PLEASE READ THIS PRIVACY STATEMENT CAREFULLY BEFORE USING THIS WEBSITE.
Last updated: February 7, 2023
About us and scope
Personal Information We Collect
We collect information that identifies, describes, relates to or is reasonably capable of being associated with you (“Personal Information”) on our Sites and in the course of providing our Services. The types of Personal Information that we collect vary depending on your relationship with us. For example, we collect and use different Personal Information according to whether you are an insured policyholder, a claimant, a customer to whom we provide inspection services, or a visitor of our Site(s). When you provide Personal Information to us about other individuals (for example, where you are a customer to whom we provide services and you provide us with Personal Information about your employees or your own customers), we will collect, use and disclose such Personal Information in accordance with this Privacy Statement. You must be authorized by the individual(s) to provide us with their Personal Information and it is your responsibility to refer such individuals to this Privacy Statement before providing us with Personal Information on their behalf.
We collect and use Personal Information to fulfill our intended business purposes. Personal Information does not include publicly available information or deidentified or aggregated information.
We may collection Personal Information directly from you and from other sources on our Sites and to provide our Services. The Personal Information collected may include:
- Individual Identifiers and Contact Information (which may include Family Members) such as full name, address, email address, telephone number, job title, company name, passwords on our systems, and relationship to the policyholder, insured, or claimant.
- Government-Issued Identification Numbers such as social security or national insurance number, driver’s license number or other government-issued identification numbers.
- Account Information such as your email, phone number, username and password if you create an account with us.
- Policy or Claims Information such as information and materials you provide to us in connection with your policy or as part of a claim, and other information you choose to provide to us.
- Financial Information and Account Details such as payment card number, bank account number or other financial account number and account details, billing address and other related information.
- Contents of Communications you choose to provide to us such as your emails, messages, and information you provide through online web forms.
- Telephone Recordings with our representatives and call centers for quality assurance and training purposes.
- Photographs and Video Recordings in connection with our insurance or business activities, including claims adjudication, disputes, or for other relevant purposes as permitted by law.
- Marketing preferences, customer feedback, online forms and survey responses such as information about the types of Services you use, your marketing and communication preferences, voluntary survey responses, account preferences, and any other information you choose to provide.
- Information We May Collect Automatically if you provide prior affirmative consent to us, such as IP address, unique device ID, device type, network and browsing history, interaction with our Sites and Services, and geolocation information.
- Supplementary Information from Other Sources such as publicly available information from social media services, information from commercially available sources and information from our affiliates, business partners and vendors such as agents, brokers, administrators, adjusters and other representatives. Examples include information about your insurance coverage or claim information.
Business and Commercial Purposes for Which Personal Information is Collected and Used
The categories of Personal Information described above are collected and may be used and disclosed for the following business or commercial purposes:
- to provide you with, renew or modify products and services;
- to provide you with the information and documents you request and for other customer service purposes;
- to process claims and other legal actions;
- to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing, collections and payments;
- to deliver marketing communications or promotional materials that may be of interest to you and to assist us in determining relevant advertising;
- for advertising and marketing purposes, as well as underwriting and claims assessment and actuarial purposes, we may share your information with analytics service providers;
- to improve, enhance, and maintain the quality of services we provide and the usefulness of our websites, mobile applications and online services;
- to customize your experience and to analyze use of our websites, mobile applications and online services;
- to anonymize and aggregate data and reports to assess, develop and improve our products and services and for other analytics and research purposes;
- to comply with applicable laws;
- to respond to law enforcement requests, court orders or regulations, subpoenas, search warrants, other legal processes, or to perform other reporting obligations, as required by applicable law;
- to perform research, testing and product development and demonstrations;
- to prevent and detect fraudulent, malicious, deceptive, infringements of our policies and contracts and other potential misuse of or illegal activity relating to our products, services and assets;
- to carry out actuarial analysis and develop our actuarial and pricing models;
- to assist our affiliates in their everyday business purposes;
- to provide training or organize events;
- to investigate privacy, security or employment-related incidents;
- to refer you to our third-party partners as part of a referral program;
- to conduct financial, tax and accounting audits, and audits and assessments of our business operations or security and financial controls;
- to plan, engage in due diligence for, and implement commercial transactions;
- for employment-related purposes including but not limited to recruiting, hiring, onboarding, performance reviews and staffing decisions; human resource management services; administration of employee benefits, compensation and expenses; maintenance of contact information; conducting healthcare-related services; and provide alerts and notices;
- to evaluate or conduct a merger, acquisition, restructuring, reorganization, divestiture, dissolution or other sale or transfer of some or all of our assets as a going concern or as part of bankruptcy, liquidation or similar proceeding;
- to secure our offices, premises and physical assets, including through the use of electronic access systems; and
- as described to you when collecting your Personal Information or as otherwise permitted under applicable law.
