California Consumer Privacy Notice

Maintaining the privacy and security of your personal information is McGriff’s Disclosure 1 1 McGriff Insurance Services, Inc. (we, us, our) CA License #0C64544.  highest priority. In doing so, we want to provide transparency regarding how and why your data is collected, how it is used, and with whom it may be shared. This document, as well as McGriff’s Privacy Notice and Online Privacy Practices(opens in a new tab), set forth how we will interact with your personal information. Specifically, it provides information on how you may exercise your rights under California law. This Notice is directed to consumers who reside in the state of California. That said, all of our clients are welcome to submit questions or requests about their data.

It is important to note that McGriff does not sell your data. To be clear, McGriff has not and will not disclose or sell any consumer Personal Information to third parties for business or commercial purposes. Because such sales do not occur and would violate company policy, there is no link on our websites to opt-out of such activity.

One of McGriff’s privacy principles is that our clients own their data. To help ensure transparency around our handling of consumer data, we have established a Consumer Submission template to facilitate requests related to accessing and potentially deleting your information. This template helps us meet certain legal and compliance requirements such as those under the California Consumer Privacy Act (CCPA). It also provides non-CA clients a mechanism to make similar requests. 

McGriff’s Privacy Notice and Online Privacy Practices(opens in a new tab) provide consumers details about our practices concerning the privacy of your data. This notice provides further information about our practices, along with details concerning how “Consumer Access” (“Right to Know”) and/or “Right to Request Deletion” requests may be submitted. This notice is designed to provide additional information not covered elsewhere on our site, and to ensure compliance with the notice provisions of the CCPA.

The following are some general notes about McGriff’s practices related to the collection, use and sharing of consumer data:

As a financial institution, it is necessary for us to collect certain personal information from and/or about our clients in order to provide our products and services, fulfill consumer requests, to comply with the federal and state laws and other legal obligations. Below is a list of categories of data we may collect about our clients:

• Personal Information (“information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household,” as defined in the CCPA)
• Demographic/Protected class information
• Biometric information (ex: voice recordings when you contact a Call Center or leave a voicemail for a McGriff teammate)
• Commercial information
• Professional or employment-related information
• Education information
• Geolocation (ex: your IP address when visiting a McGriff website)
• Internet or other electronic network activity information
• Audio, electronic, visual, thermal or olfactory information
• Personally Identifiable Health Information
• Background/criminal record
• Marketing opt-out/preference information
• Inferences drawn from any of the above information

It is necessary for McGriff to share certain client data with affiliates and/or trusted service providers in order to provide our products and services, and to comply with legal and contractual obligations. When engaging such service providers, McGriff ensures that such partners will maintain the information in accordance with our privacy and security standards, and only use the data for the use(s) specified in the contract. While certain McGriff activities and responsibilities may be outsourced, McGriff recognizes and embraces ultimate accountability for the privacy and security of the data entrusted to us.

As noted above, it is a violation of the McGriff Consumer Privacy Notice to share consumer information with non-affiliated third parties for their marketing purposes. Consumer information will not be shared with third parties (non-service providers) absent prior authorization from the client or their agents.

As noted above, it is a violation of company policy to sell client or consumer data. To be clear, McGriff has not disclosed or sold any personal information to third parties for a business or commercial purpose in the preceding 12 months. Therefore, there is no opt-out for the sale of data provided on our website, since there is no activity to opt out from. 

Consumers may exercise their “Right to Know” under the CCPA to request that McGriff disclose categories of information we may have collected about them over the last 12 months, the categories of sources from which that information was collected, the business or commercial purpose(s) for which the information was collected, and the categories of third parties with whom we share personal information.

Consumers are welcome to submit requests for more information by visiting our Consumer Rights Request Portal, hosted by OneTrust:

• To submit a data access request for yourself, click here(opens in a new tab)
• To submit a data access request on behalf of another individual, click here(opens in a new tab)
• To dispute or appeal a prior data access request, click here(opens in a new tab)

Consumers are also welcome to submit requests by calling 888-711-4801.

All requests must be verified prior to receiving a response, using McGriff authentication protocols. Requesters will be asked to supply certain basic Personal Information to enable us to validate the requestor is the consumer who is subject to the request, such as name, social security number and address. Information submitted for verification purposes will only be used to verify the requestor’s identity and/or authority to make a request on another’s behalf.

Requests made on another person’s behalf can only be accepted upon receipt of documentation that the requestor is an authorized agent, parent or legal guardian of the consumer whose information is being requested. This will require the submission of a valid Power of Attorney, Birth Certificate, approved Truist authorization form, Guardianship Order or other court order granting authority to receive information, as appropriate.

Upon submission of a request, CA consumers will receive an initial response confirming receipt within 10 days. A full response will be provided to CA consumers within 45 days (unless an extension of up to 45 additional days is requested, upon which the consumer will receive notice and an explanation for the extension).

Please note that McGriff is taking advantage of the exemption within the CCPA for data collected pursuant to the Gramm-Leach-Bliley Act (GLBA). This enables us to best protect the security of our clients when responding to requests. Data provided pursuant to GLBA is often highly sensitive Personal Information, including financial data, that could lead to identity theft should it land in the wrong hands. Therefore, specific pieces of data collected pursuant to GLBA will not be provided through the Consumer Rights Access Request Portal. 

Consumers also have a right under the CCPA to request deletion of their Personal Information collected or maintained by McGriff.

The submission methods, authentication protocols, and time frames for response are identical to those referenced above in the “Consumer Access Requests” section. Keep in mind that the GLBA exemption and other legal exemptions may also apply to these requests. For example, McGriff cannot delete data provided by a client to service an active (or recently active) account, because such data is still needed to provide the product or service and/or meet legal retention requirements. Another example would be the inability to delete certain data that is subject to a legal hold.

McGriff will explain in its response the manner in which it has deleted the personal information. Or, if an exemption applies restricting McGriff’s ability to delete the data, McGriff will describe the basis for the denial of the request in its response. Should an exemption apply precluding the destruction of the data, McGriff will not use the consumer’s personal information for any other purpose than provided for by that exemption (for example, if certain data cannot be deleted due to a legal hold, we will ensure that such data is no longer used for McGriff marketing purposes). 

The submission of a Right to Know or Right to Request Deletion request will have no impact on the service and/or pricing you receive from McGriff Insurance Services. It will not result in any denial of goods or services, or different prices, rates or quality of goods or services. 

This California Consumer Privacy Notice may be revised from time to time, so please review this page periodically. Any changes will become effective when we post the revised notice on the site (please note the effective date listed at the bottom of this page). If we revise this or other privacy notices in a manner that materially changes our privacy practices, we will provide conspicuous notice on our website and provide direct notice to our clients.

If you have any questions or comments on this notice or our privacy practices generally, please contact us at 888-711-4801. 

Effective 03/01/21