My MPA Insurance Solutions (also operating as MyPlanAdvocate Insurance Services, “Company”, “MPA” “we,” “us,” and “our”) is giving you (“you,” “your”) this notice pursuant to the requirements of federal and state laws and regulations under which we are governed. This policy will inform you of your privacy rights and how we may collect, use, and share nonpublic Personal Information about you and any accounts you may have or had with a us.
My MPA Insurance Solutions includes insurance companies, insurance technology providers, and other businesses in the insurance industry. Those companies are listed at the end of this notice. Please note that the type of business and business activities determines which regulations apply to your nonpublic Personal Information.
The California Consumer Privacy Act of 2018 (“CCPA”) expands the privacy rights of California residents; however, CCPA does not apply to certain businesses as well as public and nonpublic Personal Information governed by certain other state and federal regulations. This impacts My MPA Insurance Solutions and your Personal Information in the following ways:
- All insurance companies are regulated by the federal Fair Credit Reporting Act (“FCRA”) and Gramm-Leach-Bliley Act (“GLBA”). The California Financial Information Privacy Act (“Cal-FIPA”) also applies to insurance companies. Nonpublic Personal Information governed by these laws is exempt from CCPA.
- Your driver’s license information covered by the federal Driver’s Privacy Protection Act of 1994 is exempt from CCPA.
- Public information obtained legally from government records is not covered by CCPA.
- Your Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and your Medical Information (“MI”) as defined by California’s Confidentiality of Medical Information Act (“CMIA”) are exempt from CCPA as well.
- Covered Entities as defined by HIPAA are not subject to CCPA when they manage patient information like PHI. This includes our health insurance underwriting companies.
Although the information and types of businesses noted above are not covered by CCPA, your rights under these laws and regulations have not changed.
HIPAA Notice of Privacy Practices
General Notice of Privacy Practices
You have rights regarding our privacy practices pertaining to your insurance information under GLBA, Cal-FIPA, and other state and federal regulations including those mentioned above. This includes your right to know the types of personal information we collect, reasons we can share your information under the law, and in some cases to opt out of our sharing your information.
Please review this notice carefully. The remaining content is organized in the following sections:
- Personal Information: Our sources, collection, use, disclosure, and protection;
- Your Rights: Under CCPA and other regulations, including your rights to opt out of our sharing your information in certain situations, and how to exercise your rights;
- Exhibit A – Cal-FIPA Important Privacy Choices for Consumers: Additional privacy choices as a California resident.
Sources of Personal Information We Collect about You
We collect information about you to quote and service your insurance policy. This is called “Nonpublic Personal Information” or “NPI” if it identifies you, or members of your household, and is not available to the public. Depending on the service or product, we collect it from some or all of the following sources. We have provided a few examples for each source, but not all may apply to you.
- Information we collect from you, such as information on applications or other forms, which may include your name, address, email address, age, social security number, driving history, property history, claims history, and health information.
- Information about your transactions with us, our affiliates, or others, such as your account balance and payment history.
- Information we receive from outside sources such as consumer reporting agencies, insurance agencies, and state motor vehicle departments. This type of source may provide information on your credit history, credit score, driving and accident history, or prior insurance coverage that you have obtained, including claim history, information related to claims for benefits or coverage under a policy we issue, whether or not you are our customer. In relation to our health insurance business, including long-term care and disability insurance, we may receive information from physicians, hospitals, medical professionals, other health care providers, and other sources related to health care and health history. Please note that the information obtained from outside sources may be retained by those outside sources and disclosed to other persons without our knowledge.
- Information we receive from outside sources for data integration services and in support of our digital marketplace. This may include anonymization services to protect your personal information, lead sources and aggregators, social media, advertising, other third party sites, web browsers, and search engines.
Personal Information We Collect and May Disclose to Non-Affiliated Third Parties
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked – either directly or indirectly – with a particular consumer or household. The following categories of Personal Information are defined under CCPA as are most of the following examples. For transparency, we are also providing information we may collect under additional regulations. In particular, we have collected the categories of Personal Information noted in the table below about consumers within the last twelve (12) months. The table also includes the categories of non-affiliated third parties with whom we have shared the category of Personal Information, when permitted or required by law.
