Privacy Notice


Our Privacy Promise to You

U.S. Risk, a division of Innovation Growth Partners Specialty, LLC (“U.S. Risk”) provides this privacy notice to our customers, website visitors, vendors, employees, contractors, and consultants so that you will know what we will do with the personal information (including but not limited to Social Security numbers, personal financial information, and health information) that we may receive from you directly or from your health care provider, or receive from another source that you have authorized to send us your personal information. We at U.S. Risk are concerned about your privacy and assure you that we will do what is required of us to safeguard your personal information.

In addition to the disclosures in this privacy notice, if you are a resident of California then the additional provisions of Appendix 1 (the “Privacy Notice for California Residents”), or Appendix 2 (the “Privacy Notice for Job Applicants and Employees, and for their Emergency Contacts, who are California Residents”), may also apply.

This Privacy Notice is provided in accordance with, and is subject to, U.S. law. Personal Information collected from individuals located outside of the United States is subject to the provisions of Appendix 3 (the “International Privacy Notice”).

“Personal information” means any data that relates to an identified or identifiable natural person, including information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, Social Security numbers, personal financial information, and health information.

What Types of Information Will We Be Collecting?

U.S. Risk collects personal information from you required both for our business and pursuant to regulatory requirements. Without it, we cannot provide our products and services for you. We will be collecting personal information about you from:

  • Applications or other forms, such as name, address, Social Security number, assets and income, employment status and dependent information.
  • Your transactions with us or your transactions with others, such as account activity, payment history, and products and services purchased.
  • Consumer reporting agencies, such as credit relationships and credit history. These agencies may retain their reports and share them with others who use their services.
  • Other individuals, businesses, and agencies, such as medical and demographic
  • Visitors to our websites, such as information from on-line forms, site visitorship data and on-line information collection devices, commonly called “cookies.”

What Will We Do With Your Personal Information?

The information U.S. Risk gathers are shared within our company to help us maximize the services we can provide to our customers. We will only disclose your personal information as is necessary for us to provide the insurance products and services you expect from us. U.S. Risk does not sell your personal information to third parties, nor does it sell or share customer lists.

We may also disclose all the information described above to third parties with which we contract for services. In addition, we may disclose your personal information to medical care institutions or medical professionals, insurance regulatory authorities, law enforcement or other government authorities, or to affiliated or nonaffiliated third parties as is reasonably necessary to conduct our business or as otherwise permitted by law.

U.S. Risk will keep your personal information for as long as it may need it to provide you with insurance services and/or to comply with its contractual and/or legal obligations.

Our Security Procedures

At U.S. Risk, we have put in place reasonable measures consistent with industry and legal standards to ensure the security and confidentiality of customer information. We will handle the personal information we receive by restricting access to the personal information about you to those employees and agents of ours who need to know that information to provide you with our products or services or to otherwise conduct our business, including actuarial or research studies. Our computer database has multiple levels of security to protect against threats or hazards to the integrity of customer records, and to protect against unauthorized access to records that may harm or inconvenience our customers. We maintain physical, electronic, and procedural safeguards that comply with federal and state regulations to safeguard all your personal information, especially Social Security numbers. Specifically, we protect the confidentiality of Social Security numbers, prohibit unlawful disclosure of Social Security numbers and limit access to Social Security numbers.

Privacy Rights in Certain Jurisdictions

Certain jurisdictions extend enhanced personal information rights to residents of or persons located in the jurisdiction. You may have some or all of the following rights in relation to the personal information we collect about or from you, depending on the jurisdiction and our reason for processing your information:

  • Right of access: You may ask us to confirm whether we are processing your personal information and the specific pieces of personal information we have collected and, if necessary, provide you with a copy of that personal information (along with certain other details).
  • Right to correct: If the personal information we hold about you is inaccurate or incomplete, you may be entitled to request to have it corrected, taking into account the nature of the personal information and the purposes of the processing of your personal information.
  • Right to delete: You may have a right in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable), to request that we delete or remove your personal information.
  • Right to restrict/limit processing: You may have a right to restrict the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to us.
  • Right to data portability: You may have the right to receive a copy of personal information we've obtain from you, where technically feasible, in a structured, commonly used and machine-readable format, and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
  • Right to withdraw consent: If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you may have the right to withdraw that If you withdraw your consent, we may not be able to carry out your instructions or perform the contract we have or are trying to enter into with you.
  • Right to lodge a complaint: If you have a concern about any aspect of our privacy practices, including the way we've handled your personal information, you may report it to the relevant supervisory or regulatory authority. You may contact us as provided at the bottom of this Privacy Notice if you would like to receive contact information for your local authority.
  • Right to Non-Discrimination: You may exercise your rights under law without

