THIS NOTICE DESCRIBES HOW PERSONAL DATA AND MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN ACCESS THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
AWP USA Inc. and its subsidiaries (“we/us/our”), including Jefferson Insurance Company and AGA Service Company d/b/a Allianz Global Assistance, are committed to protecting your privacy. By using our products, services or website, you are consenting to our collection and use of your personally identifiable data under this Policy.
- “Personal Data” means non-public personal information that identifies a specific individual. It doesn’t include data that does not identify a specific individual or data that is encoded, anonymized or aggregated.
- “Sensitive Data” means Personal Data about an individual’s race or ethnicity; political, religious, philosophical, or trade union memberships, opinions, views or activities; medical or health conditions or other protected health information (“PHI”) as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”); financial account information (e.g. bank account number); government-issued ID numbers; sexuality; or administrative or criminal proceedings that are treated outside pending proceedings. In addition, Sensitive Data includes information we receive from a third party who treats and identifies the information as sensitive.
- “Agent” means any third party that collects or uses Personal Data to perform tasks on our behalf, or our underwriters.
Privacy Practices. This notice describes how we collect, use, and maintain Personal Data and your and our rights with respect to that data.
With respect to the Personal Data of EU residents, we (including AGA Service Company and Jefferson Insurance Company) participate in the U.S. Department of Commerce’s EU Privacy Shield (“Privacy Shield”). We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. We subject to the Privacy Shield’s Principles all Personal Data received from the EU in reliance on the Privacy Shield. If there is any conflict between this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern in matters regarding EU residents. To learn more about the Privacy Shield and to view our certification, visit https://www.privacyshield.gov.
Additionally, with respect to the Personal Data of Swiss residents, we (including AGA Service Company and Jefferson Insurance Company) participate in the U.S. Department of Commerce’s US-Swiss Safe Harbor Framework (“Safe Harbor”). We have certified that we adhere to the Safe Harbor Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access, and Enforcement. If there is any conflict between this Policy and the Safe Harbor Principles, the Safe Harbor Principles shall govern in matters regarding Swiss residents. To learn more about the Safe Harbor and to view our certification, visit http://www.export.gov/safeharbor.
- Notice: We collect Personal Data from you as stated in this notice, including information: (i) from forms, such as application or claim forms; or by telephone, website, email or correspondence; (ii) to complete your transaction with us (e.g. to underwrite coverage or process claims); (iii) regarding your transactions with us or others; (iv) we receive from a consumer reporting agency; or (v) you provide to us or have authorized others to provide to us or for us to collect from others.
We may use the Personal Data we have collected: (i) to offer, solicit, sell, or otherwise make available to you insurance and assistance products and services; (ii) to provide you with information or services for such products and services; (iii) to administer your insurance and assistance products and services for you, including but not limited to providing travel-related or concierge services, adjudicating claims, conducting quality/satisfaction assessments, and fraud prevention; (iv) to protect our legal rights or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements or otherwise required by law; or (v) for purposes to which you’ve otherwise consented. This may in some cases include disclosing your Personal Data to Agents, but only for the purposes described in this notice, or for everyday business purposes or as required or permitted by law (such as to process transactions, maintain accounts, respond to court orders and legal investigations, or report to credit bureaus). These Agents may be affiliated or nonaffiliated and may include financial services providers (e.g. underwriting insurers) and non-financial companies (e.g. medical service providers, travel service providers, service providers assisting us with our marketing).
For circumstances in which we are subject to HIPPA, we are required to provide you with notice of our duties and practices with respect to PHI. Under HIPAA, we may use and disclose your PHI for one or more of the following purposes:
- monitoring the health care treatment you receive (e.g. we may send or receive PHI to/from a doctor regarding your diagnosis and treatment so we can ensure that you are being treated in a medically-appropriate facility);
- payment for health services (e.g. we may use your PHI to make payments to a hospital that has treated you);
- to help run our organization (e.g. we may use your PHI to conduct quality assessments of the services we have provided to you—however, note that we are prohibited from using or disclosing PHI that is genetic information about you for underwriting purposes); or
- for other purposes as required to administer your insurance and/or assistance product (e.g. we may use PHI to adjudicate a claim made under an insurance policy).
We may also in some specific cases need to use or disclose your PHI for one or more of the following purposes:
- for public health and safety issues;
- to comply with legal or regulatory requirements;
- to address or comply with workers’ compensation, law enforcement, or other governmental mandates or requests; or
- to respond to lawsuits or legal actions.
