Lockton Affinity Website Privacy Notice
Last Updated: [6/30/2023]
This privacy policy explains how Lockton Affinity (“Lockton,” ”we,” “our,” “us,” “our company”) processes personal information when you interact with us online such as through our websites and apps (collectively, “Services”). This Privacy Policy applies to our collection, use, and disclosure of personal information in the business-to-business context and from consumers, including website visitors and potential job applicants (i.e., information that may identify, relate to, describe, reference, is capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your device). We also recommend that you review the Terms Of Use governing use of this website and its content.
Children’s Privacy
You must be 18 years or older to use our Services. Our Services are for a general audience, are not targeted to children, and do not knowingly collect personal information from children under 18 years of age.
How Do We Collect Personal Information?
From you. We may collect personal information and other information that you provide when you use our Services, obtain insurance from us, sign up for emails from us, contact us, solicit an insurance policy quote, submit employment applications, or otherwise use our Services.
From devices you use when you interact with us online. This includes information collected through our Services and automatically from devices you use to connect to our Services. For more information about this, please see our “Cookies and similar technologies” section below.
From third parties and publicly available sources. This includes personal information we collect from other public sources, including, but not limited to, websites that enable social sharing, social media sites, and websites from our service providers, vendors, our affiliates, or other individuals and businesses.
From you in person.
The Types of Personal Information We May Collect From You
Depending on how you interact with us, we may collect the following information:
- Contact Information, such as your name, home address, email address, telephone number, or other similar identifiers.
- Biographic and Demographic Information, such as date of birth, age, gender, and photo.
- Financial and Payment Information, such as credit card details, bank account number, financial information, and payment preferences.
- Account Information, such as a user name and password and profile details you choose to provide.
- Internet Usage Information, such as browsing history, search history, web-based location, IP address, and any other Internet usage information our Services may automatically record when you visit.
- Device information, such as browser or device model and settings, operating system, and unique identifiers.
- Inferences, such as inferences drawn from any of the personal information identified.
- Other Personal Information you provide, such as Social Security Number, driver’s license number, and the content provided either in your job application or in your communications with us, including interactions with us online, in-person, or on the phone.
- Aggregate Information, such as aggregate personal information that we have collected in connection with our Services, such that the information is no longer personally identifiable or attributable to you. We may use such aggregated information for our own legitimate business purposes, such as viewing website traffic and website user behaviors.
How We Use Your Personal Information
We may use your information for the following reasons, depending on your relationship with us:
- To communicate with you, such as when we respond to your inquiries and send you communications, regarding our products and services.
- To serve you targeted advertising or content.
- To provide, market, and develop our products and services, including to maintain our websites, troubleshoot, provide customer and technical support, conduct data analysis, test and research, and better understand the interests of our clients and visitors who use our services and products.
- To carry out any obligations arising from any contracts entered into between you and Lockton.
- To allow you to participate in interactive features of our Service (when you choose to do so).
- To provide quotes regarding insurance.
- To conduct marketing research.
- To understand how you interact with our Services and personalize the product experience and content (including advertising and messaging campaigns).
- To maintain the safety, security, and integrity of our Services, for example, by authenticating users and providing account security and fraud detection. We may also use your information to monitor, detect, and prevent fraud and improper or illegal activity.
- To debug our systems, to secure our online services, including our network and websites, and to debug our online services.
- To send you news and/or marketing communications (by email, phone, or text) subject to your consent, marketing preferences, and/or choices, including information about us or third-party offerings we think may be of interest to you.
- To conduct market research and develop quality assurance, including to study, develop, and improve our products and services. We may also aggregate, anonymize, and/or de-identify personal information we collect and use it for any purpose, including product development and improvement activities.
- To comply with legal requirements and/or to investigate or address claims or disputes relating to your use of the Services. This would include the use of your information to comply with our legal and regulatory obligations, to defend ourselves in litigation and investigations, and to prosecute litigations.
- To conduct internal business purposes, including for data analysis, audits, and enhancing our services. We may also use inferences drawn from personal information to create a profile reflecting your preferences, so we can tailor our services to you.
- To process and complete transactions, including collecting payment and contact information to process your transactions.
- To process your employment application, including verifying statements made on your application (e.g., credit and employment history) and performing background and credit checks.
