PRIVACY POLICY

Effective Date: January 1, 2023

Purple Risk Management Services, LLC doing business as PurpleRisk® Insurance Services (“PurpleRisk” or “we”) is a specialty retail property and casualty insurance brokerage. PurpleRisk is committed to protecting your privacy and the privacy of its clients. This Privacy Policy describes how PurpleRisk collects, uses, and discloses personal information. This Policy applies to any personal information you provide to PurpleRisk and any personal information we collect from other parties, including your employer.

Information We Collect

In the course of interacting with you or providing our services, PurpleRisk may collect information from you or other sources, including your employer, which may include the following: name and contact information (e-mail address, mailing address, phone number, geographic location, etc.); information you provide on a job application or that is obtained under a position-related background check; demographic information (date of birth, gender, employment status (including job title), etc.); and information you provide on an insurance application including banking and credit card information, among other types of information. 

When We Collect Your Information

PurpleRisk collects personal information when: you contact us or we perform insurance and risk management services for you, your employer, a subsidiary thereof, or an affiliated organization; you register on our website or email distribution lists; you interact with us through social media; you apply for a job at PurpleRisk, among others. 

Use of Your Personal Information

We process personal information that is provided by you, your employer, a subsidiary thereof, or an affiliated organization in order to perform services. The processing of your personal information depends on the type of services we provide, applicable laws, regulatory guidance and professional standards. Where PurpleRisk processes your personal information on behalf of your employer, a subsidiary thereof, or an affiliated organization, it is your employer, a subsidiary thereof, or an affiliated organization’s obligation to ensure that you understand that your personal information will be disclosed to PurpleRisk. 

All processing of your personal information is justified under a “lawful basis” for processing, including the following: your consent; processing is necessary in order to enter into or perform a contract for you; processing is necessary for us to comply with legal obligations; processing is in our legitimate commercial interest, except that our interest may not override your fundamental rights or freedoms; In limited circumstances, we will use your consent as the basis for processing your personal information, for example, where we are required to obtain your prior consent in order to send you marketing communications.

Collection of Information from Children

PurpleRisk does not knowingly collect information from children who have not reached the age of consent under relevant data privacy laws. If we learn that we have collected personal information from a child who has not reached the age of consent, we will delete it immediately. 

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with PurpleRisk’s websites, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including: details of your visits to PurpleRisk’s websites, including traffic data, logs, and other communication data and the resources that you access and use on the websites and information about your computer and internet connection, including your IP address, operating system, and browser type.

The information PurpleRisk collects automatically is only statistical data that helps PurpleRisk improve its websites and deliver a better and more personalized service, including by enabling PurpleRisk to: estimate audience size and usage patterns; store information about your preferences, allowing PurpleRisk to customize its websites according to your individual interests; speed up your searches; and recognize you when you return to PurpleRisk’s websites. 

The technologies PurpleRisk uses for this automatic data collection may include:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of PurpleRisk websites. Unless you have adjusted your browser setting so that it will refuse cookies, PurpleRisk’s system will issue cookies when you direct your browser to PurpleRisk’s websites. 

• Web Beacons. Pages of PurpleRisk’s websites may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit PurpleRisk, for example, to count users who have visited those pages or for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

PurpleRisk does not collect personal information automatically, but it may tie this information to personal information about you that it collects from other sources or that you provide to PurpleRisk.

Retention of Your Personal Information

PurpleRisk collects and processes personal information in connection with providing its clients with various services, each of which may be subject to minimum or maximum retention periods, as required by law or PurpleRisk’s Record Retention Policy.

PurpleRisk also maintains personal information supplied by former clients, and PurpleRisk also manages this information in accordance with its Record Retention Policy.

Disclosure of Your Personal Information

We may share your personal information with PurpleRisk’s subsidiaries and affiliates as part of the process of providing services to you or to fulfill the purpose for which you provided it. We may also share your personal information with contractors, service providers, and other third parties that you or PurpleRisk has engaged to perform services for you or to otherwise support PurpleRisk’s business operations. These third parties are contractually bound to keep personal information confidential and use it only for the purposes for which PurpleRisk discloses it to them.