We will not collect additional categories of Personal Information or use the Personal Information collected for materially different, unrelated, or incompatible purposes without providing you notice.
Disclosure of Your Personal Information
We may disclose your Personal Information as permitted by applicable law, and with your consent where required, as follows:
- to vendors and service providers to perform services on our behalf and other services related to our business such as processing claims, policy servicing and customer support, communication services, advertising and marketing, website services and analytics, research, and tax, legal and accounting services.
- to subsidiaries, affiliates, agents, brokers in performance of our Services and to business partners to offer products and services.
- to advertising and marketing partners to send you information about our Services.
- for commercial transactions such as acquisitions, mergers, asset sales or transfers, bankruptcy or reorganization.
- to address legal matters such as compliance with law or a subpoena, a judicial proceeding, court order, government, regulator or law enforcement requests, or other legal process.
- to prevent fraud, respond to suspected or actual illegal activity, respond to or investigate an audit, complaint or security threat, violations of this Policy or our Legal Terms and Conditions, and to protect and defend our and others’ legal rights, safety and security.
- we may disclose deidentified or aggregate information for commercial and legitimate business purposes. We will maintain and use deidentified information without attempting to reidentify it other than as permitted by law.
- we may disclose Personal Information in other ways not already described with prior notification to you and, if needed, we will obtain your consent.
Transmitting your Personal Information
Cookies and Online Data Collection Technologies. Cookies are pieces of information stored on your device through your web browser. Some cookies allow us to recognize your device and to collect information such as internet browser type, time spent on our Sites, pages visited and other activity and usage data (“Statistical / Range Measurement cookies”). We may use other online data collection technologies such a pixel tags, web beacons and clear GIFs which are embedded within our Sites to collect information about your use of our Sites and in HTML-formatted email messages to track when emails are viewed and forwarded and email response rates. We may also use the information for security purposes, to facilitate navigation, support security and performance of our Sites, manage content or personalize your experience while using our Sites, and to present advertising to you as described below.
Data Analytics. We only use a Statistical / Range Measurement cookie or other online data collection technology, and disclose information to our website data analytics service provider Adobe Analytics that is not traceable to your IP address or linked to your other Personal Information, to perform statistical analyses of use of our Sites if you provide your prior, affirmative authorization. To learn more about the use of data collection technologies by Adobe for analytics and to exercise choice regarding those technologies, please visit the Adobe Analytics opt-out page.
Advertising. Cookies or other online data collection technology also allow us to present to you advertisements regarding our products and services that are most likely to appeal to you and to track your responses to our advertisements (collectively, “Marketing cookies”). We will only use a cookie or other online data collection technology for advertising purposes regarding our products and services if you provide your prior, affirmative authorization.
Your Choices. By default, the Statistics / Range Measurement and Marketing cookies on our Sites are disabled. To learn more, please click on the Cookie Settings link at the bottom of our website where you will find instructions, an explanation of how we use Statistics / Range Measurement and Marketing cookies, and you can change the default settings for each cookie if you wish to enable them.
If you have enabled the Statistics / Range Measurement cookie and / or Marketing cookie, you can use the Cookie Settings link to at any time to disable the cookie(s) again.
You can also learn more about opting out of receiving targeted advertising from third party ad networks that participate in the Digital Advertising Alliance at WebChoices: Digital Advertising Alliance's Consumer Choice Tool for Web US (aboutads.info) or the Network Advertising Initiative at NAI Consumer Opt Out (networkadvertising.org).
You can opt out of receiving email marketing communications from us by using the “unsubscribe” link in any marketing email we send you. If you opt out of receiving marketing messages, we may still send you non-marketing communications regarding the services we provide to you.
Do Not Track
Changes to Our Internet Privacy Statement
How to Contact Us
If you have any questions or comments about this Privacy Statement or other privacy-related inquiries, please contact us at:
The Hartford Steam Boiler Inspection and Insurance Company
Attn: Corporate Communications
One State Street
Hartford, CT 06102-5024
ADDITIONAL PRIVACY STATEMENT FOR CALIFORNIA RESIDENTS
This section supplements our Privacy Statement and provides specific information for residents of California (“consumers” in this section), and is intended to satisfy the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020 (collectively, referred to as "CPRA"). The CPRA requires that we provide certain information to California consumers about how we handle your Personal Information that we have collected, whether online or offline. Under the CPRA, “Personal Information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household, including the categories of Personal Information identified in a table below to the extent they identify, relate to, describe, are reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.
