PRIVACY POLICY FOR FALCON RISK SERVICES

*Last updated August 17, 2023.

Your privacy is important to us. At Falcon Risk Services (hereinafter referred to as “Falcon”), we are committed to protecting non-public personal information as required by law. This Privacy Policy explains how we collect, use, store, and protect personal information. We are committed to safeguarding privacy and ensuring the confidentiality and security of personal data. Please take a moment to review this policy to understand how we handle information.

What is Personal Information?

In this privacy policy, references to ‘Personally Identifiable Information (PII)’, “personal information”, or “personal data” are references to information that relates to an identified or identifiable individual. Some examples of personal data are your name, company, e-mail address, address, social security number, and telephone number but it may also include information such as your IP address and location, in certain jurisdictions.

1. Information Collection:

We collect personal information from various sources, including:

  • Information provided by you: We collect personal information when you apply for insurance, make a claim, or interact with us in any other way.
  • Information from third parties: We may obtain information from third parties, such as brokers, agents, credit agencies, data providers or other insurance companies, to assess risks, underwrite policies, process claims, or comply with legal requirements.

The information we receive about you or from you may be used by us to process your inquiry or request, to comply with any law, regulation, or court order, and to help improve our website or the products or services we offer.

2. Use of Information:

We use the collected information for the following purposes:

  • Assessing insurance risks and underwriting policies.
  • Processing applications, policy renewals, and policy changes.
  • Providing policy quotes and insurance services.
  • Evaluating and processing claims, including investigating, and settling claims.
  • Communicating with you regarding policies, claims, or other insurance-related matters.
  • Conducting internal research, analysis, and quality assurance to improve our products and services.
  • Complying with legal obligations and regulations.

3. Promotional Messaging or Advertising:

Any Promotional Messaging or Advertising material is for general informational purposes only and does not constitute an offer to sell or a solicitation of an offer to buy any product or service.

4. Information Sharing:

We may share personal information with the following categories of third parties:

  • Service Providers: We may engage trusted third-party service providers to assist us in delivering our services, such as claims adjusters, reinsurers, IT providers, or legal advisors.
  • Business Partners: We may share information with our business partners when necessary to provide you with requested services or products. For example, Falcon may share the information with a Third-Party Administrator in order to process the claim. The information may be shared with another carrier in a subrogation situation. It may also need to be shared with a state regulator upon request.
  • Regulatory Authorities: We may disclose information to comply with legal obligations or respond to regulatory or government requests, such as reporting claims data to insurance regulators.
  • Affiliated Companies: We may share information with our affiliated companies for administrative purposes or to offer you related products or services that may be of interest to you. We will only do so if permitted by applicable law or with consent, if required.
  • If Personal Information is provided to any of these third parties, we will require that they maintain such information in strictest confidence in compliance with this policy.
  • We will not add your name to mailing lists unless you specifically request that we do so. We do not share, sell, lease, or rent our mailing or customer lists to third parties with the exception of the third parties noted previously in this section. 

We take reasonable steps to ensure that these third parties handle personal information securely and in accordance with applicable privacy laws.

5. Data Security:

We implement appropriate technical and organizational measures to protect personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Secure storage and transmission: We use industry-standard encryption and secure storage systems to protect data.
  • Access controls: Access to personal information is restricted to authorized personnel on a need-to-know basis.
  • Regular security assessments: We conduct regular assessments of our systems and procedures to identify and address vulnerabilities.
  • Employee training: We provide training to our employees on data protection and privacy best practices.

In the event of a data breach that compromises personal information, we will take immediate steps to mitigate the breach, notify affected individuals, and comply with applicable legal requirements. As noted above, although we take appropriate measures to protect the security of the information communicated through the website, no Internet connected computer system can be made absolutely secure from intrusion. We, therefore, cannot and do not guarantee that information communicated by you to us will be received or that it will not be altered before or after its transmission to us. If you elect to use the website to communicate with us, you do so at your own risk. 

6. Individual Rights:

You have certain rights regarding your personal information, including:

  • Right to access: You can request a copy of the personal information we hold about you.
  • Right to rectification: You can request the correction or update of inaccurate or incomplete information.
  • Right to erasure: You can request the deletion of your personal information, subject to legal obligations or legitimate interests.
  • Right to object: You can object to the processing of your personal information for certain purposes, such as direct marketing.