How We Disclose Personal Information:
We may collect, use, retain, disclose, and store personal information collected from or about you with any of the following entities and for any of the following purposes:
- Lockton Family of Companies. We may disclose personal information within the Lockton family of companies.
- Service Providers and Advertising Partners. We may provide personal information to vendors, payment processors, contractors, business and service partners, or other third parties, such as advertising partners or other marketing partners who provide services to us, including analysis firms, advertisers, and others.
- Insurance Companies and Intermediaries. We may provide personal information to insurance companies, payment processors, and intermediaries in the event you request a quote for issuance of an insurance policy or seek to purchase insurance through our Services.
- Government, regulatory, or law enforcement agencies. We reserve the right to disclose your information to respond to valid information requests from government authorities and judicial requests, to investigate potential fraud, or where otherwise required by law. We may disclose your personal information where we believe the disclosure is necessary or appropriate to comply with regulatory or legal requirements, or to protect the safety, rights, or property of ourselves and others and to exercise, establish, or defend our legal rights.
- In connection with a merger, acquisition, or business transfer. If we sell all or a part of our company, are part of a merger, consolidation, restructuring, and/or sale of assets or other corporate change, your information may be transferred as part of that transaction.
- At your direction. We may disclose your personal information at your direction or with your consent.
- Collaborators. We may share personal information with collaborators with whom we jointly develop or promote our services, including sponsorships and co-branded opportunities and promotions.
- Aggregate Data. We may disclose your personal information in an aggregated or non-identifying form or otherwise in a form that cannot reasonably be used to identify you.
Links to Third Party Websites
We may provide links to websites and other third-party content (e.g., social media platforms) that are not owned or operated by us. The websites and third-party content to which we link may have separate privacy notices or policies. We are not responsible for the privacy practices of these websites.
If you provide any personal information through a third-party site, your interaction and your personal information will be collected by and controlled by the privacy policy of that third party site. We recommend that you familiarize yourself with the privacy policies and practices of any such third parties, which are not governed by this Privacy Policy.
Your Advertising Choices
When you use our Services, our third-party advertising partners, social media providers, and analytics providers may collect personal information about your online activity on our Services and on third party websites.
These providers may set web tracking tools (e.g., cookies and web beacons, as discussed further below) to collect information regarding your online activity. In addition, our advertising partners may use this information to deliver advertisements to you when you visit third party websites within their networks. If you would like more information about this practice, and to know your choices with respect to it, please either visit the Digital Advertising Alliance’s opt-out page (currently available at http://www.aboutads.info/choices/) or the Network Advertising Initiative’s opt-out page (currently available at http://www.networkadvertising.org/choices/). Please note that you may continue to receive generic ads that are not based on your preferences.
Information Security
We use commercially reasonable administrative, technical, personnel, and physical measures designed to safeguard information in its possession against loss, theft, unauthorized use, disclosure, or modification. However, the confidentiality of information transmitted over the Internet cannot be guaranteed. We urge you to exercise caution when transmitting personal information over the internet. We cannot guarantee that unauthorized third parties will not gain access to your information; therefore, when submitting personal information to us, you do so at your own risk.
Cookies and Similar Technology
We and our partners use various tools to collect data when you visit our sites and apps, including cookies, pixels, localStorage, and other similar technologies. Some of these technologies store data in the browser or on your device. Other technologies may use network-related or other information to recognize your device (e.g., IP address). Our Services use these technologies, for example, when you first request a web page and data is then stored on your computer or other device so the website or mobile application can access personal information when you make subsequent requests for pages from that Service. These technologies may also be used to collect and store information about your usage of the Services, such as pages you have visited, other content you viewed, and search history.
We and our partners may also use these technologies to gather personal information about how you view and use our Services and content and to connect your activity with other data we store about you. We and our partners may collect your personally identifiable information about your online activities over time and across different websites when you use the Services. The use of these technologies helps us serve you better by understanding what you are interested in, tracking trends, measuring the effectiveness of ads, saving your preferences, and storing information you may want to retrieve on a regular basis. We also allow specific, approved partners to collect data from your browser or device for advertising and measurement purposes using their own similar tools.
Your web browser can be set to allow you to control these technologies, such as whether you will accept cookies, reject cookies, or to notify you each time a cookie is sent to your browser. If your browser is set to reject cookies, websites that are cookie-enabled will not recognize you when you return to the website, and some website functionality may be lost. The Help section of your browser may tell you how to prevent your browser from accepting these technologies, such as cookies. To find out more about cookies, visit www.aboutcookies.org. Depending on the make and model of your phone, you may be able to use device settings to opt out of the use of certain device IDs for targeted advertising. You can also learn more about cookies at our Cookies Notice.
