California Privacy Notice
PERSONAL INFORMATION WE COLLECT
Categories of Personal Information we have Collected from and/or Disclosed:
- Contact Information, such as first and last name, email address, telephone number, or mailing address.
- Employment Information, such as employment history, qualifications, licensing, or disciplinary records.
- Characteristics of protected classifications (e.g., gender, age).
- Educational Information, such as education records or transcripts.
- Financial Information, such as bank account number, or credit history.
- Government Issued Identifiers, such as social security number, driver’s license number, state identification number, or medical license number.
- Service Related Information, such as demographics, loss history, or loss exposure.
- Criminal History, such as convictions or court judgements.
- Internet Network Activity, such as IP address, internet service provider, operating system, site from which you arrived, date and time of your visit, browsing history, clickstream data, or search history.
- Geolocation data (e.g., latitude or longitude).
All Personal Information collected by the Company shall not be retained for longer than is reasonably necessary and proportionate to achieve the business purpose for which it was collected. The Company manages Personal Information in compliance with legal retention requirements, such as those set out in applicable federal and state laws.
SOURCES OF PERSONAL INFORMATION
We obtain the categories of Personal Information listed above from the following categories of sources:
- Directly from Consumer - For example, Personal Information provided in an application or in a request for a quote, claim, or policy on any of our website(s) or through interactions with an agent, employee, or our customer service center.
- Indirectly from Consumer - For example, Personal Information including, IP address, cookies and device ID when consumer visits our website(s), uses our social media sites, interacts with our online advertisements or uses our mobile application(s).
- Directly and indirectly from activity on our website - For example, Personal Information from the internet or other electronic network activity from submissions through our website portal or website usage details collected automatically and from a browser or device.
- Provided by third-party service providers - For example, Personal Information provided by third-party service providers to service accounts or website functions
- Obtained from government entities and consumer reporting agencies - For example, Personal Information from public records, government entities, consumer reporting agencies, and insurance claims history.
HOW WE USE PERSONAL INFORMATION
We use the categories of Personal Information from and about consumers for a variety of business reasons such as:
- Performing services - such as to establish, maintain, or service accounts; underwrite and rate policies; tailor web content to match browser capability; personalize services and products; send marketing communications; respond to inquiries; and provide information about related products and services;
- Auditing services related to a current interaction with you on our website - such as to count ad impressions to unique visitors, verify positioning/quality of ad impressions, and audit for compliance; and
- Protection and compliance services - such as to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; protect against unauthorized use; prosecute those responsible for illegal activity; and to comply with applicable laws.
HOW WE SHARE YOUR PERSONAL INFORMATION
We disclose Personal Information for business purposes and as permitted or required by law. The categories of third parties to whom we may have disclosed Personal Information for a business purpose include:
Authorized Third Party Service Providers
We may, in the ordinary course of business, disclose Personal Information to service providers who are contractually restricted from using or disclosing the provided information except as necessary to perform the services on our behalf or to comply with legal requirements.
Legal Requirements and Business Transfers
We may disclose Personal Information when required by law, statute, rule, regulation, or professional standard; such as to respond to a subpoena, search warrant, legal request; to law enforcement authority or other government official requests; to consumer reporting agencies as permitted by law; to prevent physical harm or financial loss; to investigate suspected or actual illegal activity; to medical professionals or institutions to verify coverage or conduct operations as part of a company audit, to investigate a complaint or security threat; or to our reinsurers or to the new owner of the business, if the Company is subject to a merger or acquisition.
At your direction or request
We may disclose Personal Information when you provide consent, such as sharing information with third parties (e.g., if a consumer provides explicit, opt-in consent to the sharing and use of data with a specifically identified third party partner, such data may be shared and used by the Company and/or the third party partner as described at the time consent is obtained, including for targeted advertising or advertising measurement purposes).
SALE OF PERSONAL INFORMATION
In the preceding twelve (12) months, the Company has not sold or otherwise disclosed Personal Information about consumers to third parties.
The Company does not sell the Personal Information of minors under the age of 16.
The California Consumer Privacy Act (“CCPA”) provides consumers with specific rights regarding their Personal Information and imposes restrictions on particular business practices as set forth below. This section describes consumer CCPA rights and explains how to exercise those rights for residents of California.
RIGHT TO KNOW/RIGHT TO ACCESS
Consumers have the right to know and request the disclosure of Personal Information collected, from whom it was collected, why it was collected, and, if sold, to whom over the past 12 months. This includes the following information:
- The categories of Personal Information collected about consumers.
- The categories of sources for the Personal Information collected about consumers.
- The business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with were shared that Personal Information.
- The specific pieces of Personal Information collected about a consumer.
- If the Company sold or disclosed Personal Information for a business purpose, two separate lists disclosing: sales, identifying the Personal Information categories that each category of recipient purchased; and disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
- You can request a copy of the Personal Information that we have collected about you during the past 12 months.
- You may only make a verifiable consumer request for access twice within a 12-month period.
RIGHT TO CORRECT INACCURATE PERSONAL INFORMATION
Consumers have the right to request the Company to correct inaccurate Personal Information collected and retained. Once the Company receives and confirms a verifiable consumer request, it will correct any inaccurate Personal Information (and direct its service providers to correct any inaccurate Personal Information) from its records, unless an exception applies.
RIGHT TO LIMIT USE
Consumers have the right to request the Company limit the use of Personal Information that was collected and retained. Once the Company receives and confirms a verifiable consumer request, it will limit the use (and direct its service providers to limit the use) of Personal Information from its records, unless an exception applies.
RIGHT TO REQUEST DELETION
Consumers have the right to request that the Company delete any Personal Information collected and retained, subject to certain exceptions. Once the Company receives and confirms a verifiable consumer request, it will delete (and direct it service providers to delete) Personal Information from our records. There may be instances where the Company is unable to delete Personal Information. The Personal Information may be:
- Necessary to complete a transaction or service requested by the consumer;
- Needed for security purposes;
- Needed to identify and repair system errors;
- Needed for the exercise of free speech or exercise another right provided for by law;
- Necessary for compliance with the California Electronic Communications Privacy Act;
- Necessary for internal business purposes; or
- Needed to comply with laws or legal obligations.
The CCPA prohibits discrimination against consumers who exercise their rights under the CCPA. The Company will not discriminate against consumers who have exercised their rights. For example, unless permitted by the CCPA, the Company will not deny services, charge different prices or rates for services, or provide a different level or quality of services, as a result of an access, deletion, or do not sell request.
ADDITIONAL RIGHTS UNDER THE CCPA
Consumers have the right to:
- Request the Company delete Personal Information collected from you; and
- Request the Company opt out from the sale of consumer’s Personal Information.
HOW TO MAKE A REQUEST
Requests to opt out from the sale of consumer Personal Information, or to limit the use of Sensitive Personal Information to only that which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services, can be made on the Company’s website at www.ismie.com.
Requests to limit, delete, correct, access, or to request additional records about the management of consumer Personal Information, can be made by emailing email@example.com or calling 312-853-2055 or 800-782-4767 ext. #2055.
- Once we receive your request, we will evaluate and process it subject to exceptions as outlined by law.
- Once the request is verified, we will then attempt to provide a response to your request within 45 days from the time it was received. We will notify you if we need additional time to respond to your request (up to an additional 45 days).
*For the purposes of identification and consistency the term “ISMIE” or “Company” shall refer to the following entities: ISMIE Mutual Insurance Company; ISMIE Indemnity Company; ISMIE SPC Limited; ISMIE Risk Retention Group, Inc.; and ISMIE UK Limited.
Last Revised: 1/1/2023