Last Updated: July 2020

PRIVACY POLICY

Roanoke Insurance Group Inc., its member companies, subsidiaries and affiliates (collectively “Roanoke” or “we” or “us”) endeavors to maintain the highest level of trust and confidence from our clients, partners and individuals we encounter while conducting our business (collectively, “you”). As such, all Information we collect will be protected by this Privacy Policy (herein, “Privacy Policy”) and the local laws of your area. Our goal is to responsibly handle PI while balancing the benefits of activities that may include research and data analytics with our commitments to you, including non-discrimination and transparency.

This Privacy Policy applies to the collection, possession, management, and transfer of your Personal Information (“PI”) through a variety of digital means. PI may refer to information that identifies and relates to you or other individuals, such as your dependents, which is oral, electronic, written, or otherwise communicated or recorded. By accessing or using this website, mobile application or other Roanoke product or service or other application on any computer, mobile phone, tablet, console or other device (collectively, “Device“), you consent to our Privacy Policy. Roanoke may modify this Privacy Policy at any time effective upon its posting. Your continued use of this website, mobile application and/or other Roanoke product or service or other application constitutes your acceptance of this Privacy Policy and any updates. This Privacy Policy is incorporated into, and is subject to, the Terms of Use.

Personal Information We May Collect:

The PI we may collect depends upon your relationship with us (for instance: a policyholder; a person benefitting under another policyholder’s policy; claimant; insurance broker or representative; or other person visiting this web site or pertaining to our business). Such PI may include, where applicable: name; general identification information; home or other physical address; email address; telephone number or other contact information; Social Security number; driver’s license or state identification card number; Taxpayer Identification number; passport number; government-issued identification number; financial information (i.e. bank account number and routing number); Roanoke account information, such as username and password; medical condition and health status; telephone recordings with our representatives and affiliates; photographs and video recordings associated with claims, insurance or other business activities; information that enables Roanoke to provide services.

Active Information Collection

We may collect PI about you and other individuals from the following sources:

• Information that you choose to provide us, or that we obtain through your use of our web site;
• Information we receive from you on applications, questionnaires, or other forms;
• Information about your transactions with us, our affiliates or others collected through e-mails, electronic submission to us via any Roanoke or other portal, telephone calls, through social media, as well as communications from claim investigators, witnesses, medical professionals, insurance brokers or other third parties;
• Information you provide or which is obtained through the process of handling a claim, including medical information, such as from an accident report;
• Information we receive from any consumer reporting agency, including, but not limited to a Motor Vehicle Report.

Passive Information Collection:

When you visit the web site, we automatically collect certain information about your activities (“web site usage information”). Web site usage information addresses how visitors use and navigate the web site. This includes:

Cookies:

We use cookies on this website. Cookies are small text files created by a web server, delivered through a web browser, and stored on your computer. They provide a means for websites that you visit to keep track of online patterns and preferences, as well as to identify return visitors. Cookies make the personalization of your web experiences possible, so that you do not need to re-enter your information each time you visit a website.

If you login to the members-only section of our site, we set a cookie with a randomly-generated anonymous identifier to allow you to navigate those pages.

We also provide cookies to help us anonymously track web traffic, as described above. We do not use cookies to gather personal information, and we do not link cookies or clear GIFs to identifiable information, such as your policy number.

Unless it is specifically stated otherwise in an amended Privacy Policy Notice, no additional information will be collected about you.

In addition, Roanoke Insurance Group (RIG) member companies provide cookies via this website as part of the opt-out process.

If you do not want Roanoke or its vendors to deploy browser cookies when you visit the web site, you may set your browser to reject cookies. Doing so may disable the web site’s ability to retain information you have provided, and/or affect your use of some of the products, features, functions, or services on the web site.

Web Beacons:

We use web beacons (invisible images often referred to as pixel tags or clear GIFs) on our sites in order to recognize users, assess traffic patterns, identify preferred content and measure site engagement. We also include web beacons in our e-mail messages, including newsletters, in order to count how many e-mail messages have been opened.

Our website also uses a third party to collect information, including through the use of web beacons, browser cookies and other tracking technologies. We may collect via web beacons various data provided by your browser while you are on our site and elsewhere where we may be acting as a 3rd party. This data is collected in the aggregate, but may include or be associated with other non-Personally Identifiable Information or PI that users have voluntarily submitted.

