Privacy Policy

Last Updated: July 2024

RSC Insurance Brokerage, Inc, along with its affiliates and subsidiaries (collectively, “Risk Strategies”, “we”, “us”, or “our”), is an international insurance brokerage, operating across a number of international jurisdictions. Risk Strategies aims to be a responsible custodian of the information you provide to us and the information we collect in the course of operating our business and providing insurance placement, managing general underwriter, program administrator, risk management or advisory, captive management, and other services (the “Services”).

This privacy policy (“Privacy Policy”) describes how Risk Strategies collects, uses, discloses, stores, and transmits (processes) information that identifies or relates to an identifiable individual (“personal information”) in the course of providing the Services in relation to: 

  • The use our websites and associated Services that link to this Privacy Policy, including risk-strategies.com and other websites controlled by Risk Strategies (the “Sites”);
  • Our former, current and prospective clients;
  • Individuals who communicate with us;
  • Individuals who use our Services; and
  • Individuals whose personal information we receive in providing the Services.

Aggregated or deidentified information that is maintained in a form that is not capable of being associated with or reasonably linked to an individual or household. is considered non-personal information for the purposes of this Privacy Policy.

This Privacy Policy also describes the choices available to you regarding our use of your personal information and how you can access and update this information. We recommend that you review the Terms of Use governing your use of this Site and its content by clicking here.

Separate privacy notices apply to our processing of information about employees, agents, and contractors. We may provide additional privacy disclosures where the scope of the personal information processing falls outside the scope of this Privacy Policy. In that case, the additional privacy disclosures will govern how we may process the information you provide at that time.

Consumers with disabilities may access this notice by using a standard screen reader or contacting us at (617) 330-5700.

Our Sites

The processing of personal information in relation to the Sites is controlled by Risk Strategies, unless a Site identifies (in its privacy policy, terms of use or otherwise) that it is controlled by another Risk Strategies entity. Risk Strategies, as well as individual divisions of Risk Strategies, may have their own websites with their own privacy policies, in which case this Privacy Policy will not apply to such websites unless such website provides a link to this Privacy Policy.

Our Role in Processing Personal Information

Data protection laws sometimes differentiate between “controllers” (or similar terms) and “processors” (or “service providers” or similar terms) of personal information. A “controller” determines the purposes and means (the why and how) of processing personal information. A “processor,” which is sometimes referred to as a “service provider,” processes personal information on behalf of a controller subject to the controller’s instructions.

This Privacy Policy describes our privacy practices where we are acting as the controller of personal information. However, this Privacy Policy does not cover or address how our customers may process personal information when they use our services, or how we may process personal information on their behalf in accordance with their instructions where we are acting as their processor. As a result, we recommend referring to the privacy policy of the customer with which you have a relationship for information on how they engage processors, like us, to process personal information on their behalf. In addition, we are generally not permitted to respond to individual requests relating to personal information we process on behalf of our customers, so we recommend directing any requests to the relevant customer.

Information We Collect

We may collect personal information about you and related third parties, including beneficiaries, dependents, employees or other participants in the Services offered to you. By providing us with the personal information of any third party, you confirm that you have the authority to do so on their behalf and have provided them with the information set out in this Privacy Policy.

The categories of personal information we collect can include:

  • Personal identifiers such as your name, email address, mailing address, phone number, date of birth, and government-issued identifiers (e.g., social security or national insurance number, passport number, ID number, tax identification number or driver’s license number).
  • Customer records such as your identification documents, account credentials, and payment and billing information (credit or debit card or other financial information).
  • Commercial information such as your communication with us or interest or participation in an insurance product, risk consulting service or other Services.
  • Demographics such as race, ethnicity, gender, marital status, date and place of birth.
  • Sensory information such as photos and videos of you and audio recordings of phone calls between you and us, where permitted by law.
  • Preferences you provide to us or generated through your use of the Services, including inferences we may make based on our experience with you.
  • Internet, network and device information from the browser or device you use to access our Services, which could include your IP address, device ID, cookie identifiers, browser type, internet service provider, referring/exit pages, operating system, date/time stamp and or clickstream data.
  • Professional information in connection with your role as a brokerage or carrier partner, agent, vendor or research partner.
  • Education information such as educational history.
  • Sensitive information we may collect the following categories of personal information, which may be classified as “sensitive” depending on the applicable privacy laws (“sensitive information”):
    • Government-issued identifiers;
    • Username and password;
    • Demographics such as race, ethnicity, religion, citizenship status, sexual orientation or sex life;
    • Information about a known child under the age of 13;
    • Health and medical information, including medical history; and
    • Payment card and financial account information.

