This Privacy Notice is intended to inform you of the ways in which Aptia Insurance Services Group, LLC and its affiliates collect, use, and disclose personal information, and sets forth your rights. When we mention "Aptia," "we," "us" or "our" in this Privacy Notice, we are referring to the relevant company in the Aptia group responsible for processing the information, and is in connection with your use of the following:
Categories of Personal Information Collected, Purpose for Collection, and Third-party Disclosures
We process the following categories of personal information, including sensitive personal information: |
01Identifiers | Examples/Description
Business or Commercial Purposes for Processing
Categories of Third Parties to Whom We May Disclose
|
02Health Information | Examples/Description
Business or Commercial Purposes for Processing
Categories of Third Parties to Whom We May Disclose
|
03Special Categories of Personal Information | Examples/Description
Business or Commercial Purposes for Processing
Categories of Third Parties to Whom We May Disclose
|
04Internet & Other Electronic Network Activity | Examples/Description
Business or Commercial Purposes for Processing
Categories of Third Parties to Whom We May Disclose
|
05Financial Information | Examples/Description
Business or Commercial Purposes for Processing
Categories of Third Parties to Whom We May Disclose
|
06Education Information | Examples/Description
Business or Commercial Purposes for Processing
Categories of Third Parties to Whom We May Disclose
|
07Audio, Video, or Visual Information | Examples/Description
Business or Commercial Purposes for Processing
Categories of Third Parties to Whom We May Disclose
|
08Professional or employment-related Information | Examples/Description
Business or Commercial Purposes for Processing
Categories of Third Parties to Whom We May Disclose
|
09Commercial Information | Examples/Description
Business or Commercial Purposes for Processing
Categories of Third Parties to Whom We May Disclose
|
10Inferences | Examples/Description
Business or Commercial Purposes for Processing
Categories of Third Parties to Whom We May Disclose
|
11Sensitive Personal Information | Examples/Description
Business or Commercial Purposes for Processing
Categories of Third Parties to Whom We May Disclose
|
Image
Additional collection, use and disclosure On some webpages, we deploy session recording technology that tracks visitor interactions with the page, including clicks, mouse movements, keystrokes, and other activities. We may review these interactions to help us assess how to improve our user interface and experience on the relevant webpage. By accepting this Privacy Notice, you consent to our or our third party service providers' recording of interactions during your session on the webpages where this technology is deployed. We may also process or disclose de-identified information that is not reasonably likely to identify you for commercially legitimate and lawful business purposes. Where we have de identified data, we will maintain and use it without attempting to re-identify the data other than as permitted under law. In addition, we may be required or compelled to produce any of the above categories of personal information that we have collected in response to valid legal process, subpoenas, or regulatory requests to authorized parties, including government entities, law enforcement, courts and tribunals, or litigants. We may also disclose your personal information without obtaining your prior permission, as permitted by law, including instances when we believe it is necessary to: (a) prevent physical or financial harm; (b) enforce the Terms of Use; (c) respond to claims of suspected or actual illegal activity; (d) respond to an audit or investigate a complaint or security threat; or (e) comply with law or legal process. Please be aware that if you conduct a transaction through us, a third party (e.g., a service provider or insurer) may collect and process credit card or other personal information about you, including through the use of website cookies, in connection with such transaction. In those instances, we will identify the third party to you and we encourage you to read the third party's privacy notice to learn more about how your information will be used and disclosed by them.
Sources of Personal Information We collect personal information from the following categories of sources
Retention of Personal Information Our retention periods for personal information vary based on the nature of the information and applicable laws. We consider the following obligations when setting retention periods for personal information and the records we maintain: the need to retain information to accomplish the business purposes or contractual obligations for which it was collected; our duties to effectuate our clients' instructions with respect to personal information we process on their behalf; our duties to comply with mandatory legal and regulatory record-keeping requirements; and other legal impacts such as applicable statute of limitations periods. We may also retain personal information for other purposes delineated in applicable privacy laws.