Some browsers permit the user to send a “Do Not Track” (“DNT”) preference to websites that the user visits indicating that the user does not wish to be tracked over time and across websites. Because there is not yet a common understanding of how to interpret DNT, we do not currently respond to the DNT signal on our websites. We do, however, respond to global privacy preferences when required by law.
Your Marketing Preferences
We may periodically send promotional materials or notifications related to our Services. If you no longer wish to receive promotional marketing materials from us, you may opt out of receiving such materials. You may unsubscribe from receiving marketing or other commercial emails from us by following the instructions included in the email.
You may unsubscribe from text messages you previously consented to by following the prompt provided on our messages. We will work to comply with your request promptly.
There are certain service notifications and other non-promotional emails that you may not opt out of, such as notifications of changes to our Services or policies.
International Users
This Privacy Notice is provided in accordance with, and is subject to, U.S. law. Personal Information collected via our Services from individuals located in the European Economic Area is subject to Lockton’s international privacy notice.
Accessing, Correcting, or Removing Your Personal Information
If you would like to review your personal information, correct the personal information you have provided to us, and/or request that we remove your information from our records, contact Lockton’s Compliance Counsel via the contact detail noted below with the access, correction, or removal request. Each request will be reviewed and responded to in accordance with applicable laws. In order to cover internal costs for responding to access requests, Lockton may charge a reasonable fee to individuals desiring access to their personal information.
Additional Information for Residents of California and Other U.S. Jurisdictions
California, Colorado, Connecticut, and Virginia residents interacting with Lockton in their individual or household capacity have certain rights with respect to their Personal Information, as described below. This section provides information for such residents in connection with the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CT CDPA”) and the Virginia Consumer Data Protection Act (“VA CDPA”). For purposes of this section, “Personal Information” generally means information that identifies, relates to, describes or is linked or reasonably linkable to an identifiable individual and has the same meaning as “personal” data” or “personally identifiable information” as those terms are used in applicable data privacy law. Please note that we do not sell or share your personal information, as defined by applicable state law.
In accordance with state data privacy laws, this state privacy section does not apply to certain data including, but not limited to, de-identified information; publicly available information, such as public records held by the government; protected health information handled by a covered entity or business associate and/or governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA); medical information protected under state law; or Personal Information protected by federal laws such as the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), the Driver’s Privacy Protection Act of 1994 (DPPA) and the Family Educational Rights and Privacy Act (FERPA).What We Collected and Disclosed
In the past 12 months, we have disclosed (or have enabled you to disclose) and have collected the following categories of Personal Information.
CATEGORY | CATEGORIES OF PARTIES TO WHOM INFORMATION IS DISCLOSED | CATEGORIES OF THIRD PARTIES TO WHOM INFORMATION IS SOLD AND/OR SHARED |
Identifiers and contact information, including first and last name, email address, phone number, home address. | Vendors, such as cloud service providers (including cloud-based customer service and survey tools we use), payment processors, and business partners.
Affiliates, including the Lockton Family of Companies, for purposes of business operations and support. |
N/A (we do not sell or share California residents’ Personal Information) |
Professional or employment-related information, including your work history, resume, CV. | Recruitment and employment processing vendors. | N/A (we do not sell or share California residents’ Personal Information) |
Identifiers, such as username, third party service ID, IP address, unique device identifier, advertising identifier, device serial number. | Vendors, such as cloud service providers (including cloud-based customer service and survey tools we use), payment processors, and business partners.
Affiliates, including the Lockton Family of Companies, for purposes of business operations and support. |
N/A (we do not sell or share California residents’ Personal Information) |
Internet or other electronic network activity information, such as hardware model, device software platform/OS and firmware, mobile carrier, preferred languages, and in some cases, browser type, Internet service provider, referring/exit pages and URLs, and clickstream data. | Vendors, such as cloud service providers (including cloud-based customer service and survey tools we use), payment processors, and business partners.
