THIS NOTICE DESCRIBES HOW PERSONAL DATA, AND, WHERE APPLICABLE, MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
AWP USA Inc. and its affiliates (“we/us/our”), including Jefferson Insurance Company and AGA Service Company d/b/a Allianz Global Assistance, are committed to protecting your privacy. By using our products, services or website, you are consenting to our collection and use of your personally identifiable data under this Policy.
- Personal Data.
“Personal Data” means non-public personal information that identifies a specific individual. It doesn’t include data that does not identify a specific individual or data that is encoded, anonymized or aggregated.
- Sensitive Data.
“Sensitive Data” means personal information about an individual’s race or ethnicity; political, religious, ideological or trade union memberships, opinions, views or activities; medical conditions or other protected health information (“PHI”) as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”); financial account information (e.g. bank account number); government-issued ID numbers; sexuality; or administrative or criminal proceedings that are treated outside pending proceedings. In addition, Sensitive Data includes information we receive from a third party who treats and identifies the information as sensitive.
“Agent” means any third party that collects or uses Personal Data to perform tasks on our behalf, or our underwriters.
We strive to comply with the laws of the countries in which we do business regarding the protection of your Personal Data, including the EU Directive on Data Protection. In an effort to comply with such laws, we have joined the U.S. Department of Commerce's EU Safe Harbor and Swiss Safe Harbor programs (collectively, “Safe Harbor”), and we adhere to the below principles for handling your Personal Data. To learn more about the Safe Harbor program, and to view our certification, please visit http://www.export.gov/safeharbor/.
We collect Personal Data from you as stated in this notice, including information: (i) from forms, such as application or claim forms; or by telephone, website, email or correspondence; (ii) to complete your transaction with us (e.g. to underwrite coverage or process claims); (iii) regarding your transactions with us or others; (iv) we receive from a consumer reporting agency; or (v) you provide to us or have authorized others to provide to us or for us to collect from others.
We may use the Personal Data we have collected: (i) to offer, solicit, sell, or otherwise make available to you insurance and assistance products and services; (ii) to provide you with information or services for such products and services; (iii) to administer your insurance and assistance products and services for you, including but not limited to providing travel-related or concierge services, adjudicating claims, conducting quality/satisfaction assessments, and fraud prevention; or (iv) for purposes to which you’ve otherwise consented. This may in some cases include disclosing your Personal Data to Agents, but only for the purposes described in this notice, or for everyday business purposes or as required or permitted by law (such as to process transactions, maintain accounts, respond to court orders and legal investigations, or report to credit bureaus). These Agents may be affiliated or nonaffiliated and may include financial services providers (e.g. underwriting insurers) and non-financial companies (e.g. medical service providers, travel service providers, service providers assisting us with our marketing).
For circumstances in which we are subject to HIPPA, we are required to provide you with notice of our duties and practices with respect to PHI. Under HIPAA, we may use and disclose your PHI for one or more of the following purposes:
We may also in some specific cases need to use or disclose your PHI for one or more of the following purposes:
monitoring the health care treatment you receive (e.g. we may send or receive PHI to/from a doctor regarding your diagnosis and treatment so we can ensure that you are being treated in a medicallyappropriate facility);
payment for health services (e.g. we may use your PHI to make payments to a hospital that has treated you);
to help run our organization (e.g. we may use your PHI to conduct quality assessments of the services we have provided to you—however, note that we are prohibited from using or disclosing PHI that is genetic information about you for underwriting purposes); or
for other purposes as required to administer your insurance and/or assistance product (e.g. we may use PHI to adjudicate a claim made under an insurance policy).
In cases where we are subject to HIPAA, uses and disclosures of your PHI not described above will be made only with your express authorization.
for public health and safety issues;
to comply with legal or regulatory requirements;
to address or comply with workers’ compensation, law enforcement, or other governmental mandates or requests; or
to respond to lawsuits or legal actions.
Finally, we may use and disclose your name, email address, or contact information for marketing administration purposes (e.g. we may need to disclose your email address to an Agent providing marketing services on our behalf to help ensure that your opt-out choices are respected and that you do not receive duplicate communications).
If we collect your Personal Data for any reason other than as stated in this notice, we’ll notify you before using or disclosing that data, stating our purpose for collecting and using the data, the types of non-Agent third parties to which we disclose the data, and the means we offer you to limit the use and disclosure of the data. If we receive Personal Data from any entity in the EU, we’ll use that data according to the instructions such entity gives us regarding notices it provided and the choices made by the individuals to whom such data relates.
Federal and some states’ laws allow you the right to choose in some cases opt out of us sharing your Personal Data—you may exercise this right by notifying us as provided below. However, except as required or authorized by law (e.g. for fraud prevention), we do not share, sell or otherwise disclose your Personal Data to non-Agent third parties or use it for any purpose other than for which it was originally collected or as you subsequently authorize). However, if ever we wish to do so, we will offer you the opportunity to opt out of this use by sending an appropriately detailed request to the address provided below. In the event that we wish to disclose your Sensitive Data to a non-Agent third party or use such data for a purpose other than for which it was originally collected or as you subsequently authorize, we will provide you the affirmative, explicit choice of whether you wish to permit such disclosure (“opt-in”).
