Updated: December 20, 2022

Privacy Notice for California Consumers

This Privacy Notice for California Consumers supplements the information contained in the Master Privacy Notice for BITCO Insurance Companies and applies to consumers that reside in the State of California. The terms used in this Privacy Notice have the same meaning as the terms defined in the California Consumer Privacy Act (“CCPA”).

What Personal Information We Collect

In accordance with the CCPA, personal information is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include:

Information outside the scope of the CCPA such as:

Health or medical information covered by the Health Insurance Portability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA).
Personal Information covered by the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), the California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994,
Publicly available information or lawfully obtained, truthful information that is a matter of public concern, and
De-identified or aggregated consumer information.

Please see the chart below to learn what categories of personal information we may have collected about California consumers within the preceding twelve months, the sources of and business purposes for that collection and the third parties with whom the information has been disclosed, if any.

Category	Examples	Sources	Business Purpose for Collection	Third Parties with Whom Information is Disclosed
Identifiers	Real name, alias, postal address, unique personal identifier, online identifier, Internet protocol address, email address, account name, passport number or other similar identifiers. Social security number and driver's license number are collected.	Insurance applicant, insured, employees of the insured, claimants and affiliated individuals, employees of BITCO.	Underwriting or providing other products or services, responding to policyholder/consumer claims, inquiries or complaints, detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity. Other audit or operational purposes. If an employee of BITCO, for operational purposes.	For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers. For employment matters (if needed): attorneys and related legal support professional.
Personal information described in California Customer Records statute (Cal. Civ. Code § 1798.80(e))	Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. “Personal information” does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. Health information is collected.	Insurance applicant, insured, employees of the insured, claimants and affiliated individuals, employees of BITCO.	Underwriting or providing other products or services, responding to policyholder/consumer claims, inquiries or complaints, detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity. Other audit or operational purposes. If an employee of BITCO, for operational purposes.	For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers. For employment matters (if needed): attorneys and related legal support professional.
Characteristics of protected classifications under California or federal law	Age (40 years or older), race, color, ancestry, national origin, citizenship, religions or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, or genetic information (including familial genetic information).	Claimants and affiliated individuals, employees of BITCO.	Responding to policyholder/consumer claims, inquiries or complaints. If an employee of BITCO, for operational purposes.	For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers. For employment matters (if needed): attorneys and related legal support professional.
Commercial Information	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	Insurance applicant, insured, employees of the insured, claimants and affiliated individuals.	Responding to policyholder/consumer claims, inquiries or complaints.	For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers.
Biometric information	Physiological, genetic, or behavioral characteristics, imagery of the iris, retina, fingerprint, faceprint, voiceprint, handprint, keystroke patterns, gait patterns, other physical patterns involving sleep, health or exercise data.	Claimants and affiliated individuals.	Responding to policyholder/consumer claims, inquiries or complaints.	For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers.
Internet or other electronic network activity	Browsing history, search history, information about a consumer’s interaction with a website, application, or advertisement.	Claimants and affiliated individuals, employees of BITCO, other users of BITCO's information networks or systems.	To provide access to certain online services. To understand the interests of visitors to our online services, to support certain features of our site, for navigation and to display certain features more effectively. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity. Other audit or operational purposes.	For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers. For fraud or network security: law enforcement or vendors assisting in resolving incidents.
Geolocation data	Geographic tracking data, physical location and movements	Claimants and affiliated individuals, users of BITCO's information networks or systems.	Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity.	For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers.
Sensory data	Audio, electronic, visual, thermal, olfactory, or similar information	Claimants and affiliated individuals.	Responding to policyholder/consumer claims, inquiries or complaints.	For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers.
Professional or employment related information	Current or past employment history, performance evaluations, disciplinary records, investigations, awards, earnings, compensation and payroll records, benefit records, employment application, resume, background checks, contracts and agreements or termination records, leave documentation, medical records or workers compensation records.	Insurance applicant, insured, employees of the insured, claimants and affiliated individuals, employees of BITCO.	Responding to policyholder/consumer claims, inquiries or complaints. If an employee of BITCO, for operational purposes.	For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers.
Nonpublic Education information (FERPA)	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class list, student schedules, student identification codes, student financial information, or student disciplinary records.	Claimants and affiliated individuals, employees of BITCO.	Responding to policyholder/consumer claims, inquiries or complaints. If an employee of BITCO, for operational purposes.	For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers.