Keep reading to learn more about how we collect personal information you provide to us directly through the Sites, information we collect through your use of the Services, and information we receive through third parties.

Information You Provide Through the Sites

When using our Sites, you may voluntarily provide information about yourself. We collect this information when you contact us through our Sites, create an account, provide us with personal information required to fulfill Services, or interact with us for any other purpose.

We may collect the following personal information about you through our Sites:

  • Personal identifiers such as contact information;
  • Customer records such as billing information and user name, account number, and password;
  • Preference information such as preferences about marketing publications and your interests in relation to our Services; and
  • Commercial information associated with your inquiries to us, including information you may voluntarily submit to us by completing forms on our Sites.

Information Processed Through the Services

We may also collect additional personal information (subject to applicable legal requirements and restrictions) in providing our Services, operating our business, and interacting with individuals in the course of our business, which may include:

  • Personal identifiers such as government issued identification numbers;
  • Customer records such as billing information, income and other financial information, and records of real property;
  • Commercial information about the insurance quotes individuals receive and the policies they obtain, current and/or previous claims;
  • Demographic information;
  • Health and medical information and other information necessary to secure insurance products, provide risk consulting services, offer guidance on other Services to you, and process claims;
  • Sensory information such as voice recordings when you call us;
  • Inferences we may make about you based on other data that we collect and our experience with you;
  • Education information such as transcripts and educational history;
  • Professional information such as employer, job title and employment history; and
  • Background check information such as criminal records data and other information from credit and background checks.

If you choose to contact us, we may need additional information to fulfill the request or respond to your inquiry. We may provide additional privacy disclosures where the scope of the request we receive or personal information we require fall outside the scope of this Privacy Policy. In that case, the additional privacy disclosures will govern how we may process the information you provide at that time.

Information Automatically Collected When You Use our Services

Like most digital platforms, we and our third-party partners collect certain personal information automatically when you visit our online Services. We typically collect this information through the use of a variety of our own and our third-party partners’ automatic data collections, including cookies, web beacons and similar technologies (“cookies”). Information we collect automatically about you may be combined with other personal information we collect directly from you or receive from other sources. The data that we and our third-party partners may automatically collect about you when you use our Services or otherwise engage with us includes:

  • Information about how you access the Services, for example, the site from which you came and the site to which you are going when you leave our website, how frequently you access the Services, when and whether you open emails or click the links contained in emails, whether you access the Services from multiple devices, and other actions you take on the Services;
  • Information about how you use the Services, for example, the pages you visit, the links you click, the ads you view and click on, your location when you access or interact with our Services, and other similar actions. We may also use third-party tools and technologies to collect information you provide to us or information about how you use the Services and may record your mouse movements, scrolling, clicks and keystroke activity on the Services and other browsing, search or purchasing behavior. These tools may also record information you enter when you interact with our Services;
  • Device information about the computer, tablet, smartphone or other device you use, such as your IP address, browser type, Internet service provider, platform type, device type/model/manufacturer, operating system, date and time stamp, a unique ID that allows us to uniquely identify your browser, mobile device or your account (including, for example, a persistent device identifier or an Ad ID), and other such information;
  • Analytics information. We may collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for the Service and to understand more about the demographics and behaviors of our users; and
  • Inferences about your interests that we may make based on your cookie data.

All of the information collected automatically through these tools allows us to improve your customer experience. For example, we may use this information to enhance and personalize your user experience, to monitor and improve our Services, and to improve the effectiveness of our Services, offers, advertising, and customer service functionality. We, or the third-party partners we use, may use the data collected through tracking technologies to:

  • Remember information so that you will not have to re-enter it during your visit or the next time you visit the site;
  • Provide custom, personalized content and information, including targeted content and advertising;
  • Identify and contact you across multiple devices;
  • Provide and monitor the effectiveness of our Services;
  • Perform analytics and detect usage patterns on our Services;
  • Diagnose or fix technology problems;
  • Detect or prevent fraud or other harmful activities; and
  • Otherwise plan for and enhance our Services.

