Site loading image

eFinancial Privacy Policy

 

Last updated: 6/21/23This Privacy Policy describes how eFinancial, LLC (“we,” “us,” or “our”) processes your personal information when you interact with us online or offline. We generally collect, use, and disclose the information you provide to: prepare insurance quotes, contact or respond to you, complete the application process, and make special offers to you related to insurance products and services.

Consistent with our commitment to your privacy, we provide more detail below on our practices concerning your personal information and what choices you have with respect to the data we collect. As part of our privacy commitment, we take the security of your information very seriously. Our security efforts include establishing a Vulnerability Security Policy, which you can view here.

If you are a California resident, please see our California Privacy Policy, which provides additional details about how we handle your personal information and how you can exercise your rights under the California Consumer Privacy Act.

Collection

We collect the following categories of personal information:

  • Contact Information. This includes details such as your name, mailing address, or email address.
  • Government Identification Numbers. This includes details such as your driver’s license number and social security number.
  • Demographic Details. This includes details such as your age, citizenship, marital status, and sex.
  • Medical Data. This includes details such as your past or current treatment, diagnoses, and disabilities as well as information concerning conditions such as pregnancy.
  • Employment Data. This includes details such as your income and employment details.
  • Internet Activity. This includes details such as your IP address, activity on our website, and other data points that may be collected by cookies.

Uses

We generally use your personal information for purposes related to providing you with information on services (such as insurance) you seek, communicating with you, complying with our legal obligations, and taking steps to operate our business. Below you will find more detail why we use your information and what data is used for each purpose:

Purpose Data Categories Involved
Personalize the website experience to deliver content, products, and service offerings relevant to your interests. Maintain or improve the safety, security, and integrity of our website, information systems, databases, and other technology assets Internet Activity
Respond to legal requests Contact Information, Internet Activity, Medical Data, and Demographic Information.
Provide you with the services that you request, such as by completing transactions, processing registration, providing quotes, or processing your application for one of our products Contact Information, Coverage Amount, Government Identification Numbers, Date of Birth, Demographic Details, Medical Data, and Employment Data.
Communicate with you, such as responding to inquiries or providing you with information about products that may be of interest Contact Information, Demographic Details, Medical Data, and Employment Data.

We may also use your information to comply with our legal obligations and exercise (or defend ourselves against) legal claims.

We do not use your information for automated processing (a concept known as “profiling” in some states) that produces a legal or similarly significant effect. And, where legally required, we will obtain consent before processing information that applicable laws consider sensitive.

We use deidentified data for certain purposes, including to perform statistical and other analyses and to conduct research to improve our products and services. We will maintain the data in deidentified form and will not attempt to reidentify the information. If we disclose deidentified information to another entity, we will do so in a way that is designed to prevent reidentification.

Disclosures

We may disclose your personal information to our vendors, who can only use the information for purposes we specify. We also disclose the personal information we collect to trusted third parties: advertisers/marketers (who help us promote our products), brokers/service providers (who may offer you relevant products), and insurance companies (when you request a quote or purchase a policy). Sometimes we will also disclose your information to other third parties to comply with our legal obligations, exercise/defend legal claims, or complete a corporate reorganization (such as a merger, asset sale, etc.).

We disclose to third parties all of the categories of personal information we collect, but the information we provide varies based on the recipient. For example, we provide more sensitive information—such as medical details and government identification numbers—to insurance companies because they need it for evaluating your policy requests, while brokers and our advertisers/marketers receive more benign details.

Sales and Advertising

We may sell your personal information—specifically, your name, contact information, date of birth, coverage amount, medical data, demographic details, and internet activity—to third parties so that they can market insurance products that may be of interest to you. Specifically, the types of third parties we may sell your information to are: financial institutions, payment processors, and our business communication and collaboration partners.

Additionally, if you visit our website, we allow third-party advertising networks to collect your personal information—specifically browsing history and internet activity—using cookies. They use this information to provide you with more relevant advertisements. This is commonly known as “targeted advertising,” and some states—including Colorado and Connecticut—consider it to be a sale of your information.

You can find more information about how we use cookies in the Cookies & Similar Interactive Technologies section below. f you would like to limit the use of these targeted advertising cookies, we explain how to do so in the Your Choices section below.

Sale of Assets of Sale of eFinancial

If in the future, eFinancial or substantially all of its assets are acquired, the information we collect through this website from you or other customers will likely be transferred to the acquiring party.

