CPRA

Download Here

Glencar Insurance Company

CPRA Policy for California B2B Contacts & Website Users

Last Updated: October 01, 2023

  1. Introduction

We value your business and your trust in Glencar Insurance Company (“GIC,” “we,” “our,” or “us”). The privacy and confidentiality of your Personal Information (as defined below) is among our top priorities.

This CPRA Policy applies to you only if you are a California resident and (i) are asking about, applying for, or otherwise buying commercial or workers’ compensation insurance through GIC for, or on behalf of, your company, or (ii) use or otherwise interact with our website, www.glencarinsurance.com (collectively, “consumer,” “you, or “your”). It does not apply to you if you or your company does not have an insurance policy with us and are not seeking information about obtaining a policy.

This CPRA Policy describes the information we collect about you and how we use and protect it before, during and after your relationship with us. We adopt this CPRA Policy to comply with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CPRA”) and any terms defined in the CPRA have the same meaning when used in this CPRA Policy.

  1. Scope of this CPRA Policy

This CPRA Policy applies to information that we collect in the ordinary course of business that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household (“Personal Information”). “Personal Information” includes all “Sensitive Personal Information” as defined below. However, publicly available information that we collect from government records and deidentified or aggregated information (when deidentified or aggregated as described in the CPRA) are not considered Personal Information and this CPRA Policy does not apply to such information.

This CPRA Policy also does not apply to certain information that is excluded from the scope of the CPRA, such as Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act, Gramm-Leach-Bliley Act or California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994.

  1. What Personal Information Do We Collect?

The types of Personal Information we collect and disclose depend on your relationship to us. For example, we may gather different data if you are seeking a quote for commercial insurance than if you are a claimant reporting an injury. In the preceding twelve (12) months, GIC collected the following categories of Personal Information.

Category

Applicable Pieces of Personal Information Collected

Identifiers

Real name, postal address, email address, Internet Protocol (IP) address, and other similar identifiers.

Personal information described in California Civil Code § 1798.80(e)

Name(s), signature, telephone number, insurance policy number.

Commercial information

Transaction information, purchase history, financial details.

Professional or employment related information

Name of current employer and job title.

We will not collect additional categories of Personal Information without providing you notice. As further described in the To Whom Do We Sell or Share Your Personal Information? section, we do not (i) “sell” any categories of Personal Information for monetary or other valuable consideration, or (ii) “share” any categories of Personal Information for cross-context behavioral advertising.

  1. Sources of Personal Information

We gather your Personal Information directly from you when you provide it to us, such as when you:

  • ask about, apply for, or buy insurance
  • pay your policy
  • visit our website, call us, or visit our office
We also gather your Personal Information from sources other than you, such as from:

  • your insurance agent or broker

  • your employer, association, or business (if you are insured through them)

  • other insurance companies (for example, in cases of subrogation claims that may come to us)

  • consumer reporting agencies, motor vehicle departments, and investigators connected with claims adjusting and inspection services, such as to gather your credit history, driving record, claims history, or value and condition of your property

  • third parties, including other insurers, brokers and insurance support organizations who you have communicated with about your policy, anti-fraud databases, sanctions lists, court judgments and other databases, government agencies, or open electoral register

  • other third parties who take out a policy with us and are required to provide your Personal Information (for example, where a commercial vehicle is offered, an employer may need to provide information about their employees who will be driving the vehicles)

  • other public directories and sources

  1. How Do We Use Your Personal Information?

In the preceding twelve (12) months, we may have used the categories of Personal Information listed above for one or more of the following business or commercial purposes:

  • To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our insurance products and services, we will use that Personal Information to respond to your inquiry.

  • To process transactions on your behalf, and information about you or about participants, beneficiaries, or claimants under your insurance policy in the normal course of business.

  • To underwrite and issue, maintain, and renew insurance policies, or related products, obtain reinsurance, and process claims under an insurance policy, or related contract and to communicate with you throughout this process.

  • To collect premium payments, collect purchase payments, collect reinsurance proceeds, purchase reinsurance, pay insurance claims, pay third parties and other payees, and make other business-related payments.

  • To support other day-to-day business and insurance related functions.
  • To create, maintain, customize, and secure your account with us.

  • To contract with service providers to perform business, professional or insurance functions on our behalf.

  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.

  • To help maintain the safety, security, quality, and integrity of our website, products and services, databases and other technology assets, infrastructure, premises, and business, including to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity, and to debug to identify and repair errors that impair existing intended functionality.

  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of GIC’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by GIC about our consumers is among the assets transferred.