Please see the Your Choices section below for information about the choices you may have in relation to our use of automatic data collection technologies. For additional details about the cookies we use on our Sites and to adjust your preferences with regard to those cookies, please review the Exercising Your Rights section below or our Cookie Policy.

Information Provided by Third-Party Sources

In addition to the personal information collected above, we may also collect personal information from the following third-party sources:

  • Our Affiliates. We are able to offer you the products and services we make available because of the hard work of our team members across all Accession Risk Management Group (“Accession”) entities. To provide our products and facilitate our services, Risk Strategies may receive personal information from other Accession entities for purposes and uses that are consistent with this Privacy Policy. For example, we may receive your contact information if you are referred by another Accession entity.
  • Other Customers. We may receive your personal information from our other customers. For example, a customer may provide us with your contact information as a part of a referral.
  • Social media. If you choose to interact with us on social media, we may collect personal information about you from the social media accounts that you make public. We use personal information collected in connection with your social media account to communicate with you, better understand your interests and preferences, and better understand our customer base more broadly.
  • Business partners. Our business partners may collect the personal information listed above in connection with the Services and may share some of this information with us. This includes our customers, the insureds, employers, administrators or other participants in the Services offered to you and the other third parties in the supply chain for providing the Services to you.
  • Service providers. Our service providers, such as payment processors and marketing providers, collect the personal information and often share it with us. For example, we receive personal information from payment processors to confirm that an individual’s payment for the Services was accepted. We also receive information about the success of our email campaigns, including information about who has opened our marketing communications and when.
  • Information providers. We may, from time to time, obtain information from third-party information providers to correct or supplement personal information we collect. For example, we may obtain updated contact information from third-party information providers to confirm an address or reconnect with an individual, or we may receive the results of a background check from a third-party provider. We may also enrich the data we own with third-party information, such as demographic information about business contacts to understand our audience and develop better marketing communications.
  • Acquired entities or data. We may, from time to time, acquire the equity or assets of a third-party entity in a merger or acquisition, which may include personal information about the entity’s customers, prospects, users, employees, business contacts or any person to which they’ve encountered. We will use this information in accordance with this Privacy Policy.
  • Publicly available information. As permitted under applicable laws, we may collect personal information from publicly available sources, such as government records or public review websites, to help improve our business and services.

How We Use Your Information

In addition to the above, we and our third-party partners may use personal information for any lawful purpose, including the following:

  • To create, maintain and service your account;
  • To respond to your inquiries or otherwise communicate with you;
  • To evaluate your eligibility for and provide Services you request, including to provide publications to which you subscribe;
  • To operate, personalize, and improve the Sites and their features, including for analytics purposes;
  • To send promotions and marketing materials that may be of interest to you in accordance with applicable laws;
  • To present advertising online and via other communication channels, including through social media platforms and internet search engines;
  • To send you important information regarding the Services, such as certain changes to our terms, conditions, policies, and other administrative information. Because this information may be material to your use of the Services, you may not opt-out of receiving such communications;
  • To administer and manage our vendors and business partners;
  • To analyze, improve and grow our business;
  • To help maintain and enhance the safety, security, and integrity of our property, products, Services, technology, assets, and business;
  • To detect, prevent, investigate or provide notice of security incidents or other malicious, deceptive, fraudulent or illegal activity and protect the rights and property of Risk Strategies and others;
  • For our other business purposes, such as analysis, research, audits, fraud detection and prevention, payment processing, developing new products and features, identifying usage trends, and our internal operational purposes;
  • To comply with our contractual obligations and applicable law(s) or to respond to valid law enforcement requests and as permitted by applicable law, court order, or governmental regulations and enforce our corporate reporting obligations and our Terms of Use;
  • To facilitate business transactions and reorganizations;
  • To help maintain the safety, security, and integrity of our Services, technology assets, and business; and
  • With your consent, or as otherwise disclosed at the time information is collected.

We may also use aggregate, deidentified and anonymous information in a manner for any lawful, legitimate purpose such that the information does not uniquely identify you or any other user of the Services. Such data is outside the scope of this policy. Where we maintain deidentified data, we will maintain and use the data in deidentified form and not attempt to reidentify the data except as required or permitted by law.