What Personal Information We Disclose and Why We Disclose It

The CCPA requires us to tell you what categories of personal information we “sell”, “share” or “disclose.” We do not sell and will not sell your personal information as that term is commonly understood. We also do not sell and will not sell your personal information, including the personal information of persons under 16 years of age, as that term is defined by the CCPA. We do not share your personal information, including the personal information of persons under 16 years of age, as that term is defined in the CCPA. When it is necessary for a business purpose, we may disclose your personal information to a service provider or contractor, and we enter into a contract with the service provider or contractor that limits how the information may be used and requires the service provider to protect the confidentiality of the information.

In the preceding twelve months, we have disclosed the following categories of personal information for the following business purposes.

Category	Examples	Business Purpose for Disclosure
Identifiers	Real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number or other similar identifiers	Underwriting or providing other products or services, responding to policyholder/consumer claims, inquiries or complaints, detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity. Other audit or operational purposes.
Personal information described in California Customer Records statute (Cal. Civ. Code § 1798.80(e))	Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. “Personal information” does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.	Underwriting or providing other products or services, responding to policyholder/consumer claims, inquiries or complaints, detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity. Other audit or operational purposes.
Characteristics of protected classifications under California or federal law	Age (40 years or older), race, color, ancestry, national origin, citizenship, religions or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, or genetic information (including familial genetic information).	Underwriting or providing other products or services, responding to policyholder/consumer claims, inquiries or complaints. Other audit or operational purposes.
Commercial Information	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	Underwriting or providing other products or services, responding to policyholder/consumer claims, inquiries or complaints.
Biometric information	Physiological, genetic, or behavioral characteristics, imagery of the iris, retina, fingerprint, faceprint, voiceprint, handprint, keystroke patterns, gait patterns, other physical patterns involving sleep, health or exercise data.	Responding to policyholder/consumer claims, inquiries or complaints.
Internet or other electronic network activity	Browsing history, search history, information about a consumer’s interaction with a website, application, or advertisement.	To provide access to certain online services. To understand the interests of visitors to our online services, to support certain features of our site, for navigation and to display certain features more effectively. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity. Other audit or operational purposes.
Geolocation data	Geographic tracking data, physical location and movements	Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity.
Sensory data	Audio, electronic, visual, thermal, olfactory, or similar information	Responding to policyholder/consumer claims, inquiries or complaints.
Professional or employment related information	Current or past employment history, performance evaluations, disciplinary records, investigations, awards, earnings, compensation and payroll records, benefit records, employment application, resume, background checks, contracts and agreements or termination records, leave documentation, medical records or workers compensation records.	If an employee of BITCO Insurance Companies, for operational purposes. If an insured, for claims purposes. Other audit or operational purposes.
Nonpublic Education information (FERPA)	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class list, student schedules, student identification codes, student financial information, or student disciplinary records. Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).	Responding to policyholder/consumer claims, inquiries or complaints. If an employee of BITCO, for operational purposes.
Inferences from other personal information to create a profile of a person	A person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.	Not disclosed.

We may also transfer to a third party the personal information of a consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of the business.

Our Retention of Your Personal Information

The length of time that we retain personal information largely depends upon the purpose for which the information was collected rather than the category of the information as set forth in this Notice. When establishing retention periods, we consider applicable statutes of limitation and legal and regulatory requirements and guidelines. Personal information is generally retained for periods of time that permit the company to meet its legal and regulatory obligations.

Your Rights and Choices

The CCPA provides California consumers with certain rights regarding their personal information. This chart describes those rights and certain limitations to those rights.

