Last updated: December 3, 2019
At Old Republic Risk Management we work to earn your trust and we are committed to protecting the privacy and confidentiality of your personal information. This Privacy Notice tells you how we collect, use, share, and protect your personal information and what choices you have about how your information is used and shared. Our policy is to treat the personal information you provide us with the utmost respect and in accordance with applicable privacy laws and regulations. We will not collect, use or share your personal information except as described in this Privacy Notice.
This Privacy Notice may be updated from time to time so that we can keep you updated as to our data privacy practices. If we make any material changes to our privacy practices the Privacy Notice will be updated by posting the revised version of this Notice on the Old Republic Risk Management website under the Privacy Notice link on the website homepage. The updated Privacy Notice is effective as of the date listed at the top of this document. By accessing any of our products, services, and website after this date you agree to the terms of our Privacy Notice as of the last effective date however, we will honor the terms that were in effect when we first gathered data from you.
Throughout this notice, the terms “we,” “us,” and “our” refer to Old Republic Risk Management while the term “you” may refer to prospective insureds, as well as current and former insureds, claimants, and beneficiaries.
If you have any questions regarding our Privacy Notice or practices, please contact us or send your written request to: PrivacyRequest@orrm.com, 1-855-797-3432, PO BOX 2939 Milwaukee, WI 53201-2939.
Prospective Insureds and Insureds
We collect information about you so that we can underwrite, process insurance transactions, administer or service your policy, and to operate our business. We collect personal information that we receive from you and we receive from others. Our goal is to limit the collection and retention of your personal information to what is necessary to provide you products or services and to operate our business.
In order for us to provide you with requested products or services and to administer our business, we may collect certain information from you, including personal information. This personal information may include but is not limited to:
If you register on our website we collect the personal information you knowingly provide to access certain online services. We may also collect personal information from you indirectly when you browse our website or use our official social media pages. For additional information about what personal information may be collected in these instances, please review the portions of this Privacy Notice that reference the use of our website or social media pages.
Claimants and Beneficiaries
If you are a claimant or beneficiary making a claim under a policy, we will collect your contact information along with claim details. Depending on the nature of your claim, we may collect personal information from you or others to administer your claim.
If you make a claim under a policy we may collect the following information from you in order to administer the claim:
Information We May Collect From Others Regarding a Claim
To administer a claim, we may collect the above information from other sources including your employer, agent, attorney or other representative. We may collect information from other parties to the claim, experts, witnesses, and loss adjusters. We may also collect information about you from public records, government agencies and credit agencies when we believe it is necessary for claim administration.
Prospective Insureds and Insured Persons
If you are a prospective insured, we may use your personal information to consider your application for an insurance policy and related services or products or for other business purposes as allowed by law. We may use it to communicate with you, your representatives, and others to underwrite, assess and evaluate risk. We may further use your personal information to prevent and detect fraud, unauthorized transactions, or other financial crimes and to comply with applicable laws and regulations such as those relating to money laundering, sanctions and anti-terrorism or to satisfy other legal or regulatory requirements. We may also use personal information to collect and process your premium and other payments.
If you are an insured, we may use your personal information to communicate with you, verify your identity, respond to your inquires or complaints, and provide you with requested information or services. We may use personal information to send you important information and alerts about changes to our policies, information about our other products and services or for administrative purposes. We may also use your personal information for internal business operations such as auditing, finance and accounting, billing and collections, data management and security, and records management or other business purposes as allowed by law. Personal information may be used to respond to law enforcement requests, subpoenas and court orders, and to respond to requests from government authorities and regulators and to comply with applicable laws. We may also use personal information if we believe it necessary to establish and protect our legal rights, protect our operations, privacy, safety or property, and/or that of our affiliate companies, you or others.
Claimants and Beneficiaries
If you are a claimant or beneficiary, we may use your personal information for the above purposes and to administer, investigate, litigate and/or potentially settle your claim. We may also use your personal information to detect, prevent and report fraud or other illegal activity.