Disclosure of Information

Risk Strategies may share your personal information with other parties in the ways that are described in this Privacy Policy, including the following:

  • Within Accession. We share personal information with our subsidiaries and affiliates in the Risk Strategies family of companies, so that they also may use such personal information for the purposes described in this Privacy Policy. For example, we may disclose your information to affiliates who serve a role in supplying the Services, or with whose Services you may be interested in;
  • Business partners. We share information with our business partners, such as the third-party agents, contractors, brokers, carriers, administrators or other third parties involved in providing the Services;
  • Service providers. We share personal information with third-party vendors, consultants and other service providers who perform functions or services on our behalf and under our instructions to make our Services available to you. For example, this may include vendors and providers who engage in marketing or advertising activities or provide mailing or email services, tax and accounting services, auditing and compliance, fraud prevention, infrastructure provisioning, analytics services, IT services, product fulfillment, and web hosting;
  • Business transaction or reorganization. We may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may disclose personal information to a third-party during negotiation of, in connection with or as an asset in such a corporate business transaction. Personal information may also be disclosed in the event of insolvency, bankruptcy, or receivership;
  • Legal obligations and rights. We may disclose personal information to third parties, such as legal advisors, auditors and law enforcement:
    • in connection with the establishment, exercise, or defense of legal claims;
    • to comply with laws or to respond to lawful requests and legal process;
    • to protect the rights and property of Risk Strategies, our agents, customers, and others, including to enforce our agreements, policies, and Terms of Use;
    • to detect, suppress, or prevent fraud;
    • to reduce credit risk and collect debts owed to us;
    • to protect the health and safety of us, our customers, or any person; or
  • With your consent or at your direction. In addition to the sharing described in this Privacy Policy, we may share information about you with third parties whenever you consent to or direct such sharing or as otherwise disclosed at the time of data collection or sharing.

We may share information that has been anonymized or aggregated without limitation.

Retention of Personal Information

In accordance with applicable law, we retain personal information only for as long as is reasonably necessary to fulfil the purpose for which it was collected. However, if necessary, we may retain personal information for longer periods of time, until set retention periods and deadlines expire, for instance where we are required to do so in accordance with legal, tax and accounting requirements set by a legislature, regulator or other government authority.

To determine the appropriate duration of the retention of personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting and other applicable obligations.

Therefore, we retain personal information for as long as the individual continues to use our Services for the purposes explained in this Privacy Policy. In particular, we will retain their personal information for as long as necessary to comply with our legal obligations, to resolve disputes and defend claims, as well as, for any additional purpose based on the choices you have made, such as to receive marketing communications. We will retain personal information supplied when joining our services, including complaints, claims and any other personal information supplied during the duration of an individual’s contract with us for the services until the statutory limitation periods have expired, when this is necessary for the establishment, exercise or defense of legal claims.

Security of Personal Information

We have implemented reasonable physical, technical, and organizational safeguards that are designed to protect your personal information. However, despite these controls, we cannot completely ensure or warrant the security of your personal information. Moreover, we are not responsible for the security of information you transmit to us over networks that we do not control, including the Internet and wireless networks.

Your Choices

Cookies and Online Advertising

We permit our trusted business partners and third-party advertising companies (including ad servers, ad agencies, technology vendors, or providers of sponsored content, collectively “ad partners”) to collect your browsing information and numerical identifiers associated with your browser or device to provide ads on our behalf that are tailored to your interests. These ads may appear on our website, and on other third-party websites. Using cookies, our ad partners collect data from a particular browser or device about a user’s web viewing behaviors over time, across unrelated websites, and in some cases combine such data with data collected from other browsers or devices associated with the same user or household, and use such data to predict user preferences and to deliver advertisements to that user which are calculated to target that user’s predicted preferences across devices.

Most browsers accept cookies automatically, but you can block or delete cookies at any time to prevent the collection of your browsing information for purposes of delivering interest-based ads and tracking visitor behavior. You can block or opt out of cookies or collection of data for interest-based advertising by adjusting settings within your device or browser. For instructions, check your browser’s technical information. If you take steps to block advertising cookies or opt out of interest-based advertising, note that this does not mean that you will no longer receive ads from Risk Strategies, as these ads are only one form of digital advertising. The Digital Advertising Alliance (“DAA”) and the Network Advertising Initiative (“NAI") allow individuals to opt out of receiving online interest-based advertising from companies that participate in their programs. You can also find options for restricting cookies placed by some of our ad partners on the DAA’s opt-out page (http://optout.aboutads.info/) or the by using the NAI’s opt-out tool (https://optout.networkadvertising.org/?c=1).