If you are a California resident and would like to exercise your rights under the CPRA, please contact us using one of the methods below:
The Hartford Steam Boiler Inspection and Insurance Company
Attn: Corporate Communications
One State Street
Hartford, CT 06102-5024
Our CPRA Notice at Collection is found below.
When We Are Acting as a Service Provider
Personal Information Not Covered by the CPRA
For purposes of this Additional Privacy Statement for California residents, the following personal information is not covered by the CPRA and does not include:
- Publicly information lawfully made available from government records.
- De-identified or aggregated consumer information.
- Information excluded from the CPRA's scope, like:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
California Notice At Collection
Categories of Personal Information Collected, Disclosed, Sources and Whether Sold or Shared
The type of information we collect from you depends on how you interact with us. The table below lists the categories of Personal Information that we have collected from California residents and have disclosed to others for a business purpose in the preceding twelve (12) months, the categories of sources of Personal Information from which the Personal Information is collected, and whether we sell or share each collected category of Personal Information. Some Personal Information included in the categories below may overlap with other categories.
We collect Personal Information from the following categories of sources and their representatives: our prospective and actual policyholders; other insured persons; corporate policyholders and companies we reinsure; reinsurance intermediaries of the companies we reinsure; claimants; others with information about the risk that we are insuring or reinsuring or about a claim; prospective and actual agents; our policyholders’ agents; brokers; prospective and actual business partners, vendors, contractors and service providers; our affiliates; third party administrators; adjusters; investigators; third party data providers; consumers who access our internet websites, internet forms and applications; and from consumers in connection with research and outreach.
We may disclose for a business or commercial purpose each of the categories of Personal Information described in the table below to the following categories of parties: vendors and service providers, agents, brokers, regulators, auditors, counsel, consultants, reinsurers, retrocessionnaires, advisors, representatives, our affiliates and subsidiaries, other website users, business partners, advertising networks, banks, operating systems or platforms, law enforcement, government entities and courts.
For more information about the business and commercial purposes for which we may collect or disclose such information, please review the “Business and Commercial Purposes for which Personal Information is Collected and Used” section in our general Privacy Statement.
|Categories Collected & Disclosed in the last 12 months||Personal Information Examples||Collected||Categories of Sources||Disclosed for Business or Commercial Purpose||Sell or Share|
|Identifiers||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. Some identifiers included in this category may overlap with other categories.||Yes||From you directly. From you directly and automatically if you provide prior affirmative, opt-in consent for unique personal or online identifier, IP address or cookie data. From agents and brokers. From our corporate clients. From our service providers.||Yes||No – do not sell No – do not share. We disclose online identifiers such as a unique personal identifier, device ID, IP address or cookie data for cross-contextual behavioral advertising only if you provide prior affirmative, opt-in consent.|
|Personal Records information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||Yes||From you directly. From agents and brokers. From our corporate clients. From our service providers.||Yes||No – do not sell No – do not share|
|Characteristics of Protected Classifications under California or federal law||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion, marital status, pregnancy, medical condition, physical or mental disability, sex, sexual orientation, and veteran or military status. Some protected classification characteristics included in this category may overlap with other categories.||Yes||From you directly. From agents and brokers. From our corporate clients. From our service providers.||Yes||No – do not sell No – do not share|
|Commercial Information||Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||No||Not applicable.||Not applicable||Not applicable|
|Biometric Information||An individual’s physiological, biological or behavioral characteristics, including DNA information that can be used to establish individual identity. includes imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings from which an identifier template such as a faceprint, voiceprint can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data containing identifying information.||Yes||From you directly. From our service providers.||Yes||No – do not sell No – do not share|
|Internet or network activity information||Internet or other electronic network activity information, including, but not limited to, browsing history, search history, information regarding a consumer’s interaction with internet websites, applications, or advertisements.||Yes||From you directly automatically and from other sources if you provide prior affirmative, opt-in consent.||Yes||No - do not sell No – do not share. We disclose online identifiers such as a unique personal identifier, device ID, IP address or cookie data for cross-contextual behavioral advertising only if you provide prior affirmative, opt-in consent.|
|Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes and student disciplinary records.||Yes||From you directly. From agents and brokers. From our corporate clients. From our service providers.||Yes||No – do not sell No – do not share|
