State Privacy Law

California Privacy Notice / Notice at Collection

Updated December 2023


Overview

 

Maintaining the privacy and security of your personal information is integral to the culture of CRC Group and its subsidiaries (also referred to collectively and individually as “CRC,” “we,” “our,” “us”). In doing so, we want to provide transparency regarding how and why your data is collected, how it is used, and with whom it may be shared. This document, as well as our  Statement of Online Privacy Practices, set forth how we will interact with your personal information.  

 

This notice is directed to California residents and relates to the collection, use, and disclosure of consumer personal information covered by the California Consumer Privacy Act (CCPA).  This notice also provides further information about our practices, along with details concerning “Right to Know”, “Right to Correct” and “Right to Delete” requests. 

 

Collection and Use

 

We are in the business of acting as an insurance wholesaler.  As such, it is necessary for us to collect certain personal information to fulfill that role, comply with federal and state laws, and other legal obligations.

 

We may collect, and have collected in the past 12 months, the following categories of personal information:

 Personal identifiers (ex: name, contact information);

 Background data (ex. marital status, education information);

 Government issued data (ex: passport, driver’s license, SSN);

 Commercial information (ex: purchase histories, transaction information);

 Professional or employment-related information;

 Geolocation (ex: your IP address when visiting a CRC website);

 Internet or other electronic network activity information (ex: browsing history);

 Audio, electronic, or visual, information (ex: voice recordings when you contact a call center);

 Personally identifiable health information;

 Background/criminal records;

 Marketing opt-out/preference information;

  Inferences drawn from any of the above information

 

It is necessary for us to share certain personal information with affiliates and/or trusted service providers to provide our products and services, and to comply with legal, regulatory, and contractual obligations. We may disclose each of the categories of personal information described above to such external or affiliated companies for the reasons noted above.  Below are categories of third parties with whom we share personal information:

 Affiliates and other entities in the CRC family;

 Businesses with which we partner to offer products and services for our clients or prospective customers, such as joint marketing or bill pay partners;

 Service providers that provide various services to us, such as those we use to help detect and prevent fraud, improve our online services, and to better market and advertise our services to you;

 

 Government entities and other third parties as needed for legal or similar purposes, such as:

·         To respond to requests from our regulators;

·         To respond to a warrant, subpoena, governmental audit or investigation, law enforcement request, legal order or other legal process;

·         To facilitate a merger, acquisition, sale, bankruptcy, or other disposition of some or all of our assets;

·         To exercise or defend legal claims.

 

Purpose for Collection and Use

 

We collect and use personal information to conduct business as an insurance wholesaler. In the past 12 months, we have collected and used personal information for the following purposes:

 Deliver, manage, and support products and services (ex: account information, statements, and notifications);

 Manage business operations;

 Assess and manage risk, manage internal financials;

 Meet legal, regulatory, or compliance requirements;

 Manage fraud and financial crimes;

 Support and optimize channels and interactions (ex: improving website performance);

 Identify and recommend new products and services;

 Perform services on behalf of another entity or business (ex: processing data for healthcare providers);

 Provide employee benefits and other services (ex: retirement, health), manage hiring, employment, performance, and staffing.

 

Sources of Personal Information

 

In general, we may collect personal information about you, directly and indirectly, depending on your relationship with us—whether as an agent, broker, policyholder, claimant, employee of our corporate clients, family member of any such person, or other person who we employ or with whom we do business.

 

Specifically, we may collect your personal information from the following sources:

 Directly from you or your family member;

 Outside service providers, vendors, and third parties (such as insurance companies, intermediaries, brokers, or agents) from which we collect personal information or market data as part of providing products and services, completing transactions, or supporting operations;

 Outputs from analytics;

 Websites, mobile applications, and social media;

 Our affiliates or subsidiaries;

 Outside merchants or business partners such as corporate clients;

 Public records or publicly available data.

