This California Privacy Notice (“Notice”) is a supplement to AXIS’s Rest of the World Privacy Notice. It describes the way AXIS Collects and uses information and the specific rights of residents of California. In the event of a conflict between any other AXIS policy, statement, or notice and this Notice, this Notice will prevail as to California residents and their rights under California law.
THE CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
In accordance with the CCPA’s requirements, this Notice describes our Collection, use, and disclosure of California Consumers’ Personal Information (“PI”) during the preceding twelve months, as well as the rights California Consumers have under the CCPA. The specific pieces of PI we Collected about you may vary depending on the nature of your interactions with us and may not include all of the examples listed. Terms defined in the CCPA that are capitalized in this Notice have the same meanings as in the CCPA unless otherwise stated.
Consistent with the CCPA, job applicants, current and former employees and contractors, and subjects of certain business-to-business communications acting solely in their capacity as representatives of another business, are not considered Consumers for purposes of this Notice or the rights described herein.
We Collect and share PI about California Consumers as described in the table below.
|Category of PI||Category of recipients|
|(A) Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers||Service providers such as brokers, other insurers or reinsurers, credit reference agencies, claims administrators, adjusters and other claims experts, and service providers who supply back-office support|
|(B) Any categories of personal information: (any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. “Personal information” does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records)||Service providers such as brokers, other insurers or reinsurers, credit reference agencies, claims administrators, adjusters and other claims experts, and service providers who supply back-office support|
|(C) Characteristics of protected classifications under California or federal law:
Federally Protected Classes List
California Protected Classes List
Status as a victim of domestic violence, assault, or stalking
|Service providers such as brokers, other insurers or reinsurers, credit reference agencies, claims administrators, adjusters and other claims experts, and service providers who supply back-office support|
|(D) Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies|
|(E) Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement||Service providers such as analytics and advertising platforms|
|(F) Audio, electronic, visual, thermal, olfactory, or similar information|
|(G) Professional or employment-related information|
|(H) Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99)|
|(I) Inferences drawn from any of the information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes|
If you are an insured or potential insured, we may Collect PI from:
- you or your representative through the policy application process
- your family members or employer
- credit reference agencies
- anti-fraud databases
- sanctions lists
- relevant government agencies, including public registers or databases credit reference organizations
- credit reference organizations
If you are a claimant, we may Collect PI from:
- someone with a close relationship to you or who otherwise has authority to make a claim on your behalf
- others who are involved in the claim, including lawyers, witnesses, experts, and adjusters
- other public sources
We may also Collect PI indirectly from you, such as through user activity on our website.
We Collect PI for the following business purposes:
- Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
- Debugging to identify and repair errors that impair existing intended functionality.
- Short-term, transient use, provided the personal information that is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction.
- Performing services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.
- Undertaking internal research for technological development and demonstration.
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.
In addition, we may collect, use, and disclose your PI as required or permitted by applicable law, when requested or compelled by law enforcement or legal process, or in connection with contractual obligations. We do not treat deidentified data or aggregate consumer information as PI, and we reserve the right to convert, or permit others to convert, your PI into deidentified data or aggregate consumer information.
Subject to the CCPA’s restrictions and obligations, our service providers may use your PI for some or all of the above-listed business purposes (including to facilitate interest-based advertising and other advertising and marketing).
We do not “sell” California Consumer PI, including PI of minors under the age of 16, as “sell” is defined under the CCPA.
CCPA PRIVACY RIGHTS
Under the CCPA, California Consumers have certain rights which they may exercise independently or through an Authorized Agent. CCPA rights requests are subject to an identification and verification process. We will not fulfill a CCPA request unless we have been provided sufficient information for us to reasonably verify that the requestor is the Consumer about whom we Collected PI.
Some PI we maintain about Consumers (e.g., clickstream data) is not sufficiently associated with enough PI about the Consumer for us to be able to verify that it is a particular Consumer's PI. Accordingly, we will not include such information in response to Consumer requests. If we cannot comply with a request, we will explain the reasons in our response. We will use PI provided in your request only to verify your identity or authority to make the request and to track and document request responses, unless you also provided the PI to us for another purpose.
Your California Consumer privacy rights are described below. To make a request, you may fill out our California Consumer Rights Request Form or call us at 1 888 914 9661, PIN 292703. In making a request, you will need to verify that you are the authorized user of the subject email address/account and that you are a current resident of the State of California. Please follow the instructions on our website and promptly respond to any follow-up inquires so that we may confirm your identity. If you request that we provide you with specific pieces of information about you, we will apply heightened verification standards.
An Authorized Agent may submit a request on behalf of a Consumer if the Consumer has provided the Authorized Agent with power of attorney in accordance with California law; alternatively, we will (1) require the Authorized Agent to present verifiable written authorization from the Consumer that the Authorized Agent has the Consumer’s permission to submit the request; and (2) independently verify the Consumer’s own identity with us.
We may Collect, use, and disclose your PI as required or permitted by applicable law. Please note we are not obligated to comply with Consumer requests to the extent that doing so would infringe on our, or any other person's or party's rights, or conflict with applicable law.
You have the right to request that we disclose your PI that we have Collected and are maintaining for the 12-month period prior to your request date. Consumer requests of this nature may be made no more than two times in a 12-month period.
- The categories of PI we have Collected about you.
- The categories of sources from which we Collected your PI.
- The business or commercial purposes for Collecting or Selling your PI.
- The categories of third parties with whom we have shared your PI.
- The specific pieces of PI we have Collected about you.
- A list of the categories of PI disclosed for a business purpose in the prior 12 months, or that no disclosure occurred.
- A list of the categories of PI Sold about you in the prior 12 months, or that no Sale occurred. If we Sold your PI, we will also list the categories of third parties to which we Sold PI, by categories of PI Sold for each Third Party.
You have the right to make or obtain a portable copy, no more than twice in a 12-month period, of your PI that we have Collected in the period that is 12 months prior to the request date and are maintaining. Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.
You may request that we delete any PI we have Collected directly from you. After we have received your request to delete, and have verified your identity, we will delete your information except as allowed by the CCPA, and will direct any service providers which received your information from us to delete your information.
As allowed by the CCPA, we will not delete your personal information, even following a verifiable consumer request, if it is necessary for us or our service providers to maintain the information in order to:
- Complete the transaction for which the personal information was collected, provide a good or service you requested, or reasonably anticipated within the context of a business’s ongoing business relationship with you, or otherwise perform a contract between us and you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent.
- To enable solely internal uses that are reasonably aligned with the expectations of consumers based on your relationship with us.
- Comply with a legal obligation.
- Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
We will retain a record of the deletion as required by law.
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights.
CALIFORNIA'S “SHINE THE LIGHT” LAW
California law permits customers in California to request certain details about how their personal information is shared with third parties and, in some cases, affiliates if that personal information is shared for those third parties’ and affiliates’ own direct marketing purposes. We do not share personal information with third parties or affiliates for those third parties’ or affiliates’ own direct marketing purposes. Californian customers may request such information by contacting us at [email protected] or 52 Lime Street, London EC3M 7AF.
To make a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident, and provide your current California address to which we will send our response. Your inquiry must specify “California Privacy Rights Request” in the subject line of the email or the first line of the letter and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year.:
NOTE: As all of these rights and your CCPA rights exist under different legal regimes, you must exercise your rights under each law separately.
How to Contact Us
Please address all inquiries, requests, and other communications regarding your personal information or this Privacy Notice to:
Contact: Data Protection Officer
Email: [email protected]
Address: 52 Lime Street, London EC3M 7AF
Effective date:24 June 2022 v1.0