California Privacy Policy

California Consumer Privacy Act Policy


This California Consumer Privacy Act Policy of the National Indemnity group of insurance companies (collectively, “we,” “us,” or “our”) applies solely to individuals who reside in the State of California (“consumers” or “you”). We adopt this policy to comply with the California Consumer Privacy Act of 2018 (“CCPA”). Any terms defined in the CCPA have the same meaning when used in this policy.


Your Right to Know About Personal Information Collected, Disclosed, or Sold


You have the right to request that we disclose to you information about the collection and use of your personal information over the last 12 months, including:

  • The categories of personal information we have collected about you;
  • The categories of sources from which we have collected the personal information;
  • The business or commercial purpose for collecting or selling personal information;
  • The categories of third parties to whom we share personal information;
  • The specific pieces of personal information we have collected about you;
  • The categories of personal information we have disclosed about you for a business purpose; and
  • The categories of third parties to whom your personal information as disclosed, by categories or
  • categories of personal information disclosed.


We have not sold personal information about consumers in the last 12 months.


How to Submit a Request


To exercise any of your rights described in this California Consumer Privacy Act Policy, please submit a request to us by contacting us via one of the following methods:

  • (800) 488-2930
  • Click here to Submit a Request Online


Our Process to Verify Your Request


We will contact you to collect additional information to verify your identity. Depending on the nature of the request, we will require you to provide either two or three pieces of information to allow us to verify that you are the person about whom we collected personal information. We may also require you to submit a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.


Any information we collect for purposes of verifying your identity will not be used for any other purpose. If we are unable to verify that you are the person about whom we collected personal information, or that you have authority to make the request on that person’s behalf, we will notify you that we will not be able to respond to your request.


We will endeavor to respond to your request within 45 days of the date you submit it. If we require additional time, we will notify you of the extension in writing.


We will not respond to more than two requests from the same consumer in any 12 month period.


Information We Collect


“Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include publicly available information.


We may collect the following categories of your personal information:

  • Personal identifiers: a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers.
  • Personal information under Cal. Civ. Code § 1798.80(e): a name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
  • Characteristics of protected classifications under Federal and California law: race, color, ancestry, national origin, religion, gender (including pregnancy, childbirth, or related medical conditions), disability, age (40 and older), genetic information, marital status, sexual orientation, gender identity and gender expression, AIDS/HIV status, medical conditions, political activities or affiliations, military or veteran status, and status as a victim of domestic violence, assault, or stalking.
  • Commercial information: records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Biometric information: physiological, biological or behavioral characteristics that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.
  • Internet or other electronic network activity information: browsing history, search history, information regarding interaction with a website, application, or advertisement, and other similar information.
  • Geolocation data: physical location.
  • Sensory data: audio, electronic, visual, thermal, olfactory, or similar information.
  • Professional or employment-related information: job history or other employment information.
  • Education information: non-public education information as defined in 20 U.S.C. § 1232g, 34 C.F.R. Part 99, such as transcripts, grades, class schedules, financial aid, or other records, files, documents or materials containing non-public information directly related to a student and maintained by an educational agency or institution.
  • Inferences drawn from other categories of personal information: to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.


We collect each category of personal information about consumers from the following categories of sources:

  • Directly from you or someone providing information on your behalf, such as an insurance agent or your employer in connection with obtaining commercial insurance;
  • External data sources, such as consumer reporting agencies and other companies that provide data related to a specific consumer, business, or property;
  • Via our website, directly or indirectly from information submitted through a web portal or through the use of cookies and other data tracking systems. Refer to our Website Privacy Policy for additional information;
  • Sources used to facilitate the transaction of insurance and the investigation of associated claims including, but not limited to, medical providers, regulators, auditors, attorneys, investigators, adjusters, and other insurance companies.


We collect each category of personal information about consumers for the following business or commercial purposes:

  • To facilitate the transaction of insurance and the investigation of associated claims;
  • Auditing related to a current interaction with the consumer and concurrent transactions;
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
  • Debugging to identify and repair errors that impair existing intended functionality;
  • Undisclosed short-term, transient use;
  • Performing services on behalf of the business or service provider;
  • Undertaking internal research for technological development and demonstration;
  • Undertaking activities to verify or maintain the quality or safety of a service;
  • To confirm eligibility for insurance benefits or payments;
  • To detect or prevent crime or fraud;
  • In response to subpoenas, search warrants or other court orders;
  • For actuarial or research studies;
  • In connection with a sale of our business;
  • In connection with employment or application for employment;
  • In connection with your provision of services to us;
  • As otherwise required by law.


We will provide you notice and obtain your explicit consent if we collect additional categories of personal information or use the personal information we previously collected for materially different purposes.


Information We Disclose


In the last 12 months, we have disclosed the following categories of personal information about consumers for a business purpose:

  • Personal identifiers;
  • Personal information under Cal. Civ. Code § 1798.80(e);
  • Characteristics of protected classifications under Federal and California law;
  • Commercial information;
  • Internet or other electronic network activity information;
  • Geolocation data;
  • Sensory data;
  • Professional or employment-related information;
  • Education information.


We share personal information about consumers with the following categories of third parties:

  • Entities that facilitate our transaction of insurance and the investigation of associated claims;
  • Third Party Administrators, independent adjusters, outside counsel, investigators, and other parties for purposes of investigating and resolving claims;
  • Regulatory and other government agencies;
  • Consumer reporting agencies or insurance support organizations;
  • Entities that have an interest in policies issued by us, such as a certificate holders, additional insureds, group policy owners, or lienholders;
  • Entities who perform administrative, business, professional, or employment functions on our behalf;
  • To our lawyers, accountants and auditors;
  • As otherwise required by law.


