This privacy notice discloses the privacy practices for www.grtinsurance.com, and www.grtia.net. This privacy notice applies solely to information collected by these websites.
To arrange insurance coverage, provide coverage-related customer service, and process insurance premiums and claims, GRT and other participants in the insurance industry are required to use and share Personal Data of potential and actual customers. The Lloyd’s Market Association, an industry-leading UK-based insurance association provides an overview of how and why the insurance industry is required to use and share Personal Data at: Insurance Market Core Uses Information Notice (“LMA Notice”). As of 25 May 2018, GRT’s use of Personal Data is consistent with the LMA Notice.
During the customer development and service lifecycle GRT will receive Personal Data relating to potential or actual policyholders, beneficiaries under a policy, their family members, business and organization principals, claimants and other parties (collectively “individual(s)”, “you”, “yours”) involved in an insurance policy and/or claim.
1. Identity and Contact Details of GRT’s Data Controller
GRT Insurance Agency LLC, 120 Newport Center Drive, Newport Beach, California, 92660 USA, is the Data Controller in respect of the Personal Data it receives in connection with the Services provided to its customer(s). GRT Insurance Agency LLC is licensed in the State of California, USA.
2. Personal Data and Information that GRT Processes
We collect and process the following Personal Data:
2.1 Individual details: name, address(es), telephone number(s), email address(es), other contact details, gender, marital status, family details, date of birth, place of birth, employer, employment history, job title(s), relationship to the policyholder, insured, beneficiary or claimant.
2.2 Identification details: identification numbers issued by government bodies or agencies (for example: social security number, national insurance number, passport number, tax identification number, driver’s license number, other government-issued identity number).
2.3 Financial information: payment card number, bank account number(s), credit score, income and other financial information.
2.4 Insured risk: information about the insured risk, which contains Personal Data and may include, only to the extent relevant to the risk being insured: including health data, criminal records data, other special demographic or other data categories.
2.5 Policy information: information about the insurance quotes individuals receive and the insurance policies they obtain.
2.6 Credit and anti-fraud data: credit history and credit score, information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies.
2.7 Previous claims: information about previous claims, which may include health data, criminal records data and other Special Categories of Personal Data (as described in the Insured Risk definition above).
2.8 Current claims: information about current claims, which may include health data, criminal records data and other Special Categories of Personal Data (as described in the Insured Risk definition above).
2.9 Marketing data: whether or not the individual has consented to receive marketing from Us and/or from third parties.
2.10 Website and communication usage: details of your visits to Our websites and information collected through cookies and other tracking technologies, including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access. Where We collect such information directly from individuals, We will inform them of whether the information is required and the consequences of not providing it on the relevant form.
2.11 Sources of Personal Data: We collect and receive Personal Data via voice and data communication and in writing, from various sources, including (depending on the Service provided and your country of residence):
- Individuals and their family members, employers or trade or professional associations of which they are a member, credit reference agencies, anti-fraud and other third-party databases, sanction lists, and government agencies;
- Third party referral and authorized data transaction affiliate organizations;
- Other insurance market participants, such as insurers, reinsurers and other intermediaries; and other business information and research tools;
- In the event of a claim: claims forms, third parties including the other party to the claim (claimant/defendant), witnesses, medical and other experts, loss adjusters, lawyers and claims administrators/processors; and
- Forms on Our website(s) and your interactions with Our website(s) (see Website Cookies, item 15., below).
3. How GRT Uses, Processes, and May Disclose Your Personal Data
The “Legal Grounds” on which GRT relies upon to process your Personal Data are set forth in the General Data Protection Regulation (“GDPR”) of the European Union (effective as of 25 May 2018), which allows companies to process customer Personal Data only when said processing is permitted by the specific “Legal Grounds” defined in the GDPR. In order for GRT to provide the Services (“Purpose of Processing”) to its customers, GRT’s “Legal Grounds” to do so are:
3.1 Performance of GRT’s contractual obligations to GRT’s customer(s);
3.2 Legitimate Interests of GRT to, including but not limited to, (a) ensure that GRT customer(s) are accurately, timely, responsively, and compliantly served; (b) and/or to establish, defend or prosecute legal claims; (c) and/or to prevent and mitigate crime and fraud; (d) and/or to appropriately manage risk;
3.3 Compliance with a legal, regulatory or other government obligation;
3.4 Customer’s provision of Consent; and/or
3.5 Substantial public interest.
We will disclose Personal Data for the purposes We set forth in this Notice to insurers and intermediaries thereof, claims processors, lawyers, loss adjusters, experts, financial institutions, service providers, contractors, advisers, agents and GRT subsidiaries and affiliated companies that perform activities on Our behalf.
