Privacy Policy

 

Edgewood Partners Insurance Center (EPIC) Privacy Notice

 

Effective Date: January 16, 2024

Edgewood Partners Insurance Center and its affiliates (“EPIC” or “We”) is a unique and innovative retail property & casualty and employee benefits insurance brokerage and consulting firm. EPIC is committed to protecting your privacy and the privacy of its clients. This Privacy Notice describes how EPIC collects, uses, and discloses personal information. This Notice applies to any personal information you provide and any personal information we collect from other parties, including your employer.

When do we collect your information?
EPIC collects personal information when:

  • you contact us or we perform services for you
  • we provide services for our clients
  • you register on our website or email distribution lists
  • you RSVP to or attend our events
  • you interact with us through social media
  • you apply for a job at EPIC

What information do we collect?
In the course of interacting with you or providing our products and services, EPIC may collect information from you or other sources, including your employer, which may include the following:

  • Name and contact information (e-mail address, mailing address, phone number, mobile number, etc.)
  • Insurance policy and claim information
  • Government-issued identification and record details (Social Security number, driver’s license number, motor vehicle record, passport information, etc.)
  • Information you provide on a job application or that is obtained under a position-related background check
  • Demographic information (date of birth, gender, employment status, benefit coverages, marital status)
  • Physical or mental health information
  • Criminal record information

How do we use your personal information?
We process personal information that is provided by you or our clients in order to perform services. The processing of your personal information depends on the type of services we provide, applicable laws, regulatory guidance and professional standards. Where EPIC processes your personal information on behalf of a client, such as your employer, it is the client’s obligation to ensure that you understand that your personal information will be disclosed to EPIC.

All processing of your personal information is justified under a “lawful basis” for processing, including the following:

  • your consent
  • processing is necessary in order to enter into or perform a contract for you
  • processing is necessary for us to comply with legal obligations
  • processing is in our legitimate commercial interest, except that our interest may not override your fundamental rights or freedoms
  • In limited circumstances, we will use your consent as the basis for processing your personal information, for example, where we are required to obtain your prior consent in order to send you marketing communications.

Do we collect information from children?
EPIC does not knowingly collect information from children who have not reached the age of consent under relevant data privacy laws. If we learn that we have collected personal information from a child who has not reached the age of consent, we will delete it immediately.

What Information Do We Collect Through Automatic Data Collection Technologies?
As you navigate through and interact with EPIC’s websites, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

  • Details of your visits to EPIC’s websites, including traffic data, logs, and other communication data and the resources that you access and use on the websites.
  • Information about your computer and internet connection, including your IP address, operating system, and browser type.

The information EPIC collects automatically is only statistical data that helps EPIC improve its websites and deliver a better and more personalized service, including by enabling EPIC to:

  • Estimate audience size and usage patterns.
  • Store information about your preferences, allowing EPIC to customize its websites according to your individual interests.
  • Speed up your searches.
  • Recognize you when you return to EPIC’s websites.

The technologies EPIC uses for this automatic data collection may include:

  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of EPIC websites. Unless you have adjusted your browser setting so that it will refuse cookies, EPIC’s system will issue cookies when you direct your browser to EPIC’s websites.
  • Web Beacons. Pages of EPIC’s websites may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit EPIC, for example, to count users who have visited those pages or for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

EPIC does not collect personal information automatically, but it may tie this information to personal information about you that it collects from other sources or that you provide to EPIC.

How long do we retain your personal information?
EPIC collects and processes personal information in connection with providing its clients with various services, each of which may be subject to minimum or maximum retention periods, as required by law or EPIC’s Record Retention Policy.

EPIC also maintains personal information supplied by former clients, and EPIC also manages this information in accordance with its Record Retention Policy.

We retain each category of your personal information for no longer than is reasonably necessary for one or more business purposes. Due to the nature of the services, it is not possible to predict the length of time that we intend to retain your personal information. Instead, we use the following criteria to determine whether it remains reasonably necessary to retain your personal information for one or more business purpose(s):

  • the initial business purposes for which the personal information was collected or a subsequent business purposes;
  • whether there is a retention period required by applicable contracts with third parties, professional rules of conduct, or applicable law or regulation;
  • the existence of threatened or actual litigation for which EPIC is required to preserve personal information; or
  • generally accepted best practices in the risk management and insurance brokerage industries, and/or in the industries of the applicable affiliate(s) of EPIC receiving personal information.

When we determine that it is no longer reasonably necessary to retain your personal information for one or more disclosed business purpose(s) based on the above criteria, we will delete your personal information.

Do we disclose your personal information?
We may share your personal information with EPIC’s subsidiaries and affiliates as part of the process of providing services to you or to fulfill the purpose for which you provided it. We may also share your personal information with contractors, service providers, and other third parties that you or EPIC has engaged to perform services for you or to otherwise support EPIC’s business operations. These third parties are contractually bound to keep personal information confidential and use it only for the purposes for which EPIC discloses it to them.

