EVEREST U.S. PRIVACY NOTICE
Effective Date: January 1, 2020
Last Reviewed on: December 14, 2020
Everest values your business and your trust. We respect the privacy of your personal information and take our responsibility to protect it seriously. This notice is meant to help you understand how Everest treats the information we receive about you, including the way in which we will collect, use, disclose your personal information and explains how to exercise the choices and rights you have in your personal information.
We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and other applicable privacy laws and regulations.
Scope of This Policy
This privacy notice is provided on behalf of the Everest companies, subsidiaries, and affiliates (“Everest”), and applies to current and former customers, business partners, employees, job applicants, and others who reside in the United States (“You” or “Your”). This privacy notice applies to personal information we collect through this website, other websites or mobile applications made available by us for your use, and our social media pages (collectively “Online Services”) as well as through our business dealings with you (for example, from your application and claim forms, telephone calls, e-mails and other communications with us, as well as from claims investigators, medical professionals, witnesses or other third parties involved in your transaction with us).
This Notice is for U.S. residents and is intended to supplement the information contained on Everest’s Privacy homepage (https://www.everestre.com/About-Everest/Privacy-Security-and-Trust) and other privacy notices tailored to our specific relationships with you. Depending on your relationship with us, you may receive other privacy notices from us providing additional detail about our privacy practices as required under applicable laws and regulations.
The Information We Collect
Depending upon your relationship with us, the following is a list of Personal Information that we may possibly collect about you:
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
B. Personal information categories
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, credit history, credit score, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories.
C. Protected classification characteristics
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
D. Commercial Information
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
F. Internet or other similar network activity
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
G. Geolocation data
Physical location or movements.
H. Sensory data
Audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment-related information
Current or past job history or performance evaluations, resumes, CVs, certificate or license numbers.
J. Non-public education information
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
K. Criminal Record Information
Driving offenses, convictions, motor vehicle driving records.
L. Information that Enables Us to Offer (Re)Insurance Products or Services
Location and identification of property insured (for example, property address, vehicle license plate or identification number); travel plans; age categories of individuals you wish to insure; policy and claim numbers; coverage/peril details; cause of loss; prior accident or loss history; your status as director or partner, or other ownership or management interest in an organization; other insurance you hold; and details on products for which you have or seek a warranty.
M. Inferences drawn from other personal information
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Where We Obtain Personal Information From
Much of the information we hold will have been provided by you (for example, when you complete applications for products and services you purchase from us), but we may also collect your Personal Data from various other sources, including:
- Indirectly from you. For example, from observing your actions on our Website
- your representative through the policy application process;
- your family members, employer, agents, or representatives;
- other (re)insurance market participants;
- credit reference agencies;
- consumer reporting agencies and other insurance support organizations, to the extent permitted by law;
- medical providers and consultants, to the extent applicable;
- if applicable, anti-fraud databases, sanctions lists, court judgments and other databases;
- prior and current employers, when they share information with us;
- if applicable, government agencies; or
- in the event of a claim, third parties including the other party to the claim (claimant/defendant), witnesses, experts (including medical experts), loss adjustors, lawyers, and claims handlers.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following purposes:
- To provide you with support and respond to your requests. For example, if you share your name and contact information to request a price quote or ask a question about our (re)insurance products or services, we will use that personal information to respond to your inquiry.
- Make decisions about our product offerings and related services, including but not limited to selling, underwriting, rating, servicing and administering (re)insurance and claims.
- Send you important information regarding changes to our policies, other terms and conditions, and other administrative information.
- Assess your eligibility for payment plans, process your premium and other payments, and pursue collection actions.
- Evaluate your suitability for job or business opportunities.
- Provide improved quality, training and security.
- Prevent, detect and investigate crime, including fraud and money laundering, and analyze and manage other commercial risks.
- For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.
- Provide marketing information to you (including information about other products and services offered by selected third-party partners) in accordance with preferences you have expressed.
