Supplemental Information for California Residents
Last Updated May 17, 2023
This Supplemental Information for California Residents (“California Notice”) is a part of, and supplements, the CPH & Associates Insurance Agency dba CPH Insurance Privacy Policy (the “Privacy Policy”), available here.
This California Notice applies only to residents of California (who are referred to as “you” or “your” in this California Notice). This California Notice is being provided as required by the California Privacy Rights Act of 2020 (which amended and replaced the California Consumer Privacy Act of 2018, and is referred to as the “CPRA”). Any terms defined in the CPRA (such as “personal information,” “consumer,” “service provider,” “contractor,” “third party,” “sale/sell,” and “share”) will have the same meaning when used in this California Notice.
CPH & Associates Insurance Agency, Inc. dba CPH Insurance (which we refer to as “us”, “we,” or “our” throughout this California Notice) is providing this California Notice to provide you with additional information about how we collect and process your personal information.
This California Notice is made available through our websites in the United States, including the sites and applications that link to this California Notice such as www.cphins.com and our online patient portal, available at www.insure-portal.com (which we refer to collectively in this California Notice as the “Site,” which also includes all associated content, functionality, and services offered on or through the Site).
1. THE CATEGORIES OF PERSONAL INFORMATION WE COLLECT
For purposes of the CPRA, the table below describes the categories of personal information we collect, our business and/or commercial purpose for collecting and using that personal information, and our retention period for that personal information (or, the criteria used to determine the retention period).
| Categories of Information We Collect | Examples of Information Collected in this Category | Business and/or Commercial Purpose | Retention Period |
| A. Identifiers | First name, last name, physical address (mailing and business), email address, telephone number | • Engaging in commercial transactions, such as issuance, renewal, and maintenance of insurance policies • Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments (referred to as “performing services” in the remainder of this table) • Providing advertising and marketing services -Helping ensure security and integrity of our Site and business • Internal research purposes • Quality and safety maintenance and to improve, upgrade, and enhance our Site, products and services | • For the duration of our business or prospective business relationship. • Policy information is required is required by law to be retained for a minimum of 5 years, and may be retained indefinitely so long as we have a legal obligation or reason to retain it. |
| B. Personal information categories listed in the California Consumer Records statute (Cal. Civ. Code §1798.80(e)) | Name, address, telephone number, bank account number, credit card number, debit card number | • Engaging in commercial transactions, such as issuance, renewal, and maintenance of insurance policies • Performing services • Providing advertising and marketing services • Helping ensure security and integrity of our Site and business • Internal research purposes • Quality and safety maintenance and to improve, upgrade, and enhance our Site, products and services | • For the duration of our business or prospective business relationship. • Policy information may be retained indefinitely. • Financial information is processed by our third party payment processor, and is kept only for so long as necessary to complete a transaction. |
| C. Commercial information | Insurance plan information, including coverage applied for and enrolled in, renewals, and claims information | • Engaging in commercial transactions, such as issuance, renewal, and maintenance of insurance policies • Performing services • Providing advertising and marketing services • Helping ensure security and integrity of our Site and business • Internal research purposes • Quality and safety maintenance and to improve, upgrade, and enhance our Site, products and services | • For the duration of our business or prospective business relationship. • Policy information may be retained indefinitely. |
| D. Internet or other similar network activity | Internet protocol (IP) address, login data, browser type and version, time and location settings, browser types and versions, operating system, platform, and other technology on device(s) used to access our Site, Site usage data, including how you interact with the Site | • Site analytics • Helping to ensure security and integrity of our Site • Debugging to identify and repair errors • Quality and safety maintenance and to improve, upgrade, and enhance our Site | • This information may be retained indefinitely, so long as we have a legal or business obligation or need to retain it. |
| E. Professional or employment-related information | Occupation, name and address of employer | • Performing services | • For the duration of our business or prospective business relationship. • Policy information may be retained indefinitely. |
For purposes of the CPRA, we do not collect any categories of information defined as “Sensitive Personal Information,” because we do not use any information for the purposes of inferring characteristics about the person with respect to whom it was collected.
For more information about our business and commercial purposes for using personal information, see our main Privacy Policy, Section 4 (How We Use Personal Information).
2. THE SOURCES OF THE PERSONAL INFORMATION WE COLLECT
We obtain the personal information identified above from the following categories of sources:
- Direct interactions with you as a Site user or customer
- Automated technologies and interactions (with respect to internet and other similar network activity only)
For more information about each of these sources, see our main Privacy Policy, Section 3 (Sources of Personal Information) here.
3. OUR DISCLOSURE OF PERSONAL INFORMATION
As disclosed in our main Privacy Policy, Section 5 (When and Why We Disclose Personal Information), we may disclose personal information to insurance carriers, association partners, service providers, contractors, and third parties.
