Updated January 2020
THIS PRIVACY NOTICE DESCRIBES HOW COVERDELL & COMPANY, INC., ITS AFFILIATES AND SUBSIDIARIES ('WE', 'US') MAY COLLECT, HANDLE AND PROCESS PERSONAL INFORMATION IN RELATION TO YOUR ACCESS TO OR USE OF THE SERVICES.
This privacy notice applies to all of the services, websites and apps offered by Coverdell. (collectively, the "Services"), but excludes Services which have separate privacy notices that do not incorporate this privacy notice.
The Coverdell or affiliate company which provides each Service is primarily responsible for the personal information collected and held in relation to that Service. A description of Coverdell Services available and contact details for us is available here: https://www.coverdell.com/contact/
We may collect personal information about you from a variety of sources, including information we collect from you directly (e.g., when you contact us) and from other sources, described below.
Note that we may be required by law to collect certain personal information about you, or as a consequence of any contractual relationship we may have with you. Failure to provide this information may prevent or delay the fulfillment of these obligations. We will inform you at the time your information is collected if the provision of certain personal information is compulsory and the consequences of the failure to provide such personal information.
Depending on the service, website or app that you are using, the categories of information that we may collect directly from you include:
We do collect personal information about your online activities over time and across third party websites or online services. When we see a browser set to "do not track", signals transmitted from web browsers do not apply to our sites, and we do not alter any of our data collection and use practices upon receipt of such a signal.
The categories of information that we may collect about you from other sources are:
We may receive such information via other insurers, consumer-reporting agencies, our affiliated companies, or other third parties in the course of conducting our business.
We may also collect certain information about you which is considered more sensitive under local applicable laws, such as:
We do not knowingly collect online information from children under the age of 13. Our services are marketed towards adults. If we are notified that we have collected personal information, as defined by the Children’s Online Privacy Protection Act ("COPPA"), of a child under the age of 13, we will delete the information as expeditiously as possible.
We may use your personal information to:
Some jurisdictions require a legal basis to use or process your personal information. In most cases the legal basis will be one of the following:
We may also obtain your consent to collect and use certain types of personal information, including when we are required to do so by law (for example, in certain jurisdictions where consent is always required to collect personal information, or in relation to our direct marketing activities or use of Cookies and Tracking Technologies, or when we process sensitive personal information about you). If we ask for your consent to process your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this privacy notice.
You may have certain rights regarding your personal information, subject to local law. These include rights in certain circumstances to:
If you would like to discuss or exercise such rights, as applicable under local law, please contact us at the details below.
We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. We will contact you if we need additional information from you in order to honor your requests.
We may share your personal information with third parties for the purposes described in this privacy notice under the following circumstances:
Because we operate as part of a global business, the recipients referred to above may be located outside the jurisdiction in which you are located (or in which we provide the Services). See the section on "International Data Transfer" below for more information.
When required by applicable law, when we share personal information with corporate third parties we will ensure that such third parties maintain a comparable level of protection of the personal information as set out in this privacy notice by using contractual or other means. To the fullest extent permitted by applicable law, we exclude all liability arising from the use of your personal information by third parties. When required by applicable law, data transfers will be logged and documented, identifying the recipient of the data, the purpose of the transmission, and the type of data that was transmitted. Where required by law to do so, we can on request confirm the name of each third party that personal information is, or will be, transferred to.
We implement technical, organizational, administrative and physical measures to help ensure a level of security appropriate to the risk to the personal information we collect, use, disclose and process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to help ensure the security of the processing. Please be aware that, despite our ongoing efforts, no security measures are perfect or impenetrable.
We restrict access to your personal information to those who require access to such information for legitimate, relevant business purposes.
We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:
We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the personal information.
Live chat sessions on our site are encrypted to encode information that you share with our operators. By contrast, be aware that e-mail messages sent in clear text over the public internet can be observed by an unintended third party. Non-encrypted Internet e-mail communications may be accessed and viewed by other internet users without your knowledge and permission while in transit to us. If you wish to keep your information private, please do not use electronic mail to communicate information to us or request information from us that you consider to be confidential and/or proprietary. If you wish, you may contact us instead via telephone at the phone number provided: https://www.coverdell.com/contact/
For certain services on our website, such as live chat or webcasts, we will ask for information about you such as your name, business, and e-mail address. In cases where we use a third-party vendor to provide online services, the vendor has agreed to keep your information confidential. For example, transcripts of live chat sessions may be archived in a database by our vendor for review by our operators.