To exercise these rights or make any inquiries related to your personal information, please contact us using the contact details provided at the end of this Privacy Policy. We will promptly respond to your request.

7. Ability to Opt-in/Out:

If we propose to use your personal information for any purposes other than those described in this Policy and/or in the specific service notices, you may "opt-out"—or say no to—having your information shared by contacting us through details provided at the end of this Privacy Policy. We will not collect or use sensitive information for purposes other than those described in this Policy and/or in the specific service notices unless we have obtained your prior consent.

If you do choose to decline to submit personal information to any of our services, there may be some instances in which we may not be able to provide those services to you.

8. Cookies and Tracking Technologies:

This website may use "cookies" to enhance your viewing experience. A cookie is a tiny element of data that is sent to your browser to be stored on your hard drive so that we can recognize you when you return. You may set your browser to notify you when you receive a cookie and either accept or decline the cookie. You may also delete all cookies from your browsers’ history at any time.

Please note, if you reject or delete cookies stored from this website, it is possible that some web pages may not load properly, your access to certain information might be denied, or you might be required to enter information more than once. 

9. The Health Insurance Portability and Accountability Act of 1996 (HIPAA):

Falcon is required by law to take reasonable steps to ensure the privacy of your personally identifiable health information, and to inform you about:

  • The Company's uses and disclosures of Protected Health Information ("PHI");
  • Your privacy rights with respect to your PHI;
  • The Company's duties with respect to your PHI;
  • Your right to file a complaint with the Company and to the Secretary of the U.S. Department of Health and Human Services ("HHS"); and
  • The person or office to contact for further information regarding the Company's privacy practices.

PHI includes all individually identifiable health information transmitted or maintained by Falcon regardless of form (e.g. oral, written, electronic). A federal law, the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), regulates PHI use and disclosure by Falcon. You may find these rules at 45 Code of Federal Regulations Parts 160 and 164. 

10. State Specific Privacy Laws:

Many states and territories have their own privacy regulations which apply to individuals and corporations that live or do business in, frequent, or offer goods and services to its residents. The individual laws of these states vary and as such you should familiarize yourself with your individual state laws. 
Addendum 1 which can be found at the end of this notice summarizes each current state privacy regulation. 

11. Special Disclosures:

Collection of Information from Children

Our Services and Site are not directed at children under the age of 13, and we do not knowingly collect Personal Information from children under the age of 13. It is our procedure to promptly delete any Personal Information collected from a child under the age of 13 upon discovery of such a circumstance. If you believe that we may have collected Personal Information from a child under the age of 13, please contact us using the contact information at the end of this Policy and we will take appropriate steps to rectify this inadvertent collection.

For more information about protecting your child's privacy online, visit the Federal Trade Commission website at https://www.ftc.gov.

12. Other Considerations:

When you use some Falcon products, services, or applications or post on a Falcon forum, chat room, or social networking service such as Facebook, Twitter, or other such social media sites, the personal information and content you share is visible to other users and can be read, collected, or used by them. 

13. Policy Updates:

This privacy policy may be updated periodically. You are encouraged to review the policy periodically to stay informed about how your personal information is handled.

14. Contact Information:

If you have any questions or comments in regard to this privacy statement, or if you have any concerns as to the validity of information made available within these pages, we recommend you seek verification by contacting us via our ‘Contact Us’ page or via Compliance@falconriskservices.com.

Please note that we may update and modify this Privacy Statement. It remains your responsibility to access and check these terms and conditions whenever you access the Website as the latest version of these terms and conditions will govern. We do not accept any liability for any errors or omissions.

Email: Compliance@falconriskservices.com 

Postal Address:
Falcon Risk Services
Attn: Compliance Division
225 Liberty St
Floor 36
New York, NY 10281

 

Addendum 1

California Privacy Rights

California Civil Code Section §1798.83 and the California Consumer Privacy Act (CCPA) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. The CCPA also provides California residents the right ‘To Be Forgotten’ by a company.

A California resident has the right to know what Personal Information is collected, used, disclosed, or sold, to delete any Personal Information collected, to opt-out of the sale of Personal Information, and to not be discriminated against for exercising such rights.