Except as authorized by law, we will not use or disclose psychotherapy notes, use or disclose your PHI for marketing purposes, or use or disclose your PHI in a way that would constitute a sale of PHI under HIPAA unless you expressly authorize us to do so. You may revoke this authorization at any time, except that such revocation will not be effective as to actions we have already taken in reliance on that authorization. You may request restrictions on our use and disclosure of certain health information for treatment, payment, or our operations. However, we are not required to agree to your request, except as otherwise required by HIPAA.
You may opt out of receiving non-essential communications from us by notifying us as provided below and disabling cookies in your web browser as described above.
Though we make every effort to preserve your privacy, we may need to disclose Personal Data or Sensitive Data if we have a good-faith belief that it is necessary to protect or defend our or your rights, interests or property; comply with any applicable law, regulation, judicial rule or order, or other mandate; or other such purposes as required or authorized by law. In any such case, we will take reasonable care to disclose only as much Personal Data as is necessary.
We may disclose your Personal Data to our Agents, but only for the purposes described in this notice. We will take reasonable steps to obtain assurances from our Agents that they will safeguard your Personal Data consistent with this Policy. Upon discovery, we will take reasonable steps to stop the Agent from using or disclosing Personal Data that is contrary to this Policy.
We take reasonable precautions to protect your data from loss, misuse, or unauthorized access, disclosure, alteration and destruction. To help maintain the security of your data, we employ physical, electronic and procedural safeguards, including utilizing policies to take reasonable precautions to (a) securely and confidentially maintain your Personal Data; (b) assess and protect against threats/hazards to the security or integrity of such data; and (c) prevent unauthorized access to or use of such data. Additionally, except where required or permitted by law, we limit use of your Personal Data to the minimum necessary to accomplish the purposes for which that data was collected and to be used as described in this notice, and we restrict access to your Personal Data to only those who need to access that data to accomplish those purposes. To make your online transaction with us as safe and secure as possible, we use advanced encryption technology and treat your credit card information with the highest standard of confidentiality and safety. We are required by law to maintain the privacy and security of your PHI. In the unlikely event of a “breach” as defined under HIPAA of your unsecured PHI, we are required by law to provide you with notification of that breach.
To help maintain the integrity of your data, we will take reasonable steps to ensure that Personal Data is reliable for its intended use, relevant, accurate, complete and current.
If you discover that the data we hold about you is inaccurate or incomplete, please let us know by contacting us as indicated below. We will grant you reasonable access to the Personal Data we hold about you and will take reasonable steps to allow you to correct, amend or delete your Personal Data that you show to be inaccurate or incomplete, so long as it can be done without imposing an undue burden or expense on us.
Where we are subject to HIPPA, you have the right to request to receive confidential communications of your PHI, as applicable. Subject to HIPPA, at your request, you may inspect, amend, and copy PHI we maintain about you, and receive an accounting of certain disclosures of your PHI (e.g. health payment records), in accordance with and as permitted by HIPAA
We verify our compliance with the Safe Harbor and the terms of this Policy by conducting a periodic self-assessment. Any complaint or dispute about how we handle your Personal Data should be directed to the address provided below. Additionally, complaints about how we handle your PHI may be directed to us or to the U.S. Secretary of Health and Human Services. We will investigate and attempt to resolve any such complaints or disputes internally; however, if we are unable to reach a mutually satisfactory resolution for such complaint or dispute, we have agreed to participate in the dispute resolution procedures administered by the European data protection authorities’ Safe Harbor dispute panel. You will not beretaliated against for filing a complaint.
Our websites may provide links to non-affiliated third party websites. Be aware when visiting such websites that we are not responsible for and make no representations regarding the content, privacy policies and practices (security or otherwise) regarding these or any other third party websites. You should read the policies of the websites you visit to understand their policies for the collection and treatment of data
Changes to Policy
This Policy reflects our business practices and is not a contract. However, we are required to and will abide by the terms of this Policy as currently in effect. We may amend this Policy at any time and will notify you of any updates by posting a revised policy on our website. The revised policy will apply to all information collected by us, including previously collected information to the extent permissible under the Safe Harbor. Your continued use of our website, products or services following any such amendment shall constitute acceptance of the revised policy. You are responsible to regularly review this Policy. You have the right to a paper copy of this Policy upon request.
If you have any questions or comments regarding this Policy or the way that we collect or handle your Personal Data, or if you would like to obtain a paper copy of this Policy, or if you wish to opt out as described above, please contact our Chief Privacy Officer by e-mail at firstname.lastname@example.org; or by telephone at 1-800-284-8300; or by regular mail at the following address: Allianz Global Assistance, ATTN: Chief Privacy Officer, 9950 Mayland Drive, Richmond, VA 23233.
This Policy was last revised on, and is effective as of, June 27, 2016.