 

Notice of Right to Opt Out of Sale/Sharing

 

You may at any time direct CRC to stop selling or sharing your personal information, which is called the “Right to Opt Out”. Once you make an opt out request, CRC will comply within 15 business days, and will wait at least 12 months before asking you to reauthorize sales or sharing. You may exercise your right to opt out of sale/sharing by calling 866-858-5158, by clicking the Do Not Sell or Share my Personal Informaton link from bottom of website or on the CRC home page, or by enabling a preference signal, described further in the section titled “Opt Out Preference Signals”.  

 

Notice of Right to Limit Use of Sensitive Personal Information

CCPA provides you with a “right to limit” companies from using your sensitive personal information to infer characteristics about you for certain purposes – for example, for marketing.  Since CRC does not engage in any of those limitable activities, we do not provide a related opt out.

Retention of Personal Information

 

CRC has established product and business-level criteria for retention and disposal according to business requirements, laws, regulations, and applicable industry standards.

 

Right to Know

 

Consumers under the CCPA may exercise their “Right to Know” to request that we disclose certain information we may have collected about them over the last 12 months, the categories of sources from which that information was collected, the business or commercial purpose(s) for which the information was collected, and the categories of third parties with whom we share personal information.

 

Right to Correct

You have the right to request correction of inaccurate information maintained by CRC.  In many instances, such updates are best made by emailing by calling 866-858-5158, and some corrections may require specific documentation to be provided as required by law. If you provide us documentation, it will only be used or maintained for the purpose of correcting the information and complying with our recordkeeping requirements under the CCPA. CRC also provides privacy request links as described below.

Right to Delete

You have the right to request deletion of personal information that CRC has collected, subject to certain exceptions. For example, we may deny your request if retaining the information is necessary for us to complete a transaction you requested or comply with our legal obligations.

Consumers are welcome to submit requests for more information by clicking here or by calling 866-858-5158.

 

All requests must be verified prior to receiving a response. Requesters will be asked to supply certain basic personal information to enable us to validate that the requestor is the consumer who is subject of the request. Information submitted for verification purposes will only be used to verify the requestor’s identity and/or authority to make a request on another’s behalf.  Requests made on another person’s behalf can only be accepted upon receipt of documentation that the requestor is an authorized agent, parent, or legal guardian of the consumer whose information is being requested. 

 

Upon submission of a request, CA consumers will receive an initial response confirming receipt within 10 days. A full response will be provided to CA consumers within 45 days (unless an extension of up to 45 additional days is requested, upon which the consumer will receive notice and an explanation for the extension).   Please note CRC is also a service provider; for example, providing underwriting services or property insurance If you are an employee, customer, representative, or otherwise associated with one of these clients, we encourage you to reach out to the business directly to exercise your rights specific to this information.


Opt Out Preference Signals

 

Your internet browser may give you control over certain of your privacy preferences via a Global Privacy Control (GPC) signal. This is a setting in your browser that notifies the websites you visit of your preferences to opt out of selling or sharing your personal information under California law. If you have opted out via the GPC signal, CRC sites will recognize this signal and process your preference automatically as it pertains to tags, cookies and pixels that collect personal information when you visit CRC.com. Please note, you will need to enable the signal on each browser that you use, as the signal is processed at the browser-level and is not applied if you visit CRC.com from a different browser or device that does not have the GPC signal enabled. CRC does not sell/share any non-browser-based data.


Non-Discrimination

 

The submission of a "Right to Know", "Right to Correct", or "Right to Delete" request or exercising any of the above rights will have no impact on the service and/or pricing you receive from us. It will not result in any denial of goods or services, or different prices, rates or quality of goods or services, nor will it result in retaliation against an employee, applicant, or independent contractor. 

 

Consumers Under 16 years of Age

 

CRC products and services are not intended for consumers under the age of 16, and we do not knowingly collect information from children under the age of 16 without consent. CRC does not knowingly share the personal information of minors under the age of 16 for cross-contextual advertising.

Updates

 

This notice may be revised from time to time, so please review this page periodically. Any changes will become effective when we post the revised notice on the site. 

 

Contact Us

 

If you have any questions or comments on this notice or our privacy practices generally, please contact us at  866-858-5158.