Privacy Policy and Disclosures

Purpose of this notice

The Gramm-Leach-Bliley Act (GLBA) and applicable State laws generally prohibit any financial institution, directly or through its affiliates, from sharing nonpublic personal information about you with a third party unless the institution provides you with a notice of its privacy policies and practices, such as the type of information that it collects about you and the categories of persons or entities to whom it may be disclosed. In compliance with the GLBA and the laws of this State, we are providing you with this document, which notifies you of the privacy policies and practices of Oswald Companies.

This Privacy Policy applies to information we obtain about individuals who inquire about or obtain products or services from us for personal, family or household purposes. If your relationship with us involves multiple lines of insurance coverage or financial products it is possible that you may receive more than one notice from us.

What Information We Collect and From Whom We Collect It

We may collect nonpublic personal information about you and your family members from the following sources:

• Information we receive from you on applications or other forms
• Information we receive from medical records or medical professionals
• Information we receive from personal interviews
• Information we may collect from individuals to assist in handling claims
• Information about your transactions with us, our affiliates, or others
• Information we receive from non-affiliated third parties (i.e. HR Departments)
• “Nonpublic personal information” is nonpublic information about you that we obtain in connection with providing a financial product or service to you.

What Information We Disclose and To Whom We Disclose It

In the course of our general business practices, we may disclose the information that we collect (as described above) about you or others without your permission to the following types of institutions for the reasons described:

• To a third party if the disclosure will enable that party to perform a business, professional, sales, marketing, or insurance function for us
• To an insurance institution, agent, or credit reporting agency in order to detect or prevent criminal activity, fraud or misrepresentation in connection with an insurance transaction
• To an insurance institution, agent, or credit reporting agency for either this agency or the entity to whom we disclose the information to perform a function in connection with an insurance transaction involving you
• To third parties in order to assist in the resolution of claims
• To a medical care institution to medical professional in order to verify coverage and/or benefits, conduct an audit that would enable us to verify treatment
• To an insurance regulatory authority, law enforcement, or other governmental authority in order to protect our interests in preventing or prosecuting fraud
• To a group policyholder for the purpose of reporting claims experience or conducting an audit of our operations or services
• To an actuarial or research organization for the purpose of conducting actuarial or research studies
• To an insurance carrier for the purpose of securing competing quotes prior to the renewal of an existing insurance policy

Our Practices Regarding Information Confidentiality and Security

We restrict access to your nonpublic personal information about you to those employees who need to know that information in order to provide products or services to you. We maintain physical, electronic, and procedural safeguards to protect your nonpublic personal information. Unfortunately, no data transmitted over or accessible through the Internet can be guaranteed to be 100% secure. As a result, while we attempt to protect all personal information, we cannot ensure or warrant that personal information will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a telecommunications network.

We will notify you in the event we become aware of a security breach involving your personal information (as defined by applicable law) stored by or for us. As indicated in this Privacy Policy, we collect nonpublic information about you, and this information may be disclosed to third-parties for purposes other than those permitted by GLBA or the State regulations. If you prefer that we not disclose this information, knowing that it may restrict our ability to provide competing renewal quotations, you may opt-out of such disclosures by contacting us with appropriate instructions.

We reserve the right to change this policy at any time. If we change this policy we will post the updated policy on our website.

If you have any questions after reading this Privacy Policy, please contact us by writing to Privacy Management, c/o Compliance Officer, Unison Risk Advisors; 1100 Superior Ave, Suite 1500, Cleveland, Ohio 44114.

Additional Provisions Under the EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA)

If you are subject to the GDPR, CCPA, or similar laws, you have the following rights:

• To access the personal data we maintain about you;
• To be provided with information about how we process your personal data;
• To correct your personal data;
• To request to have your personal data erased;
• To object to or restrict how we process your personal data;
• To request your personal data to be transferred to a third party.

To exercise the above rights, please contact us at the information we provide below. We will consider and process your request within a reasonable period of time. Please be aware that under certain circumstances, the GDPR may limit your exercise of these rights. We will retain your personal data only as long as necessary to process requests or other submissions, fulfill the terms of our service relationship with you, and comply with applicable law.

If you have a comment, question, or request related to the Privacy Policy or your personal data, please contact us by writing to Privacy Management, c/o Compliance Officer, Unison Risk Advisors; 1100 Superior Ave, Suite 1500, Cleveland, Ohio 44114.