Notice of Online Privacy Policies
(last revised August 1, 2023)
Welcome
Welcome! We are The Gray Insurance Company. We are a Louisiana-based insurance provider with operations throughout the United States of America. We put together this Notice of Online Privacy Policies (this “Privacy Notice”) to provide important information about how we handle certain kinds of personal data about you and others. If you are looking for other information, you can learn more about us by visiting our main website (https://www.grayinsco.com).
At The Gray Insurance Company, we specialize in supporting companies that operate in the construction, energy, and transportation industries. With over 60 years of experience insuring business customers in those industries, our vision is to be the leader in our market by changing how people think about insurance. We work to realize this vision by offering exceptional products and services and providing value through a workforce inspired to serve our customers and communities.
To realize our vision and operate our business, we process and use personal data in ways like other insurance providers, including to provide requested products and services or to process and resolve claims. In this Privacy Notice, “personal data” means information in a digital format that both identities, or can be used to identify, specific individuals (like you) and is covered by applicable data security and privacy laws. For example, personal data may include such information as name, address, phone number, email address, credit history, social security number, driver’s license number, credit or debit card number, policy or claim information, automobile and home information, health information, username and passwords for online accounts, telematics, and geolocation data. If you apply for a job or register with our career center, personal data includes information about your work and educational history, and other information you choose to provide in connection with your application. Personal data also includes “non-public financial information” under federal and state laws regulating licensed insurers. This Privacy Notice does not cover other types of data we may process or use, like anonymized data or other unregulated data.
This Privacy Notice explains how we handle personal data that we collect, store, or share on or through our Online Resources. Your access to and use of our Online Resources are governed by the Online Resources Terms of Use [https://www.grayinsco.com/terms-of-use] (the “Terms of Use”). The Terms of Use embody a binding contract between us (The Gray Insurance Company) and each end-user of our Online Resources, including you. Accordingly, you must review, accept, and comply with the Terms of Use to access or use any Online Resources, and capitalized terms used but not defined in this Privacy Notice have the meanings set forth in the Terms of Use.
Although this Privacy Notice is not a separate contract, it provides important disclosures and other information about how we handle personal data about you and others, so you can make an informed decision about whether you want to use our Online Resources available to you or provide us with personal data for such use. Before accessing any Online Resources or providing us with personal data, please read this Privacy Notice carefully and make sure you (and anyone you represent) consent to the discussed policies and practices in full. Unless a Separate Contract states otherwise, we rely on your consent to the policies and practices discussed in this Privacy Notice to both accept personal data from you and facilitate personal data processing through our Online Resources.
IF YOU DO NOT FULLY CONSENT TO THE POLICIES DISCUSSED IN THIS NOTICE AND FULLY COMPLY WITH THE TERMS OF USE, YOU ARE NOT AUTHORIZED TO ACCESS OR USE ANY OF OUR ONLINE RESOURCES. THESE CONDITIONS ARE ONGOING AND APPLY EVERY TIME YOU ACCESS OR USE OUR ONLINE RESOURCES, SO MAKE SURE YOU REVIEW ANY UPDATES TO THIS NOTICE AND THE TERMS OF USE IN ADVANCE.
Introduction
This Privacy Notice has a limited scope and covers certain kinds of personal data.
This Privacy Notice only deals with personal data processed through our Online Resources or related electronic communications, including personal data you send us in a digital format for use on or with our Online Resources. This Privacy Notice does not apply to information we collect from other sources for purposes unrelated to our Online Resources (which may be subject to other privacy policies).
This Privacy Notice reflects our current policies and practices, which are subject to change.
This Privacy Notice provides important information about our privacy policies and practices for our Online Resources and reflects aspects of our current data security and privacy program, which is subject to change. Although this privacy notice is designed to give you sufficient information to determine if you are comfortable using our Online Resources (given the stated privacy policies), it is not meant to be overly detailed or comprehensive. We take a generalized approach here to prevent bad actors from learning too much about the specific security strategies we employ to protect your personal data. Please see the contact information at the end of this Privacy Notice if you wish to contact us with your requests, questions, or feedback.
Do not use our Online Resources or provide us your personal data if you are under 18 years old.
Our Online Resources are designed to be used by adults (18 years old or older), only. You may not use our Online Resources or provide us your personal data if you are under 18 years old.
Do not use our Online Resources or provide us your personal data if you do not consent to this Privacy Notice.
Please review this Privacy Notice carefully. If you use our Online Resources, you are demonstrating your consent to the privacy policies and personal data processing activities described in this Privacy Notice. We rely on that demonstration to provide you access to our Online Resources and facilitate personal data processing activities by you and others. IF YOU DO NOT CONSENT TO STATED POLICIES AND ACTIVITIES IN THIS PRIVACY NOTICE, YOU MAY NOT USE OUR ONLINE RESOURCES OR OTHERWISE GIVE US YOUR PERSONAL DATA.
We will handle updates to this Privacy Notice in accordance with change notice provisions in the Terms of Use.
