We are dedicated to maintaining both a high standard of privacy and a high standard of data protection in all of our activities. We must however balance our respect for the privacy interests of our customers, resellers, end-users, and employees with our public responsibilities. This is particularly true with respect to our obligations required to present contact information to authorities and third parties as required.
This policy will apply to and protect all personal information collected, used or disclosed by us, except information that is aggregated in such a manner that it cannot be connected to a person and/or information which is publicly available.
Personal information which may fall under the policy may include but is not limited to:
- User names and passwords;
- Technical support records;
- Credit history/performance information
- How much is spent on our services and that of our competitors;
- Industry or business, number of employees;
- Credit card information, language preferences;
- Internet protocol address and time stamps;
- Payment and banking information;
- Special needs
Personal information may be collected when:
- A person makes any inquiries by telephone, signs a contract, registers on our website or provides any information by email or through the Internet, inquiries about services, receives technical support, registers online, makes additional orders for services or when he/she makes a complaint; and/or
- A person visits any website or portal controlled by us.
However, the policy does not impose any limits on the collection, use or disclosure of the following information:
- a person’s name, address, telephone number and electronic address;
- an employee’s name, title, business address (including email address) and phone and fax numbers; or
- information that is publicly available and is specified by law or regulation.
Guidelines for Internet/Website Users
There are additional guidelines that apply to persons who use websites and portals we control. In addition to the principles outlined above, we may permit third parties to offer users with subscription and/or registration-based services through sites and portals we control.
In such circumstances, we cannot be responsible for the content of any third party offerings or any actions or policies of such third parties. We also remind users that voluntarily disclosed information online in discussion areas or other public areas of our sites and portals can be collected and used by third parties and may result in unsolicited messages from third parties. Unfortunately, such activities are beyond our control.
In some cases, users’ non-personal information and data may be automatically collected through the standard operation of our business and/or through the use of “cookies”. “Cookies” are small text files that may be used by us to:
(a) recognize repeat users;
(b) track usage behavior; and
(c) compile aggregate data that will permit content improvements and targeted advertising.
However, cookies may be required for the use of certain features on our sites and portals. Any submissions made to discussion areas or other public areas on our sites and portals are done so with a user’s understanding that they are accessible to third parties.
If comments are not intended for third parties, you are advised not to make any submissions. In any event, users can request that we cease from sending advertising from us or our authorized agents at any time by simply contacting us.
Our policy generally and in connection with our business use is subject to the requirements or provisions of any applicable legislation, regulations or agreements, or order of any court, or other lawful authority.
Your use of our sites and portals is also subject to these requirements.
THE PRIVACY PRINCIPLES WE FOLLOW
There are ten principles, which form the basis of our policy. These principles are interrelated and we shall adhere to them as a whole. Each principle must be read in conjunction with the accompanying commentary. The commentary in our policy may be tailored to reflect personal information issues specific to us.
To better understand our policy, we have set out some basic definitions to use when reading and interpreting the principles below:
Collection – the act of gathering, acquiring, recording, or obtaining personal information from any source, including third parties, by any means.
Consent – voluntary agreement with the collection, use and disclosure of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference on our part. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction. Consent will be implied when an individual or entity applies to receive information or services and agrees to the general terms and conditions imposed by us and/or our applicable partner or partners.
Customer – an individual or entity that uses, or applies to use, our products or services, including but not limited to both affiliates and customers.
Disclosure – making personal information available to a third party.
Personal information – information about an identifiable individual that is recorded in any form, but does not include aggregated information that cannot be associated with a specific customer. For a customer, such information does not include information that is aggregated in such a manner that it cannot be connected to him/her and/or information which is publicly listed in a written or online directory.
Third party – an individual or organization outside our business.
Use – the treatment, handling, and management of personal information by and within our business.
Principle 1 – Accountability
- We are responsible for personal information under our control. In response, we have designated our General Counsel as accountable for our compliance with the following principles. Responsibility for ensuring compliance with the provisions of our business policy rests with the Legal Department within our company, which shall designate one or more persons to be accountable for compliance with our policy. Other individuals within our company may be delegated to act on behalf of the designated person(s) or to take responsibility for the day-to-day collection and processing of personal information. The General Counsel has been designated in order that we may ensure that consumers have a resource to answer their privacy-related inquiries.
