FedNat Insurance

FedNat Insurance
Monday, July 22, 2019

Privacy Policy

FedNat Holding Company Consumer Privacy Policy

Rev:  9/2018
Adopted:  5/2019

This Privacy Policy is provided by FedNat Holding Company and its affiliates, Century Risk Insurance Services, Inc., FedNat Insurance Company, Monarch National Insurance Company, FedNat Underwriters, Inc., and Insure-Link, Inc. (hereinafter collectively, “Company”). The Company is an insurance provider in a number of states in the southeastern United States, and provides services, such as binding coverage, underwriting and pricing insurance policies, and appointing retail insurance agents, in connection with FedNat Insurance Company, Monarch National Insurance Company as well as insurance policies offered by third-party insurance carriers (each a “Third-Party Carrier”).

The trust of our customers is the Company’s most valuable asset. The Company safeguards that trust by keeping non-public personal information about customers in a secure environment and using that information in accordance with this Privacy Policy.

This Privacy Policy includes examples of the types of non-public personal information we collect. These examples are illustrative and should not be considered a complete inventory of our information collection, use and sharing practices. In addition, you may have other privacy protections under some state laws. The Company will comply with applicable state laws regarding information about you. For example, certain state laws may restrict the types of information we may disclose about you or require us to provide you with additional notices.

Please note that this Privacy Policy will not apply to your relationships with other financial service providers, such as banks, credit card issuers, finance companies and independent insurance agents that are not part of the companies listed at the beginning of the Privacy Policy. Their privacy policies will govern how they collect, use and disclose personal information that you allow them to access.

Below is the Company’s privacy pledge to our customers:

The Company recognizes the importance of maintaining your privacy, and as a result, has established this Privacy Policy (“Privacy Policy”). Throughout the Privacy Policy, the terms “we,” “us,” and “our” refer to the Company and the terms “you” and “your” refer to any visitor to or user of the Website, including, but not limited to, visitors and users that are Producers, Authorized Employees, Customers, or Insured Parties each as defined herein). This Privacy Policy is intended to help you understand the types of information we may collect from you or that you may provide when you visit the Website, and describes our practices for collecting, using, maintaining, protecting and disclosing such information. This Privacy Policy applies to information we collect on or through the Website and does not govern information collected from you in any other manner.

By submitting Personal Data (as defined herein) through the Website, you: (i) agree to the terms of this Privacy Policy; (ii) expressly represent, warrant, and covenant that you have authorization to use and submit such Personal Data to us through the Website. You may choose not to provide certain information to us, but as a result, you may not be able to participate in certain activities or transactions provided on or through the Website. This Privacy Policy does not change or alter the terms of any other contract, policy or agreement between you and the Company or any Third Party Carrier.

Information We May Collect

Through the Website, we provide a platform that allows: (i) users to obtain information about the insurance policies provided by or through the Company (“Policy” or “Policies”); (ii) insurance agencies and agents to apply to become agencies or agents authorized by the Company to solicit and sell certain Policies to third-parties (“Producers”) (such third-parties to whom such Policies will be solicited or sold are referred to herein as “Customers”); (iii) individuals and entities insured under a Policy (“Insured Party or “Insured Parties”) to review and manage, and submit payments in connection with such Policy; and (iv) Producers and their Authorized Employees (as defined herein), through the Company’s Agent Portal, to submit payments, obtain and submit Policy-related information and documentation, including Policy applications, quote requests, endorsement and other policy change requests, and to review, track, and/or manage quote requests, application submissions, binders, issued Policies, Policy renewals as well as Producer’s production goals, Policy sales, and commission. We collect Personal Data solely for the purposes of providing these services and other services that we may offer on or through the Website from time to time but may collect non-personal information in order to operate, maintain, and improve the Website and our services.