Please note that some of these rights may be limited where we have an overriding legitimate interest or legal, regulatory or contractual obligation to continue to process the personal information, or where the personal information may be exempt under applicable law.

To exercise your rights under this Privacy Notice, please contact us at:

Phone: 1-866-657-0861
Compliance Hotline: www.usi.com/compliance

Address: U.S. Risk
Attn: Chief Compliance Officer
100 Summit Lake Drive, Suite 400
Valhalla, NY 10595


Appendix 1

Privacy Notice for California Residents

This Privacy Notice applies to personal information of California residents. This notice does not apply to personal information collected pursuant to (i) the federal Gramm-Leach-Bliley Act and its implementing regulations or the California Financial Information Privacy Act; or, (ii) certain medical and health information covered by HIPAA.

Personal Information We Collect

We collect information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). We may collect the following categories of personal information and sensitive personal information.

Category of Personal Information

Examples

Identifiers

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.

Information Categories listed in the California Customer Records statue
(Cal. Civ. Code 1798.80(e))

A name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Characteristics of protected classifications under California or federal law

Race, age, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran, or military status.

Commercial Information

Records of personal property, products or services purchased, obtained, or considered.

Internet or other electronic network activity information

Browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.

Internet or other similar network activity

Browsing history, search history, interaction with a website, similar network activity application, or advertisement, data from cookies or web beacons, and interactions with marketing emails, including when you read and respond to email correspondence.

Professional Information

Job history, work status, skills, professional qualifications.

Government Identifiers (SPI [Sensitive Personal Information])

Social Security number, Driver’s license number, State ID card number, Passport number where necessary for legal or regulatory compliance.

 

Sources of Personal Information

  • Directly from you
  • Your employer
  • Third party business contacts who make referrals or provide prospect information
  • Your online activity
  • Advertising Networks
  • Data analytics providers
  • Government Entities

Business Purposes for Collecting and Disclosing Personal Information

We collect and use personal information for the following business purposes:

  • Provide, administer, and support our and our services
  • Manage our commercial relationship
  • Verify your identity
  • Register and service your or your company’s accounts, subscriptions, or attendance at in person or online events, including on behalf of our subsidiaries
  • Contact you when necessary and to respond to your requests and inquiries
  • Manage and maintain online and physical security and protect our property, data, systems, clients, and colleagues against cyberattacks, fraud, and other legal and security threats
  • Market our services and offerings of interest to you and your employer
  • Analyze, administer, and improve our offerings and services and evaluate the overall effectiveness of our marketing activities and overall services
  • Comply with and enforce applicable laws, regulations, client contractual requirements, industry standards, and our own policies
  • Complete required anti-fraud, AML (Anti-Money Laundering), and sanctions checks before engaging you as a supplier or providing services to you as a client
  • To process payments to you for services rendered or other reimbursements
  • For any other purpose described to you at the point of collection or pursuant to your consent

Retention of Personal Information

We consider the following obligations when setting retention periods for personal information and the records we maintain: the need to retain information to accomplish the business purposes or contractual obligations for which it was collected; our duties to effectuate our clients’ instructions with respect to personal information we process on their behalf; our duties to comply with mandatory legal and regulatory record-keeping requirements; and other legal impacts such as applicable statute of limitations periods. We may also retain personal information for other purposes delineated in applicable privacy laws.

We do not sell your personal information.

