Privacy Policy

ProAssurance Corporation Privacy Policy

Effective Date: August 21, 2023

a. Summary:

This Policy describes how We obtain and use personal data (which can be used to identify a specific individual) and anonymous data (which can’t) about Our users. Certain provisions of the Policy, which are clearly labelled, apply only to residents of the European Union or the states of Nevada and California. We need some Personal Data about you (i.e., email for account creation, name and address information to perform mailing and/or verify payments) in order to provide you certain products and services (the “Services”). We try to limit this as much as possible.

b. Who We are:

The “We” in this document is ProAssurance Corporation and its affiliated companies (the “ProAssurance Companies” or the “Company”). A list of those companies and programs may be found at: Investor.ProAssurance.com. To simplify the reading of this document, We could also describe ourselves as the "Company," “Us” or “Our.”  We have adopted this policy as of its effective date and are publishing it so you may understand how We may use the information gained, collected or processed about you.

c. Information We collect:

We collect information from you when you visit ProAssurance websites, including ProAssurance.com and medmarc.com (each, Our "Website") or when you upload forms or information to Our Website.

We also collect information when you fill out paper forms such as underwriting applications or send Us paper correspondence.  Some of the information you supply can be transcribed or scanned into databases or other information repositories that We maintain.

d. This policy applies to information We collect:

• On this Website; in email, text, and other electronic messages between you and this Website; and when you interact with applications we utilize on third-party websites and services if those applications include links to this Policy (collectively referred to as Our “Online Services”); and
• Information you provide in paper format

It does not apply to any other information:

• We collect by any other means, including on any other website We operate or one operated by a third party; or
• Collected by a third party, including through any application or content (including advertising) that may link to or be accessible from the Website.

e. EU and California or Nevada Specific Provisions:

Certain provisions of the Policy apply only to residents of the European Union (the “EU”) or residents of the state of California or Nevada and are clearly labeled as such. Otherwise, the Policy applies to all users of our Services, regardless of location.

Please read this Policy carefully to understand Our policies and practices regarding your information and how We will treat it. If you do not agree with our policies and practices, your choice is not to use Our Online Services. By accessing or using the Online Services, you agree to this Privacy Policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of the Online Services after We make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Our Website is not intended for children under 16 years of age. No one under age 16 may provide any information to or on the Website. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on this Website or through any of its features, register or create an account on the Website, use any of the interactive or public comment features of this Website, or provide any information about yourself to Us, including your name, address, telephone number, email address, or any screen name or user name you may use. If We learn We have collected or received personal information from a child under 16 without verification of parental consent, We will delete that information. If you believe We might have any information from or about a child under 16, please contact Us at PrivacyPolicy@ProAssurance.com.

California and Nevada residents under 16 years of age may have additional rights regarding the collection and sale of their personal information. Please see Your California and Nevada Privacy Rights for more information.

As used in this Policy, “Personal Data” has the meaning provided in the EU General Data Protection Regulation of 2018 (the “GDPR”), and includes any information which, either alone or combined with other information We hold, identifies an individual, such as name, mailing address, email address, IP address or telephone number. By contrast, “Anonymous Data” means any data that, alone or combined with other information available to Us or a third party, does not permit identification of an individual. We collect both Personal Data and Anonymous Data as set forth below.

We collect several types of information from and about users of Our Online Services.  You may submit to Us, through Our Online Services or by other means, information including:  

By which you may be personally identified, such as name, postal address, e-mail address, telephone number, social security number, medical records, taxpayer identification numbers, information surrounding claims, notice of claims and coverage determinations, letters of credit, credit instruments, debt information, actuarial information including pricing, premiums and loss analysis, documents prepared in the context of the hiring process such as job applications, resumes, certifications and educational or training records and professional licensing numbers and national practitioner Identification number (“NPI”). "personal data"

• That is about you but individually does not identify you, such as anonymized marketing and reporting data; and/or
• About your internet connection, the equipment you use to access Our Online Services, and usage details.

We collect this information:

• Directly from you when you provide it to Us.
• From an agent or broker acting on your behalf.
• From licensing or regulatory entities.
• From third party organizations that provide financial, marketing and business analytics.
• From entities associated with claims in which you are a party.
• From peer review documents. 
• Automatically as you navigate through the Online Services. Information collected automatically may include usage details, IP addresses, and information collected through cookies and other tracking technologies.