- We shall make known, upon request, the identity of the person or persons designated to oversee our compliance with our policy.
- We are responsible for personal information in our possession or control. We shall use appropriate means to provide a comparable level of protection while information is being processed by a third party.
We shall implement policies and practices to give effect to these principles, including:
- Implementing procedures to protect personal information and to oversee our compliance with our policy;
- Establishing procedures to receive and respond to inquiries or complaints;
- Training and communicating to staff about our policies and practices; and
- Developing information to explain our policies and practice
Principle 2 – Identifying Purposes for Collection of Personal Information
We shall identify the purposes for which personal information is collected at or before the time the information is collected.
- We collect personal information only for the following purposes:
- To establish and maintain responsible commercial relations with customers and to provide ongoing services and offers;
- To understand customer needs;
- To develop, enhance, market or provide products and services;
- To manage and develop our business and operations, including personnel and employment matters; and
- To meet legal and regulatory requirements.
Further references to “identified purposes” mean the purposes identified in this Principle 2 – A.
- Unless the purpose is implied from the nature of the service provided, we shall specify orally, electronically or in writing the identified purposes to the customer or employee at or before the time personal information is collected. Upon request, persons collecting personal information shall explain these identified purposes or refer the individual to a designated person within our company who shall explain the purposes.
- Unless required by law, we shall not use or disclose for any new purpose, personal information that has been collected without first identifying and documenting the new purpose and obtaining the consent of the customer.
Principle 3 – Obtaining Consent for Collection, Use or Disclosure of Personal Information
The knowledge and consent of a customer is required for the collection, use, or disclosure of personal information, except where inappropriate.
NOTE: In certain circumstances personal information can be collected, used, or disclosed without the knowledge and consent of the individual. For example, legal or security reasons may make it impossible or impractical to seek consent. When information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of the individual might defeat the purpose of collecting the information. Seeking consent may be impossible or inappropriate when the individual is a minor, seriously ill, or mentally incapacitated. In addition, if we do not have a direct relationship with a customer, we may not always be able to seek consent.
- In obtaining consent, we shall use reasonable efforts to ensure that a customer is advised of the identified purposes for which personal information collected will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood by the customer or employee. (See Principle 2-A)
- Generally, we shall seek consent to use and disclose personal information at the same time we collect the information. However, we may seek consent to use and disclose personal information after it has been collected but before it is used or disclosed for a new purpose.
- We will only require customers to consent to the collection, use or disclosure of personal information as a condition to the supply of a product or service if such collection, use or disclosure is required to fulfill the identified purposes.
- In determining the appropriate form of consent, we shall take into account the sensitivity of the personal information and the reasonable expectations of our customers.
- In general, the use of products and services by a customer constitutes implied consent for us to collect, use and disclose personal information for all identified purposes. For sensitive information, we will obtain express consent at or before the time of collection.
- A customer may withdraw consent at any time, subject to legal, regulatory or contractual restrictions and reasonable notice. (See Principle 3-C). Customers may contact us at the address below for more information regarding the implications of doing so.
Principle 4 – Limiting Collection of Personal Information
We shall limit the collection of personal information to that which is necessary for the identified purposes. We shall collect personal information by fair and lawful means.
- We collect personal information primarily from our customers.
- We may also collect personal information from other sources including but not limited to credit bureaus or other third parties who represent that they have the right to disclose the information.
Principle 5 – Limiting Use, Disclosure, and Retention of Personal Information
We shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by an authority or by law. We shall retain personal information only as long as necessary for the fulfillment of those purposes or as required by law.