|Geolocation Data||Physical location or movements.||Yes||From you directly and automatically. From our service providers.||Yes||No – do not sell No – do not share|
|Audio, Electronic, Visual, Thermal, Olfactory or similar information||Call recordings, video and photographs.||Yes||From you directly and automatically. From our service providers.||Yes||No – do not sell No – do not share|
|Professional or employment-related information||Employment history, qualifications, licensing, performance evaluations and disciplinary record.||Yes||From you directly. From our service providers.||Yes||No – do not sell No – do not share|
|Inferences drawn from other personal information||Inferences drawn from any of the personal information described in this section about an individual to create a profile including inferences reflecting the individual’s preferences, characteristics, behavior and abilities.||Yes||From you automatically and from other sources.||Yes||No – do not sell No – do not share|
|Sensitive Personal Information||Social security number, driver’s license number, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation (a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet); racial or ethnic origin, religious or philosophical beliefs, or union membership; contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; genetic data; processing of biometric information for the purpose of uniquely identifying a consumer; personal information collected and analyzed concerning a consumer’s health; personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.||Yes||From you directly. From agents and brokers. From our corporate clients. From our service providers.||Yes||No – do not sell No – do not share|
Retention of Personal Information
Deidentification of Personal Information
Your Rights and Choices Regarding Your Personal Information
This section describes the specific rights California consumers have regarding their personal information under the CPRA, subject to certain exceptions, and how to exercise those rights:
Right to Know: You have the right to request from us, up to two (2) times per year and subject to certain exemptions, the personal information we have collected about you in the prior twelve (12) months including:
- the categories of personal information;
- the categories of sources from which we collect the personal information;
- our business or commercial purpose for collecting, selling, or sharing the personal information;
- the categories of third parties to whom we have disclosed the personal information; and
- the specific pieces of personal information we have collected about you.
Right to Delete. You have the right to request deletion of personal information we have collected from you under certain circumstances, subject to certain exceptions.
Right to Correct. You have the right to request correction of inaccurate personal information we maintain about you, subject to certain limitations.
Right to Opt-Out of Sale or Sharing of Personal Information: If a business “sells” or “shares” Personal Information as those terms are defined under the CPRA, you have the right to opt-out of the sale or sharing of your Personal Information. As explained below, we do not and will not sell or share your Personal Information.
We do not “sell” your Personal Information under the CPRA because we do not disclose Personal Information to a third party for monetary or other valuable consideration. We only use Statistical / Range Measurement cookies, and disclose information to our website data analytics service provider Adobe that is not traceable to your IP address or linked to your other Personal Information, to perform statistical analyses of use of our website if you direct us to intentionally do so by providing your prior, affirmative authorization.
We also will only disclose your online identifiers such as cookie data for cross-contextual behavioral advertising purposes regarding our products and services if you direct us to intentionally use Marketing cookies by providing your prior, affirmative authorization, which is not “sharing” under the CPRA.
Right to Limit Use and Disclosure of Sensitive Personal Information. We do not use or disclose sensitive personal information other than for limited purposes permitted under the CPRA and, as such, are not required to offer a consumers a right to limit its use.
Right to Non-Discrimination. We will not discriminate against you for exercising any of your privacy rights under the CPRA.
How to Exercise Your Rights
If you are a California resident and would like to exercise your rights under the CPRA or you If you have any questions or comments about this Notice, please contact us using one of the methods below:
The Hartford Steam Boiler Inspection and Insurance Company
Attn: Corporate Communications
One State Street
Hartford, CT 06102-5024
Authorized Agent. You may designate an authorized agent to submit requests and act on your behalf. We require authorized agents to provide proof of their authorization from you.
Identity Verification. We will validate your identity and the identify of anyone making a request on your behalf relating to your personal information. The information we request to verify your identity may vary depending on the type of request and your relationship with us. Where feasible, we will match the identifying information you provide to the personal information we already maintain about you. We may in some instances request additional personal information from you which we will use only to verify your identity and will delete as soon as practical after responding to your request, except if we need to retain it to comply with CPRA recordkeeping requirements. If we are unable to verify your identity after a good faith attempt, we may deny your request and we will explain the reason for the denial.
We will respond to your request within the period of time required under law and will notify you if it is reasonably necessary for us to extend our response time.