If you are using a mobile device, your device may also include a feature ("Limit Ad Tracking" on iOS or "Opt Out of Ads Personalization" on Android) that allows you to opt out of having certain information collected through mobile apps used for behavioral advertising purposes. If you block cookies at a browser- or device-level and use a different computer or browser to access our platforms, you should review your cookie settings again. Please be aware that blocking or deleting cookies may also disable or interfere with shopping features on our services and other sites that you may visit.

Privacy Preferences

You have some choices regarding how we use your personal information, including those in this section and, depending on where you live, please see the Region-Specific Disclosures section below for additional information that may apply to you.

  • Correcting and updating your information. You may change any of your personal information in your account by editing your profile within your account. If you have questions about reviewing, changing, or deleting your information, you can contact us directly using the contact information below. We may not be able to change or delete your information in all circumstances.
  • Marketing emails. If you decide that you do not wish to receive marketing emails from Risk Strategies, you may opt-out of receiving further e-mails by clicking “Unsubscribe” in such emails. You may also opt out or unsubscribe from future emails by sending a request to privacy@risk-strategies.com using the subject line “Unsubscribe from email communications.” To ensure your opt-out request is properly processed, be sure to send your message using the same email account to which we sent our correspondence.

Third-Party Links and Tools

Our Sites may provide links to third-party websites or applications. We do not control the privacy practices of those websites or applications, and they are not covered by this Privacy Policy. You should review the privacy notices of other websites or applications that you use to learn about their data practices.

Our Sites may also include integrated social media tools or “plug-ins,” such as social networking tools offered by third parties. If you use these tools to share personal information or you otherwise interact with these features on the Sites, those companies may collect information about you and may use and share such information in accordance with your account settings, including by sharing such information with the general public. Your interactions with third-party companies and your use of their features are governed by the privacy notices of the companies that provide those features. We encourage you to carefully read the privacy notices of any accounts you create and use.

Our sites may use third-party analytics tools like Google Analytics to help us measure traffic and usage trends for the Services and to understand more about the demographics of our users. You can learn more about Google’s practices with Google Analytics by visiting Google’s privacy policy here. You can also view Google’s currently available opt-out options here.

Children’s Personal Information

Risk Strategies is committed to protecting the privacy needs of children and encourages parents and guardians to take an active role in their children’s online activities and interests. We do not knowingly collect information from children which we consider to be an individual under the age of sixteen (16) or the equivalent age as specified by law in your jurisdiction, and Risk Strategies does not target or direct its Sites to children.

Transfer of Personal Information Between Countries 

There are circumstances in which we will have to transfer your personal information out of the jurisdiction in which it was collected, or in which you reside, to entities around the world, including Accession group companies, to perform processing activities such as those described in this Privacy Policy in connection with the Services we provide to you. The Risk Strategies entity that controls your personal information may differ depending on where you live. If you do not reside in the U.S., your personal information may be processed by Risk Strategies and other Accession group companies on behalf of the Risk Strategies entity controlling personal information for your jurisdiction. Personal information collected by Risk Strategies or an Accession group company worldwide is generally stored in the United States. Regardless of where your personal information is stored, Risk Strategies maintains the same high level of protection and safeguarding measures.

Changes to Our Privacy Policy

We may update this Privacy Policy to reflect changes to our information practices and will post the updated Privacy Policy with a modified “Effective Date” at the top. Any changes or modifications will be effective immediately upon posting of the changes or modifications, and, to the extent permitted by law, retroactively to all personal information we have already collected. We encourage you to periodically review this Privacy Policy for the latest information on our privacy practices. If our information practices change, we will post these changes on this page.

Contact

If you have questions, comments, or concerns about this Privacy Policy, please contact us:

Region-Specific Notices

Additional privacy terms may be applicable depending on your location. These terms (our "region-specific notices") are incorporated into, and should be read in conjunction with, this Privacy Policy. Unless otherwise indicated, the region-specific notices have the same effective date as the Risk Strategies Privacy Policy and all terms have the same meaning as defined in our Privacy Policy.

