Last Updated: January 31, 2024
This California Privacy Notice (“Notice”) describes how Coverys uses and discloses the personal information we collect from or about California residents who use our websites, portals, or otherwise interact with us online or offline (our “Services”). We adopt this Notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”).
This Notice supplements the information contained in the privacy policies that we post on our Services (our “Privacy Policies”). Please review these Privacy Policies for general information about how we use and share the personal information we collect from or about you when you use the Services.
Throughout this Notice, “Coverys” refers to Medical Professional Mutual Insurance Company and its subsidiaries, including Med-IQ (also referred to as “we” and “us”). Before sharing your personal information with us or using our Services, please review this Notice carefully.
About Coverys and the Scope of this Notice
Coverys primarily provides medical professional liability insurance and other services to entity customers. In this context, some Coverys business units and groups act as service providers under the CCPA. This means that they collect and use personal information on behalf of, and subject to the instructions of, a client (for example, where a Coverys entity provides claims management services to business customers). As between Coverys and our business customers, our business customers are primarily responsible for how we use and disclose the personal information we collect in our role as a service provider. If Coverys maintains your personal information on behalf of one of our business customers, and you have questions about how we process your personal information, we may direct your inquiries to that customer.
In addition, this Notice does not apply to certain personal information we collect that is outside the scope of the CCPA, such as:
- publicly available information we obtain from government records;
- de-identified or aggregated information; and
- information excluded from the scope of the CCPA, like information that we collect in connection with issuing a financial product or service and that is subject to the GLBA (Gramm-Leach-Bliley Act), health or medical information covered by HIPAA (Health Insurance Portability and Accountability Act of 1996) and CMIA (the California Confidentiality of Medical Information Act).
Personal Information We Collect
We collect information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household (“personal information”). Our Privacy Policies contain a general description of the types of personal information we collect. Specifically, within the last twelve (12) months, we have collected the following categories of personal information:
- Identifiers, such as your name, email address, mailing address, IP address, online identifiers, and account information. We typically collect this information directly from you to provide you access to our Services.
- Customer Record Information, such as your financial information, medical information, and insurance provider. We typically collect this information directly from you to manage your relationship with us, process your requests, and maintain customer records pursuant to our legal requirements.
- Internet or other Electronic Network Activity Information, such your browsing history, search history, and browser information. We typically collect this information through our use of cookies and other data collection technologies to help us design our website, to identify popular features, and for other internal analytics purposes.
- Audio, Electronic and Visual Information, including records of customer service calls and video security footage from our offices. We typically collect this information directly from you to operate and protect our business.
- Professional and Employment Related Information, such as your current or past employers, professional affiliations, work experience, education information, past claim experience, licensing board actions, license status and license number, and national provider ID. We typically collect this information directly from you so that we may provide services and tailor our products to you. We may also collect this information from third parties, such as when you apply for a job and we need to check your references.
- Commercial Information, such as products and services purchased from us. We typically collect this information directly from you to fulfill your transactions and provide you customer service.
- Inferences Drawn from Other personal information, such as information about your preferences and characteristics. We typically collect this information directly from you or using cookies and other data collection technology to tailor our services and communications to you.
- Protected Classification Characteristics Under California or Federal Law, such as age, citizenship, marital status, and veteran or military status. We typically collect this information directly from you or from third parties to provide our Services.
- Sensitive personal information, such as social security or driver’s license number, racial or ethnic origin, religious or philosophical beliefs, genetic information (including familial genetic information), medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), and sexual orientation.
In addition to the purposes for collection described above, we have collected each of the above categories of personal information for the purpose of delivering our products and services and managing our relationship with you, which typically includes:
- Maintaining and servicing your account, including managing your preferences.
- Administering and improving our Services, including to run analytics, assess the quality of our Services, and for other related internal business purposes.
- Communicating with you and responding to inquiries you send to us.
- Sending you messages promoting our products and services.
- Maintaining security and preventing fraud.
- Complying with our legal, regulatory and risk management obligations, including establishing, exercising and/or defending legal claims.
We only use Sensitive personal information for the following purposes: (i) performing services or providing goods reasonably expected by an average consumer; (ii) detecting security incidents; (iii) resisting malicious, deceptive, or illegal actions; (iv) ensuring the physical safety of individuals; (v) for short-term, transient use, including non-personalized advertising; (vi) performing or providing internal business services; (vii) verifying or maintaining the quality or safety of a service or device; or (viii) for purposes that do not infer characteristics about you.