Non-Personally Identifiable Data Collected on this Web Site:

We collect and store non-personally identifiable data in server logs, and through our use of Google Analytics. Non-personally identifiable data collected and stored in server logs and through our use of Google Analytics may include the number and frequency of visitors to each web page, the length of their stays, the type of browser each visitor is using to view the Web Site (for example, Microsoft Edge or Internet Explorer, Mozilla Firefox, Google Chrome), the type of operating system each visitor is using, (for example, Windows OS, Mac OS), the domain name of each visitor’s Internet service provider (for example, Comcast Xfinity, Verizon FiOS, Charter Spectrum), location data such as the visitor’s IP address, the address (or “URL”) of the web site that the visitor came from before visiting the web site, which pages were visited on the web site, what was clicked on, and certain other available information.

When you request pages from the web site, our servers log your IP address as well as information about your activities on those pages. An IP address is a number that is automatically assigned to your computer whenever you access the Internet, which our web servers use to identify where to send the information your computer requests. .

We aggregate this non-personally identifiable data to better understand how visitors use our site, and to help manage, maintain, and report on use of our website. We store IP addresses for fraud detection and prevention purposes.

We may share this non-personally identifiable data with third parties for the limited purpose of reporting on use of our website, or to comply with applicable law. We also may share this data with our service providers. We do not rent, sell or share any non-personally identifiable data collected on this website with third parties for marketing purposes.

Use of Personal Information

We retain and use your Personal Information to: (1) provide you with services or process transactions that you have requested; (2) communicate with you regarding information, features or offers that we believe will be of interest to you; (3) respond to your questions or other requests; (4) contact you with regard to the web site or otherwise; (5) process any applications, payments or changes to your account information; (6) process other information or Personal Information that you submit through the web site; and fulfill other purposes disclosed at the time you provide your Personal Information. We may also use the information you provide to improve the web site or Roanoke’s services, to customize your experience on the web site, to serve you specific content, or for other business purposes.

If you are purchasing a service, we will request and collect certain financial information from you. Any financial information we collect is used to bill you for the services you purchased. If you purchase by credit card, this information may be forwarded to your credit card provider. You may also be asked to disclose Personal Information to us so that we may provide online technical support and troubleshooting.

 

Personal Information we may share with third-parties:

In the course of our general business practices, we may disclose PI that we collect (as described above) about you or others without your permission to the following types of institutions for the reasons described:

• Other Roanoke and/or Munich Re affiliates and/or subsidiary companies in connection with the conduct of Roanoke business and in conjunction with the applicable affiliate and/or subsidiary company’s risks;
• Insurers or United States government offices for purposes of quoting and issuing insurance policies and/or surety bonds;
• To a service provider if the disclosure will enable that party to perform a business, professional or insurance function for us;
• To a financial institution, agent or credit reporting agency for either this agency or the entity to whom we disclose the information to perform a function in connection with an insurance transaction involving you;
• To an insurance regulatory authority, law enforcement or other governmental authority for regulatory compliance, the detection or prevention of fraud or as otherwise required or allowed by law;
• To a group policyholder for the purpose of reporting claims experience or conducting an audit of our operations or services.

In addition to those circumstances listed above, and unless you instruct us not to, in writing, we may disclose certain information about you to service providers whose use of the information shall be limited to purposes of marketing a product or service. Under no circumstances will we disclose for marketing purposes any medical information; information relating to a claim for benefit or a civil or criminal proceeding involving you; or personal information relating to your character, personal habits, mode of living or general reputation.

Children:

This web site and all associated products and services are intended only for adults over the age of eighteen (18), and are not directed to children younger than age thirteen (13). We do not knowingly collect Personal Information from children under the age of thirteen (13) on the web site, or otherwise, and we will delete any information later determined to be collected from a person younger than age thirteen (13).

Notification that certain disclosures require your authorization:

As we have indicated in this Privacy Policy Notice, we collect certain personal information about you, and we may disclose that information to certain non-affiliated third parties. We are permitted by law to disclose your personal information in the circumstances described above without your permission. FOR ALL OTHER DISCLOSURES, WE ARE REQUIRED TO OBTAIN YOUR AUTHORIZATION. The disclosures that first require your authorization are described in more detail on a separate authorization form that we will provide to you.

Information obtained from a report prepared by a consumer reporting agency may be retained by that organization and disclosed to other persons.

