Munich Re Specialty – North America, Binding Authorities (MRSNA) – CCPA Privacy Notice

INTRODUCTION

This Privacy Notice explains how MRSNA (“we” or “us”) collect, use, and disclose personal information subject to the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020 (“CPRA”).  Under the CCPA, “Personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident (“consumer”) or household. This CCPA Privacy Notice also describes the privacy rights of California consumers and how they can exercise those rights.

The CCPA may apply to personal information we collect in connection with providing products or services to businesses and providing products or services to individuals. The CCPA does not apply to certain types of information, such as information subject to the Gramm-Leach-Bliley Act (“GLBA”) or the Fair Credit Reporting Act (“FCRA”). This means that this CCPA Privacy Notice may not apply to personal information that we collect about individuals who seek, apply for, or obtain insurance products or services for personal, family, or household purposes.

The nature of our insurance business requires that we gather and maintain a variety of information about our current and potential customers and consumers, including non-public personal information about individuals. We are committed to keeping confidential and secure any such non-public personal information. We will disclose non-public personal information obtained during our business only as permitted by law

PERSONAL INFORMATION WE MAY COLLECT

We may collect, and in the past 12 months may have collected, the categories of personal information described below from the sources described below. Some of this personal information may be subject to GLBA or FCRA.

Directly From You

We may collect, and in the past 12 months may have collected, the following categories of personal information about you that you include in your application or other forms that you submit, or that you otherwise provide to us:

• Personal identifiers, such as name, postal address, email address, policy number or account number.
• Customer records information, such as financial information or phone number.
• Protected information, such as gender, age, or marital status.
• Commercial information, such as records of personal property and insurance products or services purchased or obtained, purchasing or consuming histories, or transaction or account information.
• Sensitive personal information, such as Social Security number, driver’s license number, passport number, financial account information, race, consumer’s citizenship, immigration status, medical condition including any physical or mental disabilities.

From Our Affiliates and Third Parties

We may collect the following categories of personal information about you from our affiliates, insurers, reinsurers and other third parties, such as brokers, agents, coverholders, or loss adjusters:

• Personal identifiers, such as name, postal address, email address, policy number or account number.
• Customer records information, such as financial information or phone number.
• Protected information, such as gender, age, or marital status.
• Commercial information, such as information about your transactions with our affiliates or other parties (e.g., balances and payment history), records of personal property and insurance products or services purchased or obtained, purchasing or consuming histories, transaction or account information, credit-worthiness, claims history, or credit history
• Sensitive personal information, such as Social Security number, driver’s license number, passport number, financial account information, race, consumer’s citizenship, immigration status, medical condition including any physical or mental disabilities.
• Applications or other underwriting forms.  These forms provide us with information we need as part of the underwriting process; this can include such non-public personal information as individuals' names, addresses, social security numbers and any other information about individuals that we are authorized to obtain in order to underwrite and administer policies and claims.

HOW WE USE PERSONAL INFORMATION

The purposes for which we use personal information depend on our relationship or interaction with a specific California consumer. We may use, and in the past 12 months may have used, personal information to underwrite your insurance policy and evaluate claims under your policy; to operate and manage our business; to provide and maintain our insurance products and services; to verify your identity; to detect and prevent fraud; for vendor management purposes; to operate, manage, and maintain our business, such as developing our products and services; to conduct research and data analysis; to comply with applicable laws; to respond to civil, criminal, or regulatory lawsuits or investigations; to exercise our rights or defend against legal claims; to resolve complaints and disputes; to perform compliance activities; and to perform institutional risk control.

PERSONAL INFORMATION WE DISCLOSE

We may disclose, and in the past 12 months may have disclosed, the categories of personal information described in “Personal Information We May Collect” for the purposes described in “How We Use Personal Information” to the following categories of third parties:

• Affiliates
• Insurers
• Reinsurers
• Brokers
• Agents
• Coverholders
• Service providers, such as loss adjusters, fraud prevention services, and software providers
• Regulatory and law enforcement agencies
• Attorneys, auditors, and other business partners

In the past 12 months, we did not sell or share any personal information, as the term “sell/share” is defined under the CCPA.

CONFIDENTIALITY OF HEALTH AND MEDICAL INFORMATION

It is often necessary for us to obtain personal health information to underwrite, and process claims for various types of insurance coverages. We recognize concerns about the security of that information and want to provide assurance that any personal health data provided to us or that we otherwise obtain will be held in strict confidence. We will not disclose or share personal medical information for marketing or any other unauthorized purpose. We may disclose or share personal medical information as permitted by law; for example, to underwrite policies or administer policies or claims.

