INFORMATION SECURITY AND PRIVACY STATEMENT
As an independent insurance and business consulting firm, Viridis collects, maintains and handles personally identifiable information of clients, applicants and other consumers. Maintaining the security of this information is an important responsibility of our agency. This Information Security Program is designed to safeguard the security and confidentiality of client information, protect against any reasonably anticipated threats or hazards to the security or integrity of the information and protect against unauthorized access to, or use of the information that could result in harm or inconvenience to any client. This shall be accomplished through the administrative, technical and physical safeguards outlined in this Program.
COMPUTER SYSTEM SECURITY
We protect our computer system with anti-virus and pest detection software. All computers are scanned and updated on a regular basis. Firewall protection and filters are provided to protect access from unauthorized users. Security updates and patches are downloaded automatically. Our system network is password protected.
System information is backed up daily and stored off-site. Viridis has contracted with a third party data backup management company to retrieve a full backup of data in the event of a technology recovery. Software and carrier website passwords are changed or access removed when an employee leaves Viridis. Employees are instructed not to share their passwords or post them on or near their computers. Employees are instructed not to open and to delete e-mails from unknown sources.
The office reception area does not allow visitors access to client files or information. The receptionist computer screen is protected so that it cannot be seen by visitors. All Viridis doors are locked except during office hours when staff are present. Employees are given an entrance code for one door and the code is changed when an employee is terminated. All other doors on the premises are key-locked.
Client paper file information is kept in file cabinets in the appropriate division. Employees are instructed to take precautions so that client information is not easily visible by visitors or other clients. Client paper files are only taken off premises minimally by approved personnel and only on behalf of the client.
PROTECTION FROM HAZARD
Viridis’s office is equipped with smoke detectors and fire extinguishers. There is a written emergency plan in the event of an office disaster such as a fire.
We carefully select reputable vendors and require vendors to commit to follow Viridis’s security procedures and to keep any information they may handle in strict confidence.
All paper documents containing a client’s personal information are shredded on site. Any electronically filed information is destroyed before a computer is discarded.
EDUCATION AND AWARENESS OF AGENCY PERSONNEL
Viridis Resource Guide includes our Information Security Statement and our Privacy Notice. It also states the Pa Code Section 146c-Information Security Program Regulations. Employees are required to read and follow resource guide procedures as well as division procedures and policies to ensure information privacy and security.
REVIEW OF PROGRAM TO CONTINUALLY MANAGE AND CONTROL RISK
Once a year management will review our Privacy Notice and our Information Security Statement. The annual review will address and access any risk identified and update policies and procedures to control new risks.
SECURITY AND CONFIDENTIALITY
While your nonpublic personal information is under our control, access is limited to those employees who have a legitimate business need for such information with respect to serving your needs. In accordance with applicable state and federal regulations we maintain physical, procedural and electronic safeguards to protect the privacy and confidentiality of your nonpublic personal information. We carefully select reputable vendors and require them to commit to keep any information they may need to handle in strict confidence. We will endeavor to protect confidential and personal information we send to you electronically by encryption or other measures which make it more difficult for an unauthorized recipient to use, misuse or abuse it. The safety and security of your information also depends on you. You are responsible for keeping all your passwords confidential. You should not share your passwords with anyone. Unfortunately, nobody can guarantee you that your information is 100% secure against all threats. Although we endeavor to take industry standard measures to protect your information, we cannot guarantee the security of your Information transmitted to or from us electronically, including email. Any transmission of information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our websites or systems.
WHAT PERSONAL INFORMATION WE GATHER
We receive and store any information you enter on our web site or give us in any other way. You can choose not to provide certain information, but then you might not be able to use our service or take advantage of some of our features. We use the information that you provide for such purposes as responding to your requests, assisting you in purchasing our products, customizing future information offered to you, improving our web site and mobile experience, and otherwise communicating with you. We receive and store certain types of information whenever you interact with us. For example, like many web sites, we may use “cookies,” and we obtain certain types of information when your web browser accesses our web site or advertisements and other content served by or on behalf of us on other web sites. When you download or use applications created by us for your mobile device, we may receive information about your location and mobile device, including a unique identifier for your device. We may use this information to provide you with location-based services, such as advertising, search results, and other personalized content. Most mobile devices allow you to turn off location services; see your mobile device provider for instructions on how to do this. To help us make e-mails more useful, we often may receive a confirmation when you open e-mail from us if your computer supports such capabilities. We also compare our client list to lists received from other companies, in an effort to avoid sending unnecessary messages to our clients. If you do not want to receive e-mail or other mail from us, please adjust your communication preferences. We might receive information about you from other sources and add it to our account information.
WE DO NOT SELL YOUR INFORMATION TO OTHERS
Because we respect your privacy, except as described below, we do not sell, trade or otherwise disclose your identity or any other personal information about you to third parties. This includes information we obtain concerning all applicants, clients and former clients.
INFORMATION WE PROVIDE TO OTHERS
We disclose information about our applicants, clients and former clients as necessary to do business with them or as permitted or required by law in conjunction with our normal insurance operations. Here are some examples: We may share your information with companies whose products you apply for or buy. We may share your information with companies that perform services on our behalf to assist us in providing our products and services to you. These companies are required to keep your information confidential and secure. We may disclose information to others such as our claims adjusters and our attorneys in the processing of an insurance claim. We may be required by a court of law or subpoena to provide information in connection with a legal proceeding. We may share information with government agencies which conduct examinations of our procedures.
REVIEW OF PRIVACY NOTICE
We monitor, evaluate and adjust, as appropriate, the Privacy Notice in light of any relevant changes, such as: 1) changes in technology, 2) internal or external threats to personal information, and 3) any changes in Viridis’s business arrangements.