Updated October 2022
THIS PRIVACY NOTICE DESCRIBES HOW BrighterDay Insurance Services LLC, ITS AFFILIATES AND SUBSIDIARIES (‘WE’, ‘US’) MAY COLLECT, HANDLE AND PROCESS PERSONAL INFORMATION IN RELATION TO YOUR ACCESS TO OR USE OF THE SERVICES.
This privacy notice applies to all of the services, websites and apps offered by BrighterDay Insurance Services LLC (collectively, the “Services”), but excludes Services which have separate privacy notices that do not incorporate this privacy notice.
BrighterDay Insurance Services LLC company which provides each Service is primarily responsible for the personal information collected and held in relation to that Service.
- PERSONAL INFORMATION WE USE
We may collect personal information about you from a variety of sources, including information we collect from you directly (e.g., when you contact us) and from other sources, described below.
Note that we may be required by law to collect certain personal information about you, or as a consequence of any contractual relationship we may have with you. Failure to provide this information may prevent or delay the fulfillment of these obligations. We will inform you at the time your information is collected if the provision of certain personal information is compulsory and the consequences of the failure to provide such personal information.
1.1. Information we collect directly from you
Depending on the service, website or app that you are using, the categories of information that we may collect directly from you include:
- personal details (e.g., name, date of birth);
- contact details (e.g., phone number, email address, postal address or mobile number);
- government issued identification details (e.g., social security and national insurance numbers, passport details);
- health and medical details (e.g., health certificates);
- policy details (e.g., policy numbers and types);
- bank details (e.g., payment details, account numbers and sort codes);
- driving license details;
- online log-in information (e.g., username, password, answers to security questions);
- information relating to any claims;
- other information we receive from you on applications or required questionnaires (e.g., occupation, current employer); and
- information we collect automatically from you (e.g., click stream data, personal information and other data collected using cookies and other device identifying technologies (‘Cookies’)).
- We do collect personal information about your online activities over time and across third party websites or online services. When we see a browser set to “do not track”, signals transmitted from web browsers do not apply to our sites, and we do not alter any of our data collection and use practices upon receipt of such a signal.
1.2. Information we collect from other sources:
The categories of information that we may collect about you from other sources are:
- personal details (e.g., name, date of birth);
- contact details (e.g., phone number, email address, postal address or mobile number);
- bank details (e.g., account numbers and sort codes);
- financial information from consumer-reporting agencies for the purpose of ascertaining credit history; and
- policy details (e.g., policy numbers and types).
We may receive such information via other insurers, consumer-reporting agencies, our affiliated companies, or other third parties in the course of conducting our business.
1.3. Sensitive personal information
We may also collect certain information about you which is considered more sensitive under local applicable laws, such as:
- information about your race, ethnic origin, religious views and philosophical beliefs, membership of professional or trade associations, gender identity or sexual orientation for diversity and statutory monitoring purposes where appropriate; and
- health, biometric or disability information required to administer policies or process claims.
We do not knowingly collect online information from children under the age of 13. Our services are marketed towards adults. If we are notified that we have collected personal information, as defined by the Children’s Online Privacy Protection Act (“COPPA”), of a child under the age of 13, we will delete the information as expeditiously as possible.
- HOW WE USE YOUR PERSONAL INFORMATION AND THE BASIS ON WHICH WE USE IT
We may use your personal information to:
- provide, maintain, protect and personalize our services including our insurance products, consulting and broking services;
- deal with your enquiries and requests;
- perform system administration and to report aggregate statistical information to our advertisers;
- cooperate with regulators and law enforcement bodies;
- contact you with marketing and offers relating to products and services offered by us (unless you have opted out of marketing, or we are otherwise prevented by law from doing so);
- personalize the marketing messages we send you to make them more relevant and interesting and to customize and enhance your website or app experience;
- resolve complaints, as well as handle requests for data access or correction;
- protect your, our or others’ rights and interests; and
- communicate with you regarding your account or changes to our policies, terms and conditions.
Some jurisdictions require a legal basis to use or process your personal information. In most cases the legal basis will be one of the following:
- to fulfill our contractual obligations to you in connection with your policy or contract with us, for example using your contact details to reply to your requests. Failure to provide this information may prevent or delay the fulfillment of these contractual obligations;
- in order to comply with our legal obligations, for example to keep records of the services we provide you with as required by applicable law or regulation, or to comply with any governmental, quasi-governmental or court orders or subpoenas;
- where there is a public interest in the processing, for example where it is necessary in order to prevent and detect fraud; and
- to meet our or a third party’s legitimate interests, for example to understand how you use our services and to enable us to derive knowledge from that to develop new services, to protect our rights or the rights of third parties, or to resolve any disputes. When we process personal information to meet our legitimate interests, we put in place robust safeguards to help ensure that your privacy is protected and that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.