Right to Know

A California resident has the right to request that we disclose what Personal Information we collect, use, disclose, or sell. You may request that we disclose the following information upon receipt of a verifiable consumer request:

  1. The categories of Personal Information collected and categories of sources from which the Personal Information is collected.
  2. The business or commercial purpose for collecting or selling Personal Information.
  3. The categories of third parties with whom we share Personal Information; and
  4.  The specific pieces of Personal Information we have collected about you.

Right to Delete

As a California resident, you have the right to request that we delete any Personal Information about you which we have previously collected. If it is necessary for us to maintain the Personal Information for certain purposes, we are not required to comply with your deletion request. If we determine that we will not delete your Personal Information when you request us to do so, we will inform you and tell you why we are not deleting it.

Right to Opt-Out of Sale of Personal Information

We do not sell Personal Information, including the Personal Information of minors under the age of 16. However, pursuant to applicable law, a California resident may request that their information not be sold in the future. To do so please send a request via our ‘Contact Us’ page.

No Discrimination

You have the right not to be discriminated against because you exercised any of your rights under the CCPA.

If you would like to exercise any such rights, please send a request via our ‘Contact Us’ page.

 

Virginia Consumer Data Protection Act

The Virginia Consumer Data Protection Act (VCDPA) provides consumers with certain rights related to their personal data. Under the Act, these rights include:

  1. The right to know, access, and confirm personal data.
  2. The right to delete personal data.
  3. The right to correct inaccuracies in personal data.
  4. The right to data portability (i.e., easy, portable access to all pieces of personal data held by a company);
  5. The right to opt out of the processing of personal data for targeted advertising purposes.
  6. The right to opt out of the sale of personal data.
  7. The right to opt out of profiling based upon personal data; and
  8. The right to not be discriminated against for exercising any of the foregoing rights.

If you are a Virginia resident and would like to exercise any such rights, please send a request via our ‘Contact Us’ page.

 

Colorado Privacy Act

The Colorado Privacy Act (CPA) provides consumers with certain rights related to their personal data.

The CPA provides five main rights for the consumer.

Right of access. You have the right to confirm whether a controller is processing your personal data and to have the sole right to access your personal data.

Right to correction. You have the right to correct inaccuracies in any personal data, taking into account the nature of the personal data and the purposes of the processing of your personal data.

Right to delete. You have the right to delete personal data concerning the consumer.

Right to data portability. You have the right to obtain your personal data in a portable and, to the extent technically feasible, readily usable format that allows you the consumer to transmit the data to another entity without hindrance.

Right to opt out. You have the right to opt out of the processing of your personal data purposes of:

  • targeted advertising.
  • the sale of personal data; or
  • profiling in furtherance of decisions that produce legal or similarly significant effects on you as the consumer.

Right to appeal. The CPA also provides you with the right to appeal a business’ denial to take action within a reasonable time period. A business must respond to a request within 45 days of receipt and may subsequently extend that deadline by an additional 45 days when reasonably necessary. When a business elects to extend that deadline, it must notify you within the initial 45-day response period.

If you are a Colorado resident and would like to exercise any such rights, please send a request via our ‘Contact Us’ page.

 

Connecticut Data Privacy Act  (CTDPA)

The CTDPA gives Connecticut residents certain rights over their personal data and establishes responsibilities and privacy protection standards for data controllers that process personal data. It protects a Connecticut resident acting in an individual or household context, such as browsing the Internet or making a purchase at a store.

What is considered personal data: Personal data is any information that can be linked to an identifiable individual, excluding publicly available information. Examples of personal data include: a home address, a driver’s license or state identification number, passport information, a financial account number, login credentials, and payment card information.

Access. Consumers have the right to confirm whether a controller is processing their personal data and access such personal data, unless such actions reveal a trade secret.

Correction. Consumers have the right to correct inaccuracies in their personal data (with some limitation).

Deletion. Consumers have the right to delete personal data provided by or about the consumer.

Data portability. Consumers have the right to obtain a portable copy of their personal data to the extent technically feasible and provided the controller will not be required to reveal any trade secret.

Opt-out of certain data processing. Consumers have the right to opt out of the processing of personal data for purposes of:

  1. targeted advertising,
  2. the sale of personal data or
  3. profiling in connection with automated decisions that produce legal or similarly significant effects concerning the consumer.

Designation Rights: Consumers have the sole right to designate another person as an authorized agent to exercise the right to opt out on their behalf.

To make any such request as a resident of the State of Connecticut, please send a request via our  ‘Contact Us’ page.