California Privacy Notice
This privacy notice was updated on January 1, 2023
THIS PRIVACY NOTICE IS SOLELY FOR CALIFORNIA RESIDENTS. EMC Insurance Companies and its affiliated insurance companies* (collectively, “EMC,” “we,” “us” or “our”) adopt this notice to comply with the California Privacy Rights Act ("CPRA") and its implementing regulations. Any terms defined in the CPRA have the same meaning used in this notice.
Our Company Policy
We do not monetize your data. We use it only as set out below and to improve the services we provide or make available to you.
When you receive a product or service from us including, but not limited to, buying insurance, you provide information about yourself, your employees and your company's participants, beneficiaries and claimants. We need this data to process and service your business. EMC recognizes the confidentiality expectations of our policyholders and those receiving services from us.
We value the trust you place in us, respect the privacy of the information we receive from you and are committed to keeping this information secure and confidential.
- We collect only data needed for our business.
- We use only means allowed by law to collect information.
- We disclose only data that the law allows.
- We limit employee access to data to only those who need access for a business reason.
- WE DO NOT SELL OR SHARE PERSONAL INFORMATION OR SENSITIVE PERSONAL INFORMATION, OR ANY PERSONAL INFORMATION OF INDIVIDUALS UNDER THE AGE OF 16.
Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months. We do not necessarily collect all types of information identified under "Examples" below.
Personal Information Categories
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||Identifiers listed in A. above, plus the following: signature, physical characteristics or description, telephone number, state ID number, insurance policy number, education, employment or employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, and health insurance information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Race, color, ancestry, national origin, religion, creed, age (over 40), disability (mental/physical), sex (including gender, gender identity, gender expression, pregnancy, childbirth, medical conditions related to pregnancy or childbirth, and breastfeeding or medical conditions relating to breastfeeding), sexual orientation, medical conditions, genetic information, marital status, military and veteran status, political affiliations or activities, status as a victim of domestic violence, assault or stalking, citizenship, language, accent, or English proficiency, changes in name and pronoun, bathroom and facility usage||YES|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke patterns or rhythms, gait patterns or rhythms, or other physical patterns, and sleep, health, or exercise data.||NO|
|F. Internet or other electronic network activity information.||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.||YES|
|G. Geolocation data.||Roadside assistance, fitness monitors, smartphone info, and GPS trackers/fleet trackers||YES|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||YES|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||YES|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||YES|
|K. Inferences drawn from other personal information to create a profile about a consumer.||Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||YES|
Sensitive Personal Information Categories
|A. Government identifiers||Social security, drivers license, state identification card, or passport number.||YES|
|B. Complete account access credentials||Account log-in, financial account, debit card, or credit card number in combination with any required security code, password, or credentials allowing access to an account.||YES|
|C. Precise geolocation||Roadside assistance, fitness monitors, smartphone info, and GPS tracker/fleet trackers.||YES|
|D. Racial or ethnic origin, religious or philosophical beliefs, or union membership||YES|
|E. Contents of mail, email, and text message not directed to us||Communications transmitted to a consumer on behalf of a separate entity.||NO|
|F. Genetic data||Disorders or predisposition to illness identified through genetic testing.||NO|
|G. Unique identifying biometric information||Fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke patterns or rhythms, gait patterns or rhythms, or other physical patterns, and sleep, health, or exercise data used to identify an individual.||NO|
|H. Health, sex life, or sexual orientation information||YES|
Personal information does not include:
- Publicly available information that is lawfully made available from federal, state, or local government records.
- De-identified or aggregated consumer information.
- Information excluded from the CPRA's scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from our insureds, claimants or their agents. For example, from documents that our insureds, claimants or agents provide to us related to the coverages or services for which they engage us.
- Indirectly or directly from our insureds, claimants or their agents. For example, through information we collect in the course of providing coverage or services to them.
- Directly and indirectly from activity on our website (https://www.emcins.com/).
- From third-party service providers that interact with us in connection our business purposes or operations. Examples include, but are not limited to:
- Another insurance company seeking payment for a claim made against one of our insureds.
- Underwriting, issuing policies, or managing claims.
- IT support and functions.
- Law firms providing litigation support.
- Third party administrators.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:
- To fulfill or perform
- Our operational purposes;
- Other notified purposes as reasonably necessary and proportionate to achieve the operational purposes for which the information was collected or processed; or
- For another purpose that is compatible with the context in which the information was collected.
- For example, if you provide us with personal information in order for us to underwrite an insurance policy or to process a claim, we will use that information to make a decision about whether or not to issue a policy quote, to determine the cost of the policy, and to provide the coverages and services associated with that policy, including claims.
- To provide you with information, products, or services that you request from us.
- To contact you about products or services, or events or news, that may be of interest to you.
- As necessary or appropriate to protect the rights, property or safety of us, our clients, or others.
- To respond to lawsuits or law enforcement requests and as required by applicable law, court order, or governmental regulations or governmental regulator.
- For auditing related to a current interaction with you and concurrent transactions, including but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with the specification and other standards.
- To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for that activity.
- To debug or identify and repair errors that impair existing intended functionality.
- To maintain or service your account, provide customer service, process or fulfill orders or transactions, verify your information, process payments, advertising or marketing services, provide analytic services, or similar services.
- To undertake internal research.
- To verify or maintain the quality or safety of a service or device that is owned or controlled by us, and to improve, upgrade, or enhance the service or device.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our customers is among the assets transferred.
We will not use your personal information for materially different, unrelated, or incompatible purposes than those set out in this notice, nor will we collect additional categories of personal information without providing you notice.