4. Customer Provision of Consent
In order for GRT to provide the Services (“Purpose of Processing”) to a customer, unless another Legal Ground(s) applies, GRT will rely on the customer’s (herein the “data subject”) consent to process Personal Data, and Special Categories of Personal Data and Criminal Records Data, such as medical and criminal convictions records, as set forth in the prior sections, and for profiling as set out in the next section. Customer provision of consent must be a freely given, specific, informed and unambiguous indication of the individual’s wishes. There must be some form of clear affirmative action, such as a positive opt-in, by the individual customer: consent will not be inferred from silence, pre-checked boxes, or customer inactivity.
This consent permits and allows GRT to share the Personal Data information with other insurers and their intermediaries and parties that need to process the information to fulfill their role in the insurance market. The affected individual’s consent to this processing of Personal Data and Special Categories of Personal Data and Criminal Records Data may be required in order for GRT to be able to provide the customer-requested Services. Where you are providing GRT with information about a person other than yourself, you agree to notify them of Our use of their Personal Data and to obtain such consent for GRT.
Individuals may withdraw their consent to such processing at any time by contacting the GRT Data Protection Officer using the contact details at the Additional Information section below. Please note that withdrawing consent may prevent GRT from continuing to provide the specific consent-withdrawing customer’s requested service(s). In addition, if an individual withdraws consent to an Insurer’s or Reinsurer’s processing of their Special Categories of Personal Data and Criminal Records Data, it may not be possible for the insurance cover to continue.
5. Profiling and Automated Decision Making
GRT’s insurance market participants utilize financial, analytical, statistical, predictive, and actuarial modeling algorithms and techniques to assess risk, fraud patterns, the probability of future losses actually occurring in claims scenarios, and to determine whether or not to provide insurance coverage. Accordingly, GRT and its insurance market participants may use some or all of available and relevant Personal Data for these purposes.
6. Automated Quote and Binding Platform
Where GRT customers utilize the automated quote and binding platform(s), insurance quotations are offered entirely by matching whether the customer-submitted attributes fulfill the insurer’s coverage decision-making criteria, which determines (a) whether a coverage quotation will be made; (b) on what terms and conditions; and (c) at what price. Accordingly, GRT and its automated quote and binding platform(s) may use some or all of available and relevant Personal Data for these purposes.
7. Information Security Safeguards
GRT has implemented physical, electronic, logical, and business process and procedural safeguards appropriate to the sensitivity of the information We maintain. These safeguards will vary depending on the sensitivity, format, location, amount, distribution and storage of the Personal Data, and include measures designed to keep Personal Data protected from unauthorized access. If appropriate, the safeguards include the encryption of communications via Secure Sockets Layer, encryption of information during storage, firewalls, access controls, network penetration testing, separation of workforce duties, need-to-know security-role-based workforce user rights, change management, disaster recovery, breach notification, and similar security protocols. We restrict access to Personal Data to personnel and third parties that require access to such information for legitimate, relevant business purposes.
8. Restricting Collection and Retention of Personal Data
We collect, use, disclose and otherwise process Personal Data that is necessary for the Purposes identified in this Privacy Notice or as permitted by law. If GRT requires Personal Data for a previously not identified Purpose, We will notify customers of the new Purpose(s) and, where required, seek individual customers’ consent (or ask other parties to do so on GRT’s behalf) to process Personal Data for the new Purpose(s).
GRT’s Personal Data retention periods are based on business, regulatory and legal requirements. We retain Personal Data for as long as is necessary for the Purpose of Processing for which the information was collected, and any other permissible, related purpose. When Personal Data is no longer needed, We either irreversibly anonymize the data (in which case We may further retain and use the anonymized information), or securely destroy the data. Individuals may request additional information about the specific safeguards applied to the export of their Personal Data.
9. Transfer of Personal Data
GRT transfers Personal Data to, or permits access to Personal Data from, countries outside the European Economic Area (EEA). These countries’ data protection laws do not always offer the same level of protection for Personal Data as offered in the EEA. We will, in all circumstances, safeguard Personal Data as set forth in this Privacy Notice.
Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections as EEA data protection laws. EU data protection laws allow GRT to freely transfer Personal Data to such countries. If GRT transfers Personal Data to other countries outside the EEA, We will establish legal grounds justifying such transfer, such as model contractual clauses, individuals’ consent, or other legal grounds permitted by applicable legal requirements. Individuals may request additional information about the specific safeguards applied to the export of their Personal Data.
