Privacy Notice
Updated January 1, 2023
This Privacy Notice applies to Alliant Insurance Services, Inc. and its affiliates and subsidiaries (collectively “Alliant”, “we”, “our”), and outlines how we may collect, receive, process, and share your personal data. This Privacy Notice applies to personal data you provide us and any personal data we may collect from other sources, except to the extent you receive a different, more specific privacy notice at the time of data collection, and includes personal data collected or received in various business to business contexts, directly from you for example, as part of the job applicant process, and via visits to our website. This Privacy Notice does not apply to any third-party websites, applications, or portals linked on Alliant’s website, nor to any Alliant websites with their own privacy notice. Please review our website Terms of Use in conjunction with this Privacy Notice.
About Alliant and Why We Collect and Process Your Personal Data
Alliant is a professional services company that provides a host of business to business and certain direct to consumer professional services, including the provision of insurance brokerage and consulting services on a wide range of insurance products and policies, certain third-party administration services, actuarial services, human resources and employee benefits consulting, and data analytics services. From time to time we may use third party service providers to perform certain of these services. This Privacy Notice outlines the personal data we may collect, receive, and process and share as a result of the following:
- Client Relationships
- Business Relationships
- Individuals Who Use or Access our Website
- Other Business Activities, as described below
How We Collect Your Personal Data
From Our Clients, Client Representatives, and Business Partners, Including Alliant Affiliates: We may collect your personal data from our clients, business partners, and our subsidiaries and affiliates in all lines of our business, including employers, plan sponsors, commercial clients, and individual clients; third party administrators; insurance carriers; reinsurance carriers; banks and other financing partners; certain third-party service providers, law firms, and data analytics firms.
Directly From You. We may collect your personal data directly from you to provide you with the information, products and services you request from us, to contact you in response to inquiries you submit, to communicate with you, to provide you with notices about your account, to provide you with support, to investigate and address your concerns and monitor and improve our responses, to notify you about changes to the websites or any products or services we offer or provide though it, or to process your consumer requests and verify your identity, as applicable.
From Other Third Parties and Publicly Available Sources. We may collect your personal data from other third-party sources to conduct our business and review your job application or application for insurance. This includes personal data we may receive or collect via social media apps and websites, from our service providers or subcontractors, from our marketing partners, and from other publicly-available sources – such as the County Assessor to access certain property and asset records, State and Federal courts to access legal proceeding and criminal conviction records, and professional licensure records, including those records received by way of authorized background checks and other legally permissible screening tools.
Automatically from your devices when you visit our website. We may collect certain personal data automatically from your device(s) when you visit our websites, depending on what you do when visiting our website as more fully set forth in our Terms of Use and below, but may include certain personal data about you to perform requested services or respond to inquiries.
What Personal Data We Receive or Collect
Depending on your relationship with Alliant, we may collect the following types of personal data:
Personal, Demographic, and Contact Information. Name, email address, phone number, physical address, and country of residence, as well as your date of birth, age, gender, and marital status.
Identifying Information. Identification numbers issued by federal or state governmental agencies such as Social Security Numbers (SSNs), drivers license number, passport number, tax identification numbers, vehicle identification numbers, vehicle license plate numbers, professional licensure details (including aviation, medical, and attorney credentials).
Account Information. If you communicate with us through our website or have an account with us, your username and password and any associated profile details you provide.
Financial and Payment Information. Billing address, bank account information, credit card details, financial information, brokerage account information, tax and income information, investment information, property and other asset and debt information.
Employment Information. Job title, job performance information, employer, employment status, salary, employee benefits enrollment information, employment history, and professional certifications.
Background Check and Screening Information Including Criminal Records Information. Personal data received from authorized background checks and screening including criminal records information.
Special Category and Sensitive Personal Data. Data related to your health, genetic, or biometric data, including protected health information, sexual orientation, gender identity, racial or ethnic origin, religious or philosophical beliefs, and union membership.
Professional Disciplinary Information. Information related to professional license-related discipline or suspension, including from certain governing federal or state regulatory agencies responsible for professional licensing.
Policy and Claims Related Information. Policy related information such as policy holder information, start and end dates, terms, coverage information, covered individual information, and specific claims information, such as incident dates and status of claims.
Marketing and Event Attendance Information. This includes details about your visits to Alliant offices and your virtual or physical attendance at Alliant-sponsored events, and your interest in attending certain events or meetings. It also includes your preferences for receiving marketing materials, and whether you open certain communications and clicks links provided, and whether you complete surveys and your responses to those surveys.
Website Usage and Related Information. Any username and password or other information collected when you visit our website, including information collected by cookies and other tracking methods, including your IP address, domain name, location data, browsing time, and social medial related information.
Aggregate Information. Alliant may also collect, receive, or maintain certain non-personal information that does not identify you as an individual person. We may use this information for our own legitimate business purposes, such as evaluating how people use and experience our website.
How We Use Your Personal Data
Depending on your relationship with Alliant, we may use your personal data for the following purposes:
To Manage Our Relationship with You or Our Clients.
- When carrying out our contractual and other obligations to our clients, including providing services that you may not have personally requested but that were requested by our clients which require us to engage with you and/or use your personal data.
- Provide certain brokerage and consulting services, actuarial or data analytics services, and third-party administration services to clients on each of Alliant’s lines of business.