We consider your personal information to be confidential and so we limit our sharing outside of Old Republic Risk Management. In the course of conducting our business, there are circumstances in which we may disclose your personal information to others. We share your personal information only with your authorization or as otherwise permitted or required by law. When personal information is shared with another party to perform services on our behalf, we expect them to maintain the confidentiality of your personal information, to use the information only for the limited purpose for which it was shared and to abide by all applicable federal and state privacy laws. Such sharing may include:
Prospective Insureds and Insured Persons
Claimants and Beneficiaries
You may also provide information through your use of technology when you access and interact with our website through your computer, tablet or mobile device. We may collect information you provide to us through forms on our sites such as log in pages. In addition, we may also collect information about your visits so that you may access certain services and so that we may better understand the interests of those that visit our sites. If applicable, when you visit our sites from a mobile device, like a smartphone, we may also collect additional information from your device, including your location, device identifier, and information about your mobile network. We may use a variety of tracking technologies to collect this information, including without limitation the following
Browser Log Data
We may use technologies that automatically collect information when you visit our sites, view our advertisements, or use our products or services ("Browser Log Data"). This browser log data may include information such as your IP address (or other unique device identifier, including one that we may assign); certain details about your browser, operating system, and hardware; your location, if available; the URL that referred you to our sites; your activities on our site, including your preferences; and other logging information, such as the date and time of your visit. We also use web server logs to collect and store information about site usage. We may use this information for fraud detection and prevention, security, and to ensure our sites are function properly.
A Beacon is a small graphic image or other web programming code (also known as “1x1 GIFs” or “clear GIFs”) that may be included in our site’s pages and messages. Beacons may be invisible to you, but any electronic image or other web programming code inserted into a page or e-mail can act as a Beacon. Beacons or similar technologies may be used for a number of purposes, including, without limitation, to count visitors to the sites, to monitor how users navigate the sites, to count how many e-mails that were sent were actually opened or to count how many particular articles or links were actually viewed.
An embedded script is programming code that is designed to collect information about your interactions with the sites, such as the links you click on. The code is temporarily downloaded onto your computer, tablet or phone from our web server or a third party service provider, and is active only while you are connected to the sites, and is deactivated or deleted thereafter.
Browser fingerprinting is the process of collection and analysis of information from your computer, tablet or phone, such as, without limitation, your operating system, plug-ins, system fonts and other data, for purposes of identification
ETag, or Entity Tag
ETag is a feature of the cache in browsers. It is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. If the resource content at that URL ever changes, a new and different ETag is assigned. Used in this manner, ETags are a form of device identifier. ETag tracking may generate unique tracking values even where the consumer blocks HTTP, Flash, and/or HTML5 cookies.
Recognition technologies are technologies, including application of statistical probability to data sets, which attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices in the same user).
The sites may use GPS (global positioning systems) software and other location-based technologies such as iBeacons to locate you so we may verify your location, deliver you relevant content based on your location, as well as allow you to share your location to other users as part of the services we provide via the sites. In addition to traditional GPS location-based services, others we work with may install low power Bluetooth, wifi, radio transmitters, or other devices in physical locations, which emit a signal that your smart phone can detect to pinpoint your location or otherwise interact with the sites. In addition, you may be able to send your location information via the sites to other users. You should consider the pros and cons involved in disclosing your location information to us and to other people. Where a user of the sites requests that their location information be revealed to other persons, the user will be provided options for managing sharing services, which may be through third party services such as through Twitter and Facebook. We are not responsible for the acts, omissions or policies of such third parties.
We may use third-party analytics services, like Google Analytics and Google Tag Manager, to collect, monitor and analyze visitor data (such as Browser Log Data, cookies and other tracking data), and trends for marketing optimization and to increase the functionality of our website. These services may track details about your online activities over time and across different websites. These services may also allow us and others to provide you with targeted advertisements or other content that you may be interested in based on your online activities.