We may change this Privacy Notice at any time in accordance with the change notice provisions set forth in the Terms of Use. Actual notice of changes is not required if we took reasonable steps to notify you. We expect you to check your User Account and provided e-mail account often so you can review change notices in a timely manner.
A Separate Contract may govern how we process and use your personal data.
A Separate Contract may apply to your use of our Online Resources and our related privacy obligations. If you are using our Online Resources as a representative, you may have additional rights and obligations under the applicable Separate Contract and you are responsible for checking with the appropriate company contacts to determine what those possible rights and obligations entail. To the extent there is any material conflict among terms, the applicable Separate Contract supersedes this Privacy Notice to the extent necessary to resolve that conflict.
This Privacy Notice applies to our Affiliates as well as us.
This notice applies to us and our Affiliates, including:
- The Gray Casualty & Surety Company (www.graysurety.com);
- Gray Specialty (www.grayspecialty.com); and
- Gray Surplus Lines Insurance Company (www.graysurpluslines.com).
Purpose & Use
We process and use your personal data for different purposes related to our business operations.
We use personal data about you and others for different purposes related to our business operations, including:
- to provide you access to and the opportunity to use our Online Resources, including related content and information;
- to provide you (or someone you represent) other products or services requested by you (or someone you represent);
- to give you notices about your User Account or other information relevant to your use of our Online Resources;
- to carry out our obligations and enforce our rights arising from any contracts entered into between you (or someone you represent) and us, including the Terms of Use, or any Separate Contract with a Customer or Third-Party Provider that you represent;
- to notify you when updates are available or changes are made to our Online Resources or other products or services we offer;
- to improve our Online Resources and to deliver a better, more personalized end-user experience;
- to operate our business, such as to: provide a quote, underwrite and rate policies, respond to your inquiries, fulfill your requests, and complete your transactions; to process claims; to service your or your company’s insurance; to confirm or correct what we know about you; to help us prevent fraud and other crimes; to investigate security incidents; to provide location-based services, such as roadside assistance; to record telematics and trip information, if you participate in our voluntary telematics programs; or support other business purposes;
- to fulfill any other purpose for which the data is provided; and
- as otherwise allowed by applicable law.
We will comply with applicable data security and privacy laws when processing and using your personal data.
We follow applicable privacy and data security laws when processing your personal data. By “applicable privacy and data security laws,” we mean the laws that govern our and our Affiliates’ processing and use of regulated personal data in jurisdictions we and our Affiliates operate in, subject to available exclusions, exceptions, and safe harbor rules that allow us to maintain consistent policies and practices across those jurisdictions.
We reserve the right to utilize personal data in legally permissible ways that align with our internal policies and contractual rights and obligations.
While we strive to respect everyone’s reasonable choices about how their personal data is handled, we reserve the right to process and use personal data in any way we consider appropriate and compliant with our obligations under binding contracts and applicable data security and privacy laws. This Privacy Notice does not limit our ability to process or use personal data in any manner that is not legally prohibited. This Privacy Notice also does not impose any additional obligations on us apart from the Terms of Use or a Separate Contract that incorporates this Privacy Notice. We must agree to any such additional obligations in a Separate Contract signed by our authorized representative for such obligations to be binding on us.
Collection
We collect different types of personal data about you and others from a variety of sources.
We collect personal data about you and other individuals from various sources, including personal data collected:
- from you, when you provide it to us, such as when you submit an online form or send us electronic communications with direct identifiers and contact information (e.g., your name, mail address, email address, telephone number, social security number, and date of birth);
- from your use of our Online Resources, such as when our system automatically collects information about the device or browser you use to access our Online Resources or collects information using tracking technologies (e.g., cookies and web beacons) to track your activity on our Online Resources;
- from transactions we are involved in, such as when you are designated as a representative for one of our Customers or Third-Party Providers or when you are involved in an application, quote, or claim;
- from our inhouse or outsourced due diligence efforts, such as when we investigate claims made against insurance policies we issue or have independent insurance adjusters compile information on our behalf; and
- from other third parties and public sources of information.
We may collect your personal data as a data processor for third parties.
We collect personal data about you and others from third parties and other sources for the purposes described above. For example, we may collect your personal data from your employer to link your User Account with the employer’s Customer or Third-Party Provider account. When we process your personal data on behalf of a Customer, Third-Party Provider, or other covered entity under applicable data security and privacy laws, we are acting as a so-called “data processor” and may need to adjust our typical policies and practices in response to the data controller’s lawful instructions. When acting as a data controller’s data processor, we take direction from that entity on how to respond to related data subject requests and data security breaches.
Be careful when providing personal data in response to unsolicited requests.
You should take precautions before providing your personal data in response to unsolicited requests, such as an unsolicited email or phone call, because such requests may come from third parties pretending to be us.
If you provide us with personal data about others, you represent to us you have authority to do so.
If you submit any personal data relating to other people to us, our Affiliates, or our service providers, you represent that you have the authority to do so and to permit us to use the information in accordance with the policies and practices stated in this Privacy Notice.
Storage & Security
We have taken measures to secure your personal data when it is in our custody.