Steps We Take to Protect Your Information As part of our cybersecurity program, we have implemented commercially reasonable physical, administrative, and technical safeguards in an effort to protect your personal information from unauthorized access, use, alteration and deletion. These safeguards may vary depending on the sensitivity, format, location, amount, distribution and storage of the personal information, and include measures designed to keep personal information protected from unauthorized access. Our cybersecurity program has policies and procedures for risk assessments to identify and assess cyber risks, as well as technical controls and processes to detect, respond to and recover from cybersecurity events. As effective as our cybersecurity program is, no security system is impenetrable. We cannot guarantee the security of our systems, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet.
Your Rights Under Certain US Privacy Laws Under certain state privacy laws, residents of the applicable states may have the following rights regarding their personal information. These rights are subject to certain exceptions as described below. Please note that, in many cases, we collect personal information on behalf of our commercial clients, pursuant to a contract. In such circumstances, we act as a "service provider" or "processor" to our clients under applicable privacy laws, and are thus obligated to process personal information in accordance with clients' instructions. Accordingly, in any case where we are acting as a service provider or processor to a client, if you or your authorized agent wish to exercise any rights of the below rights, you should direct your request to our client, who is the party responsible for receiving, assessing, and responding to your requests. If you submit a request directly to us in a scenario where we only process your information as a service provider or processor, we may be required to deny your request. If you are not certain what our role is with respect to your personal information, please contact us through one of the methods described at the end of this Privacy Notice. When required, we will respond to most requests within 45 days, unless it is reasonably necessary for us to extend our response time.
1. Right to Confirm or Access Information You may have the right to confirm whether we process your personal information or what information we process, and to obtain a copy of that information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another business without hindrance. If you submit a valid and verifiable request and we confirm your identity and/or authority to make the request, we will disclose to you any of the following at your direction (with various exceptions):
2. Right to Delete Personal Information You may have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. If you submit a valid and verifiable request and we can confirm your identity and/or authority to make the request, we will determine if retaining the information is permitted or required under law. If no retention conditions apply, we will delete your personal information from our records and direct our service providers to do the same.
3. Right to Correct Personal Information You may have the right to correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of your personal information. If you submit a valid and verifiable request and we can confirm your identity and/or authority to make the request, we will use commercially reasonable efforts to correct the inaccurate information.
4. Right to Limit Processing of Sensitive Personal Information We process sensitive personal information solely as necessary in performance of the Services, to ensure the security and integrity of the information, or as otherwise authorized under law or regulation. Because we do not process your Sensitive Personal Information for the purpose of inferring characteristics about you, we do not provide a mechanism for you to limit our processing of such information.
5. Rights related to Automated Decisions and Profiling We do not independently engage in the automated processing of Personal Information to profile or make predictions, recommendations or decisions that produce a legal or other significant effect on our clients. Because we do not engage in such automated processing, we do not provide a mechanism for you to limit or opt out of our processing of Personal Information in such a manner. Decisions regarding insurance premiums. coverage limits and eligibility, however, may be determined by insurance carriers using automated means, including through one of our sites or applications interacting with such insurers' systems. In those instances, we encourage you to review the applicable insurers' privacy notices to obtain additional information regarding their automated decision-making practices, as well as any right to opt out of such processing or challenge a prediction, recommendation or decision that has impacted you.
6. Right to Non-Discrimination You may exercise your rights under law without discrimination. For example, unless applicable law provides an exception, we will not:
We may offer you financial incentives to provide us with personal information that is reasonably related to the information's value. This could result in different prices, rates, or quality levels for our products or services. Any financial incentive we offer will be described in written terms that explain the material aspects of the financial incentive program. You must opt-in to any financial incentive program and may revoke your consent at any time by contacting us as indicated below.