When we disclose personal information to service providers, contractors, and third parties in the circumstances noted above, we enter into agreements with those third parties that describe the purposes for which the personal information may be used and that require the third party to keep that personal information confidential.
We will also disclose information as necessary to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. And, if we engage in a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets in which personal information held by use about our website users is among the assets transferred, we will disclose information to the applicable counterparty in that transaction.
4. INFORMATION ABOUT SELLING AND SHARING PERSONAL INFORMATION
For purposes of the CPRA:
- “Selling” personal information is defined as selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a consumer’s personal information to a third party for monetary or other valuable consideration; and
- “Sharing” is defined as sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating information with third parties for cross-context behavioral advertising, whether or not for monetary or other consideration. “Cross-context behavioral advertising” in turn is defined as targeting or advertising to a consumer based on the consumer’s personal information obtained from the consumer’s activity across businesses, distinctly-branded websites, applications, or services, other than our distinctly-branded websites with which you have intentionally interacted.
We do not sell or share any personal information as defined in the CPRA. We note the following to help you better understand why some information disclosures are not considered sales or sharing of information, and accordingly will not be subject to any opt-out right provided by the CPRA.
- As noted above, we disclose information to our service providers and contractors who need the information in order to perform contracted services for us. As described above, we enter into agreements with each service provider that limit the purposes for which the personal information may be used and that require the third party to keep that personal information confidential. With these protections, these transfers are not considered “sales” under the CPRA.
- In addition, if a consumer uses or directs a business to intentionally disclose personal information to a third party, or uses a business to intentionally interact with a third party, then disclosing personal information to that third party is not considered a “sale” under the CPRA. This applies to many circumstances where we acquire or disclose personal information as between us and the insurance carriers with whom we work. For instance, if a prospective customer provides its contact information on our website and requests information about an insurance policy, we may disclose the consumer’s personal information to our carriers to facilitate the transaction. This transfer of information would be considered a “sale” pursuant to the CPRA, because the consumer is intentionally directing us to allow the interaction with the carrier.
5. YOUR RIGHTS AND CHOICES UNDER THE CPRA
The CPRA provides California residents with certain specific rights regarding their personal information. This section describes your CPRA rights, and explains how to exercise them. Please note that your rights are subject to limitations and exceptions described in the CPRA.
- Right to Know – You have the right to ask us to provide you with information about our collection and use of your personal information over the past 12 months.
- Right to Access (Data Portability) – You have the right to ask us to provide you with copies of personal information that we have collected about you, in a portable and readily-usable format. Please note that access requests may be made free of charge up to twice in any 12-month period.
- Right to Request Deletion – You have right to ask us to delete personal information about you that we have collected and retained.
- Right to Correct – If you believe any personal information we have about you is incorrect, you have the right to request that we rectify any inaccuracies.
- Right to Non-Discrimination and Non-Retaliation – You have the right not to be discriminated or retaliated against for exercising any of your CPRA rights.
To exercise any of the rights described above, you must submit a verifiable consumer request to us. You can do so by:
- Emailing us at info@cphins.com
- Calling us at 1-800-875-1911
Only you, or a person registered with the California Secretary of State that you expressly authorize to act on your behalf, can make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
We cannot respond to your request or provide you with information if we cannot identify you or confirm your authority to make the request, so any request will require you to provide sufficient information to allow us to reasonably verify your identity and/or the identity and authorization of your agent (if applicable). We will only use any personal information provided in a verifiable consumer request to verify the requesting party’s identity or authority to make the request. The information requested to verify your identity, or the identity and authorization of your agent, is dependent on your relationship with us and the type of information available to us.
We will respond to any verifiable consumer request in the manner and within the timeframes required by the CPRA.
6. OTHER CALIFORNIA RIGHTS
In addition to the CPRA, California’s “Shine the Light” law permits California residents to request certain details about our disclosure of their personal information to third parties for those third parties’ own direct marketing purposes. If you are a California resident and you would like to make such a request, please contact us at info@cphins.com. Please note that there are legal limits on how often you can make such a request, and we are only obligated to respond to one information request per customer per year.
In addition, although users of our Site are required to be at least 18 years old, if any California residents under the age of 18 have used the Site, created an account, and posted content or information on the Site, they can request removal by contacting us at info@cphins.com, detailing where the content is posted and confirming that they posted it. Following such a request, we will terminate the unauthorized account, and will make reasonable good faith efforts to remove any post or information from public view, or anonymize it so that the minor cannot be individually identified. However, removal of public postings cannot ensure complete or comprehensive removal, as third parties may republish, archive, or cache web content in a manner that is out of our control.
7. CONTACT US
If you have any questions or comments about this California Notice or our privacy practices, please contact us at info@cphins.com.