- YOUR RIGHTS OVER YOUR PERSONAL INFORMATION
You may have certain rights regarding your personal information, subject to local law. These include rights in certain circumstances to:
- access your personal information;
- request proof of the authorization or previous consent given to us to perform the collection and processing of the personal information;
- rectify the information we hold about you;
- erase your personal information;
- restrict our use or disclosure of your personal information;
- object to our use or disclosure of your personal information;
- request information about the use and processing of your personal information by [Gallagher Group];
- receive your personal information in a usable electronic format and transmit it to a third party (right to data portability);
- revoke the consent given by you for the processing of your personal information; or
- lodge a complaint with your local data protection authority.
If you would like to discuss or exercise such rights, as applicable under local law, please contact us at the details below.
We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. We will contact you if we need additional information from you in order to honor your requests.
- INFORMATION SHARING
We may share your personal information with third parties for the purposes described in this privacy notice under the following circumstances:
- Service providers and business partners. We may share your personal information with our service providers and business partners that perform marketing services and other business operations for us. For example, we may partner with other companies to process secure payments, fulfill orders, optimize our services, send newsletters and marketing emails, support email and messaging services and analyze information.
- Law enforcement agency, court, regulator, government or quasi-governmental authority or other third party. We may share your personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation, to enforce or apply any agreements between us and you, to resolve any disputes, or otherwise to protect our rights or the rights of any third party.
- Asset purchasers. We will not sell your personal information to third parties other than to the extent reasonably necessary to proceed with the consideration, negotiation, or completion of a merger, reorganization, or acquisition of our business, or a sale, liquidation, or transfer of some or all of our assets. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this privacy notice.
- Online ad technology firms. We may transfer information about you to ad technology firms so that they may recognize your devices and deliver interest-based content and advertisements to you. The information may include your name, postal address, email, device ID, or other identifier in encrypted form These firms may collect additional information from you, such as your IP address and information about your browser or operating system; may combine information about you with information from other companies in data sharing cooperatives in which we participate; and may place or recognize their own unique cookie on your browser.
When required by applicable law, when we share personal information with corporate third parties we will ensure that such third parties maintain a comparable level of protection of the personal information as set out in this privacy notice by using contractual or other means. To the fullest extent permitted by applicable law, we exclude all liability arising from the use of your personal information by third parties. When required by applicable law, data transfers will be logged and documented, identifying the recipient of the data, the purpose of the transmission, and the type of data that was transmitted. Where required by law to do so, we can on request confirm the name of each third party that personal information is, or will be, transferred to.
- INFORMATION SECURITY AND STORAGE
We implement technical, organizational, administrative and physical measures to help ensure a level of security appropriate to the risk to the personal information we collect, use, disclose and process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to help ensure the security of the processing. Please be aware that, despite our ongoing efforts, no security measures are perfect or impenetrable.
We restrict access to your personal information to those who require access to such information for legitimate, relevant business purposes.
We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:
- maintain business records for analysis and/or audit purposes;
- comply with record retention requirements under the law;
- defend or bring any existing or potential legal claims; and
- deal with any complaints regarding the Services.
We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable to, for technical reasons, remove entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the personal information.
- LINKS TO OTHER SITES
We may provide links to other websites not owned or controlled by us that we think might be useful or of interest to you. We are not, however, responsible for the privacy practices used by other website owners or the content or accuracy contained on those other websites. Links to other websites do not constitute or imply endorsement by us of those web sites, any products or services described on those websites or any other material contained in them. We advise that you contact any third party websites directly for their individual privacy policies.
- CALIFORNIA PRIVACY RIGHTS
The provisions below up to Section 8 (Contact Us) relate solely to residents of the State of California (for purposes of this Section 7 (California Privacy Rights), “consumers” or “you”). We included this section to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this section.
7.1. Applicability of the CCPA
7.1.1. CCPA exemptions
This Section 7 (California Privacy Rights) does not apply to:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
For purposes of this section, personal information does not include:
- Until January 1, 2021, information regarding job applicants, employees, owners, directors, officers, or contractors, emergency contact information from the same, and information necessary for us to administer benefits to the same.
