GPC signal.

2.2 Geo-location data

When using certain functions via the App, your location information may be used if your mobile device uses global positioning system (“GPS”) technology, trackers, or other location tools. If you have selected device settings that allow your location information to be obtained, we will use this information solely to return your estimated location and to provide you with more localized results and/or services. Blue Shield does not monitor your GPS tracking or location information, does not share the information with any third parties other than service providers, and does not save this information. You may restrict sharing of your location information through your device’s settings menu.

2.3 Mobile analytics

When you download and use our App, we automatically collect information on the type of device you use, operating system version, and the device identifier.

We use mobile analytics software to allow us to understand the functionality of the software used in our App on your phone better. This software may record information such as how often you use the App, the events that occur within the App, aggregated usage, performance data, and where the App was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the App.

How we use the information we collect

In our normal course of business, we use Personal Information to respond to your inquiries. We may also use Personal Information to notify you of events, products, or services that we think may be of interest to you. If you decide at any time that you no longer wish to receive notifications from us, please refer to the paragraph below captioned “Changing or Deleting Personal Information.”

Additionally, Blue Shield uses Personal Information about you for the following purposes:

• to establish or maintain our relationship with you;
• to contact you and respond to your requests and inquiries;
• to provide you with products or services you have requested;
• to keep you informed of products and services we think may be of interest to you, including those of our affiliated brands;
• to personalize your experience with us and to assist you while you use the Sites;
• for business administration, including statistical analysis;
• to improve the Sites by helping us understand who uses the Sites;
• to protect the interests of visitors to our Sites, our employees, and other third parties;
• to investigate violations of our policies and applicable law;
• for fraud prevention, detection, and to comply with applicable laws, regulations or codes of practice; or
• as part of any contemplated or actual sale of all or some of the assets of Blue Shield.
  

Blue Shield will only process Personal Information as described in this Policy, as permitted by applicable law, or as otherwise consented to by you.

How we retain information we collect

We will retain Personal Information for as long as necessary or permitted in light of the purposes described in this Policy. However, some Personal Information may be retained for longer periods as required by law, contract, or auditing requirements. We will also retain Personal Information for as long as necessary to establish, exercise, or defend legal claims, or as otherwise permitted by applicable law.

How we disclose information we collect

General disclosures

We may disclose your Personal Information to our affiliates and subsidiaries, and to our service providers to the extent necessary to enable them to perform certain Site-related services (for example, web hosting, to improve Site-related services and features, or for maintenance services) on our behalf. All service providers are required to comply with the privacy practices and policies of Blue Shield and are permitted to use data only for the purpose of performing services on our behalf.

Affiliate ad marketing

We do participate in affiliate advertising networks with trusted third-parties (“Ad Partners”). As part of our participation, other members of the network, and the Ad Partner itself, may be able to use Personal Information related to your visit to our Site. Our Ad Partners use data collection technologies to understand how our Site is being used and to analyze your browsing history in order to deliver advertising relevant to your interests, as well as to provide advertising-related insights.  These advertisements may appear on other websites or services, including through social media networks.  These Ad Partners may be able to associate devices across third party websites or services over time and link various devices used by the same individual.

Ad marketing opt-out

You do have the right to opt-out of Ad Partner tracking. You can make your preference known to us by visiting the Site preferences manager. The Site preferences manager can be found by selecting Cookie preferences at the bottom of this webpage.

For more information about how Ad Partners use the information collected by these technologies and your options for restricting cookies placed by some of these Ad Partners, please visit:

• Digital Advertising, Alliance (DAA)’s self-regulatory opt-out page and mobile application-based “AppChoices” download page.
• European Interactive Digital Advertising Alliance (EDAA)’s opt-out page.
• Network Advertising Initiative (NAI)’s self-regulatory opt-out page.
  
  

These opt-outs are device- and browser- specific and may not work on all devices.  If you choose to opt-out through one of the tools above, it does not mean you will cease to see advertising. Rather, the ads you see will be based on the website you are visiting and not your interests.

Other disclosures

As we continue to develop our business, we might sell or buy assets. In such transactions, user information, including Personal Information, generally is one of the transferred business assets. Also, if either Blue Shield itself, or substantially all of Blue Shield’s assets were acquired, your Personal Information may be one of the transferred assets. Therefore, we will disclose or transfer your Personal Information to a third-party purchaser in these circumstances.

We disclose Personal Information to a third party if we believe that we are required to do so for any or all of the following reasons:

• by applicable law;
• to comply with certain legal processes or governmental requests;
• to prevent, investigate, detect, or prosecute criminal offenses or attacks on the technical integrity of the Sites or our network;
• to protect the rights, property, or safety of Blue Shield and its affiliates, their partners, and employees, the users of the Sites, or the public; or 
• as we deem necessary to satisfy any applicable law, regulation, legal process, or governmental request.

E-mail marketing

We may contact you periodically by e-mail to provide information regarding events, products, services, and content that may be of interest to you, unless you advise us that you do not wish to receive marketing or market research communications from us.

If you wish to stop receiving marketing or market research communications from us or would like to stop processing your Personal Information in any other way, you can contact us as described below to let us know what types of communications you wish to stop receiving.

Please note that we do send, by email, important administrative information regarding either the Sites or services to users who have provided us with their email addresses. Because this information is important to your use of the Sites and is not marketing, it is generally not possible to “opt out” of receiving these email communications.

Data transfers

We collect and process Personal Information in the USA. As such, the law applicable to the processing of your data may not be as comprehensive as the law of the place where you live.

Security

Blue Shield seeks to adopt appropriate physical, technological, and organizational security measures that are consistent with industry practice in order to assist with protection against the loss, misuse, and alteration of Personal Information that is under our control. Blue Shield retains Personal Information for as long as necessary to fulfil the purposes for which such Personal Information was collected and in compliance with applicable laws.

Revisions to our privacy policy

Blue Shield reserves the right to update and revise this Policy at any time and from time to time, as it deems necessary or appropriate. You may determine if this Policy has been revised since your last visit by referring to the “Effective Date” noted at the top of this page.

Links to other sites

Our Sites may contain links to other websites operated by third parties. Please be aware that we are not, and cannot be, responsible for the content and privacy practices of other websites and that this Policy applies only to the information that we collect through the Sites. Thus, we encourage you to read the privacy statements of all of the destination websites you visit.

Contact Us

If you have any questions or concerns regarding this Privacy Policy, you can contact the Blue Shield Privacy Office by sending an email to privacy@blueshieldca.com, calling us at (888) 266-8080 (toll free), or by U.S. mail to:

Blue Shield Privacy Office
P.O. Box 272540
Chico, CA 95927-2540