California Privacy Notice

Updated December 2022

Overview

Maintaining the privacy and security of your personal information is integral to the culture of CRC Group and its subsidiaries (also referred to collectively and individually as “CRC,” “we,” “our,” “us”). In doing so, we want to provide transparency regarding how and why your data is collected, how it is used, and with whom it may be shared. This document, as well as our Statement of Online Privacy Practices, set forth how we will interact with your personal information.  

It is important to note that we do not sell your personal information. Since such sales do not occur, there is no link on our websites to opt-out of such activity.

This notice is directed to California residents and relates to the collection, use, and disclosure of consumer personal information covered by the California Consumer Privacy Act (CCPA).  This notice also provides further information about our practices, along with details concerning “Right to Know” and “Right to Delete” requests. 

Collection and Use

We are in the business of acting as an insurance wholesaler.  As such, it is necessary for us to collect certain personal information to fulfill that role, comply with federal and state laws, and other legal obligations.

We may collect, and have collected in the past 12 months, the following categories of personal information:

• Personal identifiers (ex: name, contact information);

• Background data (ex. marital status, education information);

• Government Issued data (ex: passport, driver’s license, SSN);

• Biometric information (ex: voiceprints or fingerprints);

• Commercial information (ex: purchase histories, transaction information);

• Professional or employment-related information;

• Financial related data (ex: account number, account dates and balances, credit data, financial transactions);

• Geolocation (ex: your IP address when visiting a CRC website);

• Internet or other electronic network activity information (ex: browsing history);

• Audio, electronic, visual, thermal or olfactory information (ex: voice recordings when you contact a call center);

• Personally identifiable health information;

• Background/criminal records;

• Marketing opt-out/preference information.

It is necessary for us to share certain personal information with affiliates and/or trusted service providers to provide our products and services, and to comply with legal, regulatory, and contractual obligations. We may disclose each of the categories of personal information described above to such external or affiliated companies for the reasons noted above.  Below are categories of third parties with whom we share personal information:

• Affiliates and other entities in the CRC family;

• Businesses with which we partner to offer products and services for our clients or prospective customers, such as joint marketing or bill pay partners;

• Service providers that provide various services to us, such as those we use to help detect and prevent fraud, improve our online services, and to better market and advertise our services to you;

• Other parties when you authorize or direct us to share your information, such as when you use a third-party service to help manage your financial information across financial institutions; 

• Credit reporting agencies to report on or learn about your financial circumstances and as permitted by law;

• Government entities and other third parties as needed for legal or similar purposes, such as:

o To respond to requests from our regulators;

o To respond to a warrant, subpoena, governmental audit or investigation, law enforcement request, legal order or other legal process;

o To facilitate a merger, acquisition, sale, bankruptcy, or other disposition of some or all of our assets;

o To exercise or defend legal claims.

Purpose for Collection and Use

We collect and use personal information to conduct business as an insurance wholesaler. In the past 12 months, we have collected and used personal information for the following purposes:

• Deliver, manage, and support products and services (ex: account information, statements, notifications);

• Manage business operations;

• Assess and manage risk, manage internal financials;

• Meet legal, regulatory, or compliance requirements;

• Manage fraud and financial crimes;

• Support and optimize channels and interactions (ex: improving website performance);

• Identify and recommend new products and services;

• Perform services on behalf of another entity or business (ex: processing data for healthcare providers);

• Provide employee benefits and other services (ex: retirement, health), manage hiring, employment, performance, and staffing.

Sources of Personal Information

In general, we may collect personal information about you, directly and indirectly, depending on your relationship with us—whether as an agent, broker, policyholder, claimant, employee of our corporate clients, family member of any such person, or other person who we employ or with whom we do business.

Specifically, we may collect your personal information from the following sources:

• Directly from you or your family member;

• Outside service providers, vendors, and third parties (such as insurance companies, intermediaries, brokers, or agents) from which we collect personal information or market data as part of providing products and services, completing transactions, or supporting operations;

• Outputs from analytics;

• Websites, mobile applications, and social media;

• Our affiliates or subsidiaries;

• Outside merchants or business partners such as credit card or lending partnerships, or corporate clients;

• Public records or publicly available data.

No Sale Policy

As noted above, we do not sell personal information.  As such, there is no link on our websites to opt-out of such activity.

Right to Know Requests

Consumers under the CCPA may exercise their “Right to Know” to request that we disclose certain information we may have collected about them over the last 12 months, the categories of sources from which that information was collected, the business or commercial purpose(s) for which the information was collected, and the categories of third parties with whom we share personal information.

Consumers are welcome to submit requests for more information by visiting our Consumer Rights Request Portal, hosted by OneTrust:

• To submit a data access request for yourself, click here.

• To submit a data access request on behalf of another individual, click here.

• To dispute or appeal a prior data access request, click here.

Consumers are also welcome to submit requests by calling 888-294-2265.

All requests must be verified prior to receiving a response. Requesters will be asked to supply certain basic personal information to enable us to validate that the requestor is the consumer who is subject of the request. Information submitted for verification purposes will only be used to verify the requestor’s identity and/or authority to make a request on another’s behalf.  Requests made on another person’s behalf can only be accepted upon receipt of documentation that the requestor is an authorized agent, parent, or legal guardian of the consumer whose information is being requested. 

Upon submission of a request, CA consumers will receive an initial response confirming receipt within 10 days. A full response will be provided to CA consumers within 45 days (unless an extension of up to 45 additional days is requested, upon which the consumer will receive notice and an explanation for the extension).

Right to Delete Requests

Consumers under the CCPA also have a “Right to Deletion” of their personal information collected or maintained by us unless an exemption applies.  The submission methods, authentication protocols, and time frames for response are identical to those referenced above in the “Right to Know Requests” section.  In our response, we will explain the manner in which we have deleted the personal information. Or, if an exemption applies restricting our ability to delete the data, we will describe the basis for the denial of the request. 

Non-Discrimination

The submission of a "Right to Know" or "Right to Delete" request will have no impact on the service and/or pricing you receive from us.  

Updates

This notice may be revised from time to time, so please review this page periodically. Any changes will become effective when we post the revised notice on the site. 

Contact Us

If you have any questions or comments on this notice or our privacy practices generally, please contact us at 888-294-2265.