“Personal Data” is defined as “any information relating to an identified or identifiable natural person (a ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, on online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person.” The Personal Data that we collect about you includes, but is not limited to, Producers’, Authorized Employees’, Customers’ and/or Insured Parties’ contact information (i.e. name, e-mail address, postal address, telephone number), employee identification numbers, government-issued identification numbers (i.e. social security numbers or driver’s license numbers), billing information (i.e., credit card or bank account information), as well as other information such as demographic data (i.e. gender, date of birth, employer and income) and information specific to the type of Policy requested or purchased, subject to the terms of this Privacy Policy, so that we can: (i) provide Producers and Insured Parties with a username and password to access specialized portions of the Website, such as the Agent Portal and the Insured Portal respectively; (ii) process payments through the Website; (iii) contact you to respond to inquiries related to the Website and/or related to purchasing products and services offered by or through the Company; (iv) review, consider, and/or process applications and supplemental documentation submitted through the Website, including applications submitted by agencies or agents desiring to become Producers, and Policy applications submitted through the Agent Portal; (v) provide Producers and Authorized Employees, through the Agent Portal, with quotes, binders and endorsements for Policies, and related status updates as well as information related to Producer’s Policy sales, commission, and production goals; and (vi) communicate with you to provide you with relevant information about the Company and the products and services it offers, including but not limited to, pricing, special promotions and discounts. In all of these cases, we will collect Personally Identifiable Information from you only if you voluntarily submit such information to us. Further, you agree that we may contact you based on the information you provide.

We may obtain information, including Personal Data, from third parties and sources other than the Website, such as our partners, affiliates, vendors, public records and data collection agencies, credit reporting agencies and health care providers such as doctors or hospitals (to determine your past or present health condition). We may also collect health information as we deem appropriate to determine eligibility for coverage, to process claims, to prevent fraud, and as authorized by you, or as otherwise permitted or required by law, however we will only process such health information with your explicit consent; or where the law otherwise allows. If we combine or associate information from other sources with Personal Data that we collect through the Website, we will treat the combined information as Personal Data in accordance with this Privacy Policy.

Our Security Procedures

The Company restricts access to Personal Data about you to persons and/or entities whom we determine have a legitimate business purpose to access such information in connection with the provision of products or services to you. The Company employs security techniques designed to protect our customer data. To prevent unauthorized access, maintain data accuracy, and ensure the correct use of Personal Data, we have put in place reasonable physical, electronic, and managerial procedures in line with generally accepted industry standards to safeguard and secure the Personal Data we collect online, and we make good faith efforts to store your Personal Data in a secure operating environment.

You must also seek to protect against unauthorized access to any information that you use in connection with the Website, and you should remember to close the browser when you step away from your computer and when you have completed your activities on the Website. If you choose to create an account on the Website (an “Account”), such as an Account for access to the Insured Portal or the Agent Portal, you must treat your user name, password or any other piece of information related to your Account (“Account Information”) as confidential, and except as otherwise stated herein, you must not disclose Account Information to any other person or entity.

A Producer may only disclose Account Information and/or grant access to such Producer’s Account on the Agent Portal to individuals employed by such Producer: (i) that are authorized by law, and by each Customer whose Personal Data is contained on such Account, to receive access to all information provided on the relevant Account; (ii) that are authorized by law to submit requests for Policy quotes, submit Policy applications, issue Policies, or report claims information; (iii) have agreed, in writing, to refrain from disclosing Account Information or any information obtained through the Account to any unauthorized person and to refrain from providing any unauthorized person with access to the Account; and (iv) whose access is necessary in order for Producer to perform its responsibilities under the Producer Agreement. The employees of a Producer that satisfy the requirements described in this paragraph are referred to herein as “Authorized Employees.”

You agree to notify us immediately of any unauthorized access to or use of your user name or password or any other breach of security. You also agree to ensure that you exit from your Account at the end of each session. Producers and Authorized Employees should refrain from accessing the Agent Portal from public or shared computers and should only access the Agent Portal from a personal computer located at the Producer’s office. Similarly, Customers or Insured Parties should only access the Insured Portal from a secure network connection and not from public or shared computers. When accessing other parts of the Website, you should use particular caution when logging into and viewing your Account, and when submitting Personal Data through the Website using public or shared computers so that others are not able to view or record your password or other information on your Account or otherwise.

In the event that we determine that there has been a security breach resulting in the unauthorized disclosure of Personal Data to a third party, we will notify individuals whose Personally Identifiable Information has been so disclosed as required by law.