In cases where we are subject to HIPAA, uses and disclosures of your PHI not described above will be made only with your express authorization.
Finally, we may use and disclose your name, email address, or contact information for marketing administration purposes (e.g. we may need to disclose your email address to an Agent providing marketing services on our behalf to help ensure that your opt out choices are respected and that you do not receive duplicate communications).
If we collect your Personal Data for any reason other than as stated in this notice, we’ll notify you before using or disclosing that data, stating our purpose for collecting and using the data, the types of non-Agent third parties to which we disclose the data, and the means we offer you to limit the use and disclosure of the data. If we receive Personal Data from any entity in the EU or Switzerland, we’ll use that data according to the instructions such entity gives us regarding notices it provided and the choices made by the individuals to whom such data relates.
- Choice. The law in some jurisdictions allows you the right to choose in some cases opt out of us sharing your Personal Data with a third party or using it for a purpose that is materially different from the purposes for which it was originally collected or which you subsequently authorize—you may exercise this right by notifying us as provided below. However, except as required or authorized by law (e.g. for fraud prevention), we do not share, sell or otherwise disclose your Personal Data to non-Agent third parties or use it for any purpose other than for which it was originally collected or as you subsequently authorize. However, if ever we wish to do so, we will offer you the opportunity to opt out as described below. In the event that we wish to disclose your Sensitive Data to a non-Agent third party or use such data for a purpose other than for which it was originally collected or as you subsequently authorize, we will provide you the affirmative, explicit choice of whether you wish to permit such disclosure.
Except as authorized by law, we will not use or disclose psychotherapy notes, use or disclose your PHI for marketing purposes, or use or disclose your PHI in a way that would constitute a sale of PHI under HIPAA unless you expressly authorize us to do so. You may revoke this authorization at any time, except that such revocation will not be effective as to actions we have already taken in reliance on that authorization. You may request restrictions on our use and disclosure of certain health information for treatment, payment, or our operations. However, we are not required to agree to your request, except as otherwise required by HIPAA.
You may opt out of receiving non-essential communications from us by notifying us as described below and disabling cookies in your web browser as described above.
Though we make every effort to preserve your privacy, we may need to disclose Personal or Sensitive Data if we have a good-faith belief that it is necessary to protect or defend our or your rights, interests or property; comply with applicable law, regulation, rule, order, or other mandate; or other such purposes as required or authorized by law. In any case, we will take reasonable care to disclose only as much of such data as is necessary.
- Accountability for Onward Transfer. We may disclose your Personal Data to our Agents, but only for the limited and specified purposes described in this notice, consistent with the consent you have provided. We will take reasonable and appropriate steps to obtain assurances from our Agents that they will effectively process and safeguard your Personal Data consistent with our obligations under this Policy, the Privacy Shield (EU residents only), and the Safe Harbor (Swiss residents only). Upon discovery, we will take reasonable steps to stop and remediate any unauthorized processing inconsistent with this Policy, the Privacy Shield (EU residents only), or the Safe Harbor (Swiss residents only). With respect to EU Personal Data we receive under the Privacy Shield and subsequently transfer to an Agent, we are responsible for the processing of such data by that Agent; if such data is processed by that Agent in a manner inconsistent with the Privacy Shield Principles, we are liable unless it can be proved that we are not responsible for the event giving rise to any damages.
- Security. We take reasonable and appropriate measures to protect your data from loss, misuse, or unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data. To help maintain the security of your data, we employ physical, electronic and procedural safeguards, including utilizing policies to take reasonable precautions to (a) securely and confidentially maintain your Personal Data; (b) assess and protect against threats/hazards to the security or integrity of such data; and (c) prevent unauthorized access to or use of such data. Additionally, except where required or permitted by law, we limit use of your Personal Data to the minimum necessary to accomplish the purposes for which that data was collected and to be used as described in this notice, and we restrict access to your Personal Data to only those who need to access that data to accomplish those purposes. To make your online transaction with us as safe and secure as possible, we use advanced encryption technology and treat your credit card information with the highest standard of confidentiality and safety. We are required by law to maintain the privacy and security of your PHI. In the unlikely event of a “breach” as defined under HIPAA of your unsecured PHI, we are required by law to provide you with notification of that breach.
- Data Integrity. We will only collect Personal Data to the extent it is relevant to the purposes for which it was collected, and we will not process Personal Data in a way that is incompatible with the purposes for which it has been collected or as you subsequently authorize. To help maintain the integrity of your data, we will take reasonable steps to ensure that Personal Data is reliable for its intended use, relevant, accurate, complete and current. We will adhere to these principles for as long as we retain this Personal Data.
