California Residents Notice of Collection
Effective Date: January 1, 2023
Last Reviewed on: August 10, 2023
This Privacy Notice for California Residents (this "Notice") supplements the information contained in the TrueNorth Companies, L.C. Privacy Policy Notice (the "Policy").
This Notice provides our notice of collection and provides certain mandated disclosures about our treatment of California residents’ information, both online and offline. We adopt this Notice to comply with the California Consumer Privacy Act of 2018 as supplemented by the California Privacy Rights Act of 2020 (collectively “CCPA”) and any terms defined in the CCPA have the same meaning when used in this Notice (unless separately defined in this Notice). This Notice applies solely to residents of the State of California as defined in the CCPA (“California Residents”) who do business with us directly and/or visit the TrueNorth Companies, L.C. website (“our website”).
Changes to this Notice
We reserve the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will post the updated Notice on the website and update the Notice’s last reviewed date. We encourage you to look for updates and changes to this Notice when you access our website. Your continued use of our website following the posting of changes constitutes your acceptance of such changes with respect to your use of the website.
Accessibility
If you have special needs with regard to accessing the content of this Notice, we recommend that you or someone on your behalf, contact us by email at: dataprivacy@truenorthcompanies.com.
Definition and Exclusions of Personal Information and Sensitive Personal Information under the CCPA and at TrueNorth Companies, L.C.
Generally, Personal Information under the CCPA and in this Notice means information that identifies (whether directly or indirectly) you, such as your name, postal address, email address, and telephone number. Due to the nature of our business as described in “Information We Collect” section below, Personal Information may also include:
- your name, Social Security Number, driver’s license or other government-issued identification;
- assets and income, occupation and employment status, dependent information and other relevant financial information;
- information relating to any of your past claims;
- information from reporting agencies and state and federal government agencies, including, but not limited to state motor vehicle departments;
- information from other sources, such as medical or health care providers and other third parties with which you or we maintain a relationship;
- your premium payment history;
- credit card, bank account or other account information as may be required to facilitate your payment of insurance premium or similar amounts, which payment generally is made through systems maintained by third parties, such as insurance carriers; and
- passive tracking information from our website or the Internet, including information obtained through the use of internet “cookies.”
Personal Information as defined under the CCPA does not include:
- Publicly available information from government records as defined under Civil Code Section 1798.140;
- Deidentified or aggregated consumer information;
- Health or medical information to the extent covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and
- Personal information to the extent covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA) and the Driver’s Privacy Protection Act of 1994.
Certain types of Personal Information are considered “Sensitive Personal Information” under the CCPA. Specifically, Sensitive Personal Information is defined under the CCPA as information that reveals a consumer’s:
- Social Security, driver’s license, state identification card, or passport number;
- Account login, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
- Precise geolocation;
- Racial or ethnic origin, religious or philosophical beliefs, or union membership;
- Mail, email, and text message content, unless the business is the intended recipient of the communication;
- and/or Genetic data;
- Biometric information, which may reference certain physiological, biological, or behavioral characteristics; or DNA information; which could potentially establish an individual’s identity. Retina scans, fingerprints or voice recordings could also be considered such information.
Personal Information We Collect
The following categories of Personal Information and/or Sensitive Personal Information may have been collected from California Residents within the last twelve (12) months. Personal Information that falls under the definition of Sensitive Personal Information under the CCPA has been noted in the second column below.
Category | California Sensitive Personal Information may be considered to be within this Category (YES or NO) | Examples | Collected by TrueNorth Companies, L.C. (YES or NO) |
A. Identifiers. | YES | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. | YES |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80I). | YES | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories. | YES |
C. Protected classification characteristics under California or federal law. | YES | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | YES |
D. Commercial information. | NO | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES |
E. Biometric information. | YES | Genetic, physiological, behavioral and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns and sleep, health, or exercise data. | NO |
F. Internet or other similar network activity. | NO | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | YES |
G. Precise geolocation data. | YES | Physical location or movements within a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet. | YES |
H. Sensory data. | YES | Audio, electronic, visual, thermal, or similar information. | NO |
I. Professional or employment-related information. | NO | Current or past job history. | YES |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | NO (if de-identified) | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
K. Inferences drawn from other Personal Information. | YES | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | NO |
Sources of Personal Information We Collect
We may obtain the categories of Personal Information listed above from the following categories of sources:
- Directly from you – for example, from insurance applications or in connection with your other communications with us.