- When you purchase a product or service, in order to process your application, your payment, and to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection, and to facilitate delivery of the product or service.
- To process your employment application, including verifying information provided on your application and performing authorized background and credit checks.
- For improvement of the website and our services; to provide, support, personalize, and develop our website, products, services, and systems; for testing, research, analysis, and product development and improvement.
Marketing and Communication with You
- Market our services or the services of third parties, including via e-mail, website, text message, mail, or telephone (with your consent, where required by law).
- Provide communications on industry developments we think may interest you, including legislative and regulatory developments that impact the services we provide you, and other information we believe may interest you.
- To communicate with you about your account, policy, coverage, or the services we provide you, or could potentially provide you, including responding to your inquiries.
- To conduct market research.
To operate and protect against unauthorized access, security incidents, fraud, and other malicious or illegal activity
- To create, maintain, customize, and secure your account with us.
- To help maintain the safety, security, and integrity of our website, products and services, databases and other technology assets, and business.
To Comply with a Legal Requirement. To respond to regulatory and administrative agency requests, as well as law enforcement requests and as required by applicable law, court order, or governmental regulations, and to respond to civil litigation matters including subpoenas or other requests required by law.
To Conduct Our Business. To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Alliant’s assets, whether as an ongoing concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by Alliant about our website users is among the assets transferred, as appropriate to protect Alliant’s rights or property or to protect the rights or property of you, our customers or others, and for other business and operational purposes, including litigation management.
With Your Consent. Alliant and its service providers may use your personal data for any other purpose with your consent. On other occasions where we ask you for consent, we will use the information for the purposes which we explain at that time. You have the right to withdraw your consent.
Legal Basis for Processing Personal Data. Where we are required to have a legal basis to process your personal data, our legal basis will be (1) pursuant to a legitimate interest; (2) for the performance of a contract, (3) to comply with a legal obligation, (4) to prevent or detect fraud, or (5) pursuant to your consent.
Alliant will not collect additional categories of personal data or use the person information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
How We Share Your Personal Data
Alliant may share your personal data between and among its affiliates and subsidiaries based on your interactions with us, pursuant to the provision of our services, for a legitimate business operation purpose including marketing, data analytics, and surveys benchmarking, or to comply with a legal obligation.
We may share your personal data for a business purpose with the following categories of third parties:
Business Partners. Third parties to whom we need to disclose your information in connection with products or services we provide you such as our commercial clients, your employer, underwriters, insurance carriers and brokers, claims adjusters, managing general agents, actuaries, third party administrators, health plans, health care service providers, pension providers, banks and other financial institutions, tax advisors, legal advisors, co-brokers, our affiliates and subsidiaries, and other consultant or third parties necessary to provide our services.
Service Providers. Third party subcontractors who support us in our capacity as an employer or the provision of our services to you and other Clients, Information Technology service providers responsible for our information security, telephone or internet providers, marketing agencies where authorized under law or with your consent, and background check and credit reference agencies.
Insurance Carriers Who Provide Our Insurance.
Governmental Agencies, Regulators, and Law Enforcement. Agencies responsible for relevant licensing and oversight of the various industries in which we provide services, and law enforcement with appropriate jurisdiction, judicial bodies, and quasi-governmental authorities and workers’ compensation boards.
Alliant may disclose aggregated information about our customers without restriction. This data cannot be attributed to any specific individual. We may disclose aggregated customer data to our affiliates and to other third parties for lawful purposes.
If some or all of our assets are sold or transferred or used as security, or to the extent we engage in business negotiations with our business partners, the information collected on the website may be transferred or shared with third parties as part of that transaction or negotiation.
How We Protect Your Personal Data
We take commercially reasonable steps to protect the privacy of your data by restricting access to our personnel on a need-to-know basis in connection with our providing services to you and by safeguarding it from unauthorized individuals by limiting access to our databases. Although access to your information is restricted by reasonable physical, technical, and organizational safeguards, it should be understood that we cannot guarantee complete security or accuracy of customer information. We ask that you assist our security efforts by maintaining the privacy of all computer passwords that you use to connect with Alliant and to encrypt confidential information transmitted to us over the internet. Please also advise us immediately at the address listed below of any incident involving the loss of or unauthorized access to or disclosure of personal data that is in our custody or control.
When we disclose personal data for a business purpose, we take commercially reasonable steps to ensure that the service provider or other third party who receives the information protects it and maintains a comparable level of protection as set forth in this Notice. As necessary, and when required by law, we enter into a contract that requires the service provider or third party to process and retain that information only for the purposes we have shared it with them and in a manner that complies with our legal obligations to you.
How Long We Retain Your Personal Data
We retain personal data for as long as necessary to provide services to you and fulfill the transactions you have requested, or for other necessary purposes such as complying with our legal obligations and enforcing our agreements. Retention periods vary depending on the type of information and how it is used. The criteria we use to determine the appropriate retention periods include:
- How long we have a relationship with you and provide services or products to you.
- Whether there is a legal, contractual or similar obligation that requires us to keep your information for a certain period of time.
- Whether you have consented to retention of your information for a longer period of time.
- Whether the personal data is sensitive.
When we no longer need to use or retain your personal data, we will remove it from our systems or depersonalize it so that it cannot be used to identify you.
Communications Preferences
You may receive electronic communications from Alliant when you provide your email address. If you do not wish to continue receiving email communications you can opt-out by following the unsubscribe instructions provided in such communications.