Cookies and Similar Technologies

We use cookies to enhance user experience and to analyze the performance and traffic on our website. We may also contract with partners that utilize ad-serving technology including Google Ads and remarketing, which tracks user interactions with our website in order to present personalized advertisements.

In addition to the advertising cookies noted above, we use other cookies on our website to ensure the site functions and to improve the user experience. One of the cookies we use is for Google Analytics. We use Google Analytics on our website to help us better understand how consumers interact with our website, such as what they engage with on the site, what they search for when they visit certain pages, and what type of content they prefer. The information we gather gives us insights to improve your online experience, refine our products/ services, and more. You can learn more about Google Analytics, including how Google uses information collected with its tool, by clicking here to view Google’s explainer on their uses of information from sites using Google Analytics.

Interactive Services Notice, Consent, and Disclaimers

This website may provide interactive features, including features such as session replay and other tracking related to your activities on this website. You agree that we may record and retain a transcript of all communications via these features and/or may record or recreate your activity while using the website, in order to provide services, enhance your website experience, and for quality and verification purposes. We may work with trusted service providers to analyze, store, and/or use this data on our behalf. Your use or access of any of these features or of our website is governed by this Policy and our Terms of Use.

Your Choices

We believe in empowering individuals to make decisions about their information by providing clear explanations of our practices, describing various choices you can make regarding your information, and respecting applicable privacy rights guaranteed by state law. We outline these choices and rights below.

Limiting Targeted Advertising
If you do not want cookies to collect your information for targeted advertising, you can change your browser settings to reject all cookies. Doing so may cause portions of this site to not function properly. You can also configure your browser to send a “do not track” signal. We respond promptly to those signals. Alternatively, you can use the industry-approved opt-outs by visiting: https://optout.networkadvertising.org/?c=1 or https://optout.aboutads.info/?c=2&lang=EN.

If you live in Colorado, Connecticut, or Virginia, we offer additional ways below to limit targeted advertising in accordance with state law.

Stopping eFinancial Offers
In general, if you do not wish to be contacted at all with offers from us or our partners, you should not provide any personal contact information through this website.

If you do provide us your information, we may use that data to send you offers we believe would be of interest to you. If you wish to unsubscribe from receiving any email offers from us, simply click the unsubscribe link here.

If we received your information from third parties, unsubscribing from our emails will not stop them from emailing you future offers. If you do not want them to contact you, you will need to follow their unsubscribe procedures.

Changing Information
If you wish to change your information or believe you received a communication from us in error, please email us at [email protected]. We’ll respond to your inquiry via email, and we’ll notify you about the action we’ve taken.

Exercising Privacy Rights

Some states have passed laws granting individuals certain rights with respect to their data. We discuss those rights below. If you are not in one of those states, we will continue to protect and limit the use of your information as described elsewhere in this policy.
If you are a Colorado, Connecticut, or Virginia resident, you have the rights discussed below. We understand the importance of these rights, and we will not discriminate against you for exercising them.

  • Right to Access. You can request that we confirm whether we have your personal data and, if we do, to provide you access to that data. You can also request that we provide you a copy of the personal data that you provided to us.
  • Right to Delete. You can request that we delete any of your personal information that we have collected.
  • Right to Correct. You can request that we correct inaccurate information about you.
  • Right to Opt-Out of Sale. You can request that we do not sell your personal information.
  • Right to Opt-Out of Targeted Advertising. You can request that we do not use your information for targeted advertising.

We only honor verifiable consumer requests. You can submit such a request by:

  • Completing the form on our privacy portal;
  • Calling 888-305-7832; or
  • Directing your authorized agent to submit a request using our agent and vendor privacy portal. But an agent can only submit an opt-out request, and the request must concern a Colorado or Connecticut resident.

Only you or your authorized agent may make a request related to your personal information, unless the personal information concerns a person younger than 13-years old. If you rely on an agent, we require they provide a signed permission from you and may ask you to confirm that you authorized the agent to act on your behalf. For minors, a parent or guardian must make the verifiable consumer request on the minor’s behalf.

We can only honor a request after we verify your identity. We will attempt to verify your identity by comparing the information you (or your agent) provide us with the details we have in our records. Sometimes we may ask for additional information to help us in the verification process. When you rely on an agent, we may require you to confirm your identity with us.

If you disagree with our decision on your request, you can file an appeal by completing the form on our privacy portal.