  • To comply with (i) our legal, regulatory, and contractual obligations, (ii) a court order or subpoena to provide information, or (iii) a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities.

  • To cooperate with law enforcement agencies concerning conduct or activities that we (or one of our service providers’) believe may violate federal, state, or local law.
  • To exercise or defend legal claims.

  • As described at or before the point of collecting your Personal Information or with your authorization, or as otherwise set forth in the CPRA.

GIC will not use the Personal Information it collected for materially unrelated, or incompatible purposes without providing you notice.

  1. Third Parties to Whom We Disclose Your Personal Information for a Business OR COMMERCIAL Purpose

We do not disclose any consumers’ Personal Information to anyone, except as permitted or required by law or as otherwise set forth in our Privacy Notice and this CPRA Policy. In the preceding twelve (12) months, GIC has disclosed the Personal Information categories identified in the What Personal Information Do We Collect? section of this CPRA Policy to the following categories of third parties for one or more of the business or commercial purposes described above:

  • Our parents, subsidiaries, and affiliates

  • Advisors (e.g., lawyers, accountants, auditors, insurers, bankers)

  • Insurance-related business partners and other similar parties (e.g., insurance support organizations, underwriters, actuaries, appraisers, brokers, agents, and adjusters; claims administrators; and investigators connected with claims adjusting and inspection services)

  • IT vendors, data aggregators, records management, and data storage providers

  • Public entities (e.g., governmental, regulatory, quasi-regulatory, tax or other authorities, law enforcement agencies, courts, arbitrational bodies, and fraud prevention agencies)

  • Insurers, re-insurers, policyholders, and claimants

  • Authorized representatives and successors in interest (e.g., your personal representative, attorney, beneficiary, or other legally authorized successor to your interest in your insurance policy). For instance, under our condominium insurance program, a certificate of insurance can be provided to a unit owner upon request.

  1. To Whom Do We Sell or Share Your Personal Information?

Sale” of Your Personal Information

GIC has not “sold” any Personal Information for either monetary or other valuable consideration in the preceding twelve (12) months, and it has no actual knowledge of “selling” any Personal Information of consumers under the age of sixteen (16) for monetary or other valuable consideration.

Sharing” of Your Personal Information

GIC has not “shared” any Personal Information for the purpose of cross-context behavioral advertising in the preceding twelve (12) months, and it has no actual knowledge of “sharing” any Personal Information of consumers under the age of sixteen (16) for such purpose.

  1. How Long DO WE Retain Each Category of Personal Information?

We retain all categories of Personal Information described above in accordance with our legal obligations, our records retention policies, or as otherwise permitted by law. For example, we may have a legal obligation to retain Personal Information relating to your policies or claims with us. We will delete your data once the legal obligation expires or after the period of time specified in our records retention policies. Similarly, we may need to retain Personal Information in order to exercise or defend our legal rights in relation to your policies or claims with us. We will delete this information once it is no longer needed for such purposes.

In addition, we may retain any or all categories of Personal Information when your information is subject to one of the following exceptions:

  • When stored in our backup and disaster recovery systems. Your Personal Information will be deleted when the backup media your Personal Information is stored on expires or when our disaster recovery systems are updated.

  • When necessary to help ensure the security and integrity of our Website and IT systems.

Your Personal Information will be deleted when we no longer require your Personal Information for any of the above purposes.

  1. YOUR RIGHTS AND CHOICES

The CPRA provides California residents with specific rights regarding their Personal Information. This section describes your CPRA rights and explains how to exercise those rights. You may exercise these rights yourself or through your Authorized Agent (defined below). For more information on how you or your Authorized Agent can exercise your rights, please see Exercising Your CPRA Privacy Rights.

  • Right to Know. You have the right to request that GIC disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months (a “Right to Know” Consumer Request). This includes: (a) the categories of Personal Information we have collected about you; (b) the categories of sources from which that Personal Information came from; (c) our purposes for collecting this Personal Information; (d) the categories of third parties with whom we have shared your Personal Information; and (e) if we have “sold” or “shared” or disclosed your Personal Information, a list of categories of third parties to whom we “sold” or “shared” your Personal Information, and a separate list of the categories of third parties to whom we disclosed your Personal Information to. You must specifically describe if you are making a Right to Know request or a Data Portability Request. If you would like to make both a Right to Know Consumer Request and a Data Portability Consumer Request, you must make both requests clear in your request. If it is not reasonably clear from your request, we will only process your request as a Right to Know request. You may make a Right to Know or a Data Portability Consumer Request a total of two (2) times within a 12-month period at no charge.