PurpleRisk may also disclose your personal information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of PurpleRisk’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by PurpleRisk is among the assets transferred. 

PurpleRisk may also disclose your personal information to comply with any court order, law, or legal process, including to respond to any government or regulatory request, to enforce or apply our Terms of Use, or if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of PurpleRisk or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection.

Protecting Your Information

PurpleRisk protects personal information using physical, electronic, and procedural safeguards that are specifically designed to meet or exceed the requirements of applicable laws. All PurpleRisk employees receive training on the importance of protecting personal information, and only authorized employees have access to personal information. Subcontractors and agents are contractually bound to maintain protection of personal information and are not permitted to use the information for any unauthorized purpose.

Personal Information/Communications Rights

You have certain rights related to the processing of your personal information, including: you have the right to unsubscribe from our communications by clicking the “unsubscribe” link in our marketing emails or by contacting us; and you can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

Website and External Links

This Privacy Notice describes the data privacy and protection policies of PurpleRisk. In addition, www.purplerisk.com may contain links to other websites. This Privacy Policy only addresses your information that is received by PurpleRisk. You are encouraged to review the privacy policies of each website you visit.  

Individuals within the European Union and California residents may have additional personal information rights and choices.  Read on for GDPR Rights and Additional Information for California Residents.

GDPR Rights

The General Data Protection Regulation (“GDPR”) affords certain rights to individuals in the European Union. Specifically, individuals in the European Union are entitled to the following rights to:

Be informed – You have the right to know what personal information PurpleRisk processes, how it processes that personal information, and who else may have access to your personal information.

Access – You have the right to request that PurpleRisk provide you with a copy of your personal information held by PurpleRisk. PurpleRisk may charge you a small fee for this service.

Rectification – You have the right to request that PurpleRisk correct any information you believe is inaccurate. You also have the right to request that PurpleRisk complete any information you believe is incomplete. 

Erasure – You have the right to request that PurpleRisk erase your personal information, under certain conditions.

Restrict processing – You have the right to request that PurpleRisk restrict the processing of your personal data, under certain conditions. 

Object to processing – You have the right to object to PurpleRisk’s processing of your personal data, under certain conditions.

Data portability – You have the right to request that PurpleRisk transfer the personal information that it has collected about you to another organization, or directly to you, under certain conditions. If you make any such request, PurpleRisk has one month to respond to you. If you would like to exercise any of these rights, please contact PurpleRisk by email at info@purplerisk.com or by telephone at (212) 457-1296.

International Data Transfer

PurpleRisk may transfer personal information it has collected from you or about you outside of the European Economic Area (“EEA”).  Please be aware that countries outside of the EEA may not have the same level of data protection as your country.

Additional Information for California Residents

Under California’s “Shine the Light” law, you have the right to request and obtain from us once a year an account of your Personal Information we disclosed to third parties for direct marketing purposes. You will receive a notice that will include the categories of Personal Information that was shared (if any) and the names and addresses of all third parties with which the information was shared (if any). The website www.purplerisk.com does not use technology that accommodates do-not-track signals from your browser. If you are a California Resident and would like to make a request, please contact us using the information found in the “Questions or Complaints” section below. An agent may submit a request on your behalf, but you must verify that your agent is authorized to do so.

The California Consumer Privacy Act of 2018 (the “CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” as well as rights to access, delete, and restrict the sale of Personal Information that PurpleRisk may collect about its clients, customers, or visitors to its websites. The CCPA defines “Personal Information” as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”  Personal Information does not include deidentified or aggregated consumer information.  If you are a California resident, you have a right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA. 