We may provide links to other websites not owned or controlled by us that we think might be useful or of interest to you. We are not, however, responsible for the privacy practices used by other website owners or the content or accuracy contained on those other websites. Links to other websites do not constitute or imply endorsement by us of those web sites, any products or services described on those websites or any other material contained in them. We advise that you contact any third party websites directly for their individual privacy policies.
We may transfer certain personal information across geographical borders to our subsidiaries or service providers (working in conjunction with us or on our behalf) worldwide. Such transfers are made in accordance with applicable law. Where you are based in the European Union you should be aware that your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under European Union law.
Where you are based outside of the European Union, you should be aware that your personal information may be transferred to, stored, and processed in a jurisdiction that is not your home jurisdiction. You consent to the transfer, disclosure, storage and/or processing of your personal information outside the jurisdiction in which the information was originally collected.
We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your personal information is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.
The provisions below up to Section 9 (Contact Us) relate solely to residents of the State of California (for purposes of this Section 8 (California Privacy Rights), “consumers” or “you”). We included this section to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this section.
8.1.1. Coverdell as a service provider
Our group of companies is in the business of assisting individuals and companies with consumer savings or insurance related solutions through membership program or insurance placement, risk management, and consulting services. In our role as a program service provider and in our role as an insurance broker,agent or administrator, we act as a service provider on behalf of our clients, product vendors and insurance carriers. To this end, if not stated otherwise in this section or in a separate disclosure, we process your CCPA Covered Personal Information in the role of a service provider (as defined by the CCPA) on behalf of a customer (and/or its affiliates) or an insurance carrier who is the responsible business (as defined by the CCPA) for your CCPA Covered Personal Information. When acting as a service provider, we will only collect, use, and otherwise process your CCPA Covered Personal Information as directed by our customers and as otherwise permitted by the CCPA and applicable law. If your data has been submitted to us by you, and you wish to exercise your consumer rights under the CCPA, please direct your request to the insurance carrier (business) who placed insurance coverage for you. If your data has been submitted to us on behalf of a commercial customer and you wish to exercise any CCPA consumer rights you may have under applicable data protection laws because you are or were employed by that commercial customer, please direct your requests to exercise any rights to the applicable commercial customer directly. If you submit your request directly to us, consistent with the CCPA, we will inform you that you should submit the request directly to the commercial customer or insurance carrier on whose behalf we process the information; where feasible, we will provide you with contact information for that business.
We are not responsible for, and have no control over, the privacy and data security practices of our customers, which may differ from those set forth in this Privacy Policy. For detailed privacy information related to our collection and use of your data on behalf of a customer who uses our products and services, please contact the respective customer directly.
8.1.2. Coverdell as a business
In some limited circumstances and in some of our corporate functions, we may act as a CCPA business, rather than as a CCPA service provider. Where we act as a business, we will fulfill your verifiable consumer request as described below.
8.1.3. CCPA exemptions
This Section 8 (California Privacy Rights) does not apply to:
For purposes of this section, personal information does not include:
Under the limited circumstances where we are acting as a business, and your personal information is not otherwise excluded as set forth above, the following information applies to how we collect, use, and share your personal information.
As a business, we collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or device (“CCPA Covered Personal Information”). In particular, we have collected the following categories of CCPA Covered Personal Information from consumers within the last twelve (12) months:
Category | Example | Collected |
---|---|---|
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, medical information, or health insurance information. Some CCPA Covered Personal Information included in this category may overlap with other categories. | Yes |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status. | Yes |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Yes |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | No |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | Yes |
G. Geolocation data. | Physical location or movements. | No |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | No |
I. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | No |
J. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | No |
We obtain CCPA Covered Personal Information listed above from the following categories of sources:
We may use or disclose the CCPA Covered Personal Information we collect for one or more of the following business purposes:
We will not collect additional categories of CCPA Covered Personal Information or use the CCPA Covered Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We may disclose your CCPA covered Personal Information to a third party for a business purpose.