- To support and personalize your experience when using our Website, products or services.
- Allow you to participate in contests, prize draws and similar promotions, and to administer these activities.
- To manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; data and website hosting; data analytics; business continuity; and records, document management.
- To resolve complaints.
- Comply with applicable laws and regulatory obligations, such as those relating to anti-money laundering, sanctions and anti-terrorism; comply with legal process; and respond to requests from public and governmental and law enforcement authorities.
- Establish and defend legal rights; protect our operations or those of any of our group companies or business partners, our rights, privacy, safety or property, and/or that of our group companies, you or others; and pursue available remedies or limit our damages.
- To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our consumers is among the assets transferred.
We also may anonymize, combine or aggregate any of the information we collect about you for any of these purposes or for analyzing statistics and trends. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Does Everest Sell Your Personal Data?
We don't sell your personal data to anyone. And we only share your personal data with others in specific circumstances.
Who Do We Share Your Personal Information?
Depending on your relationship with us, we may share your personal information for the purposes described above with the following categories of recipients:
Disclosures to Our Affiliates
We may share your information among our affiliated companies for marketing or business purposes in certain circumstances, where appropriate.
Disclosures to Third Parties
We may disclose your personal information to a third party for a business purpose. We work with third parties to develop, operate, deliver, maintain, improve, enhance, and assist us in carrying out business activities in order to fulfill our obligations to you. When we disclose personal information for a business purpose, we generally enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. We also require our service providers to provide at least the same of equal protection of personal information as described in this Notice. We may share your personal information with the following categories of third parties:
- Service providers acting on Everest’s behalf in connection with your policy and your claims processing, such as program administrators, third-party administrators, managing general agents.
- Service providers who facilitate the underwriting or risk assessment process, assist in the evaluation and/or adjustment of your claim, provide support in litigation, including but not limited to medical professionals, accountants, actuaries, experts, lawyers, consultants, engineers, loss control consultants, and other outside advisors.
- Service providers who help provide operational, IT related, or security support such as IT systems, support and hosting service providers, and software providers.
We may share personal information with payees; emergency providers (fire, police and medical emergency services); retailers; medical networks, organizations and providers; travel carriers; credit bureaus; credit reporting agencies; and other people involved in an incident that is the subject of a claim; as well as purchasers and prospective purchasers or other parties in any actual or proposed reorganization, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our business, assets or stock.
Disclosures to Other Insurance and Distribution Partners
We may, in the course of providing (re)insurance products and services and processing claims, make personal information available to third-parties such as other insurers, reinsurers, insurance and reinsurance brokers, producers and other intermediaries, affinity marketing partners, financial institutions, and other business partners or potential business partners.
Disclosures to Government or Regulatory Authorities
Everest may also share personal information with governmental, regulatory or other public authorities as we believe to be necessary or appropriate: (a) to comply with applicable laws; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our group companies; (f) to protect our rights, privacy, safety or property, and/or that of our group companies, you or others; and (g) to allow us to pursue available remedies or limit our damages.
Upon Your Further Direction
With your permission or upon your direction, we may disclose your personal information to interact with a third party or for other purposes.
How do we Protect your Personal Information?
We maintain physical, electronic and administrative safeguards designed to help protect personal information. We secure our databases with various physical, technical and procedural measures, and we restrict access to your information by unauthorized persons.
We also train all employees on their responsibility to safeguard customer data and provide them with appropriate guidelines for adhering to our company's business ethics, standards, and confidentiality policies.
Encryption, and other methods are used to protect sensitive information. The method of protection is based on the sensitivity of the data that is shared with customers and other third parties under contract to do business with Everest.
We take particular care when working with third parties, only sharing personal data with affiliates, business partners, third-party service providers, or vendors when we have a legitimate business purpose for doing so. We ensure contractual requirements, including confidentiality clauses, are in place to ensure Everest's data protection principals are adhered to.