Unfortunately, no data transmission over the Internet can be guaranteed to be absolutely secure. As a result, while we strive to protect Personal Data you submit to us, we cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If you believe your Personal Data has been compromised, please contact us as set forth in the “How to Contact Us” section.

Use and Sharing of Information

The Company facilitates the sale of insurance products offered by Third-Party Carriers and offers you the opportunity to conveniently store information on the Website, including your or your Customer’s contact information, insurance quotes previously obtained, insurance application statuses, Policy summaries, billing statuses and other information. If you request to purchase a Policy offered by a Third-Party Carrier, we will share this information with the Third-Party Carrier, solely in connection with providing the requested products and services.

The Personal Data the Company collects is used to provide customer service and administer your Account. The Company does not distribute or sell any information about current or existing Customers, Producers or Insured Parties. Further, the Company does not disclose Personal Data about former Customers or Insured Parties, or Customers or Insured Parties with inactive Accounts, except in accordance with this Privacy Policy.

Except as provided in this Privacy Policy, or as otherwise permitted or required under law, we reasonably attempt to ensure that we do not intentionally disclose any Personal Data submitted by you through the Website to any third party without having first received your consent (through your opting in or otherwise agreeing to the disclosure of such information).

We will release information, which may include Personal Data, as required by law to comply with any valid legal inquiry or process such as a search warrant, subpoena, statute or court order or to otherwise cooperate with law enforcement or other governmental agencies. We will also release specific information, which may include Personal Data, in special cases, such as if there is an attempted breach of the security of the Website or a physical or property threat to you or others. We also reserve the right to disclose Personal Data or other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Website and any facilities or equipment used to make the Website available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others. We may also transfer user information, including Personal Data, in connection with a corporate merger, consolidation, the sale of related assets or corporate division or other fundamental corporate change. Personal Data may be physically or electronically transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets, for the sole purpose of continuing the operation of the Website, and only if the recipient of the Personal Data commits to a Privacy Policy that has terms substantially consistent with this Privacy Policy. We may provide access to the Personal Data you submit to us, and other information to our contractors who are performing services for us in connection with our Website or in connection with the products or services that you have requested.

Additionally, we may use your Personal Data to enforce or apply our Terms of Use and other agreements, including for billing and collection purposes and/or if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, Third-Party Carriers, Insured Parties, our customers or others.

On occasion, we may collect Personal Data from you in connection with optional special offers or promotions. We will share such information with necessary third parties for the purpose of carrying out the special offer or promotion.

We also reserve the right to use your Personal Data to send you communications regarding changes to this Privacy Policy or the Terms of Use.

The Website Is Not Intended For Use By Individuals Under 18 Years of Age

No one under the age of 18 may provide any personal information on or through the Website. We do not knowingly collect personal information, including Personal Data, from anyone under 18. If you are under 18, do not: (i) use or provide any information on the Website or, on or through any of the features available on the Website; (ii) use any interactive features on the Website; or (iii) provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use. If we learn we have collected or received personal information from an individual under 18 without verification of parental consent, we will take appropriate steps to delete that information. If you are a parent or guardian and believe we might have any information from or about an individual under 18, please contact us via email at dataprivacy@fednat.com

To the extent that a minor has posted such content on the Website, the minor has the right to have this content deleted or removed using the deletion or removal options detailed in this Privacy Policy. If you have any question regarding this topic, please contact us as indicated in the “How to Contact Us” section of this Privacy Policy. Please be aware that, although we offer this deletion capability, the removal of content may not ensure complete or comprehensive removal of that content or information.

Data Transfer

If you are located outside the United States, we may transfer, process and store Personal Data we collect from you through the Website in centralized databases and with service providers located in the United States.

We comply with the US-EU Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Customers in the European Union member countries and Switzerland. We have certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Privacy Principles, the Privacy Shield Privacy Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov. The Federal Trade Commission (FTC) has jurisdiction over our compliance with the Privacy Shield. Our employees who handle Personal Data from Europe and Switzerland are required to comply with the Principles stated in this Policy.