  • Access to Specific Pieces of Information. You also have the right to request that GIC provide you with a copy of the specific pieces of Personal Information that we have collected about you, including any Personal Information that we have created or otherwise received from a third-party about you (a “Data Portability” Consumer Request). If you make a Data Portability Consumer Request electronically, we will provide you with a copy of your Personal Information in a portable and, to the extent technically feasible, readily reusable format that allows you to transmit the Personal Information to another third-party. You must specifically describe if you are making a Right to Know request or a Data Portability request. If you would like to make both a Right to Know Consumer Request and a Data Portability Consumer Request, you must make both requests clear in your request. If it is not reasonably clear from your request, we will only process your request as a Right to Know request. We will also not provide this information if the disclosure would create a substantial, articulable, and unreasonable risk to your Personal Information or the security of our systems or networks. We will also not disclose any Personal Information that may be subject to another exception under the CPRA. If we are unable to disclose certain pieces of your Personal Information, we will describe generally the types of Personal Information that we were unable to disclose and provide you a description of the reason we are unable to disclose it. You may make a Data Portability Consumer Request a total of two (2) times within a 12-month period at no charge.

  • Correction. You have the right to request that we correct any incorrect Personal Information about you to ensure that it is complete, accurate, and as current as possible. You may request that we correct the Personal Information we have about you as described below under Exercising Your CPRA Privacy Rights. In some cases, we may require you to provide reasonable documentation to show that the Personal Information we have about you is incorrect and what the correct Personal Information may be. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect or if the Personal Information is subject to another exception under the CPRA.

  • Deletion. You have the right to request that GIC delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your Consumer Request (see Exercising Your CPRA Privacy Rights), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies pursuant to the CPRA. Some exceptions to your right to delete include, but are not limited to, if we are required to retain your Personal Information to complete the transaction or provide you the goods and services for which we collected the Personal Information or otherwise perform under our contract with you, to detect security incidents or protect against other malicious activities, and to comply with legal obligations. We may also retain your Personal Information for other internal and lawful uses that are compatible with the context in which we collected it.

  • Limiting Our Uses and Disclosures of SPI. You have the right to request that we limit our use and disclosure of your Sensitive Personal Information to only those purposes specifically enumerated in the CPRA. Currently, we do not use or disclose your Sensitive Personal Information for purposes other than those expressly permitted by the CPRA. Should this change in the future, we will update this CPRA Policy and provide you with methods to limit the use and disclosure of Sensitive Personal Information.

  • Non-Discrimination. We will not discriminate against you for exercising any of your CPRA rights. Unless permitted by the CPRA, we will not do any of the following as a result of you exercising your CPRA rights: (a) deny you goods or services; (b) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; (c) provide you a different level or quality of goods or services; or (d) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Exercising Your CPRA Privacy Rights

To exercise the rights described above, please submit a verifiable consumer request (a “Consumer Request ”) to us by either:

If you fail to make your Consumer Request in accordance with the ways described above, we may either treat your request as if it had been submitted with our methods described above or provide you with information on how to submit the request or remedy any deficiencies with your request.

Only you, or someone that you have authorized to act on your behalf (an “Authorized Agent ”), may make a Consumer Request related to your Personal Information. You may also make a Consumer Request on behalf of your minor child.

All Consumer Requests must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an Authorized Agent of such a person.

    • For all requests, we will need the consumer’s full name plus their postal address and/or email address.

    • To protect the privacy and security of your Personal Information, we may request additional information from you to help us verify your identity and process your request.

  • Be described with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm which Personal Information relates to you or the individual for whom you are making the request as their Authorized Agent.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to forty-five (45) additional days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option.

In response to a Right to Know or Data Portability Consumer Request, we will provide you with all relevant information we have collected or maintained about you on or after January 1, 2022, including beyond the 12-month period preceding our receipt of the request, unless (a) doing so proves impossible or would involve disproportionate effort, (b) you request information for a specific time period, or (c) an exception applies. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your Consumer Request unless it is excessive, repetitive, or manifestly unfounded. If we determine that your Consumer Request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

  1. CHANGES TO THIS CPRA POLICY

We reserve the right to amend this CPRA Policy from time to time. When we make changes to this CPRA Policy, we will post the revised CPRA Policy on this page with a new “Last Updated” date.

  1. CONTACT INFORMATION

If you have any questions or comments about this CPRA Policy, the ways in which GIC collects and uses your information described in this CPRA Policy or GIC’s Privacy Notice, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Phone: (800) 221-1076

Email: [email protected]

Website: www.glencarinsurance.com

Postal Address: Glencar Insurance Company, Attn: Privacy Officer, 500 Park Blvd, Suite 805, Itasca, IL 60143