Notice to Certain U.S. State Residents

Residents of certain U.S. states of who have interacted with us in the ways described in this Privacy Policy may have certain privacy rights granted under the applicable laws in their state (collectively, the “U.S. state privacy laws”). This notice does not apply to personal information that is exempted from the U.S. state privacy laws, such as personal information covered by sectoral privacy laws like the Health Insurance Portability and Accountability Act, the Confidentiality of Medical Information Act, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, or the California Financial Information Privacy Act.

We disclose all of the categories of personal information we collect to the categories of recipients set forth in the Disclosure of Information section of our Privacy Policy. Our disclosure of personal information to the following categories of third parties qualifies as the sale of personal information or the sharing or processing of personal information for the purpose of displaying advertisements that are selected based on personal information obtained or inferred over time from an individual’s activities across businesses or distinctly-branded websites, applications, or other services (otherwise known as “targeted advertising” or “cross-context behavioral advertising”) under certain U.S. state privacy laws:

  • Marketing partners. We share personal information with vendors and providers who engage in marketing or advertising activities.

Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to limit or opt-out of the sale of personal information or the processing of personal information for purposes of targeted advertising (as described in the Your Privacy Rights section below).

Sensitive Information. We use sensitive information in determining your eligibility for and the provision of the Services as described in our Privacy Policy. We do not sell sensitive information, and we do not process or otherwise share sensitive information for the purpose of targeted advertising. We do not collect or process sensitive information, for inferring characteristics about you other than as necessary to provide the Services. However, depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to limit, or withdraw your consent for, our processing of sensitive personal information (as described in the Your Privacy Rights section below).

Your Privacy Rights. Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to exercise some or all of the following rights:

The Right to Know

The right to confirm whether we are processing personal information about you and, under California law only, to obtain certain personalized details about the personal information we have collected about you, including:

  • The categories of personal information collected;
  • The categories of sources of the personal information;
  • The purposes for which the personal information were collected;
  • The categories of personal information disclosed to third parties (if any), and the categories of recipients to whom this personal information were disclosed;
  • The categories of personal information sold (if any), and the categories of third parties to whom the personal information were sold; and
  • The categories of personal information shared for targeted advertising purposes (if any), and the categories of recipients to whom the personal information were disclosed for these purposes.

The Right to Access & Portability

The right to obtain access to the personal information we have collected about you and, where required by law, the right to obtain a copy of the personal information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.

The Right to Correction

The right to correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information.

The Right to Control Over Sensitive Information

The right to exercise control over our collection and processing of certain sensitive information.

The Right to Control Over Automated Decision-Making / Profiling

The right to direct us not to use automated decision-making or profiling for certain purposes, including any form of automated processing of personal information to evaluate, analyze, or predict personal aspects concerning an individual’s economic situation, health, personal preferences, interests, reliability, behavior, location or movements in furtherance of decisions producing legal or similarly significant effects.

Right to Opt-Out of Sales or Sharing of Personal information

The right to direct us not to (a) “sell” your personal information to third parties for monetary or other valuable consideration, or (b) “share” your personal information with third parties for cross-context behavioral advertising purposes and targeted advertising purposes.

See the section Do Not Sell or Share My Personal Information below for more information.

The Right to Request Deletion

The right to request the deletion of personal information that we maintain about you, subject to certain exceptions.

Depending on your state of residency, you may also have the right to not receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights. However, the exercise of the rights described above may result in a different price, rate or quality level of Service where that difference is reasonably related to the impact the right has on our relationship or is otherwise permitted by law.

Do Not Sell or Share My Personal Information. Under some U.S. state privacy laws, the definition of “sale” is broad and covers many common business activities, even when the personal information used is not exchanged for money, or when it has been partially de-identified. Risk Strategies shares personal identifiers, or internet, network and device information, and preferences for data analytics including fraud detection, marketing and advertising purposes, for example, to better understand engagement with our Services, to match your interests with similar products you may also be interested in, to offer advertising for our products across other devices that you use, and to identify other potential customers with interests similar to yours who may also be interested in our products.

Risk Strategies does not sell your personal information to third parties for monetary consideration for their independent business use. When we use the term “share” or “sharing” we mean sharing, renting, releasing disclosing, disseminating making available, transferring or otherwise communicating orally, in writing, or by electronic or other means, your personal information by us to a third-party for cross-context behavioral advertising as well as targeted advertising as defined under the U.S. state privacy laws.