Your right to access and amend your personal information:

You have the right to request access to the personal information that we record about you. Your right includes the right to know the sources of the information and the identity of the persons, institutions or types of institutions to whom we have disclosed such information within two years prior to your request. Your right includes the right to view such information and copy it in person or request that a copy of it be sent to you by mail (for which we may charge you a reasonable fee to cover our costs). Your right also includes the right to request corrections, amendments or deletions of any information in our possession. The procedures that you must follow to request access to or an amendment of your information are as follows:

To obtain access to your information, submit a request in writing that includes your name, address, social security number, telephone number and the recorded information to which you would like access. The request should state whether you would like access in person or a copy of the information sent to you by mail. Upon receipt of your request, we will comply within 30 business days.

To correct, amend or delete any of your information, submit a request in writing that includes your name, address, Social Security number, telephone number, the specific information in dispute and the identity of document or record that contains the disputed information. Upon receipt of your request, we will contact you within thirty (30) business days to notify you either that we have made the correction, amendment or deletion, or that we refuse to do so and the reasons for the refusal, which you will have an opportunity to challenge.

Submit your request to:
Compliance Officer
Roanoke Insurance Group Inc.
1475 East Woodfield Road, Suite 500
Schaumburg, IL 60173

Our practices regarding information confidentiality and security:

While we employ reasonable physical, electronic and organizational measures to secure your Personal Information, no data transmission over the Internet can be guaranteed to be completely secure. Likewise, no storage or processing of your Personal Information on the web site or on other servers or databases to which the information may be transferred can be guaranteed to be completely secure. Please consider this prior to submitting your Personal Information to us via the web site.

We use adequate security measures to safeguard your Personal Information:

• All of the Personal Information you provide us is stored in a secure computing environment protected by secure firewalls and intrusion prevention systems to avert unauthorized access;
• We build information security into our systems and networks using appropriate administrative, technical and physical measures against unauthorized or unlawful processing, destruction or loss of Personal Information.
• We control access so that only people who need to access the information are able to. All employees of Roanoke are required to adhere to our policies on confidentiality and security.
• When you access secure areas of our web sites, we use the Secure Sockets Layer (SSL) protocol to provide you with the safest, most secure web experience possible. SSL technology enables encryption (scrambling) of sensitive information, including passwords and banking information, during your online session. There are two cues to show you that you are using a secure area. First, the web site address (or URL) appears as https:// (instead of just http://) – the “s” is for “secure.” Second, a lock or key indicator appears in the status bar of your web browser. We use https:// only for secure pages, i.e. pages that transfer confidential information. Pages that are only used for product offerings will still use the regular http:// since no sensitive information is being passed through them.
• Secure areas of the web site have a time-out feature. If you leave your secure session inactive for some time, it times-out to prevent unauthorized access.
• If Roanoke provides Personal Information to a Service Provider per this Privacy Policy, the Service Provider shall be carefully selected and required to use appropriate measures to safeguard the confidentiality and security of such Personal information.

Consent to Transfer

The web site is operated in the United States. Your Personal Information will be processed and shared in the United States, where data protection and privacy regulations may provide different levels of protection compared with non-United States jurisdictions. If you are located in the European Union, Canada or elsewhere outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By using the web site or providing us with your information, you consent to this transfer and the retention of and processing of your data in the United States.

Links to Other Sites

For your convenience we may provide links to other web sites that Roanoke does not control and that employ information security and/or privacy practices different from ours. We do not assume responsibility for the information security and/or privacy practices of any web sites not under our control. You should consult the specific information security and/or privacy policies posted on these web sites when linking to them.

We are not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organizations, such as Google, Apple, Microsoft and Facebook and/or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including any Personal Information you disclose through or in connection with the Apps or our Social Media Pages.

CALIFORNIA RESIDENTS

 

California Residents:

This section supplements our Privacy Statement and provides specific information for residents of California (“consumers” in this section), as required under California privacy laws, and is intended to satisfy the California Consumer Privacy Act (“CCPA”), which requires that we provide certain information to California consumers about how we handle your personal information that we have collected, whether online or offline.  Under the CCPA, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, including the categories identified in the table below to the extent they identify, relate to, describe, are reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.

This notice provides important information to California consumers (who are not our employees, job applicants or consultants) about how we handle your personal information that we have collected, whether online or offline.