Right to Access Personal Information

An Under CPRA, residents of California may exercise certain rights regarding personal data, subject to certain exceptions and limitations:

  1. Right to request access to the personal data we have collected about you, restrict the processing of specific pieces of personal information we collected about you and learn how we collect this information, our purpose in collecting it
  2. Right to correct or delete the personal data we have collected from you
  3. Right to opt-out of our sale(s) of your personal data
  4. Right to limit use and disclosure of sensitive personal information, if applicable
  5. Right not to receive discriminatory treatment for the exercise of the relevant privacy rights conferred by applicable laws

To exercise your rights under the CPRA, please contact us at:

Phone: 1-866-657-0861
Compliance Hotline: www.usi.com/compliance

Address: U.S. Risk
Attn: Chief Compliance Officer
100 Summit Lake Drive, Suite 400
Valhalla, NY 10595

Restriction on Children’s Information

We do not knowingly collect personal data online from children under the age of 13 or sell their personal information. If we learn that we have received information directly from a child who is under the age of 13, we will take appropriate action in accordance with applicable law. To learn more about the Children’s Online Privacy Protection Act (COPPA) please visit the Federal Trade Commission's (FTC) website at https://www.ftc.gov/.

If you have questions about this notice, please contact us at:

Phone: 1-866-657-0861
Compliance Hotline: www.usi.com/compliance

Address: U.S. Risk
Attn: Chief Compliance Officer
100 Summit Lake Drive, Suite 400
Valhalla, NY 10595


Appendix 2

Privacy Notice for Job Applicants and Employees, and for their Emergency Contacts, who are California Residents

This Privacy Rights Notice is not a contract for employment and does not alter the employment at-will relationship between the Company and any employee.

Categories of Personal Information We Collect

We collect information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). We may collect the following categories of personal information and sensitive personal information.

Category of Personal Information

Examples

Identifiers

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.

Personal Information Categories listed in the California Customer Records statue
(Cal. Civ. Code 1798.80(e))

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Internet or other similar network activity

Browsing history, search history, interaction with a website, similar network activity application, or advertisement, data from cookies or web beacons, and interactions with marketing emails, including when you read and respond to email correspondence.

Geolocation Data

Physical location (collected on website).

Sensory Data

Call recordings, video, and photographs.

Professional or employment related information

Job history and resume information, work status (e.g., full-time/part-time), references, skills, professional qualifications, job preferences (such as willingness to relocate and salary expectations).

Characteristics of protected classifications under California or Federal law

Race, age, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran, or military status.

Non-public education information (as defined in the Family Educational Rights and Privacy Act (20 U.S.C. 1232g, 34 C.F.R. Part 99))

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

Inferences drawn from other personal information

Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Government Identifiers

Social Security Number, Driver’s license number, State ID card number, Passport number.

Sensitive Classifications

Racial/ethnic origin, union membership.

Personal information collected and analyzed concerning an individual’s health, sex life, or sexual orientation (SPI)

Voluntarily provided information concerning sexual orientation or disability status.

 

Business Purposes for Collecting and Disclosing Personal Information

We collect and use personal information for the following business purposes:

  • Identifying and evaluating candidates for Company positions
  • Record-keeping related to hiring processes
  • Analyzing and improving the hiring process and outcomes, technology, service providers or other lawful analytics
  • Diversity and inclusion initiatives
  • Complying with legal, regulatory, and corporate policy requirements or cooperate with law enforcement, subpoenas, or judicial process
  • Consideration for other positions across U.S. Risk or its affiliates and subsidiaries
  • To perform background and criminal checks, as permitted by law
  • If a candidate is hired, facilitating the completion of the employment file
  • If candidate is hired, facilitating an application for a visa or work permit
  • Engaging service providers and administering, assessing, debugging, securing and improving our talent acquisition technologies and websites
  • Marketing employment opportunities to potential candidates

Sources of Personal Information:

  • Directly from you or your representative
  • Job search or career networking sites for whom you consented to making the information available to us
  • Search engines, public databases, and/or your company or social media profile, and other publicly available sources
  • External recruiters
  • Indirectly from you or your representative via cookies, web beacons, pixels, and other online tracking technologies on our website.
  • Information from another party or government entity with your consent (for example, for background screening, verification, and references, including education, past employment, criminal background, credit history, or E-verify confirmations)

Retention of Personal Information

We consider the following obligations when setting retention periods for personal information and the records we maintain: the need to retain information to accomplish the business purposes or contractual obligations for which it was collected; our duties to effectuate our clients’ instructions with respect to personal information we process on their behalf; our duties to comply with mandatory legal and regulatory record-keeping requirements; and other legal impacts such as applicable statute of limitations periods. We may also retain personal information for other purposes delineated in applicable privacy laws.