Disclosing Personal Information
We may disclose your personal information to a third party for a business purpose.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category C: Protected classification characteristics under California or federal law.
Category D: Commercial Information.
Category F: Internet or Other Electronic Network Activity Information.
Category G: Geolocation Data.
Category H: Sensory Data.
Category I: Professional or employment-related information.
Category J: Non-public education information.
Category K: Inferences drawn from other personal information.
We disclose your personal information for a business purpose to the following categories of third parties including:
- Any of our affiliated insurance companies.
- Independent insurance agents and brokers.
- Service providers.
- Government entities.
- Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
- Independent claims adjusters, appraisers, investigators, medical professionals, and attorneys and law firms.
- Other insurance companies, agents, and consumer reporting agencies.
- Consumer reporting agencies.
- Medical care institutions or medical professionals.
- Organizations that collect information for the purpose of detecting and preventing insurance crimes or fraudulent activities.
- Authorized persons as ordered by subpoena, warrant, or other court order, or as otherwise required by law.
- Certificate holders or policyholders.
Retention of Information
We may keep personal information, including sensitive personal information, for only the amount of time it is needed to fulfill the legitimate business purpose for which it was collected or to satisfy a legal requirement. The criteria used for determining the relevant retention period is based on the legal requirements and particular needs to support the business process for which the information was collected.
Your Rights and Choices
The CPRA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CPRA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- A list of categories of personal information we collected about you.
- The categories of sources from which the personal information is collected.
- Our business or commercial purpose for collecting that personal information.
- The categories of third parties with whom we share personal information.
- The specific pieces of personal information we collected about you (this is also called data portability).
- If we disclosed your personal information for a business purpose, a list disclosing the category or categories of personal information we disclosed for a business purpose or, if we have not disclosed any personal information for a business purpose, we shall disclose that fact.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions described below. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers, or contractors to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Assist our network or information systems detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information.
- Ensure the physical safety of any individual.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's ability to complete such research, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us and compatible with the context in which you provided the information.
- Comply with a legal obligation.
Correction Request Rights
You have the right to request that we correct any inaccurate personal information that we retain about you. Once we receive and verify your request, we will use commercially reasonable efforts to correct (and direct our service providers and contractors to correct) your personal information in our records, unless the information is found to be accurate.
Exercising Access, Data Portability, Correction, and Deletion Rights
To exercise the access, data portability, correction, and deletion rights described above, please submit a verifiable consumer request to us by either:
- Calling us at 888-362-2255 (8 a.m.-4:30 p.m. CT, Monday-Friday)
- Filling out and submitting the California Consumer Personal Information Request Form
- (If you are reviewing a physical copy of this notice, you can navigate to this form at https://www.emcins.com/misc/privacypolicy.aspx.)
Only you or your authorized agent may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may make a verifiable consumer request for access or data portability only twice within a 12-month period.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
In order to make a request, and for us to verify your request, you must provide the following information:
- Your name, address, city, state, ZIP code, phone number and email address.
- If you are a policyholder or claimant, your policy number(s) and/or claim number(s).
- If you are a policyholder or claimant, we will verify your request via contact information we have in our file.
- If you are seeking the specific pieces of personal information, we reserve the right to (a) require a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request and (b) require you to provide additional information to enable us to verify your identity.
- A description of your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
If the request is made through an authorized agent, we will require the following written verification that you have authorized the agent to act on your behalf.
- Via an agent using a power of attorney - Written verification of the existence of the power of attorney pursuant to Probate Code sections 4000 to 4465.
- All others:
- Signed, written permission from the consumer allowing the agent to make the specific request;
- Proof that the authorized agent is registered with the California Secretary of State to act on your behalf; and
- Verification of the identity of the authorized agent.
Response Timing and Format
We will confirm receipt of your request within 10 days of receipt. If we are able to verify the request, we will provide information about how we will process the request and when you should expect a response.
We will respond to a verifiable consumer request within 45 days of its receipt unless we require more time (up to an additional 90 days), in which case we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will cover only the 12-month period preceding receipt of the verifiable consumer request. If we are unable to comply with your request, the response we provide will also explain the applicable reasons.
For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CPRA rights. Unless permitted by the CPRA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
- Retaliate against any EMC team member, applicant for employment, or independent contractor for exercising their rights described in this notice.
Changes to Our Privacy Notice
We reserve the right to amend this privacy notice in our discretion and at any time. A copy will be posted to our webpage along with the amended effective date.
How to Contact Us
If you have any questions or comments about this notice or our privacy practices, please review our webpage or contact us at:
EMC Insurance Companies
EMC Insurance Companies
Attn: Privacy Coordinator (Legal)
P.O. Box 712
Des Moines, IA 50303-0712
888-362-2255 (8 a.m.-4:30 p.m. CT, Monday-Friday)
* EMC Insurance Companies is the trade name used by the following affiliated insurance and insurance service companies of which Employers Mutual Casualty Company is the lead company:
- Employers Mutual Casualty Company
- EMC Insurance Group Inc.
- EMC National Life Company
- EMC Property & Casualty Company
- EMC Reinsurance Company
- EMC Risk Services, LLC
- EMC Underwriters, LLC
- EMCASCO Insurance Company
- Dakota Fire Insurance Company
- Illinois EMCASCO Insurance Company
- Union Insurance Company of Providence
- EMC National Life Marketing Services, LLC
This California Privacy Notice shall apply solely to EMC. For a statement of a CPRA notice applicable to all other EMC National Life Company or EMC National Life Marketing Services, LLC, please visit its website at www.EMCNationalLife.com.