In particular, the Company has collected within the last twelve (12) months, and, in the future, will collect, the following categories of personal information about California consumers:

Categories of Personal Information Collected

Category	Examples
Name, contact information and identifiers	Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, telephone number, insurance policy number, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. or other similar identifiers.  Some identifiers included in this category may overlap with other categories.
Records:  Policyholder records, claimant records, agent records, service provider records and consumer records	Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information or health insurance information.  Some identifiers included in this category may overlap with other categories.
Protected classifications	Age, race, color, sex, age, religion, national origin, disability, citizenship status and genetic information.
Commercial Information	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Biometric Information	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
Internet or other similar network activity	Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with Internet websites, applications, or advertisements.
Geolocation data	Precise geographic location information about a particular device.
Audio/visual	Audio, electronic, visual, thermal, olfactory, or similar information
Educational, professional or employment-related information of policyholders, claimants, agents, or service providers	Education history, current or past job history or performance evaluations

For purposes of this Privacy Statement, the following information is not considered to be personal information:

• Information that is lawfully made available from government records.
• De-identified or aggregated information.
• Information excluded from the CCPA’s scope, including:
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

Categories of Sources of Personal Information Collected

We collect personal information from our commercial policyholders, claimants, other individuals with information about the risk that we are insuring or reinsuring or about a claim, service providers who provide services to us, companies that we reinsure, our agents, our policyholders’ agents, reinsurance intermediaries of the companies that we reinsure, our vendors, our third party service providers our affiliates,  third party data providers and internet website visitors.

Business Purpose for Collecting Personal Information

We collect personal information from our vendors and perspective vendors, including our service providers, when the vendors are negotiating and entering into a contract with us to allow us to manage our vendor procurement process, to assess and confirm a vendor’s suitability for the specific product/service and to engage with vendors as needed throughout the course of business.

We collect personal information from our policyholders, claimants, other individuals, third party administrators, agents, our policyholders’ agents,  intermediaries, adjusters, investigators, attorneys, companies that we reinsure and other third party service providers as part of our underwriting practices to allow us to underwrite the risk, set a premium for the policy or reinsurance rate, conduct internal research and analysis, conduct our business operations, comply with legal and regulatory requirements, conduct anti-fraud processes, and, if applicable, adjust claims.

We collect personal information from agents upon entering into an agency agreement with us to allow us to manage our agent appointment process, to comply with legal and regulatory requirements and to manage our agents.

We collect personal information from individuals who access our Internet Website, application or website and from individuals who provide personal information to us in connection with consumer outreach and research and client outreach and research.

We collect information from third party data providers that is used for internal research and analysis and that is used to supplement risk attributes about our policyholders.

Sale of Personal Information

We do not sell personal information. In the past 12 months, we have not sold your personal information.

Sharing Personal Information

To accomplish our business purposes, we share personal information with our affiliated companies, information analytics and research vendors (for actuarial, underwriting, and product development purposes), insurance software companies, insurance agents, reinsurance intermediaries, reinsurers, third party administrators, inspection vendors, attorneys, court reporters, arbitrators, mediators, fire and/or police departments, ladder assists, salvage, subrogation, regulatory officials and law enforcement, as required, lienholders or mortgagees, contractors engineer, temporary accommodations, risk modeling service providers, insurance rate services organizations and bureaus, repair networks, other insurance carriers, policyholders, CRM (customer relationship management) vendors, phone system vendors, social media, lienholders, reinsurers, mail service vendors, research vendors, printing vendors and other vendors and third party service providers.

We disclose the following categories of personal information for a business purpose:   Name, contact information and identifiers, policyholder records, claimant records, agent records, service provider’s records and consumer records, protected classifications, commercial information, biometric information, internet and other similar network activity, geolocation data, audio/visual information, education and employment information and profiles and inferences.  When we disclose personal information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

Your Rights Pertaining to Your Personal Information

The CCPA grants you particular rights (subject to certain exceptions) with respect to your personal information that companies may hold about you. Each of your rights is outlined in more detail below:

Requests for Copy, Deletion and Right to Know. Subject to certain exceptions, California consumers have the right to make the following requests, at no charge, up to twice every 12 months:

Copy: The right to request a copy of the specific pieces of personal information that we have collected about you in the prior 12 months.

Deletion: The right to request deletion of their personal information that we have collected about you. Please note that California law provides you this right subject to certain exemptions that may apply (for example, where the information is used by us to detect security incidents, debugging, to comply with a legal obligation, or otherwise not subject to a deletion request).

