Edgewood Partners Insurance Center (EPIC) Privacy Notice
Effective Date: January 1, 2021
Edgewood Partners Insurance Center and its affiliates (“EPIC” or “We”) is a unique and innovative retail property & casualty and employee beneﬁts insurance brokerage and consulting ﬁrm. EPIC is committed to protecting your privacy and the privacy of its clients. This Privacy Notice describes how EPIC collects, uses, and discloses personal information. This Notice applies to any personal information you provide and any personal information we collect from other parties, including your employer.
When do we collect your information?
EPIC collects personal information when:
- you contact us or we perform services for you
- we provide services for our clients
- you register on our website or email distribution lists
- you RSVP to or attend our events
- you interact with us through social media
- you apply for a job at EPIC
What information do we collect?
In the course of interacting with you or providing our products and services, EPIC may collect information from you or other sources, including your employer, which may include the following:
- Name and contact information (e-mail address, mailing address, phone number, mobile number, etc.)
- Insurance policy and claim information
- Government-issued identiﬁcation and record details (social security number, driver’s license number, motor vehicle record, passport information, etc.)
- Information you provide on a job application or that is obtained under a position-related background check
- Demographic information (date of birth, gender, employment status, beneﬁt coverages, marital status)
- Physical or mental health information
- Criminal record information
How do we use your personal information?
We process personal information that is provided by you or our clients in order to perform services. The processing of your personal information depends on the type of services we provide, applicable laws, regulatory guidance and professional standards. Where EPIC processes your personal information on behalf of a client, such as your employer, it is the client’s obligation to ensure that you understand that your personal information will be disclosed to EPIC.
All processing of your personal information is justiﬁed under a “lawful basis” for processing, including the following:
- your consent
- processing is necessary in order to enter into or perform a contract for you
- processing is necessary for us to comply with legal obligations
- processing is in our legitimate commercial interest, except that our interest may not override your fundamental rights or freedoms
- In limited circumstances, we will use your consent as the basis for processing your personal information, for example, where we are required to obtain your prior consent in order to send you marketing communications.
Do we collect information from children?
EPIC does not knowingly collect information from children who have not reached the age of consent under relevant data privacy laws. If we learn that we have collected personal information from a child who has not reached the age of consent, we will delete it immediately.
What Information Do We Collect Through Automatic Data Collection Technologies?
As you navigate through and interact with EPIC’s websites, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Details of your visits to EPIC’s websites, including traffic data, logs, and other communication data and the resources that you access and use on the websites.
- Information about your computer and internet connection, including your IP address, operating system, and browser type.
The information EPIC collects automatically is only statistical data that helps EPIC improve its websites and deliver a better and more personalized service, including by enabling EPIC to:
- Estimate audience size and usage patterns.
- Store information about your preferences, allowing EPIC to customize its websites according to your individual interests.
- Speed up your searches.
- Recognize you when you return to EPIC’s websites.
The technologies EPIC uses for this automatic data collection may include:
- Web Beacons. Pages of EPIC’s websites may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit EPIC, for example, to count users who have visited those pages or for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
EPIC does not collect personal information automatically, but it may tie this information to personal information about you that it collects from other sources or that you provide to EPIC.
How long do we retain your personal information?
EPIC collects and processes personal information in connection with providing its clients with various services, each of which may be subject to minimum or maximum retention periods, as required by law or EPIC’s Record Retention Policy.
EPIC also maintains personal information supplied by former clients, and EPIC also manages this information in accordance with its Record Retention Policy.
Do we disclose your personal information?
We may share your personal information with EPIC’s subsidiaries and affiliates as part of the process of providing services to you or to fulfill the purpose for which you provided it. We may also share your personal information with contractors, service providers, and other third parties that you or EPIC has engaged to perform services for you or to otherwise support EPIC’s business operations. These third parties are contractually bound to keep personal information confidential and use it only for the purposes for which EPIC discloses it to them.
EPIC may also disclose your personal information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of EPIC’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by EPIC is among the assets transferred.
Do we transfer your personal information across geographies?
For certain services offered by EPIC, personal information may be transferred outside of EPIC or to third parties that may operate outside of the United States, the United Kingdom, or the European Union. Personal information may be transferred, processed, or stored in countries that are not regarded as ensuring an adequate level of protection for personal information under European law. When personal information is transferred to those countries, we put in place standard contractual clauses and other safeguards to ensure your personal information is protected. Countries that we transfer personal information to include India, Philippines, China, among others. For more information about the safeguards we have put in place, please contact us using the information found in “Questions and Complaints” below.
How do we protect your information?
EPIC protects personal information using physical, electronic, and procedural safeguards that are speciﬁcally designed to meet or exceed the requirements of applicable laws. All EPIC employees receive training on the importance of protecting personal information, and only authorized employees have access to personal information. Subcontractors and agents are contractually bound to maintain protection of personal information and are not permitted to use the information for any unauthorized purpose.
What choices do you have about your personal information or our communications?
You have certain rights related to the processing of your personal information, including.
- You have the right to unsubscribe from our communications by clicking the “unsubscribe” link in our marketing emails or by contacting us.
Individuals within the European Union and California residents may have additional personal information rights and choices. Please see Your Rights under GDPR and Additional Information for California Residents for more information.
Your Rights under GDPR
The General Data Protection Regulation (“GDPR”) affords certain rights to individuals in the European Union. Specifically, individuals in the European Union are entitled to the following:
The right to be informed – You have the right to know what personal information EPIC processes, how it processes that personal information, and who else may have access to your personal information.