Marketing Practices

We collaborate with advertising companies and other marketers to promote our service. We work to ensure that companies advertising for us follow applicable legal and ethical guidelines. We do not tolerate any spam or unethical/unauthorized emailing marketing of any kind. Before working with an advertiser, we require that their email lists have all been generated by people opting in to receive offers and that they maintain an “Unsubscribe”/”Remove List”. If you believe that you have received one of our emails, and you did not provide consent to receive these offers, please forward the email to [email protected]. We will take the necessary action to resolve the matter.

Policy Changes

We reserve the right to amend this Privacy Policy at any time. If we make changes, we will post the updated policy on our website at www.efinancial.com and revise the “last updated” date on the policy. Any changes will become effective when we post the updated policy on our site.

You may request the prior version of our privacy policy before the most recent change by emailing us at [email protected].

Contact Us

If you have any questions or comments about this Privacy Policy, please do not hesitate to contact us at 888-305-7832 or [email protected].

Vulnerability Security Policy

Introduction

Vericity, the parent of Efinancial, LLC, is committed to ensuring the security of the American public by protecting their information. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and conveying our preferences about how to submit discovered vulnerabilities to us.

This policy describes what systems and types of research are covered under this policy, how to send us vulnerability reports, and how long we ask security researchers to wait before publicly disclosing vulnerabilities.

We encourage you to contact us to report potential vulnerabilities in our systems.

Authorization

If you make a reasonable faith effort to comply with this policy during your security research, we will consider your research to be authorized. Should legal action be initiated by a third party against you for activities conducted according to this policy, we will make this authorization known. We will work with you to quickly understand and resolve the issue, and Vericity will not recommend or pursue legal action related to your research.

Guidelines

Under this policy, “research” means activities in which you:

  • Notify us as soon as possible after you discover an actual or potential security issue.
  • Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data.
  • Only use exploits to the extent necessary to confirm a vulnerability’s presence. Do not use an exploit to compromise or exfiltrate data, establish persistent command-line access, or use the exploit to pivot to other systems.
  • Provide us with a reasonable amount of time to resolve the issue before you disclose it publicly.
  • Do not submit a high volume of low-quality reports.

Once you’ve established that a vulnerability exists or encounter any sensitive data (including personally identifiable information, financial information, proprietary information, or trade secrets of any party), you must stop your test, notify us immediately, and not disclose this data to anyone else.

Prohibited testing methods

The following test methods are not authorized:

  • Network denial of service (DoS or DDoS) tests or other tests that impair access to or damage a system or data
  • Physical testing (e.g., office access, open doors, tailgating), social engineering (e.g., phishing, vishing), or any other non-technical vulnerability testing
  • High intensity scanning that may affect the availability of Vericity’s systems and services.

Scope

This policy applies to Vericity Inc systems only. No third-party systems, service providers, or partners are in scope, e.g., Salesforce.

Any services not expressly listed above, such as any connected services, are excluded from the scope and are not authorized for testing. Additionally, vulnerabilities found in systems from our vendors fall outside of this policy’s scope and should be reported directly to the vendor according to their disclosure policy (if any). If you aren’t sure whether a system is in scope or not, contact us at [email protected] before starting your research.

Though we develop and maintain other internet-accessible systems or services, we ask that active research and testing only be conducted on the systems and services covered by the scope of this document. If there is a particular system not in scope that you think merits testing, please contact us to discuss it first.

Reporting a vulnerability

We accept vulnerability reports sent to [email protected]. Please encrypt the email using our PGP Public Key. Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within three business days.

Vericity Security_0x2B046F5A_public.asc
04 May 2022, 04:07 PM

What we would like to see from you (Optional)

To help us triage and prioritize submissions, we recommend that your reports:

  • Describe the location the vulnerability was discovered and the potential impact of exploitation.
  • Offer a detailed description of the steps needed to reproduce the vulnerability (proof of concept scripts and screenshots are helpful).
  • Be written in English, if possible.
  • Your disclosure plans, if any.
  • Your desire for public recognition (include your name and LinkedIn profile, if desired)

What you can expect from us

When you choose to share your contact information with us, we commit to coordinating with you as openly and quickly as possible.

  • We will acknowledge that your report has been received within three business days.
  • To the best of our ability, we will confirm the existence of the vulnerability to you and be as transparent as possible about what steps we are taking during the remediation process, including on issues or challenges that may delay resolution.
  • We will maintain an open dialogue to discuss issues.

Questions

Questions regarding this vulnerability security policy may be sent to [email protected]. We also invite you to contact us with suggestions for improving this policy. 

Recognition

We’d like to thank the following individuals who have responsibly disclosed a security issue in accordance with our security policy. We value and appreciate these security researcher’s help to make our products better.

  • Gaurang Maheta