EPIC may also disclose your personal information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of EPIC’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by EPIC is among the assets transferred.

EPIC may also disclose your personal information to comply with any court order, law, or legal process, including to respond to any government or regulatory request, to enforce or apply our Terms of Use, or if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of EPIC or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection.

Do we transfer your personal information across geographies?
For certain services offered by EPIC, personal information may be transferred outside of EPIC or to third parties that may operate outside of the United States, the United Kingdom, or the European Union. Personal information may be transferred, processed, or stored in countries that are not regarded as ensuring an adequate level of protection for personal information under European law. When personal information is transferred to those countries, we put in place standard contractual clauses and other safeguards to ensure your personal information is protected. Countries that we transfer personal information to include India, Philippines, China, among others. For more information about the safeguards we have put in place, please contact us using the information found in “Questions and Complaints” below.

How do we protect your information?
EPIC protects personal information using physical, electronic, and procedural safeguards that are specifically designed to meet or exceed the requirements of applicable laws. All EPIC employees receive training on the importance of protecting personal information, and only authorized employees have access to personal information. Subcontractors and agents are contractually bound to maintain protection of personal information and are not permitted to use the information for any unauthorized purpose.

What choices do you have about your personal information or our communications?
You have certain rights related to the processing of your personal information, including.

  • You have the right to unsubscribe from our communications by clicking the “unsubscribe” link in our marketing emails or by contacting us.
  • You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

Additional Information for California Residents
Under California’s “Shine the Light” law, you have the right to request and obtain from us once a year an account of your Personal Information we disclosed to third parties for direct marketing purposes. You will receive a notice that will include the categories of Personal Information that was shared (if any) and the names and addresses of all third parties with which the information was shared (if any). Epicbrokers.com does not use technology that accommodates do-not-track signals from your browser. If you are a California Resident and would like to make a request, please contact us using the information found in the “Questions or Complaints” section below.

The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act, and their implementing regulations (the “CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” as well as rights to access, correct, delete, and restrict the sale and sharing of Personal Information that EPIC may collect about its clients, customers, or visitors to its websites. If you are a California resident, you have a right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.

The CCPA defines “Personal Information” as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

We also may collect “Sensitive Personal Information,” which the CCPA defines as: Personal Information that is not publicly available and reveals one or more of the following:

  • Social Security, driver’s license, state identification card, or passport number;
  • racial or ethnic origin; and
  • the contents of mail, email, and text messages unless EPIC is the intended recipient of the communication.

Personal Information does not include:

  • publicly available information from government records;
  • information that we have a reasonable basis to believe is lawfully made available to the general public by You or from widely distributed media;
  • information made available by a person to whom You disclosed such information without restriction;
  • de-identified or aggregated information; and
  • information excluded from the CCPA’s scope, such as:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
    • Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

1. Collection and Use of Personal Information
In the 12-months preceding the date the information in this section was last updated, EPIC has collected the following categories of Personal Information about consumers, as defined by the CCPA: Identifiers (such as name, postal address, and Internet Protocol (IP) address); Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); Customer Records Information (such as name, address, and credit card or debit card number); Protected classification characteristics under California or federal law; Internet or Other Electronic Network Activity Information (such as information regarding a consumer’s interaction with our website); and Professional or Employment-Related Information.

EPIC obtains these categories of information from you and from our clients to whom we provide services.

2. Disclosures to Third Parties for a Business Purpose
In the 12-months preceding the date the information in this section was last updated, EPIC has disclosed the following categories of Personal Information about consumers for a business purpose, as defined by the CCPA: Identifiers (such as name, postal address, and Internet Protocol (IP) address); Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); Customer Records Information (such as name, address, and credit card or debit card number); Protected classification characteristics under California or federal law; Internet or Other Electronic Network Activity Information (such as information regarding a consumer’s interaction with our website); Professional or Employment-Related Information; and Sensitive Personal Information.

We disclose the categories of personal information listed above to our service providers in connection with the products and services we provide to our customers. We also disclose the categories of personal information listed above to obtain quotes or proposals or to underwrite insurance.

EPIC may disclose Personal Information to our “service providers”, to our “contractors”, and to “third parties” (each as defined by the CCPA) for business purposes. When we disclose Personal Information for business purposes, we enter into an agreement with the receiving party that describes the purpose for sharing the Personal Information, and that requires the receiving party to keep that Personal Information confidential. In the case of disclosures to our service providers, our service providers are obligated not to use the Personal Information for any purpose other than performing the services according to their agreement with us. In the case of our contractors, our contractors are obligated not to use the Personal Information for any purpose unrelated to the business purpose for which we’ve engaged them.

3. Use of Personal Information
We may use or disclose the personal information we collect to:

  • To provide products or services requested by you or by our clients.
  • To provide, support, personalize, and develop our websites, products, and services.
  • To personalize your website experience.
  • To help maintain the safety, security, and integrity of our websites, products and services, databases and other technology assets, and business.
  • For testing, research, analysis, and product development, including to develop and improve our websites, products, and services.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of EPIC’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by EPIC is among the assets transferred.