- Until January 1, 2021, information we obtain from a consumer acting on behalf of a company and whose communications with us occur solely within the context of us conducting due diligence regarding, or providing or receiving a product or service to or from another company.
- Information or organizations excluded from the CCPA’s scope, including medical information governed by the California Confidentiality of Medical Information Act (CMIA), protected health information collected by a covered entity or business associate governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), or personal information collected, processed, sold, or disclosed pursuant to certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994 (DPPA).
- Publicly available information from government records.
- De-identified or aggregated consumer information.
Under the limited circumstances where we are acting as a business, and your personal information is not otherwise excluded as set forth above, the following information applies to how we collect, use, and share your personal information.
7.2. Information we collect when we are acting as a business
As a business, we collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or device (“CCPA Covered Personal Information”). In particular, we have collected the following categories of CCPA Covered Personal Information from consumers within the last twelve (12) months:
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, medical information, or health insurance information. Some CCPA Covered Personal Information included in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status.
D. Commercial information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information.
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
F. Internet or other similar network activity.
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
G. Geolocation data.
Physical location or movements.
H. Sensory data.
Audio, electronic, visual, thermal, olfactory, or similar information.
I. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
J. Inferences drawn from other personal information.
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
7.3. Categories of sources from which we collect personal information where we act as a business
We obtain CCPA Covered Personal Information listed above from the following categories of sources:
- For all of the above categories collected, we collect this information directly from you, as described in Section 1.1. (Information we collect directly from you).
- For all of the above categories collected, we collect this information from third parties, as described in Section 1.2. (Information we collect from other sources).
7.4. Use of CCPA Covered Personal Information when we are acting as a business
We may use or disclose the CCPA Covered Personal Information we collect for one or more of the following business purposes:
- We use all of the above categories of CCPA Covered Personal Information collected to:
- Fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question, we will use that CCPA Covered Personal Information to respond to your inquiry.
- Provide, support, personalize, and develop our Website, products, and services.
- Create, maintain, customize, and secure your account with us.
- Provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- Personalize your Website experience and to deliver content and product and service offerings relevant to your interests for BrighterDay Insurance Services LLC’s affiliates and subsidiaries, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law). We may share your CCPA Covered Personal Information with other BrighterDay Insurance Services LLC companies for marketing purposes (subject to applicable laws or regulations), internal reporting and other purposes as described in this privacy notice. Click to view a general description of BrighterDay Insurance Services LLC BrighterDay Insurance Services LLC
- Help maintain the safety, security, quality, and integrity of our Website, products and services, databases and other technology assets, and business, including to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity, and to debug to identify and repair errors that impair existing intended functionality.
- Respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- Evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which CCPA Covered Personal Information held by us about our website or application users is among the assets transferred. We use Categories A (identifiers), B (categories listed in the California Customer Records statute), and D (commercial information) information collected to process your requests, purchases, transactions, and payments and prevent transactional fraud.
We use Categories A (identifiers) and F (internet or similar network activity) information for:
- Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with applicable law.
- Short-term, transient use to provide contextual customization of ads shown as part of your interaction with our Website.
- Partnering with third party advertising networks and exchanges to serve our advertising on other sites.
- Testing, research, analysis, and product development and demonstration, including to develop and improve our Website, products, and services.
- For all of the above categories of CCPA Covered Personal Information collected, as described to you when collecting your CCPA Covered Personal Information or as otherwise set forth in the CCPA.
We will not collect additional categories of CCPA Covered Personal Information or use the CCPA Covered Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
7.5. Sharing CCPA Covered Personal Information when we are acting as a business
We may disclose your CCPA covered Personal Information to a third party for a business purpose.
7.5.1. Disclosures of CCPA Covered Personal Information for a business purpose
In the preceding twelve (12) months, we have disclosed all of the above categories of personal information collected for a business purpose.
7.5.2. Sales of CCPA Covered Personal Information
We do not sell consumer personal information. Therefore, in the preceding twelve (12) months, we have not “sold” any categories of CCPA Covered Personal Information.
7.6. Your CCPA Consumer Rights
Effective January 1, 2020, the CCPA obligates businesses that collect consumer information (as that term is defined in the CCPA) to fulfill the following rights of California residents who submit a verifiable consumer request. As stated above, where we act as a CCPA service provider and receive a response directly from you, we will direct you to submit your request to the customer or carrier on whose behalf we process your information. Under the limited circumstances where we act as a CCPA business, we will fulfill your request, as described below.