Please note that our collection and sharing of this information depends on the products or services we provide and your interactions with us. For example, certain Biometric Information is commonly collected for health insurance but not for property (such as home or auto) insurance.
|Category of Personal Information||Examples||Shared with Categories of Third Parties|
|1. Identifiers||Legal name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||Service providers Consumer reporting agencies Data and online analytics providers Online partners and providers* Insurance related entities** Third-party product providers Government entities|
|2. Information Listed in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e))||Name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.|
Some Personal Information included in this category may overlap with other categories.
|Service providers Consumer reporting agencies Data and online analytics providers Online partners and providers* Insurance related entities** Third-party product providers Government entities|
|3. Protected Classification Characteristics under California or Federal Law||Age, race, color, ancestry, national origin, citizenship, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||Service providers Data and online analytics providers Online partners and providers* Insurance related entities** Third-party product providers Government entities|
|4. Commercial Information||Records of real or personal property owned or leased, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Service providers Consumer reporting agencies Data and online analytics providers Online partners and providers* Insurance related entities** Third-party product providers Government entities|
|5. Biometric Information||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||Service providers Data and online analytics providers Online partners and providers* Insurance related entities** Third-party product providers Government entities|
|6. Internet or Other Similar Network Activity||Browsing history, search history, website interactions, application, or advertisement, links you use or web pages you visit while using our website or applications, browser type, internet service provider (ISP), cookies, and mobile devices, including device type, identifier or other device information.||Service providers Data and online analytics providers Online partners and providers* Insurance related entities** Third-party product providers Government entities|
|7. Geolocation Data||Physical location (including address) or movements.||Service providers Data and online analytics providers Online partners and providers* Insurance related entities** Third-party product providers Government entities|
|8. Sensory Data||Audio, such as call center recordings, electronic, visual, thermal, olfactory, or similar information.||Service providers Insurance related entities** Third-party product providers Government entities|
|9. Professional or Employment Related Information||Current or past job history.||Service providers Data and online analytics providers Insurance related entities** Third-party product providers Government entities|
|10. Nonpublic Education Information||Education records directly related to a student maintained by an educational institution or party acting on its behalf.|
(Pursuant to the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))
|Service providers Data and online analytics providers Insurance related entities** Third-party product providers Government entities|
|11. Inferences Drawn from Other Personal Information||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||Service providers Data and online analytics providers Online partners and providers* Insurance related entities** Third-party product providers Government entities|
* Online partners and providers include: Lead sources and aggregators, social media, advertising networks, and other third-party sites, web browsers and search engines.
** Insurance related entities include: People and entities involved in providing insurance, insurance claims, litigation, and fraud prevention and detection.
Disclosure and Sale of Personal Information
Regardless of your age, My MPA Insurance Solutions will not sell your Personal Information, which is regulated by CCPA. Federal and state laws have strict regulations about sharing and selling financial and insurance related nonpublic Personal Information.
Use and Sharing of Personal Information with Affiliates and Non-Affiliates
We disclose Personal Information to our business affiliates and subsidiary partners, vendors, service providers, advertisers, and other third parties to provide you with superior service and to inform you of product and service opportunities that may be of interest to you. We may share any of the nonpublic Personal Information we collect about you and your accounts, as described above, as permitted by law. Our sharing of information about you is subject to your rights, detailed in this policy. We may use or disclose the Personal Information we collect for one or more of the following business purposes including the examples noted below:
|1. Performing Services||To fulfill the reason for which you provide us the information, such as quoting premiums, underwriting insurance, servicing insurance policies, and adjusting claims. To provide you with information, products, or services that you request from us or any of our authorized representatives, such as insurance agents and claims adjustors. To provide you with email alerts, web portal registrations, and other notices concerning our products or services, or to provide other related information or news that may be of interest to you. To carry out our obligations and enforce our rights arising from any contracts entered between you and us, including for billing and collections.|
|2. Security||To protect the rights, property, or safety of us, our clients, or others as necessary or appropriate.|
|3. Certain Short-term Uses||To improve our interactions with you and other consumers, e.g. during visits to one of our websites or when providing digital content.|
|4. Auditing||To improve our websites and operational procedures. To enhance your experience with our products and communication. To provide required information for internal and external audits for regulatory, legal, financial, technical, and operational compliance.|
|5. Internal Research for Technical Development||For developing new technological solutions, improve efficiency and effectiveness of operations, and maintain products at or above industry standards. To improve customer experience when interacting with staff and utilizing our services.|
|6. Debugging||Identifying and repairing errors in our products, services, and related systems.|
