Updated: December 31, 2019

Privacy Notice for California Consumers

This Privacy Notice for California Consumers supplements the information contained in the Master Privacy Notice for BITCO and applies to consumers that reside in the State of California. The terms used in this Privacy Notice have the same meaning as the terms defined in the California Consumer Privacy Act (“CCPA”).

What Personal Information We Collect

In accordance with the CCPA, personal information is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include information outside the scope of the CCPA such as:

  • Health or medical information covered by the Health Insurance Portability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA).
  • Personal Information covered by the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), the California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994,
  • Publicly available information that is available from federal, state, or local government records, and
  • De-identified or aggregated consumer information.

Please see the chart below to learn what categories of personal information we may have collected about California consumers within the preceding twelve months, the sources of and business purposes for that collection and the third parties with whom the information is shared, if any.

 

Category             

Examples

Collected

Sources

Business Purpose for Collection

Third Parties with Whom Information is Shared

Identifiers

Real name, alias, postal address, unique personal identifier, online identifier, Internet protocol address, email address, account name, social security number, driver’s license number, passport number or other similar identifiers

Yes

Insurance applicant, insured, employees of the insured, claimants and affiliated individuals, employees of BITCO.

Underwriting or providing other products or services, responding to policyholder/consumer claims, inquiries or complaints, detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity. Other audit or operational purposes. If an employee of BITCO, for operational purposes.

For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers. For employment matters (if needed): attorneys and related legal support professional.

Personal information described in California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. “Personal information” does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.

Yes

Insurance applicant, insured, employees of the insured, claimants and affiliated individuals, employees of BITCO.

Underwriting or providing other products or services, responding to policyholder/consumer claims, inquiries or complaints, detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity.  Other audit or operational purposes. If an employee of BITCO, for operational purposes.

For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers. For employment matters (if needed): attorneys and related legal support professional.

Characteristics of protected classifications under California or federal law

Age (40 years or older), race, color, ancestry, national origin, citizenship, religions or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, or genetic information (including familial genetic information).

Yes

Claimants and affiliated individuals, employees of BITCO.

Responding to policyholder/consumer claims, inquiries or complaints. If an employee of BITCO, for operational purposes.

For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers. For employment matters (if needed): attorneys and related legal support professional.

Commercial Information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Yes

Insurance applicant, insured, employees of the insured, claimants and affiliated individuals.

Responding to policyholder/consumer claims, inquiries or complaints.

For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers.

Biometric information

Physiological, genetic, or behavioral characteristics, imagery of the iris, retina, fingerprint, faceprint, voiceprint, handprint, keystroke patterns, gait patterns, other physical patterns involving sleep, health or exercise data.

Yes

Claimants and affiliated individuals.

Responding to policyholder/consumer claims, inquiries or complaints.

For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers.

Internet or other electronic network activity

Browsing history, search history, information about a consumer’s interaction with a website, application, or advertisement.

Yes

Claimants and affiliated individuals, employees of BITCO, other users of BITCO's information networks or systems.

To provide access to certain online services. To understand the interests of visitors to our online services, to support certain features of our site, for navigation and to display certain features more effectively. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity. Other audit or operational purposes.

For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers. For fraud or network security: law enforcement or vendors assisting in resolving incidents.

Geolocation data

Geographic tracking data, physical location and movements

Yes

Claimants and affiliated individuals, users of BITCO's information networks or systems.

Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity.

For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers.

Sensory data

Audio, electronic, visual, thermal, olfactory, or similar information

Yes

Claimants and affiliated individuals.

Responding to policyholder/consumer claims, inquiries or complaints.

For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers.

Professional or employment related information

Current or past employment history, performance evaluations, disciplinary records, investigations, awards, earnings, compensation and payroll records, benefit records, employment application, resume, background checks, contracts and agreements or termination records, leave documentation, medical records or workers compensation records.

Yes

Insurance applicant, insured, employees of the insured, claimants and affiliated individuals, employees of BITCO.

Responding to policyholder/consumer claims, inquiries or complaints. If an employee of BITCO, for operational purposes.

For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers.

Nonpublic Education information (FERPA)

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class list, student schedules, student identification codes, student financial information, or student disciplinary records. Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).

Yes

Claimants and affiliated individuals, employees of BITCO.

Responding to policyholder/consumer claims, inquiries or complaints. If an employee of BITCO, for operational purposes.

For claims: claims adjusters and investigators, attorneys and related legal support professionals, and medical or health care providers.

Inferences from other personal information to create a profile of a person

A person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

No

NA.

Not disclosed.

NA.

 

What Personal Information We Share and Why We Share It


The CCPA requires us to tell you what categories of personal information we “sell” or “disclose.” We do not sell and will not sell your personal information as that term is commonly understood. We also do not sell and will not sell your personal information, including the personal information of persons under 16 years of age, as that term is defined by the CCPA. When it is necessary for a business purpose, we share or disclose your personal information with a service provider, and we enter a contract with the service provider that limits how the information may be used and requires the service provider to protect the confidentiality of the information.

In the preceding twelve months, we have disclosed the following categories of personal information for the following business purposes. Where the personal information is shared with third parties, as that term is defined in the CCPA, the category of the third party is indicated.

 

Category             

Examples

Business Purpose for Disclosure

Identifiers

Real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number or other similar identifiers

Underwriting or providing other products or services, responding to policyholder/consumer claims, inquiries or complaints, detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity. Other audit or operational purposes.

Personal information described in California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. “Personal information” does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.