Information You Provide to Us

The information We collect on or through Our Online Services may include:

• Information that you provide by uploading or filling in forms on Our Online Services. This includes information provided at the time of registering to use Our Online Services, subscribing to Our service, posting material, submitting information relating to a claim or loss, or requesting further services. We may also ask you for information when you report a problem with Our Online Services and this information may be preserved, including any telephone conversation you may have with Our employees.
• Records and copies of your correspondence (including email addresses), if you contact us.
• Your responses to surveys that We might ask you to complete for research purposes.
• Your search queries and download history on the Online Services.
• Information you supply to Us in connection with the preparation of an insurance quote.

As you navigate through and interact with Our Online Services, We may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

• Details of your visits to Our Online Services, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Online Services.
• If you visited other ProAssurance Companies’ websites, We will place a cookie associated with that company and use it to associate any information you supplied that company with any other ProAssurance Company website you may visit to minimize any data you may have to enter. No personal information is stored on that cookie.
• Information about your computer and internet connection, including your IP address, operating system, and browser type.

Google Analytics.  We use Google Analytics to understand how you and others navigate on our web site. Pursuant to our agreement with Google, certain information about you is gathered by their software. A description of how Google uses this information can be found at Google.com/Policies/Privacy/Partners. Google updates this policy from time to time so you should periodically review this site.

The information We collect automatically is only statistical data and does not include personal information. It helps Us to improve our Online Services and to deliver a better and more personalized service, including by enabling Us to:

• Estimate Our audience size and usage patterns.
• Store information about your preferences, allowing Us to customize Our Online Services according to your individual interests.
• Speed up your searches.
• Recognize you when you return to Our Online Services.

The technologies We use for this automatic data collection may include:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser; however, if you select this setting you may be unable to access certain parts of Our Online Services. Unless you have adjusted your browser setting so that it will refuse cookies, Our system will issue cookies when you direct your browser to Our Online Services.
• Web Beacons. Pages of Our Online Services and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

We need certain Personal Data in order to provide you with certain products and Services. You will be asked to provide this information — and by doing so demonstrate that you agree to this Policy and its Terms. This consent, which you may withdraw at any time, provides Us with the legal basis We need to process your Personal Data. If you do not agree to this Policy, you may not use Our Services.

Who We Are: For the purpose of the GDPR, the data controller of your Personal Data is ProAssurance of 100 Brookwood Place, Suite 300, Birmingham, AL 35209. You may contact Us at PrivacyPolicy@ProAssurance.com.

b. Must Read Sections: Please carefully review the sections entitled “Data Security and International Transfer” and “Your Rights Regarding Personal Data.”

Summary:

We never sell Our users’ Personal Data. To provide the Services, We share Personal Data with service providers who are contractually obliged to comply with all applicable laws (i.e., GDPR and other data privacy laws) and who only have access to the Personal Data required for them to provide the relevant Services. We may share Personal Data among our various affiliates, all of whom are bound by this Policy, and with an acquirer if We are sold or merged. Finally, We can disclose Personal Data where required by law or where We believe it is necessary to protect our rights or those of Our other users.

We use information that We collect about you or that you provide to Us, including any personal information:

• To present Our Online Services and its contents to you.
• To provide you with information, products, or services that you request from Us.
• To fulfill any other purpose for which you provide it.
• To provide you with notices about your account, including expiration and renewal notices; claims status; cancellation; non-renewal; and expiration notice.
• To issue certificates of insurance to providers of services that you direct Us to send
• To carry out Our obligations and enforce Our rights arising from any contracts entered into between you and Us, including for billing and collection.
• To notify you about changes to Our Online Services or any products or services We offer or provide through it.
• To advise you about risk management seminars or new trends in risk management
• To allow you to participate in interactive features on Our Online Services.
• To promote the products and services or send you other marketing information. EU users must actively choose to receive marketing communications. Users elsewhere (and those in the EU who have previously opted in) may always elect to stop receiving such communications.
• In any other way We may describe when you provide the information.
• For any other purpose with your consent.

We may also use your information to contact you about Our own goods and services that may be of interest to you. For more information, see Choices About How We Use and Disclose Your Information.