Right to Know: You have the right to request that we tell you how we have handled your personal information in the prior 12 months, including:

• The categories of personal information we collected, sold, or disclosed for a business purpose.
• The categories of sources from which we collected personal information.
• The business or commercial purposes for collecting and selling your personal information.
• The categories of third parties to whom we sold or disclosed for a business purpose your personal information and the specific categories of personal information sold or disclosed to each category of third party.

How to Exercise Your Rights

In order to exercise any of the rights described above, please:

• Contacting us at 1.800.ROANOKE
• In writing to: Roanoke Insurance Group Inc., Attn: Compliance Officer, 1475 East Woodfield Road, Suite 500, Schaumburg, IL 6017;

We may need to request specific and/or additional information from you to help us confirm your identity and ensure your right to access or delete your personal information. This is a security measure designed to prevent the disclosure of your personal information to a person who has no right to receive it. We will only use this information to verify your identity or authority to make the request.

We will deliver our written response to you. We will not charge you a fee for access to your personal information (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, excessive, or manifestly unfounded, or we may refuse to comply with your request in these circumstances.

We will not be obligated to respond to more than two requests for data access/data portability in a 12-month period. Any responses will cover the 12-month period preceding your request.

Incentives and Discrimination. The CCPA prohibits discrimination against California consumers for exercising their rights under the CCPA and imposes requirements on any financial incentives offered to California consumers related to their personal information. Businesses may offer different prices, rates, or quality of goods or services if the difference is reasonably related to the value of the consumer’s data.

Authorized Agents. You can designate an authorized agent, pursuant to a designation that we validate, to make a request under the CCPA on your behalf.

For More Information. For questions or concerns about the business’s privacy policies and practices, please contact us via the same phone number or address listed used to exercise your rights listed above.

 

CITIZENS OF EUROPEAN UNION MEMBER STATES

Roanoke provides services principally within the United States (“U.S.”) and Canada. To the extent that any citizen of European Union (“EU”) Member States or any state belonging to the European Economic Area (“EEA”) (collectively” “EU Citizen”) chooses to visit and/or use Roanoke’s web site and/or products and/or services, they consent to the practices described in this Privacy Policy and agree to its terms.

Exercising Choices

EU Citizens that use our web site and provide us with Personal Information (also known as “Personal Data”) may be entitled to additional protections. For instance, upon request, Roanoke will grant EU Citizens reasonable access to the Personal Information that it holds about them. In addition, EU Citizens may receive the personal data he or she provided to Roanoke and transmit such information to another data controller (i.e. “Data Portability”).

EU Citizens may withdraw their consent to have their Personal Information processed further by Roanoke. Please note, however, that an EU Citizen’s withdrawal of consent does not apply to any processing that occurred before its withdrawal while the EU Citizen’s consent was valid. In some instances, information that an EU Citizen provides may be related to and necessary for performance under a contractual agreement between the EU Citizen and us; in such situations, a withdrawal of consent may not affect our ability to process your Personal Information related to the performance of a contract between the EU Citizen and Roanoke.

Roanoke will take reasonable steps to permit EU Citizens to correct, amend, or delete Personal Information demonstrated to be inaccurate or incomplete. EU Citizens may also restrict the processing of their Personal Information under limited circumstances, such as when the accuracy of the Personal Information is disputed. Additionally, EU Citizens may object to the processing of their Personal Information on certain grounds, such as where their Personal Information is processed for direct marketing purposes. Finally, Roanoke will take reasonable measures to permit EU Citizens to erase their Personal Information in Roanoke’s possession or control when no longer needed for the purposes it was originally collected or processed; the EU Citizen has withdrawn consent; when no other bases exist to store or process the information; or for such other grounds as may be required under the EU Data Protection Directive 95/46/EC or the EU General Data Protection Regulation (“GDPR”), effective May 25, 2018.

EU Citizens may contact us at the below email address with any questions or complaints regarding the processing of their Personal Information that they provide to Roanoke. We will work to resolve any complaints about your privacy and our collection or use of your Personal Information. EU Citizens may also contact their local data protection authority (“DPA”) to lodge a complaint.

Roanoke retains all data collected according to this Policy and recommended data retention practices.

For more information or if you have questions:

Should you have further questions regarding our privacy policy, you may contact us at 1.800.762.6653.