We do not sell your personal information.

Right to Access Personal Information

Under CPRA, residents of California may exercise certain rights regarding personal data, subject to certain exceptions and limitations:

  1. Right to request access to the personal data we have collected about you, restrict the processing of specific pieces of personal information we collected about you and learn how we collect this information, our purpose in collecting it
  2. Right to correct or delete the personal data we have collected from you
  3. Right to opt-out of our sale(s) of your personal data
  4. Right to limit use and disclosure of sensitive personal information, if applicable
  5. Right not to receive discriminatory treatment for the exercise of the relevant privacy rights conferred by applicable laws

To exercise your rights under the CPRA, please contact us at:

Phone: 1-866-657-0861
Compliance Hotline: www.usi.com/compliance

Address: U.S. Risk
Attn: Chief Compliance Officer
100 Summit Lake Drive, Suite 400
Valhalla, NY 10595

Restriction on Children’s Information

We do not knowingly collect personal data online from children under the age of 13 or sell their personal information. If we learn that we have received information directly from a child who is under the age of 13, we will take appropriate action in accordance with applicable law. To learn more about the Children’s Online Privacy Protection Act (COPPA) please visit the Federal Trade Commission's (FTC) website at https://www.ftc.gov/.

As an equal opportunity employer, the Company uses Employees’ personal information consistent with applicable law.

If you have questions about this notice, please contact us at:

Phone: 1-866-657-0861
Compliance Hotline: www.usi.com/compliance

Address: U.S. Risk
Attn: Chief Compliance Officer
100 Summit Lake Drive, Suite 400
Valhalla, NY 10595


Appendix 3

International Privacy Notice

If you are in the European Union and the EU General Data Protection Regulation (GDPR) applies to our processing of your personal information, the following conditions apply to you:

Categories, Purposes, and Legal Basis for Collecting Your Personal Information

The categories of personal information collected by U.S. Risk, and the purposes for which each category is processed, are specified in Appendix 1 and Appendix 2.

U.S. Risk collects your personal information so that it can provide you with insurance services. Accordingly, U.S. Risk’s legal basis for the processing of your personal information is that it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

If you refuse to provide U.S. Risk with your personal information, you may be unable to obtain insurance services from U.S. Risk.

U.S. Risk will not use any automated decision-making (such as profiling) with respect to your personal information.

Transfers of Data

U.S. Risk is located in the United States, and all personal information we collect is processed by us in the United States. United States laws regarding processing of personal information may be less stringent than the laws in your country, but U.S. Risk will hold and transmit your personal information in a safe, confidential and secure environment. U.S. Risk will also disclose your personal information to third-party insurance carriers in the United States as necessary to provide you with insurance services. U.S. Risk has entered into Standard Contractual Clauses with such recipients. U.S. Risk will not disclose your personal data to any other third parties.

Your Rights with Respect to U.S. Risk’s Collection and Use of Your Personal Information

You have the right to request from U.S. Risk access to your personal information, and the rectification of inaccurate personal information concerning you. You have the right to obtain from U.S. Risk the erasure or the restriction of processing of your personal information in certain circumstances, including when the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, except when U.S. Risk is required by law to maintain or otherwise process your personal information, for the establishment, exercise, or defense of legal claims, or for the protection of the rights or another person. If your personal information is processed based on your consent, you have the right to data portability as well as the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing before the withdrawal of consent. If your personal information is processed based on our legitimate interest, you also have the right at any time object to the further processing of that personal information.

You may exercise these rights by contacting U.S. Risk using the contact information provided above. Please note that we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

You also have the right to lodge a complaint with a supervisory authority of your habitual residence, place of work, or place of an alleged infringement of the applicable data protection law.

If you have any questions about this notification, please contact U.S. Risk using the contact information provided above.

How to Contact Us

For further information about personal information we collect, and your rights under this Privacy Notice, you can contact us at:

Phone: 1-866-657-0861
Compliance Hotline: www.usi.com/compliance

Mailing Address: U.S. Risk
Attn: Chief Compliance Officer
100 Summit Lake Drive, Suite 400
Valhalla, NY 10595