Third Party Sites
Our websites may contain links to other websites. Please note that when you click on one of these links, you may leave our website and will be subject to the notices and privacy practices of the other site, which may differ significantly. You should review the notices of other sites you visit. The Company is not responsible for the content, technology, security, or practices of linked sites operated by others, or for your use of linked sites.
Server and Site Visit Information
Like every website, the Alliant servers automatically and temporarily store the following information in the server log files. This information is provided by your browser, unless you have deactivated the function.
- IP address of the inquiring computer
- File query by the client
- The http response code
- The Internet page from which you visited us (referrer URL)
- The time of the server query
- The browser type and version
- The operating system used on the enquiring computer
The server log files are not analyzed with respect to individuals. At no time can this data be attributed to specific individuals.
Cookies and Similar Technology. As is standard practice on many websites, our website may use “cookies” and other technologies to help Alliant understand which parts of the website are the most popular and the preferences of the Alliant customers. Alliant may also use cookies and other technologies to study traffic patterns on the websites, to improve their functionality and usability as well as to improve the effectiveness of our communications with users. Alliant may also use cookies to customize your experience and provide greater convenience to you during your interactions with the website.
A cookie is a unique alphanumeric identifier that websites use to help identify the number of unique visitors to a website, whether or not those visitors are repeat visitors, and the source of the visits. Cookies cannot be executed as code or used to deliver a virus and thus pose no threat to you. Servers and sites other than the one placing the cookie on your hard drive cannot read the cookie, and no personal data can be gathered by other servers from the cookie. If you prefer not to enable cookies or to disable them, you may do so through your web browser’s security settings. Please note that certain features of the website may not be available once cookies have been disabled.
Some of our communications to you may contain a “click-through URL” which links to content on the website. When you click one of these URLs, it passes information through the Alliant web server before you arrive at the destination web page. Alliant tracks this click-through data to help determine interest in particular topics and measure the effectiveness of our communications. If you prefer not to be tracked, simply avoid clicking text or graphic links in emails you receive from Alliant.
Certain features of the website may use local stored objects (“Flash cookies”) to collect and store information about your preferences and navigation to, from, and on our websites. Flash cookies are not managed by the same browser settings as are used for browser cookies.
Different Devices. If you use different devices (e.g., your smart phone, laptop, and/or home computer) to access the website, we may be provided with and collect device-specific information, including your hardware model, operating system version, unique device identifiers, phone number, location, and mobile network information. We may associate your device identifiers or phone number with your account information.
Third-Party Analytics. We may use third-party service providers (e.g., search engines) to collect and analyze information about use of the website. These service providers may utilize cookies and related technologies to collect personal data.
Children’s Privacy
The website not aimed at or intended for children. We do not knowingly collect or sell information from children under the age of sixteen through the website. If we obtain actual knowledge that we have inadvertently collected personal data from a child under the age of sixteen, we will delete that information from our records. If you believe we might have any information from a child under the age of thirteen, please contact us here.
Applicable Law
We recognize that the website may be accessed from anywhere in the world, and that the laws of the jurisdictions in which some users are located may differ substantially from those of the United States and the State of California. Because we cannot practicably prevent users in different jurisdictions from accessing the website, you are responsible for knowing and complying with the laws of your jurisdiction. If such laws conflict with your use of the website or any of their content or functionality, the website is not intended for you, and we ask you not to use them or submit any information through them.
Cross-Border Transfers
We may transfer your personal data to other countries in compliance with applicable laws. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those countries may have access to your personal data.
Updates to this Privacy Notice
Alliant may update this Privacy Notice and the website to reflect material changes in how we collect, use, share, or store your information, to satisfy legal requirements, or for other business purposes. You should review this Privacy Notice when you visit the website to understand our current practices. The date at the top of the page shows when this Privacy Notice was last updated.
We encourage you to refer to this Privacy Notice on an ongoing basis so that you understand our current practices. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our website following the posting of changes constitutes your acknowledgement and acceptance of such changes.
Alliant reserves the right to amend this privacy notice at our discretion and at any time.
Interpretation of this Privacy Notice
Any interpretation associated with this Privacy Notice will be made by Alliant’s legal counsel. This Privacy Notice includes examples but is not intended to be restricted in its application to such examples, therefore where the word ‘including’ is used, it means “including without limitation.”
This Privacy Notice does not create or confer upon any individual any rights, or impose upon Alliant any rights or obligations outside of, or in addition to, any rights or obligations imposed by applicable country, state, and other privacy laws, as applicable. Should there be, in a specific case, any inconsistency between this Privacy Notice and applicable privacy laws, this Privacy Notice shall be interpreted in that case to give effect to, and comply with, such privacy laws.
Contact Us
If you have questions or comments about this Notice, the ways in which Alliant collects and uses your information, your choices and rights regarding such use, or you wish to exercise your rights under applicable law, please contact us using the information below.
- Calling Us: (855) 608-6990
- Emailing Us: alliant-privacy@alliant.com
- Visiting Our Website: https://www.alliant.com/about/contact-us/
Information for California Residents and Residents of other States with Applicable State Privacy Laws
In certain circumstances, we may choose to or may be required to provide additional or different disclosures to residents of different states or countries. Below are the disclosures that may be applicable to you, if you reside in California or another state with applicable state privacy laws. This section specifically describes your rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act, and applicable regulations (collectively the “CPRA”) and how to exercise those rights, as applicable.
