State Privacy Law

California Privacy Notice

Updated June 2023

Overview

 

Maintaining the privacy and security of your personal information is integral to the culture of CRC Group and its subsidiaries (also referred to collectively and individually as “CRC,” “we,” “our,” “us”). In doing so, we want to provide transparency regarding how and why your data is collected, how it is used, and with whom it may be shared. This document, as well as our  Statement of Online Privacy Practices, set forth how we will interact with your personal information.  

 

It is important to note that we do not sell your personal information. Since such sales do not occur, there is no link on our websites to opt-out of such activity.

 

This notice is directed to California residents and relates to the collection, use, and disclosure of consumer personal information covered by the California Consumer Privacy Act (CCPA).  This notice also provides further information about our practices, along with details concerning “Right to Know”, “Right to Correct” and “Right to Delete” requests. 

 

Collection and Use

 

We are in the business of acting as an insurance wholesaler.  As such, it is necessary for us to collect certain personal information to fulfill that role, comply with federal and state laws, and other legal obligations.

 

We may collect, and have collected in the past 12 months, the following categories of personal information:

 Personal identifiers (ex: name, contact information);

 Background data (ex. marital status, education information);

 Government issued data (ex: passport, driver’s license, SSN);

 Commercial information (ex: purchase histories, transaction information);

 Professional or employment-related information;

 Geolocation (ex: your IP address when visiting a CRC website);

 Internet or other electronic network activity information (ex: browsing history);

 Audio, electronic, or visual, information (ex: voice recordings when you contact a call center);

 Personally identifiable health information;

 Background/criminal records;

 Marketing opt-out/preference information;

   Inferences drawn from any of the above information

 

It is necessary for us to share certain personal information with affiliates and/or trusted service providers to provide our products and services, and to comply with legal, regulatory, and contractual obligations. We may disclose each of the categories of personal information described above to such external or affiliated companies for the reasons noted above.  Below are categories of third parties with whom we share personal information:

 Affiliates and other entities in the CRC family;

 Businesses with which we partner to offer products and services for our clients or prospective customers, such as joint marketing or bill pay partners;

 Service providers that provide various services to us, such as those we use to help detect and prevent fraud, improve our online services, and to better market and advertise our services to you;

 

 Credit reporting agencies to report on or learn about your financial circumstances and as permitted by law;

 Government entities and other third parties as needed for legal or similar purposes, such as:

·         To respond to requests from our regulators;

·         To respond to a warrant, subpoena, governmental audit or investigation, law enforcement request, legal order or other legal process;

·         To facilitate a merger, acquisition, sale, bankruptcy, or other disposition of some or all of our assets;

·         To exercise or defend legal claims.

 

Purpose for Collection and Use

 

We collect and use personal information to conduct business as an insurance wholesaler. In the past 12 months, we have collected and used personal information for the following purposes:

 Deliver, manage, and support products and services (ex: account information, statements, and notifications);

 Manage business operations;

 Assess and manage risk, manage internal financials;

 Meet legal, regulatory, or compliance requirements;

 Manage fraud and financial crimes;

 Support and optimize channels and interactions (ex: improving website performance);

 Identify and recommend new products and services;

 Perform services on behalf of another entity or business (ex: processing data for healthcare providers);

 Provide employee benefits and other services (ex: retirement, health), manage hiring, employment, performance, and staffing.

 

Sources of Personal Information

 

In general, we may collect personal information about you, directly and indirectly, depending on your relationship with us—whether as an agent, broker, policyholder, claimant, employee of our corporate clients, family member of any such person, or other person who we employ or with whom we do business.

 

Specifically, we may collect your personal information from the following sources:

 Directly from you or your family member;

 Outside service providers, vendors, and third parties (such as insurance companies, intermediaries, brokers, or agents) from which we collect personal information or market data as part of providing products and services, completing transactions, or supporting operations;

 Outputs from analytics;

 Websites, mobile applications, and social media;

 Our affiliates or subsidiaries;

 Outside merchants or business partners such as corporate clients;

 Public records or publicly available data.

 

No Sale Policy

 

As noted above, we do not sell personal information.  As such, there is no link on our websites to opt-out of such activity.

 

Notice of Right to Limit Use of Sensitive Personal Information

Sensitive Personal Information is not used for inferences.

 

Right to Know

 

Consumers under the CCPA may exercise their “Right to Know” to request that we disclose certain information we may have collected about them over the last 12 months, the categories of sources from which that information was collected, the business or commercial purpose(s) for which the information was collected, and the categories of third parties with whom we share personal information.

 

Right to Correct

You have the right to request correction of inaccurate information maintained by CRC.  In many instances, such updates are best made by emailing salessupportteam@crcgroup.com or by calling 888-219-0464, and some corrections may require specific documentation to be provided as required by law. If you provide us documentation, it will only be used or maintained for the purpose of correcting the information and complying with our recordkeeping requirements under the CCPA. CRC also provides privacy request links as described below.

Right to Delete

You have the right to request deletion of personal information that CRC has collected, subject to certain exceptions. For example, we may deny your request if retaining the information is necessary for us to complete a transaction you requested or comply with our legal obligations.

Consumers are welcome to submit requests for more information by visiting our Consumer Rights Request Portal, hosted by OneTrust:

 To submit a request for yourself, click here.

 To submit a request on behalf of another individual,  click here.

 

Consumers may also submit requests by calling 888-219-0464

 

All requests must be verified prior to receiving a response. Requesters will be asked to supply certain basic personal information to enable us to validate that the requestor is the consumer who is subject of the request. Information submitted for verification purposes will only be used to verify the requestor’s identity and/or authority to make a request on another’s behalf.  Requests made on another person’s behalf can only be accepted upon receipt of documentation that the requestor is an authorized agent, parent, or legal guardian of the consumer whose information is being requested. 

 

Upon submission of a request, CA consumers will receive an initial response confirming receipt within 10 days. A full response will be provided to CA consumers within 45 days (unless an extension of up to 45 additional days is requested, upon which the consumer will receive notice and an explanation for the extension).

 

Non-Discrimination

 

The submission of a "Right to Know" or "Right to Delete" request will have no impact on the service and/or pricing you receive from us. It will not result in any denial of goods or services, or different prices, rates or quality of goods or services, nor will it result in retaliation against an employee, applicant, or independent contractor. 

 

Consumers Under 16 years of Age

 

CRC products and services are not intended for consumers under the age of 16, and we do not knowingly collect information from children under the age of 16 without consent. CRC does not knowingly share the personal information of minors under the age of 16 for cross-contextual advertising.

Updates

 

This notice may be revised from time to time, so please review this page periodically. Any changes will become effective when we post the revised notice on the site. 

 

Contact Us

 

If you have any questions or comments on this notice or our privacy practices generally, please contact us at  salessupportteam@crcgroup.com or 888-219-0464.