Underwriting or providing other products or services, responding to policyholder/consumer claims, inquiries or complaints, detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity.  Other audit or operational purposes.

Characteristics of protected classifications under California or federal law

Age (40 years or older), race, color, ancestry, national origin, citizenship, religions or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, or genetic information (including familial genetic information).

Responding to policyholder/consumer claims, inquiries or complaints. If an employee of BITCO, for operational purposes.

Commercial Information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Underwriting or providing other products or services, responding to policyholder/consumer claims, inquiries or complaints.

Biometric information

Physiological, genetic, or behavioral characteristics, imagery of the iris, retina, fingerprint, faceprint, voiceprint, handprint, keystroke patterns, gait patterns, other physical patterns involving sleep, health or exercise data.

Responding to policyholder/consumer claims, inquiries or complaints.

Internet or other electronic network activity

Browsing history, search history, information about a consumer’s interaction with a website, application, or advertisement.

To provide access to certain online services. To understand the interests of visitors to our online services, to support certain features of our site, for navigation and to display certain features more effectively. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity. Other audit or operational purposes.

Geolocation data

Geographic tracking data, physical location and movements

Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity.

Sensory data

Audio, electronic, visual, thermal, olfactory, or similar information

Responding to policyholder/consumer claims, inquiries or complaints.

Professional or employment related information

Current or past employment history, performance evaluations, disciplinary records, investigations, awards, earnings, compensation and payroll records, benefit records, employment application, resume, background checks, contracts and agreements or termination records, leave documentation, medical records or workers compensation records.

Responding to policyholder/consumer claims, inquiries or complaints. If an employee of BITCO, for operational purposes.

Nonpublic Education information (FERPA)

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class list, student schedules, student identification codes, student financial information, or student disciplinary records.

Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).

Responding to policyholder/consumer claims, inquiries or complaints. If an employee of BITCO, for operational purposes.

Inferences from other personal information to create a profile of a person

A person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

Not disclosed.

 

We may also transfer to a third party the personal information of a consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of the business.

Your Rights and Choices


The CCPA provides California consumers with certain rights regarding their personal information. This chart describes those rights and certain limitations to those rights.

Right

What This Means

Notice

At or before the time your personal information is collected, you will be given written notice of the categories of personal information to be collected and the purposes for which the categories of personal information will be used.

Access

At your verifiable request, but no more than twice in a twelve month period, we shall disclose to you:

  1. the categories of personal information we have collected about you,
  2. the categories of sources for the personal information we collected about you,
  3. our business and commercial purpose for collecting your personal information,
  4. the categories of third parties with whom we share your personal information,
  5. The specific pieces of information we have collected about you,
  6. the categories of personal information disclosed for a business purpose, and
  7. If we sold personal information, the categories of personal information sold and the categories of third parties to whom it was sold.

Deletion

You have the right to request that we delete any of your personal information that we collected from you, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records unless an exception applies. We may deny your request if retention of the information is necessary for us or our service providers to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code §1546 et seq.)
  • Engage in public or peer reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
  • Or if it is the type of personal information that falls outside the scope of the CCPA, (HIPAA, CIMA, GLBA, or publicly available information)

Opt-Out of Sale

With some limitations, you may direct a business that sells personal information to third parties not to sell the personal information to these third parties.

Opt-In to Sale

A business may not sell the personal information of persons less than sixteen years of age without their affirmative consent, and in the case of those less than thirteen years of age, the consent must come from a parent.

Non-Discrimination

We will not discriminate against you for exercising your rights under the CCPA. Unless otherwise permitted by the CCPA we will not:

  • Deny you goods or service
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties
  • Provide a different level or quality of goods or services
  • Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services

 

To Exercise Your Rights

 

To Opt-out of the Sale of Your Personal Information

The CCPA gives consumers the right to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information. We do not sell and will not sell your personal information as that term is commonly understood. We also do not sell and will not sell your personal information, as that term is defined by the CCPA.

To Request Access to or Deletion of Your Personal Information

 To exercise your access or deletion rights described above, please submit a verifiable consumer request to us. Call 1.800.475.4477 or write to email privacy@bitco.com; or regular mail Attn: Privacy Coordinator, 3700 Market Square Circle, Davenport, IA 52807).

Only you or your representative that you authorize to act on your behalf (Authorized Agent) can make a verifiable consumer request for your personal information. You may also make a request for your minor child. The verifiable request must provide enough information that allows us to reasonably verify you are the person about whom we collected personal information. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and to confirm the personal information relates to you.

We use several layers of authentication in order to verify your identity and safeguard access to your personal information. We will request that you respond to a text message from our representative. We will also request that you provide certain information such as your first and last name, your address and your birthdate and respond to other questions designed to authenticate your identity. If we are unable to verify your identity we may require additional authentication or your request may be rejected.

We work to respond to a verifiable consumer request within 45 days of its receipt. If we require additional time, we will inform you of the extension period (up to an additional 45 days), and the reason for the extension in writing. If you have an account with us, we will deliver our response to that account. If you do not have an account with us, we will deliver our response by mail or electronically, depending on your preference. The response we provide will also explain any reasons why we cannot comply with a request.

You may only make a consumer request for access twice within a twelve-month period.

Any disclosures we provide will apply to the twelve-month period preceding the consumer request’s receipt.

Contact Us

 If you have any questions regarding our Privacy Notice or practices, please contact us (call: 800.475.4477; email: privacy@bitco.com; regular mail: 3700 Market Square Circle, Davenport, IA 52807).