MEMIC’s California Privacy Notice

Last Updated: January 4, 2023

This California Privacy Notice applies solely to individual residents of the state of California (“consumers” or “you”) and supplements our Website Privacy Notice by providing additional information about how we collect, use, disclose and otherwise process personal information of consumers within the scope of the California Consumer Privacy Act of 2018 (“CCPA”).

Unless otherwise expressly stated, all terms defined in this Privacy Notice have the same meaning as defined in our Website Privacy Notice or as otherwise defined in the CCPA.

For purposes of this Privacy Notice, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It does not include, and this Privacy Notice does not cover, information excluded from the CCPA’s notice requirements, including:

• Information that we process solely on behalf of our policyholders as a “service provider,” which includes claims and other information relating to individual workers covered by the insurance policies of our policyholders, and 
• Information relating to job applicants, employees and other MEMIC personnel.
• Information that is made publicly available, 
• Information that is deidentified or aggregated such that it is not reasonably capable of being associated with or reasonably linked to an individual, 

Please note where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by law.

Collection, Use and Disclosure of Personal Information

Collection and Disclosure

In the last 12 months, we have collected and disclosed for a business purpose the following categories of personal information:

• Identifiers, such as full name, alias, account name and password, social media handle, IP address and other unique personal identifiers;
• California Customer Records (Cal. Civ. Code § 1798.80(e)), such as e-mail address, physical address, fax number and telephone number;
• Protected Classification Characteristics, such as age;
• Commercial Information, such as workers’ compensation and insurance products or services you may be interested in;
• Internet/Network Information, such as log data (including IP address) and analytics data (including your usage and activity on our website);
• Geolocation Data, such as your general geographic location based on the log data we or our third-party providers collect;
• Sensory Information, such as audio recordings of phone calls you have with us or photographs and video footage you choose to provide or we otherwise record as permitted by law;
• Professional/Employment Information, such as current occupation, job title, company/employer and employment history;
• Non-Public Education Information (20 U.S.C. § 1232g, 34 C.F.R. Part 99), such as education information you choose to provide us in connection with a scholarship application;
• Other Personal Information, such as messages or requests you provide to us directly or through a third-party service, such as social media;
• Inferences, such as deriving insurance products of interest from other personal information we have collected about you.

However, in the last 12 months, we have not knowingly sold personal information, nor have we shared or otherwise disclosed personal information for the purpose of displaying advertisements that are selected based on personal information obtained or inferred over time from an individual’s activities across business or distinctly-branded websites, applications, or other services (otherwise known as “targeted advertising” or “cross-context behavioral advertising”).

Sources of Personal Information

We collect this information directly from you, from your browser or device when you interact with our website, from third parties including our prospective and actual policyholders, agents,  and service providers, and from public third-party platforms such as social media websites, online databases or online directories.

Purposes for Collecting Personal Information

We collect personal information for the purposes described in the How We Use the Information We Collect section of our Website Privacy Notice, as well as to examine your eligibility for a scholarship (where applicable) or to maintain an ongoing relationship between us and the entity you represent (where you are a representative of our policyholders, agents, service providers and other third parties).

Recipients of Personal Information

The categories of third parties to whom we disclose personal information for a business purpose may include our subsidiaries, contractors, claims providers, medical/pharmaceutical providers, financial services providers, data storage providers, communications providers, marketing and analytics providers, payment processors, event coordinators, other service providers and other third parties we use to support our business, this website and our scholarship program, such as colleges and universities. For more information, please refer to the Personal Information We Disclose section of our Website Privacy Notice.  

Retention of Personal Information

We will usually store the personal information we collect about you for no longer than necessary to fulfil the purposes for which it was collected, and in accordance with our legitimate business interests and applicable law. However, if necessary, we may retain personal information for longer periods of time, until set retention periods and deadlines expire, for instance where we are required to do so in accordance with legal, tax and accounting requirements set by a legislature, regulator, or other government authority.

To determine the appropriate duration of the retention of personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting, and other applicable obligations.

Once retention of the personal information is no longer necessary for the purposes outlined above, we will either delete or deidentify the personal information or, if this is not possible (for example, because personal information has been stored in backup archives), then we will not further process the personal information until deletion or deidentification is possible.

Sensitive Information

The following personal information elements, which are also identified above, may be classified as “sensitive” under certain privacy laws (“sensitive information”): account name and password.

We use account name and password to manage your account with us and to provide the services connected to that account. We may also use account name and password for the purposes described in the How We Use the Information We Collect section of our Website Privacy Notice

We do not sell this sensitive information, and we do not share or otherwise disclose this sensitive information for the purpose of targeted advertising, nor use such information to infer characteristics about you.

Your California Privacy Rights

As a California resident, you may be able to request to exercise the following rights in relation to the personal information about you that we have collected (subject to certain limitations at law):

• The Right to Know: The right to confirm whether we are processing personal information about you and to obtain certain personalized details about the personal information we have collected about you, including:
  • The categories of personal information collected;
  • The categories of sources of the personal information;
  • The purposes for which the personal information were collected;
  • The categories of personal information disclosed to third parties (if any), and the categories of recipients to whom the information were disclosed;
  • The categories of personal information shared for targeted or cross-context behavioral advertising purposes (if any), and the categories of recipients to whom the personal information were disclosed for those purposes; and
  • The categories of personal information sold (if any), and the categories of third parties to whom the personal information were sold.
• The Right to Access & Portability: The right to obtain access to the personal information we have collected about you and, where required by law, the right to obtain a copy of the personal information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.
• The Right to Correction: The right to correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information.
• The Right to Deletion: The right to request the deletion of personal information we have collected from you, subject to certain exceptions.

You also have the right to not receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights. However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our products and services or engage with you in the same manner.

Submitting Requests

 

To Exercise Your Rights for Information We Process on Behalf of Policyholders

We often act as a “service provider” under the CCPA by processing information solely on behalf of our policyholders. If you would like to request to exercise any rights you may have under the CCPA in relation to information we process as a service provider, please direct your request to your employer who holds a policy with us. Your employer will determine the extent to which the CCPA and its associated consumer rights apply to you.

To Exercise Your Rights for Other Personal Information We Process

Please submit a request specifying the right you wish to exercise by:

• Emailingprivacy@memic.com with the subject line “California Rights Request,” or
• Calling our toll-free U.S. phone number: 1-800-660-1306.

Before processing your request, we will need to verify your identity and confirm you are a resident of the State of California. In order to verify your identity, we will generally require the matching of sufficient information you provide us to the information we maintain about you in our systems. We may at times need to request additional personal information from you, taking into consideration our relationship with you and the sensitivity of your request.

In certain circumstances, we may decline a privacy rights request, particularly where you are not a resident of the State of California or where we are unable to verify your identity.

Authorized Agent

In certain circumstances, you are permitted to use an authorized agent to submit requests on your behalf through the designated methods set forth above where we can verify the authorized agent’s authority to act on your behalf. In order to verify the authorized agent’s authority, we generally require evidence of either (i) a valid power of attorney or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request.

Changes to our California Privacy Notice

We may amend our California Privacy Notice from time to time and will post the date of the last revision at the beginning of this Privacy Notice. You are responsible for periodically checking for changes to this Privacy Notice by visiting our website. 

Contact Information

If you have any questions about this California Privacy Notice or our privacy practices, please contact our Director of Risk Management at privacy@memic.com or call 1-800-660-1306.