The Google Analytics service tracks and reports website traffic and provides us insight into behavior information relating to visitor age, gender and interests. Google Analytics Demographics and Interest Reporting give us insight into behavior to help us understand browsing behavior and give you a better experience when you visit our website. You can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings.
These third-party services have their own privacy policies addressing how they use such information. If you want to prevent your data from being used by Google Analytics, you may wish to take advantage of Google Analytics' currently available opt-outs for the web. We use Google Tag Manager to capture certain non-individually identifiable customer traffic data, including: time spent on page, pdf file downloads, video activity (plays, pauses, percent of video watched, etc.), scroll depth (how far down a webpage a user scrolls), and social actions taken on a website (shares and outbound links to social channels).
If you would like to learn more about targeted ads that may be based on your online activities, and the choices that you may exercise for certain sites and advertisers, you may wish to visit the Network Advertising Initiative or the Digital Advertising Alliance.
“Do not track” is a technology that enables users to opt-out of tracking by websites they do not visit. We do not disclose personal information to third parties for their own marketing purposes. Additionally, we do not collect personal information from your online activities over time and across other websites or online services and we do not allow third parties to use these technologies on our sites. Because we do not use these technologies, we currently do not monitor, respond or take any action to web browser “do not track” signals or other similar mechanisms.
The security of your personal information is important to us, and we strive to implement and maintain reasonable, commercially acceptable, security procedures and practices appropriate to the nature of the information we store, to protect it from unauthorized access, destruction, use, modification, or disclosure. We restrict access to personal information about you to those employees who need to know the information in order to provide products and services to you. Unfortunately, no data transmission over the internet or electronic database can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “contact us” section below.
You are also responsible for taking reasonable steps to protect your personal information against unauthorized disclosure or misuse. We recommend you utilize the latest, updated version of your web browser. It is important that you create a strong password and protect against unauthorized access to your user name, password and your computer. You should not share your user name and password and be sure to log out and close your browser when you have completed your session.
Only persons that are the age of majority in your jurisdiction or older have permission to access our website. Our website is not designed for, or target to, children under the age of 13. We do not knowingly collect, use, or disseminate personal information from children. If you are a parent or guardian and you learn that your child has provided us with personal information, please contact us and we will promptly delete it. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to remove that information from our servers as quickly as possible. If you believe that we might have any personal information from or about a child, contact us at PrivacyRequest@orrm.com, PO BOX 2939 Milwaukee, WI 53201-2939.
Our website is directed to residents of the United States. Residents of other countries should not use our websites. If however, you are located outside of the United States and chose to provide personal information to us please note that we transfer the information to the United States and treat the information there in a manner consistent with United States law. The data protection laws in the United States may differ from those of the country in which you are located, and your personal information may be subject to access requests from governments, courts, or law enforcement in the United States.
You may have other privacy protections under applicable state laws. To the extent these laws apply, we will comply with them when we collect, use and share information about you.
For Insurance Customers in AZ, GA, MA, ME, MN, MT, NC, NJ, OH, OR and VA
We may share your personal information with non-affiliates without your prior authorization as stated in this Privacy Notice and as permitted by law. Information we obtain from a report prepared by an insurance-support organization may be retained by that insurance-support organization and disclosed to others. In general, you have a right to learn the nature and substance of any personal information about you in our files. You also have a right to obtain a copy of that information, subject to limited exceptions. To access the information about you, send a signed written request to us at the following e-mail address: PrivacyRequest@orrm.com or postal address PO BOX 2939 Milwaukee, WI 53201-2939 and include your name and address, along with your policy or account number, if any. For your protection, we may use reasonable means to verify your identity prior to sending you this personal information. If you believe that any information about you is inaccurate, you may notify us in writing about any correction, amendment, or deletion you believe should be made. We will carefully review your request and, where appropriate, make the necessary change. We are unable to change the information that other companies, like credit reporting agencies provide to us.