|7. Quality and Safety Maintenance and Verification||To assure accessibility and usability of our services and products as required by state and federal law. To comply with data security and privacy standards and protect sensitive information from unauthorized access.|
|8. Operational and Other Purposes||To participate, as permitted by law, in academic and non-profit policy research. To respond to law enforcement or regulatory agency requests, as required by applicable law, court order, or government regulations. To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets or subsidiaries, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us is among the assets transferred. To fulfill the purpose as otherwise described to you at the time we collect your Personal Information, or as otherwise set forth in the CCPA. To fulfill any of the above purposes on your or our behalf, we may disclose your Personal Information to other businesses or government agencies such as: Financial service providers, such as credit card issuers, insurance companies, and insurance agents. Non-financial companies, such as credit reporting agencies, manufacturers, motor vehicle dealers, management companies, attorneys in fact, and telecommunication companies. Companies that perform business or professional services, such as printing, mailing, data processing, analysis, or customer survey services, on our behalf. Other companies we do business with to offer or provide financial products and services.|
We will not collect additional categories of Personal Information, or use the Personal Information we collected, for materially different, unrelated, or incompatible purposes without providing you prior notice. We will disclose your nonpublic Personal Information, without notice, only if required or allowed to do so by law, or otherwise with your consent or in the good faith belief that such action is necessary to:
- Conform to the requirements of the law or comply with legal process served on us;
- Protect and defend our rights or property;
- Act under emergency circumstances to protect the personal safety of our customers, or the public;
- Assist in the underwriting and servicing of insurance policies written by us or through non-affiliated parties;
- Process insurance claims.
How We Protect the Information that We Collect about You and Your Accounts
To protect the privacy and security of nonpublic Personal Information we collect about you, we restrict access to the information to our employees, affiliates, service providers, agents and subcontractors who need this information to provide products and services to you. We maintain physical, electronic, and procedural safeguards that comply with applicable federal and state laws and regulations to guard your nonpublic Personal Information. We strive to keep our information about you accurate. We require those individuals to whom we permit access to your customer information to protect it and keep it confidential.
Right to Know
You have the right to know specific things about CCPA-regulated Personal Information that we have about you. You can request that we provide you with any or all of the following information:
- The specific pieces of Personal Information we collected about you;
- The categories of Personal Information we collected about you;
- The categories of sources for the Personal Information we collected about you;
- Our business purpose for collecting your Personal Information;
- The categories of Personal Information we disclosed for a business purpose about you;
- The categories of third parties with whom we share that Personal Information.
The above right applies to your Personal Information from the previous 12 months from the date we receive your request to know. Before we can disclose this information to you, we must verify your identity and the request as outlined in the “Exercising Your CCPA Rights” section below.
For more information about your Right to Know, visit our Privacy Page or call us toll-free at 800-650-6585.
If you wish to review or correct nonpublic Personal Information about your account, please contact your insurance agent or a customer service representative at the contact information on your account statement or other account materials. If you believe there is an error in such Personal Information, please inform us and we will update our records promptly.
Right to Request Deletion of Personal Information Collected from You
You have the right to request that we delete your CCPA-regulated Personal Information that we collected from you and retained. Our fulfillment of your request is subject to certain exceptions including those listed below. If no exception applies, and we are able to verify your identity and request as outlined in the “Exercising Your CCPA Rights” section below, we will delete (and direct our Service Providers to delete) your self-provided Personal Information from our records.
We may deny your deletion request if retaining the information is necessary for us (or our service providers) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, or prosecute those responsible for such activities.
- Protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise his or her free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with Consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
For more information about your Right to Request Deletion, visit our Privacy Page or call us toll-free at 800-650-6585.
Right to Non-Discrimination
We will not discriminate against you for exercising your privacy rights. Unless permitted by law, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, such as granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Response Timing and Fulfillment
- We will attempt to respond to verifiable Consumer requests within 45 days of receipt. If we require additional time (up to an additional 45 days, for a total of up to 90 days), we will inform you in writing of the extension period and the reason it is needed. The process for verifying the identity of the requestor is described below, under “Exercising Your Rights.”
- If you have an online account with us, at our option, we can deliver our written response to that account.
- If we do not deliver our response via your online account with us, we will deliver our written response by mail or electronically, at your option. We will use a secure email portal to deliver information to you electronically.
- Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable consumer request.
- The response we provide will also explain the reason(s) we cannot comply with a request, if applicable.
- We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Right to Opt Out
You have multiple rights that, when exercised, limit our disclosure of your Personal Information including the following:
CCPA: CCPA grants consumers the right to prohibit certain businesses from selling their Personal Information to third parties.