10. Accuracy, Transparency, Accountability, Openness and Your Rights
We strive to maintain Personal Data that is accurate, complete and current. Individuals should email GRT at: ClientService@GRTInsurance.com, to update their information. Under certain conditions, individuals have the right to request GRT to:
10.1 Provide further details to the individual on how We use and process their Personal Data;
10.2 Provide a copy of the Personal Data We maintain about the individual;
10.3 Update any inaccuracies in the Personal Data We hold about the individual;
10.4 Delete Personal Data of the individual that We no longer have a Legal Ground to Process; and
10.5 Restrict how We process the Personal Data of the individual while We consider the individual’s inquiry.
In addition, under certain conditions, individuals have the right to:
10.6 Where Processing is based on the individual’s Consent, withdraw said Consent;
10.7 Object to any Processing of Personal Data of the individual that GRT justifies on the “legitimate interests” legal grounds, unless Our reasons for undertaking that processing outweigh any prejudice to the individual’s privacy rights; and
10.8 Object to direct marketing (including any profiling for such purposes) to the individual at any time.
These rights are subject to certain exemptions to safeguard the public interest (for example, the prevention or detection of crime) and Our interests (for example, the maintenance of legal privilege). GRT will respond to most requests within thirty (30) days of Our receipt thereof.
If We are unable to resolve an inquiry or a complaint, individuals have the right to contact the UK data protection regulator, the Information Commissioner’s Office.
Questions regarding GRT’s privacy practices should be directed to GRT’s Data Protection Officer using the contact details in the Additional Information section below.
11. Additional Information
To submit questions or requests regarding this Privacy Notice or GRT’s privacy practices, please write to the Data Protection Officer at the following address:
The Data Protection Officer
GRT Insurance Agency, LLC
268 Bush Street, #4102
San Francisco, CA 94104 USA
12. Links to Third Party Websites
Our websites may contain links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that We do not accept any responsibility or liability for their policies or processing of your personal information. We encourage Our users to be aware when they leave Our website(s) and to read the privacy statements of any other website that collects personally identifiable information. Please check these policies before you submit any personal information to such third party websites.
13. Provisions Related to Users Residing in EU and EEA.
GRT shall be pursuing certification under the European Union and Swiss Privacy Shield protocols. We are committed to protecting the security of your personal information, and We take commercially reasonable technical and organizational measures that are designed to that end.
14. Our Policy Regarding Minors.
Our Services are not directed to persons under the age of eighteen years old (“Minors”). We do not knowingly collect Personal Data from Minors. If a parent or guardian becomes aware that their Minor has provided Us with Personal Data without their parent/guardian consent, the parent/guardian should contact Us at: ClientService@GRTInsurance.com. If We become aware that a Minor has provided Us with Personal Data, We will execute action to delete such Personal Data.
15. Website Cookies.
On Our websites, We may use “cookies” to collect Personal Data and improve Our Services. A cookie is a small data file that We transfer to your device. We may use “session ID cookies” to enable certain features of the Services, to better understand how you interact with the Services and to monitor aggregate usage and web traffic routing on the Services. We may also use “persistent cookies” to save your registration ID and login password for future logins to the Services. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. However, if you do not accept cookies, you will not be able to log into your account.
15.1 Required Cookies. These cookies are required and necessary for Our websites to function and cannot be switched off in Our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of Our websites may then not work. These cookies do not store any personally identifiable information.
15.2 Performance Cookies. These cookies allow Us to count visits and traffic sources so We can measure and improve the performance of Our websites. They help Us to know which pages are the most and least popular and see how visitors move around the websites. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies We will not know when you have visited Our websites, and will not be able to monitor its performance.
15.3 Functional Cookies. These cookies enable the websites to provide enhanced functionality and personalization. They may be set by Us or by third party providers whose services We have added to Our pages. If you do not allow these cookies then some or all of these services may not function properly.
15.4 Marketing Cookies. These cookies may be set through Our websites by Our advertising partners, if any. They may be used by those companies to build a profile of your interests and show you relevant promotions on other websites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted promotions.
15.5 Log Data. When you use the website Services, We automatically record information from the device you use, its software, and your activity using the Services. This may include the device’s Internet Protocol (“IP”) address, browser type, the web page(s) visited before you came to Our websites, information you search for on Our websites, locale preferences, identification numbers associated with your devices, your mobile carrier, date and time stamps associated with transactions, system configuration, metadata concerning your files, and other interactions with the Services.
We may allow and enable GDPR-compliant third party integrators (“Integrators“) to create applications and/or tools that supplement or enhance Our Services (“Integrations“). If you choose to access any such Integrations, the Integrators will access (via Application Program Interface) and use information you provide solely for the purpose of supplementing or enhancing the Services through the Integrations.
17. Changes to this Privacy Notice
This Privacy Notice is subject to change at any time. It was last changed on 25 May 2018. If We make changes to this Privacy Notice, We will update the date it was last changed.
Serve More. Sell More.
Full-service solutions for insurance distribution, fulfillment and service.