7.6.1. Data Access
You have the right to request that we disclose certain information to you about our collection and use of your CCPA Covered Personal Information over the past twelve (12) months. Once we receive and verify your request (see below), we will disclose to you:
- The categories of CCPA Covered Personal Information we collected about you.
- The categories of sources for the CCPA Covered Personal Information we collected about you.
- Our business or commercial purpose for collecting that CCPA Covered Personal Information.
- The categories of third parties with whom we share that CCPA Covered Personal Information.
- The specific pieces of CCPA Covered Personal Information we collected about you (also called a data portability request). Note that the law prohibits us from disclosing at any time a consumer’s Social Security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an account password, or security questions and answers.
7.6.2. Data Deletion
You have the right to request that we delete your personal information where we act as a business. This right is subject to several exceptions. Where we act as CCPA business, we may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the CCPA Covered Personal Information and take actions reasonably anticipated within the context of our ongoing business relationship with you or our client.
- Detect bugs or errors in our Website or service, detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information as permitted by law or that are compatible with the context in which we collected it.
7.6.3. Sales Opt Out and Opt In
The CCPA gives consumers the rights to opt out and opt in to the sales of their personal information. We do not sell consumer personal information.
7.6.4. Right to Non-Discrimination
The CCPA prohibits businesses from discriminating against consumers because they exercised any of the consumers’ rights under the CCPA. We will not discriminate against you for exercising any of your CCPA consumer’s rights.
7.7. Exercising Access, Data Portability, and Deletion Rights
As stated in this Section 9 above, generally, we function as a CCPA service provider with respect to our corporate clients and insurance carriers that function as CCPA businesses. Where we act as a service provider and your data has been submitted to us by or on behalf of our corporate client or insurance carrier, we will not be able to substantively address your request to exercise consumer’s rights, and we will ask you to submit your request directly to the relevant business.
In the limited circumstances where we are processing your personal information as a CCPA business, we will address your request accordingly. You may exercise the access, data portability, and deletion rights described above by submitting a verifiable consumer request to us by contacting us here: https://brighterdayinsurance.com/contact
You may only make a verifiable consumer request for access or data portability twice within a twelve (12) month period.
7.8. Verification Process
Under the CCPA, where we act as a business, we are only required to fulfill verifiable consumer requests. Only you, or your Authorized Agent (a person or a business entity registered with the California Secretary of State that you authorize to act on your behalf), may make a verifiable consumer request related to your CCPA Covered Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
Where you choose to submit your request through an Authorized Agent, we may require you to provide your Authorized Agent with written permission to do so and verify your own identity. We may deny any request by an Authorized Agent that does not submit proof that the agent has been authorized by you to act on your behalf.
- Requests for access to categories of personal information. Where you or your Authorized Agent submit a request for disclosure of categories of personal information we as a business have collected about you, we will verify your request to a “reasonable degree of certainty.” This may include matching at least two data points that you would need to provide with data points we maintain about you and that we have determined to be reliable for the purposes of verification.
- Requests for specific pieces of personal information (portability request). Where you or your Authorized Agent submit a request for disclosure of specific pieces of personal information we as a business have collected about you, we will verify your request to a “reasonably high degree of certainty.” This may include matching at least three data points that you would need to provide with the data points we maintain about you and that we have determined to be reliable for the purposes of verification. We will also require you to submit a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.
- Requests to delete. Where you or your Authorized Agent submit a request for deletion of your personal information we as a business have collected about you, we will verify your request to a “reasonable degree” or a “reasonably high degree of certainty” depending on the sensitivity of the personal information and the risk of harm to the consumer posed by unauthorized deletion.
We will only use CCPA Covered Personal Information provided in a verifiable consumer request to verify your identity or authority to make the request.
7.9. Response Timing and Format
Where we act as a business, we will endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the twelve (12) month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your CCPA Covered Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
7.10. Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website who are California residents to request certain information regarding our disclosure of personal information to affiliates and other third parties for their direct marketing purposes. To make such a request, please contact us: https://brighterdayinsurance.com/contact
- CONTACT US
BrighterDay Insurance Services LLC company which provides each Service is primarily responsible for the personal information collected in relation to that Service. A general description of BrighterDay Insurance Services LLC capabilities and their contact information under About Us.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to make a complaint to the data protection authority in your country of residence.
- CHANGES TO THE PRIVACY NOTICE
You may request a copy of this privacy notice from us using the contact details set out above.
Where changes to this privacy notice will have a fundamental impact on the nature of our processing of your personal information or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise any rights you may have under applicable law (e.g. to object to the processing).