Affiliates, including the Lockton Family of Companies, for purposes of business operations and support. |
N/A (we do not sell or share California residents’ Personal Information) |
Commercial information, including financial information and credit card information. | Vendors, such as payment processing vendors for insurance application purposes. | N/A (we do not sell or share California residents’ Personal Information) |
Demographic information, including your gender, age, date of birth. | Vendors, such as cloud service providers (including cloud-based customer service and survey tools we use), payment processors, and business partners.
Affiliates, including the Lockton Family of Companies, for purposes of business operations and support. |
N/A (we do not sell or share California residents’ Personal Information) |
Inferred information, such as non-precise geolocation information, or approximate location as inferred from IP address. | Vendors, such as cloud service providers (including cloud-based customer service and survey tools we use), payment processors, and business partners.
Affiliates, including the Lockton Family of Companies, for purposes of business operations and support. |
N/A (we do not sell or share California residents’ Personal Information) |
Sensitive Personal Information. We do not process “sensitive” Personal Information for purposes other than those specified in the CCPA (such as to provide the Services and for security purposes).
Data Retention. We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law.
Purposes
We may use this Personal Information for the following purposes, including commercial purposes:
- to operate, manage, and maintain our business;
- to provide our Services;
- to accomplish our business purposes and objectives, including:
- developing, improving, repairing, and maintaining our Services;
- advertising and marketing Services;
- conducting research, analytics, and data analysis;
- maintaining our facilities and infrastructure;
- quality and safety assurance measures;
- conducting risk and security controls and monitoring;
- detecting and preventing fraud;
- performing identity verification;
- performing accounting, audit, and other internal functions;
- complying with the law, legal process, and internal policies;
- maintaining records; and
- exercising and defending legal claims.
Sources of Personal Information
We collect this Personal Information directly from California residents themselves and from our Service Providers, including from referrals, joint marketing, co-branding, and co-promotional activities, as well as sources of demographic and other information, including through devices you used to interact with us through our Services. All sources of personal information collected are noted in the “How Do We Collect Personal Information” and “The Types of Personal Information We May Collect From You” sections above.
Your Privacy Rights
California, Colorado, Connecticut and Virginia residents have certain rights with respect to their Personal Information, as further detailed below.
We are required by law to verify your identity in connection with any request in order to prevent unauthorized access of your data. We will respond to all verified requests within 45 days of receipt and will notify you in writing within such timeframe if we require more time to do so (including the reason(s) for the extension). We will respond to all verified requests within 45 days of receipt and will notify you in writing within such timeframe if we require more time to do so (including the reason(s) for the extension). This may require us to request from you two (2) pieces of Personal Information so that we may match the same with Personal Information maintained by Lockton. Failure to verify your identity may result in your request not being processed. Where required by applicable law, we will notify you if we deny your request and notify you of the reasons we are unable to honor your request. Please note that Virginia residents may deliver up to two requests within a 12-month period at no charge.
California residents: Subject to certain exemptions and the purpose(s) for which we process your data, the CCPA grants California residents the following data privacy rights:
Right to Know and Access Personal Information: You may request to access information we have collected and maintain about you. If your request is granted, we will provide you with a copy of the Personal Information we have collected and maintained about you. Please note that, in some instances, we may decline to honor your request or only honor your request in part, where, for example, we are unable to verify your identity or an exception to this right applies.
Deletion of Personal Information: You may request that we delete the Personal Information we have collected from you. Please note that, in some instances, we may decline to honor your request or only honor your request in part, where, for example, we are unable to verify your identity or an exception to this right applies.
Correction of Inaccurate Personal Information: You have a right to request the correction of inaccurate Personal Information that we may have on file about you. Please note that, in some instances, we may decline to honor your request or only honor your request in part, where, for example, we are unable to verify your identity or an exception to this right applies.
Non-Discrimination: You have the right to be free from unlawful discrimination for exercising your above-listed rights under the CCPA.
Colorado residents: Subject to certain exemptions and the purpose(s) for which we process your data, the CPA grants Colorado residents the following data privacy rights:
Right to Access: You may request that we confirm whether we are processing your Personal Information and obtain access to such data.
Right to Correct: You have a right to request the correction of inaccurate Personal Information that we have on file about you, taking into account the nature of the Personal Information and our purpose for processing such data.
Right to Delete: You may request that we delete your Personal Information.
Right to Data Portability: You may request a copy of your Personal Information previously provided to us in a portable and, to the extent technically feasible, readily usable format.