How We May Disclose Your Personal Information
We may disclose the categories of personal information we collect with third parties as described in our Privacy Policies. The table below shows our practices for disclosing personal information in the preceding twelve (12) months.
Categories of Personal Information | Recipients to Whom We’ve Disclosed Personal Information for a Business Purpose |
Recipients to Whom We’ve Sold or Shared Personal Information |
Identifiers | Subsidiaries and affiliates; service providers; accrediting bodies and other educational partners; Government agencies, law enforcement, or other third parties in response to a legal obligation |
Ad partners and networks |
Customer Record Information |
Subsidiaries and affiliates; service providers; accrediting bodies and other educational partners; Government agencies, law enforcement, or other third parties in response to a legal obligation |
We do not sell or share |
Internet or other Electronic Activity Information |
Subsidiaries and affiliates; service providers; accrediting bodies and other educational partners; Government agencies, law enforcement, or other third parties in response to a legal obligation |
Ad partners and networks |
Audio, Electronic, and Visual Information |
Subsidiaries and affiliates; service providers; accrediting bodies and other educational partners; Government agencies, law enforcement, or other third parties in response to a legal obligation |
We do not sell or share |
Professional and Employment Related Information |
Subsidiaries and affiliates; service providers; accrediting bodies and other educational partners; Government agencies, law enforcement, or other third parties in response to a legal obligation |
We do not sell or share |
Commercial Information | Subsidiaries and affiliates; service providers; accrediting bodies and other educational partners; Government agencies, law enforcement, or other third parties in response to a legal obligation |
We do not sell or share |
Protected Classifications under CA or Federal Law |
Subsidiaries and affiliates; service providers; accrediting bodies and other educational partners; Government agencies, law enforcement, or other third parties in response to a legal obligation |
We do not sell or share |
Sensitive personal information | Subsidiaries and affiliates; service providers; accrediting bodies and other educational partners; Government agencies, law enforcement, or other third parties in response to a legal obligation |
We do not sell or share |
Privacy Rights
You may be entitled to the following privacy rights under California law:
- The right to know. You have the right to request to know the categories and specific pieces of personal information we have collected about you; the categories of sources from which that personal information was collected; and how we have sold, shared, or otherwise disclosed your personal information.
- The right to correct: You may have the right to request that we correct inaccurate personal information that we maintain about you.
- The right to delete. You have the right to request that we delete the personal information that we have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your personal information was collected. If we deny your request for deletion, we will let you know the reason why.
- The right to opt out of the sale or sharing of your personal information. You have the right to opt out of the sale of personal information or the sharing of your personal information for targeted advertising purposes. Currently, we only sell or share your personal information for targeted advertising purposes.
- The right to equal service. If you choose to exercise any of these rights, Coverys will not discriminate against you in anyway. If you exercise certain rights, understand that you may be unable to use or access certain features of our Services.
To exercise your rights to know, correct, and delete your personal information, email us at CoverysPrivacy@Coverys.com or call us toll-free at 866-432-6700. To exercise your right to opt out, you can update your preferences in the Cookie Preference center or use a universal opt-out signal, such as the Global Privacy Control, to communicate your opt out request.
We will take steps to verify your identity before processing your request to know or request to delete. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected personal information. If you have an account with us, we will use our existing account authentication practices to verify your identity. If you do not have an account with us, we may request additional information about you to verify your identity. We will only use the personal information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose.
You may use an authorized agent to submit a request to know or a request to delete. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your personal information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.
Shine the Light – Third Party Marketing. You may request and obtain from Coverys once per calendar year information about any of your personal information shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information and for any other questions about our privacy practices and compliance with California law, please contact us at CoverysPrivacy@Coverys.com.
Contact Information
We hope this Notice has been helpful in explaining how we handle your personal information. If you have any questions that we have not answered, please contact our Data Protection Officer who will be pleased to help you:
Coverys
One Financial Center
Boston, MA 02111
CoverysPrivacy@Coverys.com
Updates
We may update this Notice from time to time. When we update this Notice, we will post the changes on our Services and update the “Last Updated” date at the top of this page. We encourage you to check this Notice regularly for changes. If we make any material changes to this Notice, we will notify you before they take effect either through the Services or by sending you a notification. Unless otherwise noted, any changes we make to this Notice will become effective immediately once posted on this page. Your continued use of the Services following any changes to this Notice indicates that you have read and understood the practices described in the revised Notice.
Please click here for the Coverys Privacy Statement
Please click here for the Privacy Notice for business underwritten by Coverys Managing Agency Limited
Please click here for the Privacy Notice for business underwritten by DTW 1991