- Access. If you discover that the data we hold about you is inaccurate or incomplete, please contact us. We will grant you reasonable access to the Personal Data we hold about you and will take reasonable steps to allow you to correct, amend or delete your Personal Data that you show to be inaccurate or incomplete, or has been processed in violation of this Policy, so long as it can be done without imposing an undue burden or expense on us, without breaching any legal or professional privilege or obligation, and without violating the rights of others. Where we are subject to HIPPA, you have the right to request to receive confidential communications of your PHI, as applicable. Subject to HIPPA, at your request, you may inspect, amend, and copy PHI we maintain about you, and receive an accounting of certain disclosures of your PHI (e.g. health payment records), in accordance with and as permitted by HIPAA.
- Recourse/Enforcement/Liability. Complaints about how we handle your Personal Data may be directed to us at the contact information below (if the data is PHI, complaints can be made to us or to the U.S. Secretary of Health and Human Services). You will not be retaliated against for filing a complaint. With respect to EU and Swiss Personal Data, we verify our compliance with the Privacy Shield and Safe Harbor and the terms of this Policy by conducting a periodic self-assessment. Any complaint or dispute about how we handle EU or Swiss Personal Data should be directed to the address provided below. We will expeditiously investigate and attempt to resolve any such complaints or disputes internally; however, if we are unable to reach a mutually satisfactory resolution for such complaint or dispute, we have agreed to cooperate with the dispute resolution procedures administered by, as applicable, the European Data Protection Authorities or the Swiss Federal Data Protection and Information Commissioner. Under certain limited conditions, by providing notice to us, you may invoke binding arbitration regarding certain “residual” claims about EU Personal Data before the EU Privacy Shield Panel in accordance with the rules established under the Privacy Shield. With respect to such EU or Swiss Personal Data, we are subject to the investigatory and enforcement powers of the FTC.
Links. Our websites may provide links to non-affiliated third party websites. Be aware when visiting such websites that we are not responsible for and make no representations regarding the content, privacy policies and practices (security or otherwise) regarding these or any other third party websites. You should read the policies of the websites you visit to understand their policies for the collection and treatment of data.
Changes to Policy. This Policy reflects our business practices and is not a contract. However, we are required to and will abide by the terms of this Policy as currently in effect. We may amend this Policy at any time and will notify you of any updates by posting a revised policy on our website. The revised policy will apply to all information collected by us, including previously collected information (for EU or Swiss residents, this applies to the extent permissible under the Privacy Shield or Safe Harbor respectively). Your continued use of our website, products or services following any such amendment shall constitute acceptance of the revised policy. You are responsible to regularly review this Policy. You have the right to a paper copy of this Policy upon request.
Contact. If you have any questions or comments regarding this Policy or the way that we collect or handle your Personal Data, or if you would like a paper copy of this Policy, please contact our Chief Privacy Officer by e-mail at email@example.com; or by telephone at 1-800-284-8300; or by regular mail at the following address:
Allianz Global Assistance, ATTN:
Chief Privacy Officer
9950 Mayland Drive
Richmond, VA 23233
Opt Out. If you wish to opt out of either or both non-essential communications or non-essential third party information sharing, please contact our Chief Privacy Officer at the above contact information with your name, policy number, and a statement that says “Opt out” (or something similar).
Electronic Disclosures. By purchasing your policy, you consent to receiving all communications and notices from us electronically to the email address provided at the time of purchase. You may choose not to receive electronic communications and instead receive communications from us by regular mail at any time. If you do not wish to receive communications electronically, or wish to later update your preference about the receipt of electronic communications, please email us at firstname.lastname@example.org with your name, policy number, and a statement that “I do not wish to receive electronic communications” (or something similar). Or, you can let us know by calling us at 800-284-8300, or mailing us (including your name and policy number):
Allianz Global Assistance, ATTN: Customer Service – Only contact me by mail
9950 Mayland Drive
Richmond, VA 23233
If you do not provide an email address at purchase, you will receive communications by regular mail. You may request paper copies of any information provided to you electronically, or update your electronic contact information at any time by sending a request by email or mail at the above address, or by calling us. Documents sent to you from us will be in either PDF or HTML format. If you are unable to receive PDF or HTML documents, or are otherwise unable to read the documents we send you, please contact us so we can assist you.
Effective Date. This Policy was last revised on, and is effective as of, September 30, 2016.
© 2016 AGA Service Company. All rights reserved.
JICPRIVNOT (Ed. 09-16)