Legal Categories of Personal Information. Certain state- or country- specific laws require us to tell you about the personal data we collect about you in a certain way – specifically in California, we need to tie it back to “legal categories” of personal information that are listed in the law. To do this, we bundled the information we provided in this Notice and matched the different types of personal data we collect about you with the legal category. To make things easier to understand, we’ve made a chart that shows you six things:
1. The legal category of personal information.
2. Examples of the types of personal information included in each legal category.
3. The source from which your personal information is collected.
4. The purpose for why we collect and use your personal information for each legal category.
5. The business purposes for which we share your personal information and with whom.
6. Whether we sell your personal information.
We’ve included this information in the Personal Information Privacy Chart at the end of this Notice.
Your Privacy Rights under Applicable State Privacy Laws
In certain situations where we have established a direct relationship with you, versus receiving your information from our clients or other third parties in order to perform services for them, you may have the right to:
- Access: You can request a copy of your personal information.
- Know: You have the right to request that Alliant disclose certain information to you about our collection and use of your personal information, including what information we collect, the sources, the purpose for collecting and/or selling your information, third parties with whom your information is shared or sold, and the specific pieces of personal information we have about you.
- Change or Correct: You have a right to correct personal information that we hold about you that is inaccurate or incomplete. You can review and edit your personal information by logging onto our websites and visiting your account. You may also send us an email to correct any personal information that you have provided to us.
- Delete: Under certain circumstances, you can request that we erase or delete all or some of your personal information (e.g., it is no longer necessary to provide services to you).
- Object to or Restrict Use: Under certain circumstances, you can request that we stop using and processing your personal information or restrict our use and processing of your personal information.
- Data Portability: You have the right to have your personal information transferred to another organization.
- Opt Out of Sale or Sharing: You may have the right to ask us not to sell your personal information or share it for purposes of targeted advertising or profiling that produces significant effects about you.
- Automated Individual Decision-Making: You have the right not to be subject to a decision based on automated profiling.
- Marketing: You may opt-out of direct marketing or profiling we carry out for direct marketing by sending us an email.
- Limit Sensitive Information: Sensitive Personal Information includes your Social Security number, driver’s license number, state ID card, passport number, precise geolocation, racial or ethnic origin, union membership, and health and genetic data. You may have the right to ask us to limit our use of your Sensitive Personal Information to only what is required to accomplish the purposes we included in this privacy notice or that you reasonably expect from us. Our practice is to not process your Sensitive Personal Information except when it is necessary to accomplish the purposes disclosed in this Notice.
- Withdraw Consent: If we have collected or processed your personal information with your consent, you may withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information based on other lawful processing grounds.
- Non-Retaliation for Exercising Privacy Rights: You also may have the right not to receive discriminatory treatment for the exercise of any of the privacy rights conferred by applicable law.
- Complaining to an EU or UK Supervisory Authority: You may submit a complaint to an E.U. or U.K. supervisory authority if you believe that Alliant’s processing of your personal information violates the General Data Protection Regulation (“GDPR”) or the UK GDPR. For more information about submitting a complaint, consult the relevant supervisory authority.
These rights may be subject to certain limitations or exceptions depending on your state of residency or country from which you are engaging with us, and the purpose for which we process personal information about you.
How to Make a Request
To exercise any of the privacy rights described above, please submit a request by:
- Calling Us: (855) 608-6990
- Emailing Us: alliant-privacy@alliant.com
- Visiting Our Website: https://www.alliant.com/about/contact-us/
In your request, please include your name, email address, home address, zip code, and the type of request you would like to make. To the extent you have established an account with our system, you can review and change your personal information by logging into the website and visiting your account. You may also send us an email to correct or delete any personal information that you have provided to us. If you request that your account information be deleted or if you unsubscribe from communications, we may maintain information about your transactions or inquiries for future service and recordkeeping purposes. In some circumstances, a change in or withdrawal of consent may severely limit our ability to provide you information, products, or services. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
Verifying your Identity. For your protection, we may need to verify your identity before fulfilling your request. To do this, we may ask for at least two data points that match the data points we maintain about you to compare the information and verify your identity. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request, and will request your contact information (name, address, email address, employer name and address, phone number), and as necessary, may request your account information, date of birth, partial social security number, geolocation, and/or professional details including professional licensure and professional credentials. Please note that we may need to retain certain information for recordkeeping purposes or to complete transactions that occurred prior your request. We will also retain your personal information if reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, or enforce the Terms and Conditions.
Only you, or a representative that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us.
Requests by Authorized Agents. You may have the right to designate an authorized agent to make a request on your behalf. You may authorize an agent to make a request by providing the agent with written permission to act on your behalf. We will ask the agent to provide proof of that written permission by providing their professional licensure information and letter of representation. If permitted by law, we will also require that you and/or your agent to verify your own identity in response to a request, even if you chose to submit a request using an agent.
Your request will be evaluated to determine whether the requested change meets legal regulatory requirements and whether we have a legal obligation that prohibits us from fulfilling your request. If we aren’t able to honor any part of your request, we will tell you that in our response, as well as the reason(s) we cannot do so.
To learn more about how to make these requests, please contact us here.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of receipt. If we require more time, we will inform you of the reason and extension period in writing.