We have implemented measures designed to secure your personal data in our custody from accidental loss and unauthorized access, use, alteration, or disclosure. We maintain administrative, physical, and technical safeguards that comply with federal regulations to guard your personal data. For example, the personal data you provide to us is stored on secure servers behind firewalls (which may take the form of a virtual private computer) and displayed on our Online Resources in a secure remote viewing portal. However, these and other security measures may change in response to market, industry, and technology changes.
We retain your personal data in accordance with our data retention policies and applicable law.
We retain your personal data for as long as necessary to maintain the integrity of our Online Resources or for other legitimate purposes, like complying with legal requirements, processing claims, handling potential disputes, and fulfilling contractual obligations. Actual retention periods vary subject to our retention policies and legal disposal or retention requirements.
You are also responsible for securing your personal data when using our Online Resources, such as by preventing others from accessing your User Account.
The safety and security of your personal data also depends on you. Where we have given you (or where you have chosen) a password for access to Restricted Access Resources, you are responsible for keeping the password confidential and secure. Do not share your password with anyone. You are responsible for taking other appropriate steps to protect your device and User Account from unauthorized or unmonitored access.
Our Online Resources may store or access personal data on your device. You may be able to manage applicable storage preferences through your device’s settings. You are responsible for the security of your device, including setting up access procedures and downloading software patches. We are not responsible for any security failure involving your device.
Despite our efforts, we cannot guarantee that your personal data will be secure.
We do not guarantee that data security breaches will not happen and we are not responsible for unaffiliated third parties or their activities. Unfortunately, the transmission of information via the Internet and digital platforms (like our Online Resources) is not completely secure. Although we work to protect your personal data, we cannot guarantee the security of your personal data transmitted through our Online Resources. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures we provide. We are also not responsible for other data security breaches not directly caused by our intentional actions or gross negligence. We are only responsible for third parties acting on our behalf and under our supervision. We are not responsible for other third parties (including Third-Party Providers) or their data processing activities.
Sharing & Transfers
We share your personal data for different purposes related to our business operations and your preferences.
We may share personal data about you and others with our Affiliates and personnel in the course of conducting our business and as permitted by applicable law. In addition, we may disclose personal data we collect or you provide:
- to third parties to support our business, including independent agents or brokers, other insurance companies, regulators, administrators, and service providers that provide services such as website hosting, data analysis, payment processing, information technology and related infrastructure provision, email delivery and other services;
- to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data about customers and end-users is among the assets transferred;
- to Third-Party Providers to provide their products or services to you (or someone you represent) if you have ordered those products or services;
- to government agencies and other third parties as necessary to comply with any court order, law, or legal process, including to respond to any government or regulatory request, to comply with other applicable law, including mandatory reporting requirements, or to participate in fraud detection and prevention programs;
- to third parties in other cases if you consent to such disclosure or in order to fulfill the purpose for which you provide it, to fulfill any other purpose disclosed by us when you provide it, or as otherwise permitted by applicable law;
- to enforce our rights arising from any contracts between you (or someone you represent) and us, including our Terms of Use, and for billing and collection; or
- as otherwise allowed by applicable law.
However, we do not independently sell your personal data to third parties.
We have taken measures to secure your personal data when we share it with third parties.
We have implemented measures designed to secure your personal data when it is shared with third parties. However, these and other security measures may change in response to market, industry, and technology changes.
Legal Proceedings
We may disclose, process, or use your personal data to comply with legal disclosure requirements or comply with or take advantage of discovery rules.
We may be compelled to share personal data about you. Likewise, if we are involved in litigation or another legal proceeding, discovery rules may apply to personal data about you, whether that data is in our custody or control or we seek to legally obtain that data from someone else. US law requires parties and non-parties served with a discovery request to produce documents and information responsive to the request, subject to the producer’s objections. The producer must produce documents if it has no basis to withhold them or if a US court orders their production. For this reason, we may be compelled to produce, or may be entitled to obtain, personal data about you in discovery, and we reserve all rights to make or obtain such disclosures under applicable law. The only restrictions on our processing or use of personal data in a legal proceeding or dispute resolution process are those restrictions explicitly provided by the applicable data security and privacy laws for that proceeding. We do not agree to or recognize any other restrictions in such cases.
Your Rights & Choices
You may have options regarding how we process or use personal data about you under a Separate Contract.
If a Separate Contract governs your use of our Online Resources, then the Separate Contract may provide you with options to alter the policies and procedures described in this Privacy Notice for your personal data. Please refer to the Separate Contract for more information.
You may also have certain privacy rights under applicable law and may exercise those rights by contacting our privacy team.
You may have certain rights to control how we process or use your personal data depending on your relationship with us and the laws governing that relationship. For example, you may have the right to exercise options about how we share your personal data with others when that right is set forth in applicable data security and privacy laws. If you believe you have any such rights and would like to exercise them, please contact us and include reasonably detailed information so we can assist with your request. Contact information can be located at https://grayinsco.com/contact/.
Contact Us
You can contact us if you have questions, complaints, or feedback.
If you have other questions or feedback about this Privacy Notice or our personal data processing practices, please contact us. Contact information can be located at https://grayinsco.com/contact/.