Right to Opt Out of Certain Data Processing: You have the right to opt out of the processing of Personal Information for purposes of: (i) targeted advertising; (ii) the sale of such data; or (iii) profiling that produces legal or similarly significant effects about you. The CPA defines a “sale” of personal data to mean the exchange of such data for monetary or other valuable consideration by a data controller to a third party; as mentioned above, we do not sell your personal information as so defined.
Connecticut residents: Subject to certain exemptions and the purpose(s) for which we process your data, the CT CDPA grants Connecticut residents the following data privacy rights:
Right to Access: You may request that we confirm whether we are processing your Personal Information and obtain access to such data.
Right to Correct: You have a right to request the correction of inaccurate Personal Information that we have on file about you, taking into account the nature of the Personal Information and our purpose for processing such data.
Right to Delete: You may request that we delete Personal Information provided by or obtained about you.
Right to Data Portability: You may request a copy of your Personal Information in a portable and, to the extent technically feasible, readily usable format.
Right to Opt Out of Certain Data Processing: You have the right to opt out of the processing of Personal Information for purposes of: (i) targeted advertising; (ii) the sale of such data; or (iii) profiling in furtherance of solely automated decisions that produce legal or similarly significant effects about you. The CT CDPA defines a “sale” of personal data to mean the exchange of such data for monetary or other valuable consideration by a data controller to a third party; as mentioned above, we do not sell your personal information as so defined.
Virginia residents: Subject to certain exemptions and the purpose(s) for which we process your data, the VA CDPA grants Virginia residents the following data privacy rights:
Right to Access: You may request that we confirm whether we are processing your Personal Information and obtain access to such data.
Right to Correct: You have a right to request the correction of inaccurate Personal Information that we may have on file about you, taking into account the nature of the Personal Information and our purpose for processing such data.
Right to Delete: You may request that we delete the Personal Information we have collected from or about you.
Right to Data Portability: You may request a copy of your Personal Information previously provided to us in a portable and, to the extent technically feasible, readily usable format.
Right to Opt Out of Certain Data Processing: You have the right to opt out of the processing of Personal Information for purposes of: (i) targeted advertising; (ii) the sale of such data; or (iii) profiling that produces legal or similarly significant effects about you. The VA CDPA defines a “sale” of personal data to mean the exchange of such data for monetary consideration to a third party; as mentioned above, we do not sell your personal information as so defined.
Right to Non-Discrimination: You have the right to be free from unlawful discrimination for exercising your above-listed rights under the VA CDPA.
To Exercise Rights:
In order to exercise your rights described above, please contact our Compliance Counsel via email at [email protected] or submit a request through the linked form https://locktonaffinity.com/ccpa. You may also contact us and exercise your rights by calling us toll-free at 1-833-854-2696.
Authorized Agent
California residents may use an authorized agent on their behalf to exercise a privacy right discussed above. If you are an authorized agent acting on behalf of a California resident to communicate with us or to exercise a privacy right discussed above, you must be able to demonstrate that you have the requisite authorization to act on behalf of the resident and have sufficient access to their laptop, desktop, or mobile device to exercise these rights digitally. If you are an authorized agent trying to exercise rights on behalf of a California resident, please contact us at the contact information below with supporting verification information, which includes proof that you have access to the consumer’s interface and proof of your own identify.
Shine the Light Disclosure
We do not disclose personal information as defined by California Civil Code § 1798.83 (the “Shine the Light Law”) with third parties, other than our affiliates, for their direct marketing purposes absent your consent. If you are a California resident, you may request information about our compliance with the Shine the Light Law by sending an email to [email protected] or by sending a letter to Lockton Companies, Attention: Compliance Counsel, 444 W. 47th Street, Suite 900, Kansas City, MO, 64112. Any such request must include “Request for California Privacy Information” in the subject line and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through the email address or mailing address referenced above.
Updates to the Policy
We may update this policy from time to time. To the extent permitted by law, any changes to our privacy policy will be posted to the websites and will become effective upon posting. Any changes will be effective only after the effective date of the change and will not affect any dispute arising prior to the effective date of the change.
Contact Information for Questions, Comments, and Requests
If you have any questions or concerns about data privacy and security, the handling of your personal information or wish to make a request to access your information, please contact Lockton’s Compliance Counsel via e-mail at [email protected] or by mail to Lockton Companies, Attention: Compliance Counsel, 444 W. 47th Street, Suite 900, Kansas City, MO, 64112.