Privacy Policy

Benefit Administration Services LLC (“BAS”) is strongly committed to protecting your privacy online when visiting our web site. BAS knows that you care how information about you is used and shared and we appreciate your trust that we will do so carefully and sensibly. This Privacy Notice outlines the information BAS will collect on the BAS web site and how we will use that information. By visiting, you are accepting the practices described in this Privacy Notice.

Privacy Policy

Last updated: October 09, 2020

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Website and tells You about Your privacy rights and how the law protects You.  We use Your Personal data to provide and improve the Website.  By using the Website, You agree to the collection and use of information in accordance with this Privacy Policy.


For the purposes of this Privacy Policy, the following capitalized words shall have these definitions:

Personal Data

While using Our Website, We may ask You to provide Us with certain Personal Data that can be used to contact or identify You.

Usage Data

Usage Data is collected automatically when using the Website.  When You access the Website by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.  We may also collect information that Your browser sends whenever You visit our Website or when You access the Website by or through a mobile device.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Website and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Website. The technologies We use may include:

Cookies can be "Persistent" or "Session"Cookies.  Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. Learn more about cookies: Cookies: What Do They Do? We use both Session and Persistent Cookies for the purposes set out below:

Necessary / Essential Cookies

Cookies Policy / Notice Acceptance Cookies

Functionality Cookies

Tracking and Performance Cookies


Use of Your Personal Data

The Company may use Personal Data for the following purpose:

We may share Your Personal Data in the following situations:

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy.  We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.  The Company will also retain Usage Data for internal analysis purposes.  Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Website,or We are legally obligated to retain this data for longer time periods.


Transfer of Your Personal Data

Your information, including Your Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province,country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction. Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to potential transfer of Your Personal Data.  The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.


Disclosure of Your Personal Data

 Business Transactions:  If the Company is involved in a merger,acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

·Law enforcement:  Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements:  The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:


Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure.  While We strive to use commercially acceptable means to protect Your Personal Data,We cannot guarantee its absolute security.


Detailed Information on the Processing of Your Personal Data

Website Providers have access to Your Personal Data only to perform their tasks on Our behalf and are obligated not to disclose or use it for any other purpose.



We may use third-party Website providers to monitor and analyze the use of our Website.

Google Analytics



Email Marketing

We may use Your Personal Data to contact You with newsletters,marketing, or promotional materials and other information that may be of interest to You.  You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.  We may use Email Marketing Website Providers to manage and send emails to You.


State Laws

 Some States have specific laws regarding privacy and the rights of consumers in an on-line environment.  While not purporting to be a comprehensive list of all that may be in effect, the following State laws may affect you:



 Your California Privacy Rights (California's Shine the Light law):  Under California Civil Code Section 1798(California's Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their Personal Data with third parties for the third parties' direct marketing purposes.  If you'd like to request more information under the California Shine the Light law, and if You are a California resident, You can contact Us using the contact information provided below.

California Privacy Rights for Minor Users (California Business and Professions Code Section 22581):  California Business and Professions Code section 22581 allow California residents under the age of 18 who are registered users of online sites, services, or applications to request and obtain removal of content or information they have publicly posted.  To request removal of such data, and if You are a California resident, You can contact Us using the contact information provided below, and include the email address associated with Your account.  Be aware that Your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.

Cal. Civ. Code §§ 1798.100 et seq., The California Consumer Privacy Act of 2018 (CCPA):  Allows consumers the right to request a business to disclose the categories and specific pieces of personal information that the business has collected about the consumers as well as the source of that information and business purpose for collecting the information. Provides that consumers may request that a business delete personal information that the business collected from the consumers. Provides that consumers have the right to opt out of a business’s sale of their personal information, and a business may not discriminate against consumers who opt out.Applies to California residents. (Effective Jan. 1, 2020.)

Calif. Bus. & Prof. Code § 22575:  Requires the operator of a commercial web site or online service to disclose in its privacy policy how it responds to a web browser 'Do Not Track' signal or similar mechanisms providing consumers with the ability to exercise choice about online tracking of their personal information across sites or services and over time. It also requires the operator to disclose whether third parties are or may be conducting such tracking on the operator’s site or service.

Calif. Bus. & Prof. Code § 22575-22578 (CalOPPA):  California's Online Privacy Protection Act requires an operator, defined as a person or entity that collects personally identifiable information from California residents through an Internet Web site or online service for commercial purposes, to post a conspicuous privacy policy on its Web site or online service (which may include mobile apps) and to comply with that policy. The law, among other things,requires that the privacy policy identify the categories of personally identifiable information that the operator collects about individual consumers who use or visit its Web site or online service and third parties with whom the operator may share the information.