However, under CCPA My MPA Insurance Solutions will not sell your Personal Information.
Affiliate Marketing: Federal law gives you the right to limit our sharing of your NPI across My MPA Insurance Solutions affiliates for marketing products and services, in some cases. This means you can prohibit the My MPA Insurance Solutions company with whom you have an account from sharing your NPI with some My MPA Insurance Solutions affiliates for their own marketing purposes.
Information Sharing with Affiliates and Non-Affiliates: With your prior consent, we will share your Personal Information with our trusted network of partners to help you obtain information that you have requested. For example, we do this when you submit your information to us to obtain insurance quotes. Additionally, some Information Sharing is permitted by law and is necessary to run our everyday business, such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus. However, federal law also gives you the right to limit some of your NPI (i.e. your credit worthiness) from being shared between affiliates in My MPA Insurance Solutions for everyday business purposes. You may also limit our sharing of your NPI with non-affiliated third parties for their own marketing purposes.
If you choose to limit our sharing as allowed above, your choice will be applied to your policy and the NPI of all individuals covered by it. You may make your choice to opt out at any time. However, if we do not hear from you, we may share some of your information with affiliates and with other companies with whom we have contracts to provide products and services.
Exercising Your Rights
To exercise your Right to Know or your Right to Request Deletion under CCPA, please submit a verifiable consumer request to us by calling us toll-free at 800-650-6585.
We are required by law to verify your request and identity before fulfilling these requests. You must provide sufficient information that allows us to reasonably verify you are the person about whom we have collected Personal Information like name, address, contact information, and date of birth. Once your request is successfully received, we will provide additional details about the process for completing your request.
Our customers will be required to provide the information used to service their accounts, including policy number. Consumers without a policy will be required to submit a copy of the front and back of their government-issued photo ID as well as a photo of themselves while holding that photo ID. If a government-issued photo ID is not available, you may submit an affidavit of your identity.
You may opt to assign an Authorized Agent to submit a request on your behalf. This can be a person or a business registered with the California Secretary of State. Your Authorized Agent can use the same toll free number provided above to submit your request. In addition to verifying your identity as outlined above, we must also verify that this person or business is authorized to act on your behalf. They will be required to submit their own information as well as an affidavit of your identity, and a properly executed power of attorney that describes you, your designated authorized agent, and the purpose of the designation.
Making a verifiable consumer request does not require you to create an account with us. To ensure the security of your information and your request, we will use a secure email portal to correspond with you electronically. We will only use Personal Information provided in a consumer request to verify the requestor’s identity or authority to make the request, to verify the identity of the subject of the request (if a different individual), to fulfill the request, if possible, and to ensure our compliance with and fulfill our obligations under CCPA and other applicable laws.
Only you or your Authorized Agent may make a verifiable consumer request related to your Personal Information. We will process a request for you free of charge up to two times within any 12-month period.
To exercise your Right to Opt Out of Affiliate Marketing and Information Sharing, as noted above, you may do one of the following:
- Call us toll-free at 800-650-6585 and leave a message with our Privacy Team.
- Complete the enclosed “Important Privacy Choices for Consumers” form attached as Exhibit A to this notice and mail it to the address on your most recent statement. (You may also request that we send you a business reply postage paid envelope in order to return your completed form by calling the number on your statement.)
You will be required to provide your policy number and company name with whom you have an account because your Right to Opt Out applies to your policy and the NPI associated with it for yourself and others covered by the policy. Your choice to opt out remains in effect unless you expressly tell us otherwise. This means you have to request to opt out only once for your policy even though the information about the right to opt out is still included in our annual privacy notice as required by law. Selecting to opt you out of Information Sharing or to limit Affiliate Marketing as described above will opt you out of both. Each time you establish a new account with My MPA Insurance Solutions, you will have the opportunity to opt out for that account as well.
CCPA requires that we publish annual metrics from the previous calendar year regarding our processing of CCPA requests. The metrics will be found on our California CCPA Metrics page.
Contact Information for Questions or Concerns
If you have questions or concerns about My MPA Insurance Solutions privacy policies and practices, you may contact us via email at email@example.com. Please do not send sensitive information to this email address. Optionally, if you have already submitted a privacy request with us, and we have contacted you via secure email, you may respond to that email if you need to provide sensitive information. You may also leave a message for our Privacy Team by calling toll-free at 800-650-6585. Please include your name, contact information, policy number (if applicable), and your question or concern.
Frequency of Notification of Your Privacy Rights