Your Rights and Choices
Subject to certain conditions and limitations, you may have the following rights with respect to personal information about you. If you are a resident of California, the CCPA provides you with specific rights regarding your personal information subject to certain exceptions. This section describes your rights and how to exercise those rights:
Right to Know
You have the right to know what data we have collected about you over the past 12 months, including:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information is collected;
- The business or commercial purpose for collecting your personal information; and
- The specific pieces of personal information we have collected about you.
- If we disclosed your personal information for a business purpose, a list identifying the personal information categories that each category of recipient obtained.
Right to Access Specific Information and Data Portability Rights
You have the right to request a copy of the personal information held by us and access that information in portable, electronic format, free of charge. You may not request this information more than twice in a 12-month period.
Right to Delete
You have the right to request that we delete the personal information we have collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete and if applicable, direct our service providers to delete, your personal information from our records, unless an exception applies. In the event that you choose to exercise this right, please note that we (or our service provider) may nevertheless retain your personal information as permitted under applicable law, including, but not limited to for the following purposes:
- Complete your transaction;
- Provide you a good or service;
- Perform a contract between us and you;
- Take actions reasonably anticipated within the context of our ongoing business relationship with you;
- Detect security incidents, protect your security against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Fix our system in the case of a bug;
- Protect the free speech rights of you or other users;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws;
- Comply with a legal obligation; or
- Make other internal and lawful uses of the information that are compatible with the context in which you provided it.
Right to Correct
You have the right to request that we amend any inaccurate personal information that we have about you.
Right to Restrict Processing
You have the right to ask us to restrict processing your personal information in the following situations:
- where you contest the accuracy of your personal information;
- where the processing is unlawful and you do not want us to delete your personal information;
- where we no longer need your personal information but you require the data in relation to a legal claim; or
- where you have objected to us processing your personal information pending verification as to whether or not our legitimate interests override your interests or in connection with legal proceedings.
When you exercise this right we may only store your personal information and not further process the data unless you consent or the processing is necessary in relation to a legal claim or to protect the rights of another person or legal person or for reasons of important public interest.
Right to Object
You have a right to object at any time to the processing of your personal information where we process your personal information on the legal basis of pursuing our legitimate interests.
Personal Information Sales Opt-Out and Opt-In Rights
If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time (the "right to opt-out"). However, we do not sell the personal information of any consumers, regardless of age.
Exercising Your Rights
To exercise the rights described above, please submit a verifiable consumer request to us by either:
- Calling us at 844-949-2272; or
- Visiting https://www.everestre.com/About-Everest/Privacy-Security-and-Trust and submitting a verifiable request through our Privacy Portal.
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. Please note that if you authorize an agent to make a request on your behalf, the authorized agent will be required to provide proof of written authorization from you to make such a request as well as verify their own identity with Everest. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
- Providing information such as policy number, claim number, broker name, broker agency name, date of loss, line of business, dates of employment in addition to basic information such full name, email address, phone number.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within thirty (30) days of its receipt. If we require more time (up to [45/90] days), we will inform you of the reason and extension period in writing.
We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
This site it not intended for children, and we do not knowingly collect, use, or disclose information of children under the age of thirteen (13) without the consent of their parents or legal guardians. In an instance where such information was collected, it would be purely accidental and unintentional.
We will not discriminate against you for exercising any of your rights. Unless permitted by law, we will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, certain financial incentives can result in different prices, rates, or quality levels permitted by the law. We do not provide any following any CCPA-permitted financial incentives.
Other California Privacy Rights
California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to Dataprivacy@everestre.com or write us at 477 Martinsville Road, Liberty Corner, NJ 07938.
Changes to our Privacy Notice
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice's effective date. Your continued use of our products, services, and Website following the posting of changes constitutes your acceptance of such changes.
Privacy Portal: https://www.everestre.com/ccpa
Everest Reinsurance Company
Attn: Law Department
477 Martinsville Road
Liberty Corner, NJ 07938