RETENTION OF PERSONAL INFORMATION

We retain the Personal Information we collect only as reasonably necessary for the purposes described in this notice or otherwise disclosed to you at the time of collection. We will retain certain Personal Information for as long as it is necessary pursuant to our records retention guidelines. Our records retention guidelines are based on our legal or business needs including but not limited to the following criteria: legal and regulatory obligations and requirements; contractual requirements owed to third parties; operational, fiscal, administrative or historical value to business operations; the duration of our business relationship with you, your employer or another related entity; the possibility of future complaints; whether the record is part of an insurance or reinsurance transaction or claim file; audits; investigations or litigation or the likelihood of these; the possibility of future insurance or reinsurance claim activity; whether the documentation is needed for processing of financial records; statutes of limitations; health and safety requirements; tax requirements; personnel requirements; corporate governance requirements; and record-keeping requirements

YOUR RIGHTS

You have certain rights under the CCPA.  These rights are subject to certain conditions and exceptions. Your rights under the CCPA include:

• Right to Request to Know. You have the right to request to know the following information about our practices: (i) the categories of personal information we collected about you; (ii) the categories of sources from which we collected the personal information about you; (iii) the categories of third parties with whom we shared personal information, (iv) the categories of personal information we sold or disclosed about you and the categories of third parties to whom we sold or disclosed that particular category of personal information; (v) our business or commercial purpose for collecting or selling your personal information; and (vi) the specific pieces of personal information we collected about you.
  
  You may exercise your right to request to know twice a year, free of charge. If we are unable to fulfil your request to know, we will let you know the reason why. Please note, in response to a request to know, we are prohibited from disclosing your Social Security number; driver’s license number or other government-issued identification number; financial account number; any health insurance or medical identification number, an account password, security questions or answers.
• Right to Request to Delete. You have the right to request that we delete the personal information that we have collected from you. We may deny your request under certain circumstances, such as if we need to retain your personal information to comply with our legal obligations or if retaining the information is necessary to complete a transaction for which your personal information was collected. If we deny your request to delete, we will let you know the reason why.
• Right to Request to Correct.  You have the right to request that we correct any inaccurate personal information that we have collected from you either directly or indirectly.  We will instruct all service providers and contractors that maintain your personal data to make the necessary corrections in their respective systems.  Service providers and contractors shall comply with the business’s instructions to correct the personal information or enable the business to make the corrections.
• Right to Opt-Out of Sale or Sharing of Personal Information: If a business “sells” or “shares” Personal Information as those terms are defined under the CCPA, you have the right to opt-out of the sale or sharing of your Personal Information. As explained below, we do not and will not sell or share your Personal Information.
  
  We do not “sell” your Personal Information under the CCPA because we do not disclose Personal Information to a third party for monetary or other valuable consideration.
• Right to Limit Use and Disclosure of Sensitive Personal Information. We do not use or disclose sensitive personal information other than for limited purposes permitted under the CCPA and, as such, are not required to offer a consumer a right to limit its use. 
• Right to Non-Discrimination. If you choose to exercise any of these rights, we will not discriminate against you in any way.

We will take steps to verify your identity before processing your request to know, correct or request to delete. We will not fulfil your request unless you have provided sufficient information for us to reasonably verify that you are the individual about whom we collected personal information. We may request additional information about you so that we can verify your identity.  We will only use additional personal information you provide to verify your identity and to process your request.  You may use an authorized agent to submit a request to know or a request to delete. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your personal information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf. You may also make a consumer request on behalf of your minor child.

Upon receiving a request to know, delete or correct, we will confirm receipt of the request no later than 10 business days upon receipt of the request.  We will respond to a request no later than 45 calendar days upon receipt of the request in normal circumstances.  The 45-day period will begin on the day that the business received the request, regardless of the time required to verify the request. If we cannot verify the consumer within the 45-day time period, we may deny the request.  If necessary, we may take up to an additional 45 calendar days to respond to your request, for a maximum total of 90 calendar days from the day that the request is received, provided that we provide you with notice and an explanation of the reason that we will take more than 45 days to respond to the request

CONTACT US

If you, or your authorized agent, would like to make a request to know or request to delete, contact us at (+1)-833-960-0068, or email your agent or coverholder who handled this insurance or email us at dataprotection@bellandclements.co.uk.

UPDATES TO THIS PRIVACY NOTICE

This Privacy Notice may be updated periodically and without prior notice to you to reflect changes in our information practices or relevant laws.  We will post notice on our website via the Privacy Notice link to notify you of any substantive changes to the way we collect and use information.