- We may disclose a customer’s personal information to:
- An end-user’s affiliate / reseller;
- A third party service provider for the efficient and cost-effective provision of services;
- Another person or corporation as part of conducting business together or pursuant to the sale of all or substantially all of our assets related to one or more specific lines of business;
- A company involved in supplying communications or communications directory related to services;
- A company or individual employed by us to perform functions on our behalf;
- Another company or person for the development, enhancement, marketing or provision of any of our products or services;
- An agent or third party retained by us in connection with our administration or the provision of our products or services;
- An agent used by us to evaluate the customer’s creditworthiness or to collect the customer’s account;
- Credit grantors and reporting agencies;
- A public authority or agent of a public authority, if in the reasonable judgment of our company, it appears that there is imminent danger to life or property which could be avoided or minimized by disclosure of this information;
- A person who, in the reasonable judgment of our company, is seeking the information as an agent of the customer; and
- A third party or parties, where the customer consents to such disclosure or disclosure is required by law or emergency. We reserve the right to contact persons at any time regarding account status, changes to services and other matters relevant to underlying services and/or personal information. Except as permitted in this Principle, we do not provide or sell our customer lists to any outside company for use in marketing or solicitation.
- Only our employees with a business need to know, or whose duties reasonably so require, are granted access to personal information that is not publicly available about customers.
- We shall keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about a customer, we shall retain, for a period of time that is reasonably sufficient to allow for access by the customer, either the actual information or the rationale for making the decision.
- Personal information that is no longer necessary or relevant for the identified purposes or required to be retained by law shall be destroyed, erased or made anonymous. In any event, we shall maintain reasonable and systematic controls, schedules and practices for such information, its retention and destruction.
Principle 6 – Accuracy of Personal Information
Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
- Personal information used by us shall be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about a customer.
- We shall update personal information about customers as and when necessary to fulfill the identified purposes or upon notification by the individual.
Principle 7 – Security Safeguards
We shall protect personal information by security safeguards appropriate to the sensitivity of the information.
- We shall protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security measures. We shall protect the information regardless of the format in which it is held.
- We shall protect personal information we disclose to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.
- All of our employees with access to personal information shall be required as a condition of employment to contractually respect the confidentiality of personal information.
Principle 8 – Openness Concerning Policies and Practices
We shall make readily available to customers and employees specific information about our policies and practices relating to the management of personal information.
- We shall make information about our policies and practices easy to understand, including:
- The title and address of the person or persons accountable for our compliance with the policy and to whom inquiries or complaints can be forwarded;
- The means of gaining access to personal information held by us; and
- A description of the type of personal information held by us, including a general account of our use.
Principle 9 – Customer Access to Personal Information
We shall inform a customer of the existence, use, and disclosure of his or her personal information upon request and shall give the individual access to that information. A customer shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
NOTE: In certain situations, we may not be able to provide access to all of the personal information we hold about a customer. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons or information that is subject to solicitor-client or litigation privilege. We shall provide the reasons for denying access upon request.
- Upon request, we shall afford customers a reasonable opportunity to review the personal information in the individual’s file. Personal information shall be provided in understandable form within a reasonable time and at a minimal or no cost to the individual.
- Upon request, we shall provide an account of the use and disclosure of personal information and, where reasonable, legal and possible, shall state the source of the information. In providing an account of disclosure, we shall provide a list of organizations to which we may have disclosed personal information about the individual when it is not possible to provide an actual list.
- In order to safeguard personal information, a customer may be required to provide sufficient identification information to permit us to account for the existence, use and disclosure of personal information and to authorize access to the individual’s file. Any such information shall be used only for this purpose.
- We shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. Where appropriate, we shall transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.
- Customers can obtain information or seek access to their individual files by contacting a designated representative at our business offices as described below.
Principle 10 – Challenging Compliance
A customer shall be able to address a challenge concerning compliance with the above principles to the designated person or persons accountable for our compliance with the policy.
- We shall maintain procedures for addressing and responding to all inquiries or complaints from our customers about our handling of personal information.
- We shall inform our customers about the existence of these procedures as well as the availability of complaint procedures.
- The person or persons accountable for compliance with our policy may seek external advice where appropriate before providing a final response to individual complaints.
- We shall investigate all complaints concerning compliance with the policy. If a complaint is found to be justified, we shall take appropriate measures to resolve the complaint including, if necessary, amending our policies and procedures.
For more information, please contact us through our business address as follows:
American Auto Insurance, 3201 N Harlem Ave #1, Chicago, Illinois 60634