We will deliver our written response by mail or electronically at your option. Any disclosures we provide will only cover the twelve (12) month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
California’s “Shine the Light” Law
California’s “Shine the Light” law (Civil Code Section 1798.83) permits users of our website that our California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which the Company shared information in the immediately preceding calendar year. To make such a request, please send an email.
“Do Not Track” Signals
“Do Not Track” is a privacy setting that you may set in your web browsers. If turned on, this setting requests that websites not track information about users. At this time, we do not respond to “Do Not Track” browser settings or signals.
Exemptions Under California Privacy Rights Act (CPRA) and Other State Privacy Laws, as Applicable
State privacy laws generally do not apply to the following types of data, which are exempt from applicable state privacy laws in California, Colorado, Connecticut, Utah, and Virginia. This includes but is not limited to: protected health information collected by a covered entity or business associate and governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA); medical information governed by the California Confidentiality of Medical Information Act (CMIA); personal information collected, processed, sold, or disclosed pursuant to certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994 (DPPA).
Use of Sensitive Personal Information
We do not use, receive, collect, or disclose sensitive personal information for purposes other than those authorized under the CPRA and other state privacy laws. At times, Alliant may need to receive, collect, or disclose your sensitive personal information as necessary for provision of insurance services, our operations in furtherance of a substantial public interest, and/or where you have given us your explicit consent, or where your employer or another third party is responsible for obtaining your explicit consent to enable us to collect and use your data for the purposes described in this Privacy Notice, or to establish, exercise or defend legal claims; only. If Alliant wishes to use your personal information beyond what is needed for or expected by you in the context of your relationship with Alliant, Alliant will request your affirmative consent before using your sensitive personal information for these new purposes.
Legal Category | Examples of Information Collected | Source | Purpose for Collection and Use | Sharing with Third Parties for a Business Purpose | Selling to Third Parties |
---|---|---|---|---|---|
A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. | Our Clients, Business Partners, Affiliates. Directly From You. From Other Third Parties and Publicly Available Sources. Automatically from your devices when you visit our website. | To Manage Our Relationship with You or Our Clients (a Legitimate Business Interest). Marketing and Communication with You Protect against unauthorized access, security incidents, fraud, and other malicious or illegal activity. To Comply with a Legal Requirement To Conduct Our Business With Your Consent | Business Partners including your employer, underwriters, insurance carriers and brokers, claims adjusters, managing general agents, actuaries, third party administrators, health plans, health care service providers, pension providers, banks and other financial institutions, tax advisors, legal advisors, co-brokers, our affiliates and subsidiaries, and other consultant or third parties necessary to provide our services. Service Providers including subcontractors, information technology service providers, telephone or internet providers, marketing agencies, and background check and credit reference agencies. Insurance carriers who provide our insurance. Governmental agencies, regulators, and law enforcement. | NO |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | Our Clients, Business Partners, Affiliates. Directly From You. From Other Third Parties and Publicly Available Sources. | To Manage Our Relationship with You or Our Clients (a Legitimate Business Interest). Marketing and Communication with You Protect against unauthorized access, security incidents, fraud, and other malicious or illegal activity To Comply with a Legal Requirement To Conduct Our Business With Your Consent | Business Partners including your employer, underwriters, insurance carriers and brokers, claims adjusters, managing general agents, actuaries, third party administrators, health plans, health care service providers, pension providers, banks and other financial institutions, tax advisors, legal advisors, co-brokers, our affiliates and subsidiaries, and other consultant or third parties necessary to provide our services. Service Providers including subcontractors, information technology service providers, telephone or internet providers, marketing agencies, and background check and credit reference agencies. Insurance carriers who provide our insurance. Governmental agencies, regulators, and law enforcement. | NO |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | Our Clients, Business Partners, Affiliates. Directly From You. From Other Third Parties and Publicly Available Sources. | To Manage Our Relationship with You or Our Clients (a Legitimate Business Interest). Marketing and Communication with You Protect against unauthorized access, security incidents, fraud, and other malicious or illegal activity To Comply with a Legal Requirement To Conduct Our Business With Your Consent | Business Partners including your employer, underwriters, insurance carriers and brokers, claims adjusters, managing general agents, actuaries, third party administrators, health plans, health care service providers, pension providers, banks and other financial institutions, tax advisors, legal advisors, co-brokers, our affiliates and subsidiaries, and other consultant or third parties necessary to provide our services. Service Providers including subcontractors, information technology service providers, telephone or internet providers, marketing agencies, and background check and credit reference agencies. Insurance carriers who provide our insurance. Governmental agencies, regulators, and law enforcement. | NO |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Our Clients, Business Partners, Affiliates. Directly From You. From Other Third Parties and Publicly Available Sources. Automatically from your devices when you visit our website. | To Manage Our Relationship with You or Our Clients (a Legitimate Business Interest). Marketing and Communication with You Protect against unauthorized access, security incidents, fraud, and other malicious or illegal activity To Comply with a Legal Requirement To Conduct Our Business With Your Consent | Business Partners including your employer, underwriters, insurance carriers and brokers, claims adjusters, managing general agents, actuaries, third party administrators, health plans, health care service providers, pension providers, banks and other financial institutions, tax advisors, legal advisors, co-brokers, our affiliates and subsidiaries, and other consultant or third parties necessary to provide our