We do not “sell” or “share” sensitive information. We do not sell the personal information of consumers we know to be less than 16 years of age. If we wish to do so in the future, we will first seek affirmative authorization from either the minor who is between 13 and 16 years of age, or the parent or guardian of a minor less than 13 years of age. Please contact us at privacy@risk-strategies.com to inform us if you, or your minor child, would like to opt-in to “sales”.

Exercising Your Rights. To exercise the rights described above, please choose one of the following options:

  • To submit a request to exercise your Right to Know, Access, Portability, Correction, Deletion, Control Over Sensitive Information, or Control Over Automated Decision Making, please contact us at privacy@risk-strategies.com with sufficient information to identify you in our systems and fulfill your request.
  • To submit a request to exercise your Right to Opt-Out of Sales or Opt-Out of Sharing/Use of Your Personal Information for Targeted Advertising, please complete the following steps:
    • Cookie Preference Tool. Please navigate to your browser’s settings and clear your cache and delete all cookies stored on your browser. Then, please visit the Risk Strategies Site you typically interact with, and you will be presented with a cookie banner. You can opt out of the “sales” and “sharing” of your personal information by choosing the “Decline” option on the banner, or by selecting the “Cookie Settings” option and declining “Advertisement” and “Analytics” cookies. Please note that this opt-out is device- and browser-specific and will not be effective on your visits to the Services from other devices, browsers. The cookie preferences tool is also specific to each site within the Accession family of companies, and you may need to complete this step at each site for which you wish to exercise these rights. These requests will only affect cookie-based “selling” and “sharing”. Please note that deleting and opting out of some cookies may result in an inability to take full advantage of the Services. Please see our Cookie Policy for more information.
    • Future “Sales” and “Shares”. To opt out of potential future “sales” and “sharing” of your personal information from our internal databases, please contact us at privacy@risk-strategies.com with sufficient information to identify you in our systems and fulfill your request.
    • As an additional measure, we also suggest you block or opt out of cookies or collection of data for targeted advertising by adjusting settings within your device or browser. For instructions, check your browser’s technical information. You can also find options for restricting cookies placed by some of our ad partners, on the DAA’s opt-out page (http://optout.aboutads.info/). If you are using a mobile device, your device may also include a feature ("Limit Ad Tracking" on iOS or "Opt Out of Ads Personalization" on Android) that allows you to opt out of having certain information collected through mobile apps used for behavioral advertising purposes.

We will need to verify your identity and confirm your state of residence before processing your request, which will generally require the matching of sufficient information you provide to us to the information we maintain about you in our systems or the successful authentication through your account (if you have one with us).

Making a privacy rights request does not require you to create an account with us. However, we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

We will only use personal information provided in a privacy rights request to verify the requestor's identity or authority to make the request, to process the request, and for necessary record keeping.

Authorized Agents. Only you, or someone legally authorized to act on your behalf and with written permission, may make a privacy rights request related to your personal information. In certain circumstances, you are permitted to use an authorized agent to submit requests on your behalf where (i) you provide sufficient evidence to show that the requestor is an authorized agent with written permission to act on your behalf and (ii) you successfully verify your own identity with us. We generally require evidence of either: (i) a valid power of attorney; or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, andß a signed statement of authorization for the request. Depending on the evidence provided and your state of residency, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request.

Appealing Privacy Rights Decisions. Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by replying to the communication resolving your original request. If your appeal is denied, you may contact the applicable state’s attorney general.

  • Colorado Residents: If your appeal is denied, you may contact the Colorado Attorney General to address your concerns here.
  • Connecticut Residents: If your appeal is denied, you may contact the Connecticut Attorney General to submit a complaint here.
  • Virginia Residents: If your appeal is denied, you may contact the Virginia Attorney General to submit a complaint here.

Notice to Data Subjects in Canada

Individual Rights

As an individual or “data subject”, you may have certain rights in relation to your personal information. These rights include:

  1. The right to access information we hold about you and to obtain information about how we process it.
  2. The right to withdraw your consent to our processing of your data or communications. This right can be exercised at any time. However, we may continue to process your personal information if there is another legitimate reason or legal obligation for doing so. Please also note that depending on which kind of processing you object to, we may no longer be able to perform our contractual obligations with you.
  3. The right to request that we rectify information we hold about you if it is inaccurate or incomplete.

We may request certain personal information for the purpose of verifying your identity when you seek access to your personal information.