Right	What This Means
Notice	At or before the time your personal information is collected, you will be given or be able to access information regarding the categories of personal information to be collected, the purposes for which the categories of personal information will be used and whether that information is sold or shared.
Access	At your verifiable request, but no more than twice in a twelve month period, we shall disclose to you: the categories of personal information we have collected about you, the categories of sources for the personal information we collected about you, our business and commercial purpose for collecting, selling, or sharing your personal information, the categories of third parties to whom we disclose your personal information, the specific pieces of information we have collected about you, the categories of personal information disclosed about you for a business purpose and the categories of persons to whom your personal information was disclosed for a business purpose, If we sold or shared personal information, the categories of personal information sold and the categories of third parties to whom it was sold or shared.
Deletion	You have the right to request that we delete any of your personal information that we collected from you, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers and contractors to delete) your personal information from our records unless an exception applies. We may deny your request if retention of the information is necessary for us or our service providers to: Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you. Help to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate to that purpose. Debug to identify and repair errors that impair existing intended functionality. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code §1546 et seq.) Engage in public or peer reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when the information’s deletion is likely to render impossible or seriously impair the research’s completion, if you previously provided informed consent. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us and compatible with the context in which you provided the information. Comply with a legal obligation. Or if it is the type of personal information that falls outside the scope of the CCPA, (HIPAA, CIMA, GLBA, or publicly available information)
Correct	You have the right to request that we correct inaccurate personal information about you, taking into account the nature of the personal information and the purposes of the processing of the personal information. After we receive and verify your request, we will use commercially reasonable efforts to correct the inaccurate personal information as directed by you.
Opt-Out of Sale or Sharing	With some limitations, you may direct a business that sells or shares personal information to third parties not to sell the personal information to these third parties.
Opt-In to Sale or Sharing	A business may not sell or share the personal information of persons less than sixteen years of age without their affirmative consent, and in the case of those less than thirteen years of age, the consent must come from a parent.
Limit Use of Sensitive Personal Information	You may direct a business to limit the use of your sensitive personal information to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services and certain other limited uses as described in the CCPA and applicable regulations.
Non-Discrimination	We will not discriminate against you for exercising your rights under the CCPA. Unless otherwise permitted by the CCPA we will not: Deny you goods or service Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties Provide a different level or quality of goods or services Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services Retaliate against you as an employee, applicant for employment or independent contractor for exercising your rights under the CCPA.

To Exercise Your Rights

To Opt-out of the Sale or Sharing of Your Personal Information

The CCPA gives consumers the right to direct a business that sells or shares personal information about the consumer to third parties not to sell or share the consumer’s personal information. We do not sell and will not sell your personal information as that term is commonly understood. We also do not sell and will not sell your personal information, as that term is defined by the CCPA. We do not share your personal information as that term is defined in the CCPA.

To Limit the Use of Sensitive Personal Information

The CCPA gives consumers the right to direct a business to limit the use of the consumer’s sensitive personal information to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services and certain other limited uses as described in the CCPA and applicable regulations. We do not use or disclose sensitive personal information for purposes other than those purposes specified in Section 7027, subsection (m) of the California Consumer Privacy Act Regulations. If we begin using or disclosing your sensitive personal information outside of those purposes, then we will provide you with the option to limit our use or disclosure through a clear and conspicuous link on our internet homepage.

To Request Access to or Deletion of Your Personal Information

To exercise your access, correction or deletion rights described above, please submit a verifiable consumer request to us. Call 1.800.475.4477 or write to email privacy@bitco.com; or regular mail Attn: Privacy Coordinator, 3700 Market Square Circle, Davenport, IA 52807).

Only you or your representative that you authorize to act on your behalf can make a verifiable consumer request for your personal information. You may also make a request for your minor child. The verifiable request must provide enough information that allows us to reasonably verify you are the person about whom we collected personal information. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and to confirm the personal information relates to you.

We use several layers of authentication in order to verify your identity and safeguard access to your personal information. We will request that you respond to a text message from our representative. We will also request that you provide certain information such as your first and last name, your address and your birthdate and respond to other questions designed to authenticate your identity. If we are unable to verify your identity, we may require additional authentication or your request may be rejected.

We work to respond to a verifiable consumer request within 45 days of its receipt. If we require additional time, we will inform you of the extension period (up to an additional 45 days), and the reason for the extension in writing. If you have an account with us, we will deliver our response to that account. If you do not have an account with us, we will deliver our response by mail or electronically, depending on your preference. The response we provide will also explain any reasons why we cannot comply with a request.

You may only make a consumer request for access twice within a twelve-month period.

Any disclosures we provide will apply to the twelve-month period preceding the consumer request’s receipt.

California’s Shine the Light law also permits California residents who have supplied personal ‎information, as defined in the ‎law, to us under certain circumstances, to request and obtain ‎certain information regarding ‎our disclosure, if any, of personal information to third parties for their ‎direct marketing purposes. If ‎this applies, you may obtain the categories of personal information ‎shared and the names and ‎addresses of all third parties that received personal information for their ‎direct marketing purposes ‎during the immediately prior calendar year (e.g. requests made in 2023 will ‎receive information ‎about 2022 sharing activities) or to request to opt-out of such future sharing. ‎To make such a ‎request, please provide sufficient information for us to determine if this applies to ‎you, attest to the ‎fact that you are a California resident and provide a current California address for ‎our response. ‎You may make this request in writing at: privacy@bitco.com.

Contact Us

If you have any questions regarding our Privacy Notice or practices, please contact us (call: 800.475.4477; email: privacy@bitco.com; regular mail: 3700 Market Square Circle, Davenport, IA 52807).