We may provide Personal Data to Third Parties that act as agents, consultants, and contractors to perform tasks on behalf of and under our instructions. For example, we may store such Personal Data in the facilities operated by Third Parties. Such Third Parties must agree to use such Personal Data only for the purposes for which they have been engaged by us and they must either:

a. Comply with the Privacy Shield principles or another mechanism permitted by the applicable EU & Swiss data protection law(s) for transfers and processing of Personal Data; or

b. Agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy

Data Controller and Data Processor

We process Personal Data as both a processor and a controller as defined in the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter “GDPR”). For those located in the European Union, all processing of Personal Data performed in accordance with privacy rights and regulations in accordance with the GDPR.

For those located in the United States, we process data solely in data centers located in the US. We have adopted reasonable physical, technical and organizational safeguards that substantially mirror the European Union safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the data in our possession. Our policy is to protect and safeguard any Personal Data we obtain in accordance with United States state or federal laws governing the protection of personal information and data. Accordingly, we adhere to practices and policies that aim to safeguard the data.

Retention of Information

We only retain your Personal Data for as long as we need it to fulfill the purposes for which we have initially collected it, or such longer period as may be required by applicable law pertaining to records retention for our industry. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Electronic Communications and Opting in and Opting Out

We would like to send you information about the products we offer and other information about your Policy by mail, telephone and/or e-mail. We will not send such communications to you unless you opt-in to receive this information. You should have been given the option to opt-in to these communications when you provided us with your Personal Data. If you have not already opted-in and would like to receive this information, please refer to our GDPR form to opt-in.

You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted, for marketing purposes, please refer to our GDPR form to opt-out. You should be aware, however, that (i) it is not always possible to completely remove or modify information in our databases and servers, although we will always make reasonable efforts to do so upon your request, and (ii) we are unable to have your information removed from the records of any third party who has been provided with your information in accordance with this Privacy Policy. Further, if you elect to opt-out of receiving commercial email from us or otherwise modify the nature or frequency of communications you receive from us, it may take up to fifteen (15) business days for us to process your request. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Website.

Cookies and Other Technologies

The Website may use “cookies” and/or other technologies or files (collectively, “cookies”) to identify how visitors make use of the Website. Cookies are small text files stored on your device when you are on the Internet, including the Website. You have the ability to delete cookies from your device at any time or avoid cookies by configuring your browser to reject them or to notify you when a cookie is being placed on your device. By rejecting the cookies, however, you may be unable to fully access the offerings on the Website.

By browsing the Website, you accept the use of cookies in order to offer you advertising and other information tailored to your interests, to perform traffic statistics and to determine how you discovered the Website. Through the use of cookies, we may automatically collect certain non-personally identifiable information when you visit the Website, including, but not limited to, the time and date of your visit, the pages that you access, and the number of times you return to the Website. This information is not used to identify you but is used in the aggregate to help us improve and enhance the website experience for all of our visitors. For more information about the cookies we use, please see our cookies policy.

We may also automatically collect information through the use of clear gifs (also called Web Beacons and Web Bugs) in selected e-mail messages we send to you. These are tiny graphic files, not visible to the human eye, that are included in HTML-based e-mails and used to let us know which e-mails we send are opened. Clear gifs may also see or read cookies on your computer. This “automatically collected” information may include IP address or other device address or ID, web browser and/or device type, the web pages or sites visited just before or just after visiting the Website or opening an e-mail message sent by us, and the dates and times of the visit, access, or use of the Website. When authorized by us, third parties specializing in monitoring aggregate statistical use of the Website with whom we contract, may use cookies, our web log files, web beacons, and other monitoring technologies to compile anonymous aggregate data.

Additionally, we may use IP address information to count and track aggregate visits to the Website, to help diagnose problems with our server, and to administer the Website. We do not link IP addresses to anything personally identifiable, so while a particular user’s session can be tracked, the user remains completely anonymous.

Other Website and Links

The Website may include links to pages on third party websites, such as the Company’s social media pages, or other websites that we think will be of interest to you and are not operated by the Company. These third-party websites have separate data collection and privacy practices independent from ours, and the Company is not responsible for the policies or activities of such other websites. Please contact such third parties directly if you have questions about their privacy policies.

Your Rights

At any point while we are in possession of, or processing your Personal Data, you, the data subject, have the following rights:

– Right of access: You have the right to request a copy of the data we hold about you. Please contact our Data Protection Officer at dataprivacy@fednat.com if you wish to access the personal information the Company holds about you.

