Last updated: July 1, 2023
Maximus, Inc. and its subsidiaries (we, us, our) provide this privacy notice for Connecticut consumers (notice). This notice only applies to persons who live in the State of Connecticut (consumer, you, your). This notice is to comply with the Connecticut Consumer Data Privacy Act (CTDPA) and other Connecticut privacy laws. Terms defined in the CTDPA have the same meaning in this notice.
Categories of personal data we process
Business reasons we process personal data
Personal data we share with third parties
Personal data we use or sell for targeted advertising
Your rights regarding your personal data
How to exercise your consumer rights
- How to make a request
- How we respond to your request
- How to appeal a decision on your consumer rights request
Changes to this notice
How to contact us
Categories of personal data we process
We process the data categories below that are linked or could reasonably be linked to an identified or identifiable natural person (personal data):
Category | Examples |
Personal data | Unique identifiers such as name, alias, postal address, Internet Protocol (IP) address, email address, Social Security number, telephone number, or other such identifiers. |
Sensitive data | Personal data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life, sexual orientation or citizenship or immigration status, the processing of genetic or biometric data for the purpose of uniquely identifying an individual, personal data collected from a known child, or precise geolocation data. |
Personal data does not include:
- Publicly available information
- De-identified consumer information
- Information excluded from the CTDPA's scope, such as:
- Health Insurance Portability and Accountability Act of 1996 (HIPAA) protected health information
- Information used for public health activities and purposes as authorized by HIPAA, community health activities and population health activities
- Data maintained for employment purposes
- Data collected, processed, sold or disclosed pursuant to the certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA) and the Driver's Privacy Protection Act of 1994
Information excluded by the CTDPA's scope exception for entities including but not limited to:
- Body, authority, board, bureau, commission, district, or agency of the State or any political subdivision of the State
- HIPAA covered entities and their business associates
- Non-profit organizations
- Financial institutions or data subject to Title V of the federal Gramm-Leach-Bliley Act (GLBA)
Business reasons we process personal data
We process consumer personal data for one or more of these business reasons (not a complete list):
Business reason | Examples |
Support our everyday operations, including to meet risk, legal, and compliance requirements |
|
Manage, improve, and develop our business |
|
Provide information to consumers |
|
Personal data we share with third parties
“Third party” means an individual or legal entity, such as a public authority, agency or body, other than the consumer, controller or processor or an affiliate of the processor or the controller
We do not disclose consumer personal data to third parties. When we disclose personal data for a business purpose, we enter into a contract that describes the business purpose. The contract requires the receiver to keep that personal information confidential and not use it for any purpose except to perform the contract.
Personal data we use or sell for targeted advertising
We do not use or sell personal data for targeted advertising.
Your rights regarding your personal data
The CTDPA gives you these rights regarding your personal data:
Right to | Description |
Confirm | Whether or not a controller is processing your data and to access your personal data |
Correct | Inaccurate personal data, considering the nature of the personal data and the purposes for processing your data |
Delete | Personal data you provide, or we get that is about you |
Data portability | Get a copy of your personal data that you gave the controller in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another controller without obstruction, where processing is automated |
Opt-Out | Processing your personal data for purposes of (i) targeted advertising, (ii) sale of personal data, or (iii) profiling to further decisions that produce legal or similarly significant effects concerning you |
How to exercise your consumer rights
How to make a request
If you are a Connecticut consumer and want to exercise your rights, send your request using How to contact us below. To act on your request, we must verify your identity. Give us enough information to identify you, such as your:
- Name
- Email address
- Mailing address
- Business name
- Business email address
- Business address name
- Date of last contact
- Reason you gave Maximus the personal data
Do not give us your Social Security number.
If you are a parent or legal guardian submitting a request for a minor child, please include your relationship to the minor child.
How we respond to your request
We will respond to your request without unreasonable delay. We will always respond no later than 45 calendar days after we get the request. If we cannot verify your identity in that time, we may deny your request. We will notify you during that time if we need more time (up to 45 calendar days) to respond to your request.
Some information is exempt from CTDPA. This includes employment information and information subject to certain federal privacy laws such as the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA).
Other laws may also affect our ability to comply with your request. State or federal laws requiring that we keep certain information may prevent us from granting your request to delete it. We may decline all or part of your request.
We will respond to your verifiable request free of charge once per year. We may deny your request or charge a reasonable fee for clearly unfounded, excessive, or repeated requests. If we decide your request requires a fee, we will tell you why. We will give you a cost estimate before we complete your request.
How to appeal a decision on your consumer rights request
If we decide not to act on your request, we will explain why. You may appeal that decision using How to contact us below. Within 60 days of the date we get your appeal, we will tell you our appeal decision in writing. We will include the reasons for the decisions.
If we deny your appeal, you may file a complaint with:
Office of the Attorney General
165 Capitol Avenue
Hartford, CT 06106
We reserve the right to change this notice at any time. When we do, we will post the revised notice on this webpage with the date of last update.
If you have questions or comments about this notice, contact us at:
Phone: 1-833-953-3696
Email: Privacy@maximus.com