We have not sold personal information about consumers in the last 12 months.


Right to Delete


You have the right to request that we delete from our records the personal information we have collected about you, subject to certain exceptions. Once we receive and confirm your request, we will determine whether an exception applies. If an exception does not apply, we will delete your personal information from our records. We will also direct our service providers to delete your personal information from their records. If an exception applies, we will not delete your personal information from our records and we will notify you in writing of the reason that we are denying your request to delete your information from our records.


Non-Discrimination


A business may not discriminate against a consumer because the consumer exercised any of the foregoing rights.


Authorized Agent


You may use an authorized agent to submit requests to us as described in this privacy notice. An authorized agent is a natural person or a business entity that you have authorized to act on your behalf. If you use an authorized agent to submit a request to us, we will require you to (1) provide the authorized agent with written permission to make requests on your behalf and then verify the consumer’s own identity directly with us; or (2) provide the authorized agent with a power of attorney pursuant to Probate Code sections 4000 to 4665. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.


Contact for More Information


For questions or concerns about our privacy policies or practices, please contact us at (866) 720-7861. If you have a disability, you may contact us to access this notice in an alternative format.


Information Not Subject to CCPA


In accordance with the CCPA, this California Consumer Privacy Policy does not apply to: (1) certain medical information governed by the Confidentiality of Medical Information Act; (2) certain information that is furnished to or collected from a consumer reporting agency in accordance with the Fair Credit Reporting Act; (3) personal information collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act, and implementing regulation, or the California Financial Information Privacy Act; (4) information collected, processed, sold, or disclosed pursuant to the Driver’s Privacy Protection Act of 1994; (5) certain information collected about a consumer in the course of their employment or application for employment; and (6) certain information collected about a consumer in the scope of a business-to-business transaction or communication.


Changes to Policy


This policy was last updated on January 1, 2020. We may change this policy at any time.



California Gramm-Leach-Bliley Act Policy


(Including California Implementing Regulations and California Financial Information Privacy Act)


This California Gramm-Leach-Bliley Act Policy of the National Indemnity group of insurance companies and its affiliates (collectively, “we,” “us,” or “our”) applies solely to individuals who reside in the State of California (“consumers” or “you”). We adopt this policy to comply with the federal Gramm-Leach-Bliley Act and California implementing regulations (collectively, “GLBA”). Any terms defined in the GLBA have the same meaning when used in this GLBA Policy. Personal information subject to this GLBA Policy is not subject to the CCPA Policy.


Definitions


A “consumer” is a person who seeks or obtains products or services from us for personal, family or household needs. Only a natural person may be a consumer.


“Personal information” is information about a consumer that is not publicly available.


Information We Collect


We collect personal information from:

  • People who apply for insurance from us;
  • People who visit our website;
  • People we insure;
  • People involved in claims under our policies;
  • The consumer’s transactions with us, our affiliates, our agents or others;
  • Consumer reporting agencies or insurance support organizations; and
  • Other third parties including state motor vehicle departments.


Information we collect from an insurance-support organization may be kept by them. They may disclose it to others.


Information We Disclose


We do not disclose personal information, except as required or allowed by law. Sometimes we are allowed to disclose personal information without consent.


Examples of such disclosures include:

  • To a person who performs administrative, business, professional, or insurance functions for us;
  • To confirm eligibility for insurance benefits or payments;
  • To detect or prevent crime or fraud;
  • To insurers or agents that need it to perform an insurance function;
  • To insurers or agents so we can perform an insurance function;
  • To medical providers to confirm insurance coverage;
  • To insurance regulators;
  • To law enforcement;
  • In response to subpoenas, search warrants or other court orders;
  • For actuarial or research studies;
  • In connection with a sale of our business;
  • To an affiliate who is auditing us;
  • To a peer review group looking at the services or conduct of a medical provider;
  • To a public agency that may have paid health benefits for a consumer;
  • To a certificate holder or policy owner who wants to know the status of an insurance transaction;
  • To a person with a legal interest in a policy issued by us;
  • To rate advisory organizations;
  • To guaranty funds;
  • To rating agencies;
  • To our lawyers, accountants and auditors;
  • To a group policy owner to report claims experience;
  • To a group policy owner to conduct an audit; or
  • As otherwise required or allowed by law.


Information Security


We authorize our workers, agents, outside vendors and others to access personal information only when they have a business reason to do so. We have physical, electronic, and procedural safeguards to protect personal information from unauthorized access.


Right to Review & Correct Personal Information


A consumer may review personal information we have gathered about the consumer. The consumer may send a letter to: Chief Privacy Officer, 1314 Douglas Street, Suite 1400, Omaha, NE 68102-1944. The consumer may also submit a request by submitting their information via the following methods:

  • (800) 488-2930
  • Click here to Submit a Request Online


The request should include name, address, phone number, policy number and describe the records that the consumer wants to review. Upon receipt of this request, we will review our records and inform the consumer if we have the information sought and if it is reasonably locatable and retrievable. If it is, the consumer may review the information in person or request that we mail them a copy. We will disclose to the consumer who else received the information in the past two years or who would normally have received it in the past two years. We may charge the consumer a fee.


The consumer may ask us to fix mistakes in our records. If we agree, we will correct our files. Upon request, we will send revised information to a person who received information from us in the past 2 years. If we disagree, the consumer may file a short statement of dispute. The statement will be included with information we share in the future. Upon request, we will send the statement to a person who received information from us in the past 2 years.


Changes to Policy


We may change this policy at any time. We will provide advance notice of changes if required by law.