services. Service Providers including subcontractors, information technology service providers, telephone or internet providers, marketing agencies, and background check and credit reference agencies. Insurance carriers who provide our insurance. Governmental agencies, regulators, and law enforcement. | NO |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | Our Clients, Business Partners, Affiliates. Directly From You. | To Manage Our Relationship with You or Our Clients (a Legitimate Business Interest). Protect against unauthorized access, security incidents, fraud, and other malicious or illegal activity To Comply with a Legal Requirement To Conduct Our Business With Your Consent | Governmental agencies, regulators, and law enforcement. | NO |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | Directly From You. From Other Third Parties and Publicly Available Sources. Automatically from your devices when you visit our website. | To Manage Our Relationship with You or Our Clients (a Legitimate Business Interest). Marketing and Communication with You Protect against unauthorized access, security incidents, fraud, and other malicious or illegal activity To Comply with a Legal Requirement | N/A | NO |
G. Geolocation data. | Physical location or movements. | Our Clients, Business Partners, Affiliates. Directly From You. Automatically from your devices when you visit our website. | To Manage Our Relationship with You or Our Clients (a Legitimate Business Interest). Protect against unauthorized access, security incidents, fraud, and other malicious or illegal activity To Comply with a Legal Requirement To Conduct Our Business With Your Consent | N/A | NO |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | Our Clients, Business Partners, Affiliates. Directly From You. | To Manage Our Relationship with You or Our Clients (a Legitimate Business Interest). Protect against unauthorized access, security incidents, fraud, and other malicious or illegal activity To Conduct Our Business With Your Consent | N/A | NO |
I. Professional or employment-related information. | Current or past job history or performance evaluations. | Our Clients, Business Partners, Affiliates. Directly From You. From Other Third Parties and Publicly Available Sources. | To Manage Our Relationship with You (a Legitimate Business Interest) including our relationship with you during the job application and hiring process. Protect against unauthorized access, security incidents, fraud, and other malicious or illegal activity To Comply with a Legal Requirement To Conduct Our Business With Your Consent | Business Partners including your employer, underwriters, insurance carriers and brokers, claims adjusters, managing general agents, actuaries, third party administrators, health plans, health care service providers, pension providers, banks and other financial institutions, tax advisors, legal advisors, co-brokers, our affiliates and subsidiaries, and other consultant or third parties necessary to provide our services. Governmental agencies, regulators, and law enforcement. | NO |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | N/A | N/A | N/A | NO |
K. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | Our Clients, Business Partners, Affiliates. Directly From You. From Other Third Parties and Publicly Available Sources. | To Manage Our Relationship with You or Our Clients (a Legitimate Business Interest). Specifically in the insurance operations context, we may profile and benchmark in the insurance context to determine both the risk and the premium price based on similar exposures and risks; or, in the hiring context using profiling to determine job applicant’s suitability for the role. To Comply with a Legal Requirement | Business Partners including your employer, underwriters, insurance carriers and brokers, claims adjusters, managing general agents, actuaries, third party administrators, health plans, health care service providers, pension providers, banks and other financial institutions, tax advisors, legal advisors, co-brokers, our affiliates and subsidiaries, and other consultant or third parties necessary to provide our services. Service Providers including subcontractors, information technology service providers, telephone or internet providers, marketing agencies, and background check and credit reference agencies. Insurance carriers who provide our insurance. Governmental agencies, regulators, and law enforcement. | NO |
L. Sensitive Personal Information | Social Security number, driver’s license, state ID card, passport number, account login, financial account, debit/credit card number (w/access code), credentials allowing access to an account, precise geolocation, race or ethnic origin, religious or philosophical beliefs, or union membership, contents of personal communications, genetic data, biometric data health data, and sex life or sexual orientation | Our Clients, Business Partners, Affiliates. Directly From You. From Other Third Parties and Publicly Available Sources. Automatically from your devices when you visit our website. | To Manage Our Relationship with You or Our Clients (a Legitimate Business Interest). Protect against unauthorized access, security incidents, fraud, and other malicious or illegal activity To Comply with a Legal Requirement To Conduct Our Business With Your Consent | Business Partners including your employer, underwriters, insurance carriers and brokers, claims adjusters, managing general agents, actuaries, third party administrators, health plans, health care service providers, pension providers, banks and other financial institutions, tax advisors, legal advisors, co-brokers, our affiliates and subsidiaries, and other consultant or third parties necessary to provide our services. Service Providers including subcontractors, information technology service providers, telephone or internet providers, marketing agencies, and background check and credit reference agencies. Insurance carriers who provide our insurance. Governmental agencies, regulators, and law enforcement. | NO |
Alliant EU Privacy Notice
1. Our Pledge to You
At Alliant Insurance Services, Inc. (“Alliant”), one of our top priorities is making sure that the information we have about you is protected and secure. We value our relationship with you and work hard to preserve your privacy and ensure that your preferences are honored. At the same time, the very nature of our relationship may result in Alliant’s collecting or sharing certain types of information about you in order to provide the products and services you expect from us.
This EU Privacy Notice (“Notice”) is for persons located in the European Union (“EU”), and it supplements Alliant’s Privacy Policy. This Notice describes how Alliant uses your personal information in accordance with the EU General Data Protection Regulation (“GDPR”).
2. Scope
This Notice applies to individuals whose personal information is collected by or provided to Alliant while the individual is located in the EU. This Notice applies to such personal information whether it was provided to Alliant on our websites (including, but not limited to, www.alliant.com), or through any process whereby personal information is collected by, or on behalf of, Alliant.