We may disclose aggregated information about Our data subjects in Our systems, and information that does not identify any individual, without restriction.

We may disclose personal information that We collect or you provide as described in this Privacy Policy:

• To Our subsidiaries and affiliates.
• To contractors, service providers, and other third parties We use to support Our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which We disclose it to them.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Us about Our Online Services users is among the assets transferred.
• To fulfill the purpose for which you provide it.
• For any other purpose disclosed by Us when you provide the information.
• To verify that you are a customer of ProAssurance in circumstances where you have indicated this to a third party and they are seeking confirmation.
• With your consent.
• To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
• To enforce or apply our terms of use (ProAssurance.com/Legal-Disclaimer) and other agreements, including for billing and collection purposes.
• If We believe disclosure is necessary or appropriate to protect the rights, property, or safety of ProAssurance, Our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Summary:

We strive to protect the safety and security of all data in our possession, including Personal Data, through a variety of means, and We continually work to improve and update these practices. However, We cannot and do not guarantee the security of Personal Data We process. As noted elsewhere in this Policy, Personal Data may be transferred to jurisdictions with less strict privacy and related regulations than those in your home country, including the U.S., but We employ technical and other measures that comply with EU regulations to protect Personal Data belonging to EU residents when processed in the U.S.

We use physical, technical and administrative measures to safeguard Personal Data. While We strive to protect your Personal Data, no method of data transmission or storage is totally secure; therefore, We cannot guarantee the security of Personal Data in Our control. If you believe that any of your Personal Data may have been compromised by Us or the use of the Services, please contact Us immediately at PrivacyPolicy@ProAssurance.com.

Your information, including Personal Data that We collect from you, may be transferred to, stored at and processed by Us, our Affiliates and service providers outside your home country, including in the United States, where data protection and privacy regulations may not offer the same protections as in other parts of the world. When We do so, We will take the steps described in this Policy, which are designed to ensure that all Personal Data We or our vendors process (regardless of where it originates) is handled as required by the EU. By using the Services, you agree to the transfer, storing or processing of your data in accordance with this Policy.

• Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

We do not control third parties' collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.

You may also send Us an email at PrivacyPolicy@ProAssurance.com to request access to, correct or delete any personal information that you have provided to Us. We cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change information if We believe the change would violate any law or legal requirement, cause the information to be incorrect or if We need to maintain the information for a legitimate business purpose.

Your California and Nevada Privacy Rights

If you are a California or Nevada resident, there may be laws that provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, please visit our Privacy Notice for California Residents, which can be found at www.proassurance.com/privacy-policy/CA. To learn more about your Nevada privacy rights, please see the ProAssurance Privacy Notice for Nevada Residents, below.

Summary:

The GDPR grants EU residents certain rights regarding their Personal Data, including the right to access and modify Personal Data held by providers, and to have providers “forget” Personal Data that is no longer relevant. In some cases, you may exercise these rights from within the Services, but you may always contact Us to do so as well. Please include information about which rights you are seeking to exercise if you contact us. We may need to verify your identity before fulfilling your request.

We do not solicit or do business in Europe, but some of Our insureds and individuals associated with our business do reside in Europe and from time to time We receive job applications through Our Website from residents of Europe.  If you are a resident of Europe, you have the following rights with respect to your Personal Data that We process:

• Withdraw Consent: You may withdraw your consent to Our processing of your Personal Data, in whole or in part (i.e., for marketing purposes). Certain Services may be ineffective upon opt out.
• Access: You may access the Personal Data We hold about you at any time via your Account or by contacting Us directly.
• Modification: You may modify the Personal Data We hold about you at any time via your Account or by contacting Us directly.
• Erase and Forget: In certain situations, for example when the Personal Data We hold about you is no longer relevant or accurate, you can request that We erase your Personal Data.
• Portability: You may request a copy of your Personal Data and may always move it to other entities as you desire.