Compliance with Law Enforcement Orders

We and our U.S., Canadian, and other foreign service providers may provide your personal information in response to a search warrant to other legally valid inquiry or order, or to another organization for the purposes of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud, or as otherwise may be required or permitted by applicable U.S., Canadian or other law or legal process, which may include lawful access by US or foreign courts, law enforcement or other government authorities

Contact

You can make a request or exercise these rights by contacting the Company’s Privacy Officer at privacy@risk-strategies.com and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards.

Notice to Data Subjects in the Cayman Islands

For the purpose of this Privacy Notice, Risk Management Advisors (Cayman) Ltd (“RMA Cayman”), Risk Management Advisors, Inc. (“RMA”) and RSC Insurance Brokerage, Inc. (“Risk Strategies” and together with RMA and RMA Cayman, the “Company”) will act as joint data controllers in accordance with the Cayman Islands Data Protection Law (as amended from time to time).

Retention of Personal information

The Company will maintain personal information only for as long as it is necessary for the specific purpose the data was collected for, or as long as we are required by applicable laws and regulation. We are generally required to retain records for at least seven (7) years from the date the contractual relationship with you ends or potentially longer, depending on the kind of data and relevant laws and regulations applicable to it. We may keep personal information for longer periods where we have a legitimate interest for doing so, for instance to address complaints, assert or defend our rights in litigation or other dispute resolution procedures, or to respond to requests from regulators or assist judicial authorities.

Individual Rights

As an individual or “data subject”, you have certain rights in relation to your personal information. These rights include:

  1. The right to access information we hold about you and to obtain information about how we process it.
  2. The right to object to and withdraw your consent to our processing of your data. This right can be exercised at any time. However, we may continue to process your personal information if there is another legitimate reason or legal obligation for doing so. Please also note that depending on which kind of processing you object to, we may no longer be able to perform our contractual obligations with you.
  3. The right to request that we rectify information we hold about you if it is inaccurate or incomplete.
  4. In some circumstances, you have the right to request erasure and deletion of personal information we hold. We may, however, continue to retain it if we are entitled or required by law to do so.
  5. The right to object to, and to request that we restrict, our processing of your information in some circumstances. Please note that despite this general right we may be entitled under law to continue processing the information and / or to refuse that request.

You can make a request or exercise these rights by contacting the Company at privacy@risk-strategies.com and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards.

In any event, you always have the right to lodge a complaint with the data protection regulator in the Cayman Islands, which is the Office of the Ombudsman. You can access their website here: www.ombudsman.ky

You may also be able to seek redress for any violation of your data protection rights in the Cayman Islands courts or challenge a decision by the regulator.

This Privacy Notice is governed by the laws of the Cayman Islands. Any dispute arising from or in connection with this Privacy Notice is subject to the exclusive jurisdiction of the Cayman Islands courts.

Notice to Data Subjects in the Bahamas

For the purpose of this Privacy Notice, Risk Management Advisors (Bahamas) Ltd. (“RMA Bahamas”), Risk Management Advisors, Inc. (“RMA”) and RSC Insurance Brokerage, Inc. (“Risk Strategies” and together with RMA and RMA Bahamas, the “Company”) will act as joint data controllers in accordance with the Data Protection Act (as amended from time to time).

Individual Rights

As an individual or “data subject”, you have certain rights in relation to your personal information. These rights include:

  1. The right to access information we hold about you and to obtain information about how we process it.
  2. The right to object to and withdraw your consent to our processing of your data. This right can be exercised at any time. However, we may continue to process your personal information if there is another legitimate reason or legal obligation for doing so. Please also note that depending on which kind of processing you object to, we may no longer be able to perform our contractual obligations with you.
  3. The right to request that we rectify information we hold about you if it is inaccurate or incomplete.
  4. In some circumstances, you have the right to request erasure and deletion of personal information we hold. We may, however, continue to retain it if we are entitled or required by law to do so.
  5. The right to object to, and to request that we restrict, our processing of your information in some circumstances. Please note that despite this general right we may be entitled under law to continue processing the information and / or to refuse that request.

You can make a request or exercise these rights by contacting the Company at privacy@risk-strategies.com and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards.

In any event, you always have the right to lodge a complaint with the Data Protection Commissioner, in charge of protecting personal information in the Bahamas.  You can contact the Data Protection Commissioner by email at dataprotection@bahamas.gov.bs.