3. Sensitive Personal Information
At times, Alliant and its service providers may need to request your sensitive personal information (e.g., information relating to health, genetics, or biometrics). Unless Alliant has another legal basis for collecting and processing your sensitive information, Alliant will request your affirmative consent before collecting and processing this information.
4. Use of Information
Alliant and its service providers may use your information to manage our contractual relationship with you, because we have a legitimate interest to do so, and/or to comply with a legal obligation. These purposes are identified in our Privacy Policy.
On other occasions where we ask you for consent, we will use the information for the purposes which we explain at that time. You have the right to withdraw you
5. Data Retention
We retain personal information for as long as necessary to provide services to you and fulfill the transactions you have requested, or for other necessary purposes such as complying with our legal obligations and enforcing our agreements. Retention periods vary depending on the type of information and how it is used. The criteria we use to determine the appropriate retention periods include:
- How long we have a relationship with you and provide services or products to you.
- Whether there is a legal, contractual or similar obligation that requires us to keep your information for a certain period of time.
- Whether you have consented to retention of your information for a longer period of time.
- Whether the personal information is sensitive.
When we no longer need to use or retain your personal information, we will remove it from our systems or depersonalize it so that it cannot be used to identify you.
6. Rights to Access and Control Your Personal Information
You have choices about the collection, use, and sharing of your personal information, including:
- Access: You can request a copy of your personal information.
- Change or Correct: You have a right to correct personal information that we hold about you that is inaccurate or incomplete. You can review and edit your personal information by logging onto our websites and visiting your account. You may also send us an email to correct any personal information that you have provided to us.
- Deletion: Under certain circumstances, you can request that we erase or delete all or some of your personal information (e.g., it is no longer necessary to provide services to you).
- Object to or Restrict Use: Under certain circumstances, you can request that we stop using and processing your personal information or restrict our use and processing of your personal information.
- Data Portability: You have the right to have your personal information transferred to another organization.
- Automated Individual Decision-Making: You have the right not to be subject to a decision based on automated profiling.
- Marketing: You may opt-out of direct marketing or profiling we carry out for direct marketing by sending us an email.
- Withdrawing Consent: If we have collected or processed your personal information with your consent, you may withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information based on other lawful processing grounds.
For your protection, we may need to verify your identity before fulfilling your request. Please note that we may need to retain certain information for recordkeeping purposes or to complete transactions that occurred prior your request. We will also retain your personal information if reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, or enforce the Terms and Conditions.
To learn more about how to make these requests, please contact us here.
7. File a Complaint
You may submit a complaint to an EU supervisory authority if you believe that Alliant’s processing of your personal information violates the GDPR. For more information about submitting a complaint, consult the relevant supervisory authority.
8. Cross-Border Transfers
We may transfer your personal information to other countries in compliance with applicable laws. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those countries may have access to your personal information.
9. Updates to this Notice
Alliant may update this Notice to reflect material changes in how we collect, use, share, or store your information, to satisfy legal requirements, or for other business purposes. We encourage you to refer to this Notice on an ongoing basis so that you understand our current practices. The date at the top of the page shows when this Notice was last updated.
10. Interpretation of this Notice
Any interpretation associated with this Notice will be made by Alliant’s legal counsel. This Notice includes examples but is not intended to be restricted in its application to such examples, therefore where the word ‘including’ is used, it means “including without limitation.”
This Notice does not create or confer upon any individual any rights, or impose upon Alliant any rights or obligations outside of, or in addition to, any rights or obligations imposed by applicable country, state, and other privacy laws, as applicable. Should there be, in a specific case, any inconsistency between this Notice and applicable privacy laws, this Notice shall be interpreted in that case to give effect to, and comply with, such privacy laws.
11. Contact Us
If you have questions or comments about this Notice, please contact us using the information below.
Alliant Insurance Services, Inc.
18100 Von Karman Avenue
10th Floor
Irvine, CA 92612
Telephone: (619) 238-1828
Send email here
Gramm-Leach Bliley (GLBA) Policy
1. Our Pledge to You
At Alliant Insurance Services, Inc. (“Alliant”), one of our top priorities is making sure that the information we have about you is protected and secure. We value our relationship with you and work hard to preserve your privacy and ensure that your preferences are honored. At the same time, the very nature of our relationship may result in Alliant’s collecting or sharing certain types of non-public personal information (“NPI”) about you in order to provide the products and services that you expect from us. Please read this Privacy Notice (“Notice”) carefully to understand how we collect, share, and protect our customers’ NPI.
2. Information We Collect
To provide you with insurance products and services, Alliant may collect or obtain NPI actively (i.e., through an interaction with you, an affiliate, or a non-affiliated third party) or passively (i.e., automatically from your computer). The types of NPI we collect depend on the product or service you expect from us and may include:
- Information that you submit to Alliant in applications or other forms, such as your name, address, telephone number, date of birth, social security number, occupation, assets, income, and health history;
- Information regarding your transactions with Alliant, our affiliates, or non-affiliated third parties, such as your transaction history, policy coverage, payment history, and claims history; and
- Information provided to Alliant by third parties (such as your employer(s), bank(s), or other insurer(s), as well as credit reporting agencies or government agencies) for the purpose of verifying the accuracy of our records.