Conn. Gen. Stat. § 42-471:  Requires any person who collects Social Security numbers in the course of business to create a privacy protection policy.  The policy must be"publicly displayed" by posting on a web page and the policy must (1)protect the confidentiality of Social Security numbers, (2) prohibit unlawful disclosure of Social Security numbers, and (3) limit access to Social Security numbers.  


Del. Code Tit. 6 § 205C: Requires an operator of a commercial internet website, online or cloud computing service, online application, or mobile application that collects personally identifiable information through the Internet about individual users residing in Delaware who use or visit the operator's commercial internet website, online or cloud computing service, online application, or mobile application to make its privacy policy conspicuously available on its internet website, online or cloud computing service, online application, or mobile application.  An operator shall be in violation of this subsection only if the operator fails to make its privacy policy conspicuously available within 30 days after being notified of noncompliance. Specifies requirements for the policy.

Del. Code § 1204C: Prohibits operators of websites, online or cloud computing services, online applications,or mobile applications directed at children from marketing or advertising on its Internet service specified products or services inappropriate for children’s viewing, such as alcohol, tobacco, firearms, or pornography. When the marketing or advertising on an Internet service directed to children is provided by an advertising service, the operator of the Internet service is required to provide notice to the advertising service, after which time the prohibition on marketing and advertising the specified products or services applies to the advertising service directly. The law also prohibits an operator of an Internet service who has actual knowledge that a child is using the Internet service from using the child’s personally identifiable information to market or advertise the products or services to the child, and also prohibits disclosing a child’s personally identifiable information if it is known that the child’s personally identifiable information will be used for the purpose of marketing or advertising those products or services to the child.


 NRS § 603A.300:  Requires an operator to establish a designated request address through which a consumer may submit a verified request directing the operator not to make any sale of covered information collected about the consumer.  The term “sale” is defined to mean the exchange of covered information for monetary consideration by the operator to a person for the person to license or sell the covered information to additional persons.  The law also prohibits an operator who has received such a request from making any sale of any covered information collected about the consumer. The Attorney General may seek an injunction or a civil penalty for violations.

NRS § 603A.340: Requires operators of Internet websites or online services that collect personally identifiable information to identify the categories of information collected through its Internet website or online service about consumers who use or visit the site or service and the categories of third parties with whom the operator may share such information. Provides a description of the process, if any such process exists, for an individual consumer who uses or visits the Internet website or online service to review and request changes to any of his or her information that is collected through the Internet website or online service.


 ORS § 646.607:  Makes it an unlawful trade practice if a person publishes on a website related to the person’s business, or in a consumer agreement related to a consumer transaction, a statement or representation of fact in which the person asserts that the person, in a particular manner or for particular purposes, will use, disclose,collect, maintain, delete or dispose of information that the person requests,requires or receives from a consumer and the person uses, discloses, collects,maintains, deletes or disposes of the information in a manner that is materially inconsistent with the person’s statement or representation.


9 V.S.A § 2446-2447 (Protection of PersonalInformation: Data Brokers): Requires data brokers--businesses that knowinglycollect and license the personal information of consumers with whom suchbusinesses do not have a direct relationship—to register annually with theSecretary of State.  Data brokers alsomust provide consumers with specified information, including the name, e-mail,and Internet addresses of the data broker; whether the data broker permits aconsumer to opt out of personal information collection or data sales; themethod for requesting an opt-out; activities or sales the opt-out applies to;and whether the data broker permits a consumer to authorize a third party toperform the opt-out on the consumer's behalf.  A statement specifying the data collection,databases, or sales activities from which a consumer may not opt out and astatement as to whether the data broker implements a purchaser credentialingprocess must also be disclosed, among other disclosures.  Data brokers also must implement and maintaina written information security program containing administrative, technical,and physical safeguards to protect personally identifiable information.


Links to Other Websites

Our Website may contain links to other websites that are not operated by Us.  If You click on a third party link, You will be directed to that third party's site.  We strongly advise You to review the Privacy Policy of every site You visit.  We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or Websites.


Changes to this Privacy Policy

We may update Our Privacy Policy from time to time.  We will notify You of any changes by posting the new Privacy Policy on this page.  We will let You know via email and/or a prominent notice on Our Website prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.  You are advised to review this Privacy Policy periodically for any changes.  Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, You can contact us: