Effective Date: January 1, 2020.
This CCPA Policy describes Federated’s business practices, both online and offline, regarding:
- The collection, use, and disclosure of consumers’ Personal Information, and;
- The rights of consumers regarding their own Personal Information.
NOTE: Federated does not sell consumers’ Personal Information. Federated does not sell the Personal Information of minors under 16 years of age without affirmative authorization.
“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
Personal Information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information excluded from the CCPA’s scope, like:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
- Right to Know
Consumers have the right to request that Federated disclose certain Personal Information Federated has collected about them during the last 12 months. Federated will not disclose any Personal Information unless it receives a Verifiable Consumer Request (Information on how to complete a Verifiable Consumer Request is found below*). Consumers have the right to request the following:
- Categories of Personal Information Federated has collected about the consumer.
- Categories of sources from which the Personal Information is collected.
- The business or commercial purpose for collecting Personal Information.
- Categories of third parties to whom Personal Information was disclosed for a business purpose.
- Categories of Personal Information that Federated disclosed for a business purpose about the consumer.
- Specific pieces of Personal Information that Federated has about the consumer.
- Right to Request Deletion
Consumers have the right to request that Federated delete any of their Personal Information that Federated collected from them and retained, subject to certain exceptions. Once Federated receives a Verifiable Consumer Request - and separately confirms the Verifiable Consumer Request to delete- Federated will delete (and direct its service providers to delete) the Personal Information from its records, unless an exception applies. Information on how to complete a Verifiable Consumer Request to delete is found below.
Federated may deny a deletion request if maintaining the information is necessary for Federated to:
- Complete the transaction for which the Personal Information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of Federated’s ongoing business relationship with the consumer, or otherwise perform a contract between Federated and the consumer.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their right of free speech, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when Federated’s deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
- Enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with Federated.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which the consumer provided it.
- Exercising Right to Know and Right to Delete
To exercise the right to know and right to delete described above, please submit a Verifiable Consumer Request to Federated by either:
- Verifiable California Consumer Data Request , or
- Calling Federated TOLL-FREE at: 1-844-929-0147.
Only the consumer or an Authorized Agent may make a Verifiable Consumer Request related to their Personal Information. An “Authorized Agent” is a person registered with the California Secretary of State that consumers have authorized to act on their behalf or an individual granted authority under a written power of attorney issued pursuant to California Probate Code sections 4000 to 4465. If an Authorized Agent is making the request and has not provided registration information or a power of attorney, Federated must receive written permission from the consumer for the Agent to act on the consumer’s behalf.
Consumers may only make a Verifiable Consumer Request for access or deletion twice within a 12-month period. The Verifiable Consumer Request must:
- Provide sufficient information that allows Federated to verify, to a reasonably high degree of certainty, that the requestor is the consumer about whom Federated collected Personal Information or an Authorized Agent.
- Describe the request with sufficient detail to allow Federated to properly understand, evaluate, and respond to it.
NOTE: Completing as much information as possible on the Verifiable Consumer Request form will make it more likely that Federated will be able to provide consumers with a substantive response.
Federated will attempt to match data provided in the Verifiable Consumer Request to data that Federated maintains on the consumer. Federated will require a declaration under penalty of perjury, swearing that the requestor is the consumer or Authorized Agent whose Personal Information is the subject of the request. If Federated cannot, to a reasonably high degree of certainty, verify a requestor’s identity or authority to make the request and confirm the Personal Information relates to the consumer, the request will be denied. Federated will also deny a request made by an Authorized Agent if the Authorized Agent does not submit proof that they have been authorized by the consumer to act on their behalf, as described above. If this happens Federated will state so in its response.
Making a Verifiable Consumer Request does not require the requestor to create an account with Federated. Federated will only use Personal Information provided in a Verifiable Consumer Request to verify the requestor’s identity or authority to make the request.
Federated will provide a response either by mail or electronically, at the requestor’s option.
- Verifiable Consumer Request Response and Timing
Federated will confirm receipt of a Verifiable Consumer Request within 10 days of receipt and, upon verification, provide a response within 45 days. Federated may require an additional 45 days to verify and respond to some requests. If more than 45 days are required, Federated will notify the requestor within the first 45 days, explaining the reason for the delay.
Federated will not charge a fee to process or respond to a Verifiable Consumer Request unless it is excessive, repetitive, or manifestly unfounded. If Federated determines that the Request warrants a fee, it will inform the requestor of that decision.