7. Direct Marketing and Do Not Track Signals Under California's "Shine the Light" law, California residents may request and obtain a notice once a year about the personal information we disclosed to other businesses for their own direct marketing purposes. Such a notice will include a list of the categories of personal information that were disclosed (if any) and the names and addresses of all third parties with which the personal information was disclosed (if any). The notice will cover the preceding calendar year. To obtain such a notice, please contact us as described below. In addition, under this law you are entitled to be advised how we handle "Do Not Track" browser signals. Because there currently is not an industry or legal standard for recognizing or honoring Do Not Track signals, we do not honor Do Not Track requests at this time.
How to exercise the above rights* To exercise your rights described above, please submit a verifiable consumer request to us at the address below. Please note that. as described above, in certain cases we may collect your personal information as a service provider pursuant to a contract we have with a commercial Client to provide the Service. In any case where we are acting as a service provider to a client, you should direct your requests to exercise your rights available under data privacy laws to our client, who is the party responsible for receiving, assessing, and responding to your requests. Only you or a person legally authorized to act on your behalf may make a verifiable consumer request related to your personal information. To designate an authorized agent, we may require you to verify your identity or confirm with us directly that you have provided permission to your authorized agent, or we will rely on a power of attorney you have provided to your authorized agent. You may make a verifiable consumer request for access or deletion no more than twice within a 12-month period. The verifiable request must:
You will not be required to create an account with us in order to submit a verifiable request, though we may communicate with you about your request via a pre-established account if applicable. However, in order to safeguard the personal information in our possession, if we cannot verify your identity or authority to act on another's behalf, we will be unable to comply with your request. We will process and retain additional personal information you provide when submitting a verifiable request only to confirm your identity or authority, or to fulfill your request.
How to appeal an action we have taken with respect to your request to exercise a right If we deny your privacy request in full or in part. please contact the email address for appeals provided in our written response to your request. Our privacy team will consider your request and applicable law, and either agree to honor your appeal request or deny it.
Minors We do not knowingly collect personal information from children under 13. If we learn that we have collected any personal information from a child under the age of 13 without verifiable parental consent, we will delete that information from our files as quickly as possible. If you believe that we may have collected information from a child under 13, please contact us at the email address provided below. If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time (the "right to opt-out"). However, we never knowingly sell or share the personal information of minors under 16 years of age and would not do so in the future without affirmative authorization of the consumer if between 13 to 16 years of age, or the parent or guardian of a consumer less than 13 years of age.
Calls and Text Messages In some instances, your employer or association, group or benefit program sponsor may request services that require us to contact you via telephone calls or text. By accepting the terms of this Privacy Notice and providing us with your contact information, you consent to receive automated calls and texts, as well as emails and/or standard mail, from us including but not limited to information regarding your policy, account, benefits, relationship with us, and other products or services offered through us and/or your employer or program sponsor. Consent is not a condition of any purchase or to obtain a quote. Message and data rates may apply. If you wish to withdraw your consent in the future, follow the prompts described in the call or text or contact us as described below.
External Links Our Sites may include links to websites that are operated by third-party organizations. If you access another organization's website using a hyperlink on our Site, the other organization may collect information from you. We are not responsible for the content or privacy practices of linked websites or their use of your information. If you leave a Site via such a link (you can tell where you are by checking the URLin the location bar on your browser), you should refer to that websites' privacy policies, terms of use, and other notices to determine how they will handle any information they collect from you.
Changes to this Notice This Privacy Notice is subject to change at any time. If we make changes to this Privacy Notice, we will update the "Effective Date" at the top of this page and post it on our Sites.
Other Applicable Terms Our contractual commitments to clients will supersede any terms in this Privacy Notice. In some instances, our services may be subject to additional privacy notices or related disclosure. In the event of a conflict or inconsistency between this Privacy Notice and any service-specific privacy notice or related disclosure, the latter will prevail.
Questions, Requests or Complaints To submit general questions, requests, complaints, or appeals regarding this Privacy Notice or our privacy practices, you may contact our privacy office at: Chief Compliance Officer Aptia Insurance Services Group, LLC 125 High St., 7th Floor, Oliver Tower Boston MA 02110 |