4. Sale of Personal Information and Right to Opt Out
“Sell,” “Selling,” or “Sold” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, Personal Information to another business or a third party for monetary or other valuable consideration.

“Share,” “Sharing,” or “Shared” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, Personal Information to a third party for Cross-context Behavioral Advertising, whether or not for monetary or other valuable consideration. “Cross-context Behavioral Advertising” means the targeting of advertising to an individual based on that individual’s Personal Information obtained from activity across businesses or distinctly-branded websites, applications, or services, other than the business or distinctly-branded website, application, or service with which the individual intentionally interacts.

We do not Sell or Share, and have not Sold or Shared, your Personal Information. We will not Sell or Share your Personal Information without providing notice to you and getting your consent.

5. Right to Know and Right to Request Deletion of Personal Information
California residents have the right to request that EPIC disclose what Personal Information it collects, uses, and sells, as well as the right to request that EPIC correct or delete certain Personal Information that it has collected from you. “Verifiable request” means that the identifying information you provide in connection with a request matches the Personal Information EPIC already maintains. Once EPIC receives and confirms your verifiable request, it will disclose to you, based on the nature of your request: the categories of Personal Information it has collected about you; the categories of sources for the Personal Information it has collected about you; EPIC’s business or commercial purpose for collecting that information; the categories of third parties with whom it shares that information; and/or, at your request, the specific pieces of Personal Information EPIC collected about you.

You also have the right to request a copy of your Personal Information, and/or to request that we transmit your Personal Information to another entity.  To the extent technically feasible, we will comply with your request and provide and/or transmit your Personal Information in a structured, commonly used, machine-readable format.

EPIC may deny your request to delete your Personal Information if retaining the information is necessary for EPIC or its service provider(s) to:

  1. Complete the transaction for which EPIC collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of EPIC’s ongoing business relationship with you, or otherwise perform a contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with EPIC.
  8. Comply with a legal obligation.
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

If EPIC denies your request, it will provide you with an explanation of our reason(s) for doing so.

You further have the right to request that we correct any of your Personal Information that is inaccurate by submitting a verifiable request. We will correct any inaccurate Personal Information pursuant to your request to the extent possible using commercially reasonable efforts. We may deny your correction request if the Personal Information is accurate.  We may also delete your Personal Information instead of correcting it to the extent such deletion would not negatively impact you.

You also have the right to request that we limit the use and disclosure of Sensitive Personal Information by submitting a verifiable request. If you submit such a verifiable request, we may continue to use or disclose your Sensitive Personal Information to:

  • complete a transaction for which we collected your Sensitive Personal Information, provide goods or services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • use in a short-term and transient manner, including, but not limited to, to facilitate non-personalized advertising shown as part of your current interaction with the technologies used by EPIC, but not including disclosure to third parties or use outside your current interaction with such technologies;
  • enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us; or
  • make any other uses of that information that are permitted by the CCPA and its implementing regulations.

You may contact EPIC using the contact information in the Questions and Complaints section below.  An agent may submit a request on your behalf, but you must verify that your agent is authorized to do so.

After we receive your verifiable request, we will provide to you, in writing and free of charge (unless your request is excessive, repetitive, or manifestly unfounded), the requested information. Unless you specify a shorter period for the request and processing your request does not require disproportionate effort, we will process your request with respect to Personal Information we have collected from January 1, 2022 to the time of processing your request. You can choose to have this information delivered to you by postal mail or electronically. We will try to respond to your verified request within forty-five (45) days of receipt, but if we require more time (up to another forty-five (45) days) we will inform you of the reason and extension period in writing. Please note that we are not required to comply with your request for information more than twice in any 12-month period. If applicable, our response will explain the reasons why we cannot comply with your request.

Career Search
Epicbrokers.com includes the EPIC Career Portal, which is available for those who wish to search and apply for open job positions at EPIC. Applications and other materials submitted through the Portal are first collected and processed by a third-party vendor. By submitting an application through this Portal, you consent to this processing of your personal information.

Website and External Links
This Privacy Notice describes the data privacy and protection policies of EPIC.

In addition, epicbrokers.com may contain links to other websites. This Privacy Notice only addresses your information that is received by EPIC. You are encouraged to review the privacy policies of each website you visit.

Changes to this Statement
This Notice may be changed at any time. Unless stated otherwise, all changes that occur will become effective immediately. The date the privacy policy was last revised is identified at the top of the page. By continuing to access EPIC websites, you agree to accept all terms and conditions outlined in this Notice.

Questions or Complaints
If you have any questions or complaints about this Notice, or about our data privacy or security policies in general, or if you want to exercise your rights under the CCPA, you may contact us via our webform, by mail at EPIC Corporate Headquarters, Attention: Privacy Officer, 1 California Street, Suite 400, San Francisco, California 94111, or by telephone at 1-800-345-7242.