Federated will not discriminate against a consumer because the consumer exercised any of the consumer’s rights under the CCPA.
- Categories of Personal Information Federated has Collected in the Last 12 Months:
The categories of Personal Information Federated has collect about consumers over the past 12 months include the following:
- Personal Identifiers: such as a real name, signature, physical characteristics, physical description, alias, postal address, IP address, email address, telephone number, passport number, social security number, driver’s license or state identification card number.
- Financial Identifiers: such as insurance policy number, bank account number, credit card number, debit card number, or any other financial information.
- Medical Information: such as health insurance or medical information, unique personal identifier for health insurance, online identifier, account name, or other similar identifiers;
- Employment and Education Information: such as education history, employment or professional history, education information, as defined in FERPA.
- Protected classifications under California or federal law, including: age, race, color, sex, creed, gender, sexual orientation and identity, national origin, disability, citizenship status, marital status, military or veteran status.
- Commercial information, records of products or services purchased, obtained, or considered.
- Internet or other electronic network activity information, including, but not limited to, search history, and information regarding a consumer’s interaction with an Internet Web site, or application.
- Audio, electronic, or similar information, including recordings of phone calls or messages left on a Federated phone system.
- Categories of Sources from Which Federated Has Collected the Categories of Personal Information Described Above:
- Directly from the consumer: all categories of Personal Information.This could occur as a result of a phone conversation, completing an application or claim report, requesting a change, or otherwise interacting with Federated.
- Individual Businesses: all categories Personal Information.
- Third party Service Providers: all categories of Personal Information.
The categories of sources from which Federated collects Personal Information and the specific categories of Personal Information vary, depending upon the particular nature of the interaction with each consumer.
- Business or Commercial Purposes For Which Federated Has Collected the Categories of Personal Information Described Above:
- To provide products and services that are requested
- including , underwriting, maintaining and servicing accounts, providing customer services, processing or fulfilling requests and transactions, verifying customer information, processing payments, administering changes or amendments to existing products and services, processing claims, providing advertising or marketing services, providing analytic services, or providing similar services, and for Federated’s operational purposes which are reasonably necessary and proportionate to achieve the purpose for which the information was originally collected.
- To recommend different or additional products or services, based upon the information provided as well as Federated’s understanding of insurance needs.
- Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity.
- Debugging to identify and repair errors that impair existing intended functionality.
- Undertaking activities to verify or maintain the quality or safety of a service or product that is developed or provided by Federated, and to improve, upgrade, or enhance any service or product that is developed or provided by Federated.
- Auditing related to a current interaction with a consumer and concurrent transactions including auditing for compliance with the CCPA and other standards.
- Undertaking internal research for technological development and demonstration.
- Undertaking activities to verify or maintain the quality of services and products owned or controlled by Federated and to improve, upgrade or enhance those services and products.
- Advancing Federated’s lawful commercial or economic interests.
- Categories of Third Parties With Whom Federated Has Shared Personal Information Described Above:
Federated may share consumer Personal Information with a third party for a business or commercial purpose. When Federated discloses Personal Information for a business or commercial purpose, it enters into a contract that describes the purpose and requires the third party recipient to both keep the Personal Information confidential and not use it for any purpose except performing the contract.
Federated shares your Personal Information with the following categories of third parties:
- Service Providers
- Internet Service Providers
- Government Entities
- Disclosures of Personal Information Described Above for a Business or Commercial Purpose:
Federated has disclosed the following categories of Personal Information to third parties in the preceding 12 months for a business or commercial purpose:
All categories of Personal Information.
Federated has not sold any Personal Information to third parties for a business or commercial purpose in the preceding 12 months.
NOTICE: Nothing in this CCPA Policy or the CCPA shall limit Federated’s ability to comply with applicable laws; comply with civil, criminal, or regulatory inquiries by federal, state or local authorities; cooperate with law enforcement concerning any potential violations of law; or otherwise exercise or defend legal claims.
This CCPA Policy may be printed as a separate document by utilizing your browser’s print function.
- Contact for More Information:
Persons with a disability can receive alternative formats of this CCPA Policy by contacting Federated below. If a consumer has any questions or concerns about this CCPA Policy or any consumer rights under the CCPA, Federated can be contacted at:
- email@example.com or
- TOLL-FREE at:1-844-929-0147.
This CCPA Policy was last updated: 01-01-2020