The right to access – You have the right to request that EPIC provide you with a copy of your personal information held by EPIC. EPIC may charge you a small fee for this service.
The right to rectification – You have the right to request that EPIC correct any information you believe is inaccurate. You also have the right to request that EPIC complete any information you believe is incomplete.
The right to erasure – You have the right to request that EPIC erase your personal information, under certain conditions.
The right to restrict processing – You have the right to request that EPIC restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to EPIC’s processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that EPIC transfer the personal information that it has collected about you to another organization, or directly to you, under certain conditions.
If you make any such request, EPIC has one month to respond to you. If you would like to exercise any of these rights, please contact EPIC by email at email@example.com or by mail at EPIC Corporate Headquarters, Attention: Privacy Officer, 1 California Street, Suite 400, San Francisco, CA 94111.
International Data Transfers – EPIC may transfer personal information it has collected from you or about you outside of the European Economic Area (“EEA”). Please be aware that countries outside of the EEA may not have the same level of data protection as your country.
Additional Information for California Residents
Under California’s “Shine the Light” law, you have the right to request and obtain from us once a year an account of your Personal Information we disclosed to third parties for direct marketing purposes. You will receive a notice that will include the categories of Personal Information that was shared (if any) and the names and addresses of all third parties with which the information was shared (if any). Epicbrokers.com does not use technology that accommodates do-not-track signals from your browser. If you are a California Resident and would like to make a request, please contact us using the information found in the “Questions or Complaints” section below.
The California Consumer Privacy Act of 2018 (the “CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” as well as rights to access, delete, and restrict the sale of Personal Information that EPIC may collect about its clients, customers, or visitors to its websites. The CCPA defines “Personal Information” as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Personal Information does not include deidentified or aggregated consumer information. If you are a California resident, you have a right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.
1. Collection and Use of Personal Information
In the 12-months preceding the date the information in this section was last updated, EPIC has collected the following categories of Personal Information about consumers, as defined by the CCPA: Identifiers (such as name, postal address, and Internet Protocol (IP) address); Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); Customer Records Information (such as name, address, and credit card or debit card number); Protected classification characteristics under California or federal law; Internet or Other Electronic Network Activity Information (such as information regarding a consumer’s interaction with our website); and Professional or Employment-Related Information.
EPIC obtains these categories of information from you and from our clients to whom we provide services.
2. Disclosures to Third Parties for a Business Purpose
In the 12-months preceding the date the information in this section was last updated, EPIC has disclosed the following categories of Personal Information about consumers for a business purpose, as defined by the CCPA: Identifiers (such as name, postal address, and Internet Protocol (IP) address); Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); Customer Records Information (such as name, address, and credit card or debit card number); Protected classification characteristics under California or federal law; Internet or Other Electronic Network Activity Information (such as information regarding a consumer’s interaction with our website); and Professional or Employment-Related Information.
We disclose the categories of personal information listed above to our service providers in connection with the products and services we provide to our customers. We also disclose the categories of personal information listed above to obtain quotes or proposals or to underwrite insurance.
3. Use of Personal Information
We may use or disclose the personal information we collect to:
- To provide products or services requested by you or by our clients.
- To provide, support, personalize, and develop our websites, products, and services.
- To personalize your website experience.
- To help maintain the safety, security, and integrity of our websites, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our websites, products, and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of EPIC’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by EPIC is among the assets transferred.
4. Sale of Personal Information and Right to Opt Out
EPIC does not sell Personal Information as defined under the CCPA and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale as required by law. Please note that your right to opt out does not apply to EPIC’s sharing of data with service providers, with whom EPIC works and who are required to use the data only to perform the services they provide to EPIC.
5. Right to Know and Right to Request Deletion of Personal Information
California residents have the right to request that EPIC disclose what Personal Information it collects, uses, and sells, as well as the right to request that EPIC delete certain Personal Information that it has collected from you. Once EPIC receives and confirms your verifiable request, it will disclose to you, based on the nature of your request: the categories of Personal Information it has collected about you; the categories of sources for the Personal Information it has collected about you; EPIC’s business or commercial purpose for collecting that information; the categories of third parties with whom it shares that information; and/or, at your request, the specific pieces of Personal Information EPIC collected about you.
EPIC may deny your request to delete your Personal Information if retaining the information is necessary for EPIC or its service provider(s) to:
- Complete the transaction for which EPIC collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of EPIC’s ongoing business relationship with you, or otherwise perform a contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with EPIC.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
If EPIC denies your request, it will provide you with an explanation of our reason(s) for doing so.
You may contact EPIC using the contact information in the Questions and Complaints section below. An agent may submit a request on your behalf, but you must verify that your agent is authorized to do so.
Epicbrokers.com includes the EPIC Career Portal, which is available for those who wish to search and apply for open job positions at EPIC. Applications and other materials submitted through the Portal are ﬁrst collected and processed by a third-party vendor. By submitting an application through this Portal, you consent to this processing of your personal information.
Website and External Links
This Privacy Notice describes the data privacy and protection policies of EPIC.
In addition, epicbrokers.com may contain links to other websites. This Privacy Notice only addresses your information that is received by EPIC. You are encouraged to review the privacy policies of each website you visit.
Changes to this Statement
Questions or Complaints
If you have any questions or complaints about this Notice, or about our data privacy or security policies in general you may email your comments to firstname.lastname@example.org or contact us by mail at EPIC Corporate Headquarters, Attention: Privacy Officer, 1 California Street, Suite 400, San Francisco, California 94111, or by telephone at 1-800-345-7242.