3. How We Share Information
We may share some of the NPI we obtain about you as needed to provide the products and services you request.
Our sharing of NPI is primarily limited to companies related to Alliant by common ownership or control (“Affiliates”). However, we may also share your NPI with certain non-affiliated third parties that perform business or professional services on our or your behalf. Such non-affiliated third parties, which Alliant does not directly or indirectly control or own, may include:
- People who perform insurance, business, and professional services for us, such as helping us pay claims and detect fraud;
- Medical providers for insurance and treatment purposes;
- Financial services providers, such as companies engaged in insurance and securities;
- Non-financial organizations, such as companies engaged in the direct marketing and selling of consumer products and services offered by Alliant or our Affiliates; and
- People bound by confidentiality obligations, such as lawyers, auditors, and similar professional representatives.
We may also disclose NPI in connection with a proposed or final sale or merger of insurance business or for study purposes, but such disclosure, if any, is made confidentially and the recipient is bound by nondisclosure and use restrictions. We do not share your NPI with non-affiliated third parties for their own marketing purposes.
In addition, the law permits us to share information about our current and former customers with government agencies or authorized third parties under certain circumstances. For example, we may be required to share such information in response to subpoenas or to comply with certain laws.
When other companies help us to conduct business, we expect them to follow applicable privacy laws. We do not authorize them to use or share NPI except when necessary to conduct the work they are performing for us or to meet regulatory or other governmental requirements.
If you are a new customer, please note that we can begin sharing your NPI 45 days from the date we sent this notice. When you are no longer our customer, we may continue to share your information as described in this notice. However, you can contact us at any time to limit our sharing.
4. How We Protect Non-Public Personal Information
We take reasonable steps to protect the privacy of your NPI by restricting access by our personnel on a need-to-know basis in connection with our providing services to you and by safeguarding it from unauthorized individuals by limiting access to our databases. We give access only to employees who need to know the NPI to provide insurance products or services to you. Although Alliant uses administrative, electronic, mechanical, and physical safeguards to protect the confidentiality and security of your NPI, it should be understood that we cannot guarantee complete security or accuracy of all customer information. We ask that you assist our security efforts by maintaining the privacy of all computer passwords that you use to connect with Alliant and to encrypt confidential information transmitted to us over the internet.
5. Applicability of Practices
Our practices described above regarding NPI apply to our former, current, and future customers
6. Retention Period for NPI
We maintain NPI about you for as long as we provide products or services to you. We may maintain your NPI for a longer period if necessary for related business activities or as required by law. For our former customers, your NPI is subject to the same security protections, as well as the same use and disclosure restrictions, as is our current customers’ NPI. When NPI is no longer necessary for our business purposes or compliance with applicable law, we will return or destroy the information.
7. Access to Information
You may request access to certain NPI we collect to provide you with insurance products and services. You must make your request in writing and send it to the address provided in Section 11. The letter should include your full name, address, telephone number, and policy number (if applicable). If we validate your request, we will send you a copy of your NPI to the address provided.
Please note that if the NPI includes health information, we may require additional information from you. We may also need to coordinate your access through the provider of the information in accordance with the Health Insurance Portability and Accountability Act of 1996, and its implementing regulations (“HIPAA”) and any business associate agreement with the provider of the information. We may charge a reasonable fee to cover our copying costs.
Please note this section only applies to NPI Alliant collects or obtains to provide you with insurance products or services.
8. Correction of Information
If you believe the NPI we have about you is incorrect, please write to us at the address provided in Section 11. Please include in your letter your full name, address, telephone number, policy number (if applicable), the NPI you request that we correct, and an explanation of why you believe your NPI is inaccurate. If we agree with you and are not legally prohibited from making the requested change, we will make the requested corrections to your NPI and notify you of the correction.
If we disagree with you or are not in position to make the requested change, such as because we received the NPI from a medical provider and do not maintain the NPI you requested us to correct, we will tell you why we are not going to make the requested correction. We will also tell you that you may submit a statement to us describing why you believe the NPI is correct. It should also include the reason(s) why you disagree with our decision not to correct the NPI in our files. We will file your statement with the disputed NPI.
9. Right to Opt Out
You have the right under the law to limit:
- Our sharing information about your creditworthiness to our Affiliates’ for their everyday business purposes;
- Our sharing of your personal information to our Affiliates to market to you; and
- Our sharing of your personal information to non-Affiliates to market to you.
If you would like to change or limit the way we share your NPI with our Affiliates or non-Affiliates, please contact us. See Section 11 for our contact information. California residents have additional rights. If you are a California resident, please see Important Privacy Choices for Consumers. Please note that it may take at least four (4) weeks to process your request.
10. Changes to this Privacy Notice
Alliant reserves the right to change this Notice at any time. We will provide our customers with the updated Notice when we make substantive revisions. If we make a significant change, we will also note on the main page of our website that we have updated this Notice. In most cases, we will attempt to post notification thirty (30) days before the effective date of the change.
11. Our Commitment to Privacy and Contact Information
For additional information about Alliant’s commitment to privacy, please visit the Alliant Privacy Policies page.
You may contact us with any questions or to exercise your rights by calling us toll-free at (800) 821-9282 or by writing to:
Privacy Officer
Alliant Insurance Services, Inc.
18100 Von Karman Avenue
10th Floor
Irvine, CA 92612
Email: alliant-privacy@alliant.com