- From third parties – for example, from insurance carriers and other industry service providers, and other third parties with which you maintain a relationship, such as an employer, financial service or medical or health providers, or any industry provider from which we purchase or acquire industry assets or operations. This may occasionally include referral sources.
- Indirectly from you – for example, from observing your actions on our website, including through the use of “cookies” that track frequency of website visits, and/or how you found our website initially, or as may otherwise be developed over time based on your interactions with us.
Use of Personal Information
We may use or disclose the Personal Information we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the information and for our everyday business purposes – for example, to obtain quotations for insurance or other insurance or financial industry services (including those procured proactively and/or in connection with the movement of a book of business from one provider to another) on your behalf; to obtain insurance (or similar products) on your behalf or to facilitate the performance of related services by other industry service providers; to maintain or service your account or insurance, including by reporting claims of loss to other industry service providers, such as insurance carriers and adjusters; to evaluate our performance or offerings; and to make reports to credit bureaus. We may also save your information to facilitate new quotations or placements.
- To comply with, or exercise rights under, applicable law – for example to make required or advisable reports to insurance regulatory, law enforcement or other similarly situated authorities; to respond to and comply with court orders, applicable law, and other legal requirements; and to defend ourselves against claims and to enforce our rights or protect our employees or property.
- To market products and services to you, including through the use of targeted or similar advertising on the internet.
- To provide or receive shared organizational services.
- As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.
- To evaluate or effect a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, in which Personal Information held by us about our consumers is among the assets evaluated or transferred.
Sharing of Personal Information under the CCPA
Under the CCPA, the Sharing of Personal Information means sharing, renting, disclosing, disseminating, making available or otherwise communicating a consumer’s Personal Information to a third party for uses such as targeted advertising for the benefit of the business.
California residents have certain rights under the CCPA around limiting the Sharing of their Personal Information.
The CCPA addresses two distinct categories of information disclosure by businesses, differentiating the Sharing of Personal Information for a Commercial Purposes from the Disclosure of Personal Information for a Business Purpose, as described below.
Sharing of Personal Information for a Commercial Purpose
The CCPA defines the Sharing of Personal Information for a Commercial Purpose as including the sale of a customer’s Personal Information for monetary of other consideration paid to the sharing business.
In the preceding twelve (12) months, TrueNorth has not Shared your Personal Information for a Commercial Purpose.
Disclosure of Personal Information for a Business Purpose
The CCPA excludes from the definition of Sharing Personal Information any use of Personal Information which was requested by you (the customer), including the expected and typical use of that information by a third party for the reasonably necessary purposes to achieve the requested service. Such an information transfer is considered the Disclosure of Personal Information for a Business Purpose under the CCPA.
In the preceding twelve (12) months, we may have Disclosed the following categories of Personal Information for a Business Purpose:
Category A: Identifiers.
Category B: California Customer Records Personal Information categories.
Category C: Protected classification characteristics under California or federal law.
Category D: Commercial information.
Category F: Internet or other similar network activity.
Category H: Sensory data.
Category I: Professional or employment-related information.
We may Disclose your Personal Information for a Business Purpose to perform services on your behalf and provide you with the insurance products and services you expect from us to the following categories of third parties:
- Service providers.
- Insurance carriers and other industry service providers.
- Other third parties with which you or we maintain a relationship regarding your insurance.
Sales of Personal Information
In the preceding twelve (12) months, we have not sold Personal Information.