– Right of rectification: You have the right to correct data we hold about you that is inaccurate or incomplete. If that data has been passed on to a third party with your consent or for legal reasons, then we must also ask them to rectify the data. Please contact Please contact our Data Protection Officer at dataprivacy@fednat.com if you need us to rectify any of your information.

– Right to be forgotten: This is sometimes called the ‘right to erasure.’ In certain circumstances, you can ask for the data we hold about you to be erased from our records. If you want us to erase some or all of your Personal Data, and we do not have a legal reason to continue to process or hold it, please contact our Data Protection Officer at dataprivacy@fednat.com

– Right to restriction of processing: You have the right to ask us to restrict how we process your data. This means we are permitted to store your data, but not further process it. We will keep just enough data to make sure we respect your request in the future. If you want the Company to restrict the processing of your data, please contact our Data Protection Officer at dataprivacy@fednat.com.

– Right of portability: We are required to allow you to obtain and reuse your Personal Data for your own purposes across multiple services in a safe and secure way without affecting the usability of your Personal Data. If you want information on how to port your data to another organization, please contact our Data Protection Officer at dataprivacy@fednat.com. Please note that this right only applies to Personal Data that you have provided to us as the Data Controller and that this data must be held by us by either your consent or for the performance of a contract.

– Right to object: You have the right to object the Company processing your Personal Data, even if it is based on our legitimate interests, the exercise of official authority, direct marketing (including data aggregation) and the processing for the purposes of statistics. If you wish to object to the processing of your Personal Data, please contact our Data Protection Officer at dataprivacy@fednat.com.

– Right to object to automated processing, including profiling: You have the right not to be subject to the legal effects of automated processing or profiling. If you wish to object to the processing of your Personal Data, please contact our Data Protection Officer at dataprivacy@fednat.com.

– Right to review: In the event we refuse your request under any of the above rights, we will provide you with a reason as to why. You will also have the right to lodge a complaint, as outlined below.

– Right to withdraw consent: If you have given us your consent to process your Personal Data but change your mind later, you have the right to withdraw your consent at any time and we must stop processing your data upon request. If you wish to withdraw your consent, please contact our Data Protection Officer at dataprivacy@fednat.com.

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply. Should we determine that you are not entitled to exercise that right, we will provide you with the reason(s) for the denial. Also, please note that the erasure of your data may be subject to our records retention policy or applicable law. Should the data you seek to have erased fall within an area where we are under a legal requirement to retain such data for a certain period of time, we will retain that data in accordance with our legal obligations.

You may decline to share certain Personal Data with us, in which case we may not be able to provide to you some of the features and functionality of the Website.

At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy granted by applicable data protection laws has been infringed upon, please contact our Data Protection Officer at dataprivacy@fednat.com. You also have a right to lodge a complaint with data protection authorities.

Changes to the Privacy Policy.

We encourage you to review our Privacy Policy not just the first time you visit the Website but periodically afterwards since we may modify our Privacy Policy from time to time. The date of the last update of the Privacy Policy will always be posted below:

This Privacy Policy was Last Revised September 2018.

If we make any substantive changes to our Privacy Policy in the future with regard to how we use Personal Data, we will incorporate those changes here. Your continued use of the Website after the changes are posted constitutes your agreement to the changes, both with regard to information we have previously collected from you and with regard to information we collect from you in the future. If you do not agree to the changes, please discontinue use of the Website. Lastly, if the Company is sold or merged with another company, your Personal Data and any other Personal Data submitted by you may be included as part of the sale. In this case, your Personal Data and the Personal Data submitted by you will be maintained in the same manner as described in the Privacy Policy unless you’re notified that the Privacy Policy has been changed.

How to Contact Us

If you have any questions or comments about this Privacy Policy, the practices of any of the Website, or your dealings with the Company we encourage you to contact the Company at:
FedNat Holding Company
14050 NW 14th Street, Suite 180
Sunrise, FL 33323
Telephone: (800) 293-2532
E-mail: dataprivacy@fednat.com

We value our relationship with you and appreciate the opportunity to bring you quality products and services.