8.5.1. Disclosures of CCPA Covered Personal Information for a business purpose
In the preceding twelve (12) months, we have disclosed all of the above categories of personal information collected for a business purpose.
8.5.2. Sales of CCPA Covered Personal Information
We do not sell consumer personal information. Therefore, in the preceding twelve (12) months, we have not “sold” any categories of CCPA Covered Personal Information.
Effective January 1, 2020, the CCPA obligates businesses that collect consumer information (as that term is defined in the CCPA) to fulfill the following rights of California residents who submit a verifiable consumer request. As stated above, where we act as a CCPA service provider and receive a response directly from you, we will direct you to submit your request to the customer or carrier on whose behalf we process your information. Under the limited circumstances where we act as a CCPA business, we will fulfill your request, as described below.
8.6.1. Data Access
You have the right to request that we disclose certain information to you about our collection and use of your CCPA Covered Personal Information over the past twelve (12) months. Once we receive and verify your request (see below), we will disclose to you:
8.6.2. Data Deletion
You have the right to request that we delete your personal information where we act as a business. This right is subject to several exceptions. Where we act as CCPA business, we may deny your deletion request if retaining the information is necessary for us or our service providers to:
8.6.3. Sales Opt Out and Opt In
The CCPA gives consumers the rights to opt out and opt in to the sales of their personal information. We do not sell consumer personal information.
8.6.4. Right to Non-Discrimination
The CCPA prohibits businesses from discriminating against consumers because they exercised any of the consumers’ rights under the CCPA. We will not discriminate against you for exercising any of your CCPA consumer’s rights.
As stated in this Section 8 above, generally, we function as a CCPA service provider with respect to our corporate clients and insurance carriers that function as CCPA businesses. Where we act as a service provider and your data has been submitted to us by or on behalf of our corporate client or insurance carrier, we will not be able to substantively address your request to exercise consumer’s rights, and we will ask you to submit your request directly to the relevant business.
In the limited circumstances where we are processing your personal information as a CCPA business, we will address your request accordingly. You may exercise the access, data portability, and deletion rights described above by submitting a verifiable consumer request to us by either:
You may only make a verifiable consumer request for access or data portability twice within a twelve (12) month period.
Under the CCPA, where we act as a business, we are only required to fulfill verifiable consumer requests. Only you, or your Authorized Agent (a person or a business entity registered with the California Secretary of State that you authorize to act on your behalf), may make a verifiable consumer request related to your CCPA Covered Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
Where you choose to submit your request through an Authorized Agent, we may require you to provide your Authorized Agent with written permission to do so and verify your own identity. We may deny any request by an Authorized Agent that does not submit proof that the agent has been authorized by you to act on your behalf.
We will only use CCPA Covered Personal Information provided in a verifiable consumer request to verify your identity or authority to make the request.
Where we act as a business, we will endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the twelve (12) month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your CCPA Covered Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website who are California residents to request certain information regarding our disclosure of personal information to affiliates and other third parties for their direct marketing purposes. To make such a request, please send an email to ConsumerPrivacyInquiriesMailbox@ajg.com.
The COVERDELL or other ARTHUR J. GALLAGHER & CO. company which provides each Service is primarily responsible for the personal information collected in relation to that Service. A general description of ARTHUR J. GALLAGHER & CO. capabilities and their contact information is available under About Us and a Coverdell general description is under Coverdell’s About Us.
Our Chief Privacy Officer can be contacted at: GallagherEthicsandCompliance@AJG.com
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to make a complaint to the data protection authority in your country of residence.
You may request a copy of this privacy notice from us using the contact details set out above.
Where changes to this privacy notice will have a fundamental impact on the nature of our processing of your personal information or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise any rights you may have under applicable law (e.g. to object to the processing).
We reserve the right to make changes to our Privacy Policy at any time consistent with applicable local laws. Such changes, as long as they do not have a fundamental impact on the nature of our processing of your personal information or otherwise have a substantial impact on you, will be posted on this page. We encourage you to review the Web site and the Privacy Policy in particular periodically for any updates or changes.
We may obtain information about your general internet usage by using a cookie file or tags on the site which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our site and to deliver a better and more personalized service. They enable us to:
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org, or www.aboutcookies.org