1.  Personal Information Collection and Use

In the 12-months preceding the date the information in this section was last updated, PurpleRisk has collected the following categories of Personal Information about consumers, as defined by the CCPA: Identifiers (such as name, postal address, and Internet Protocol (IP) address); Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); Customer Records Information (such as name, address, and credit card or debit card number); Protected classification characteristics under California or federal law; Internet or Other Electronic Network Activity Information (such as information regarding a consumer’s interaction with our website); and Professional or Employment-Related Information.

PurpleRisk obtains these categories of information from you, your employer, a subsidiary thereof, or an affiliated organization to whom we provide services.

2.  Third Party Disclosure for a Business Purpose

In the 12-months preceding the date the information in this section was last updated, PurpleRisk has disclosed the following categories of Personal Information about consumers for a business purpose, as defined by the CCPA: Identifiers (such as name, postal address, and Internet Protocol (IP) address); Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); Customer Records Information (such as name, address, and credit card or debit card number); Protected classification characteristics under California or federal law; Internet or Other Electronic Network Activity Information (such as information regarding a consumer’s interaction with our website); and Professional or Employment-Related Information.

We disclose the categories of personal information listed above to our service providers in connection with the products and services we provide to our customers.  We also disclose the categories of personal information listed above to obtain quotes or proposals or to underwrite insurance.

3.  Personal Information Use

We may use or disclose the personal information we collect to: 1. provide products or services requested by you, your employer, a subsidiary thereof, or an affiliated organization; 2. provide, support, personalize, and develop our websites, products, and services; 3. personalize your website experience; 4. help maintain the safety, security, and integrity of our websites, products and services, databases and other technology assets, and business, 5. facilitate testing, research, analysis, and product development, including to develop and improve our websites, products, and services; 6. respond to law enforcement requests and as required by applicable law, court order, or governmental regulations; 7. undertake activities as described to you when collecting your personal information or as otherwise set forth in the CCPA; and 8. evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of PurpleRisk’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by PurpleRisk is among the assets transferred.

4.  Personal Information Sale and Opt Out Right

PurpleRisk does not sell Personal Information as defined under the CCPA and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale as required by law.  Please note that your right to opt out does not apply to PurpleRisk’s sharing of data with service providers, with whom PurpleRisk works and who are required to use the data only to perform the services they provide to PurpleRisk.

5.  Right to Understand Collection of Personal Information/Right to Request Deletion

California residents have the right to request that PurpleRisk disclose what Personal Information it collects, uses, and sells, as well as the right to request that PurpleRisk delete certain Personal Information that it has collected from you. Once PurpleRisk receives and confirms your verifiable request, it will disclose to you, based on the nature of your request: the categories of Personal Information it has collected about you; the categories of sources for the Personal Information it has collected about you; PurpleRisk’s business or commercial purpose for collecting that information; the categories of third parties with whom it shares that information; and/or, at your request, the specific pieces of Personal Information PurpleRisk collected about you. 

PurpleRisk may deny your request to delete your Personal Information if retaining the information is necessary for PurpleRisk or its service provider(s) to: 1. complete the transaction for which PurpleRisk collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of PurpleRisk’s ongoing business relationship with you, or otherwise perform a contract with you; 2. detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; 3. debug products to identify and repair errors that impair existing intended functionality; 4. exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; 5. comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.); 6. engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent; 7. enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with PurpleRisk; 8. comply with a legal obligation; and 9. make other internal and lawful uses of that information that are compatible with the context in which you provided it.

If PurpleRisk denies your request, it will provide you with an explanation of our reason(s) for doing so.

Changes to this Privacy Policy

This Policy may be changed at any time. Unless stated otherwise, all changes that occur will become effective immediately. The date the Privacy Policy was last revised is identified at the top of the page. By continuing to access PurpleRisk websites, you agree to accept all terms and conditions outlined in this Policy.

Questions or Complaints

If you have any questions or complaints about this Privacy Policy, or about our data privacy or security policies in general you may email your comments to info@purplerisk.com or by telephone at (212) 457-1296.