Your Rights and Choices
The CCPA at Section 7011 (e)(2) provides California Residents with specific rights regarding their Personal Information:
(A) Access. The right to know what Personal Information the business has collected about the consumer, including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom the business discloses Personal Information, and the specific pieces of Personal Information the business has collected about the consumer;
(B) Deletion. The right to delete Personal Information that the business has collected from the consumer, subject to certain exceptions;
(C) Correction. The right to correct inaccurate Personal Information that a business maintains about a consumer;
(D) Opt-out of Sale or Sharing. If the business sells or shares Personal Information, the right to opt-out of the sale or sharing of their Personal Information by the business;
(E) Limitation on the Use of Sensitive Personal Information. If the business uses or discloses sensitive Personal Information for reasons other than those set forth in section 7027, subsection (lm), the right to limit the use or disclosure of sensitive Personal Information by the business; and
(F) Non-discriminatory Treatment. The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicant’s, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights.
The following sections describe these CCPA rights in further detail and explain how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request (see “Exercising Access, Data Portability and Deletion Rights”), we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The categories of Personal Information shared for a business purpose for each category of recipients.
- The specific pieces of Personal Information we collected about you (also called a data portability request).
In addition to the rights listed above, you may request limitations on the use of your Sensitive Personal Information consistent with the terms and limitations described in the CCPA, and pursuant to Civil Code Section 1798.120 et.seq. Limited use of Sensitive Information may continue to include those uses which the average consumer would reasonably expect in context, and for uses which are reasonably necessary and proportionate for our business.
Deletion Request Rights
You have the right to request that we delete any of your Personal Information that we collected from you and retained. Once we receive and confirm your verifiable consumer request (see “Exercising Access, Data Portability and Deletion Rights”), we will delete your Personal Information from our records, unless an exception applies.
We may deny your deletion request in whole or in part for other reasons and exceptions described in the CCPA.
Exercising Access, Data Portability and Deletion Rights
To exercise the access, data portability and deletion rights described above, please submit a verifiable consumer request to us by:
- Calling us at: (800) 798-4080
- Emailing us at: dataprivacy@truenorthcompanies.com
To protect your information and privacy, only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. Designated agents making any request will be required to provide signed documentation for the agent to submit sch a request. In addition, when an authorized agent submits a request, we may also require that you verify your own identity directly to us or confirm with us that you have requested that the agent to submit the request. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information as we may request that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative of such person, which may include personal and/or commercial identifiers, such as an insurance policy number. Depending on the sensitivity of the information you are requesting, we may ask for additional information to verify your identity.
- Describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.
We cannot provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We will only use Personal Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Response Timing and Format
We will acknowledge receipt of your request within ten (10) days. We will endeavor to respond in substance to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the extension period which may not exceed an additional forty-five (45) days beyond the original forty-five (45) day period.
Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request. If we are unable to comply with a request, the response we provide will state such inability and provide reasoning for the same. For data portability requests, we will select a format to provide your Personal Information that is readily usable and should allow you to transmit the information from one entity to another entity without significant hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine in our sole discretion that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different -level or quality of goods or services.
Other California Privacy Rights
California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our website who are California Residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please write us at the mailing address shown beneath the heading “Contact Information for Requests under this Notice.”
Contact Information for Requests under this Notice
If you have any questions or comments about this Notice, the ways in which we collect and use your Personal Information described herein, and in the Policy, your choices, and rights regarding such use, or wish to exercise your rights under California law, please contact us at:
Postal Address:
TrueNorth Companies, L.C.
Attn: Legal Dept.
500 1st Street SE
Cedar Rapids, IA 52401
Phone: (800) 798-4080
Email: dataprivacy@truenorthcompanies.com
Situations Where Rights Cannot Be Granted
There may be situations where we cannot grant a particular request — for example, if you ask us to delete your transaction data but we are legally obligated to keep a record of that transaction to comply with law, or if we are unable to verify your identity through standard and reasonable requirements. We may also decline to grant a request where doing so would undermine our legitimate use of data for antifraud and security purposes, such as when you request deletion of an account that is being investigated for security concerns. Other reasons your privacy request may be denied could be that granting the request would jeopardize the privacy of others; that the request is substantively frivolous or vexatious; or that granting the request would be highly impractical in the context of our legitimate business purposes.