If you wish to exercise any of these rights, please contact Us at PrivacyPolicy@ProAssurance.com or as set forth below. In your request, please make clear: (i) what Personal Data is concerned; and (ii) which of the above rights you would like to enforce. For your protection, We may only implement requests with respect to the Personal Data associated with the email address you send your request from, and We may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable, but in any event within thirty (30) days of your request. We may need to retain certain information for recordkeeping purposes or to complete any transactions that you began prior to requesting such change or deletion

It is our policy to post any changes We make to our privacy policy on this page with a notice that the privacy policy has been updated on the Website home page. If We make material changes to how We treat Our users' personal information, We will notify you by one of the following means: email to the primary email address specified in your account, first class postal mail or through a notice on the Website home page. The date the Privacy Policy was last revised is identified at the top of this page. You are responsible for ensuring We have an up-to-date active and deliverable email and physical addresses for you, and for periodically visiting our Website and this Privacy Policy to check for any changes.

If you have questions, concerns, or complaints about this Policy or Our data collection or processing practices, or if you want to report any security violations, please contact Us at PrivacyPolicy@ProAssurance.com or by writing the address below:

ProAssurance Corporation

Attn: Legal Department

100 Brookwood Place, Suite 300

Birmingham, AL 35209

EU Users Only. We hope to resolve any complaint brought to Our attention promptly; however, if your complaint has not been adequately resolved, you may always contact your local data protection supervisory authority, a list of which is available here: EDPB.Europa.eu/About-EDPB/Board/Members_en.

We commit to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel regarding human resources data transferred from the EU in the context of the employment relationship. Please contact Us to be directed to the relevant DPA contacts at PrivacyPolicy@ProAssurance.com

ProAssurance Privacy Notice for Nevada Residents

Effective Date: January 1, 2020

This Privacy Notice for Nevada Residents supplements the information contained in ProAssurance's Privacy Policy (ProAssurance.com/PrivacyPolicy) and applies solely to all visitors, users, and others who reside in the State of Nevada. We adopt this notice to comply with the Nevada Privacy Law (NRS 603A.300- 603A.360) hereinafter, “NPL.”

Our Website collects or allows you to upload information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device ("personal information"). In particular, ProAssurance.com has collected the following categories of personal information from its consumers within the last twelve (12) months:

Category	Examples	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.	YES
B. Customer records personal information categories.	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	YES
C. Protected classification characteristics.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	YES
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	YES
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	NO
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.	YES
G. Geolocation data.	Physical location or movements.	NO
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	NO
I. Professional or employment-related information.	Current or past job history or performance evaluations.	YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	NO
K. Inferences drawn from other personal information.	Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	NO

• Publicly available information from government records.
• Deidentified or aggregated consumer information.
• Information excluded from the NPL’s scope, such as:
  • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or clinical trial data; and
  • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA), and the Driver's Privacy Protection Act of 1994.

• Directly from you. For example, from forms you complete or products and services you purchase.
• Indirectly from you. For example, from observing your actions on Our Website.
• Insurance brokers.
• Parties associated with the litigation of a claim or notice of a claim.
• Parties associated with an application of employment you initiate.

We may use or disclose the personal information We collect for one or more of the following business purposes:

• To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, We will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, We will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
• To provide, support, personalize, and develop Our Website, products, and services.
• To create, maintain, customize, and secure your account with Us.
• To process your requests, purchases, transactions, and payments and prevent transactional fraud.
• To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve Our responses.
• To help maintain the safety, security, and integrity of Our Website, products and services, databases and other technology assets, and business.
• For testing, research, analysis, and product development, including to develop and improve Our Website, products, and services.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• As described to you when collecting your personal information or as otherwise set forth in the NPL.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Us about Our Website users is among the assets transferred.

We will not collect additional categories of personal information or use the personal information We collected for materially different, unrelated, or incompatible purposes without providing you notice.

We share your personal information with the following categories of third parties:

• Service providers
• Insurance brokers
• Other business lines of insurance which could be of interest to you

Disclosures of Personal Information for a Business Purpose

In the preceding twelve (12) months, Company has disclosed the following categories of personal information for a business purpose:

• Category A: Identifiers.
• Category B: Customer records personal information categories.
• Category C: Protected classification characteristics.
• Category D: Commercial information.
• Category F: Internet or other similar network activity.
• Category I: Professional or employment-related information.

The NPL provides certain rights to Nevada residents in addition to the disclosures descried in sections 1-6 about the information We collect and how it is used.  These additional rights are described below:

a. Deletion Request Rights

You have the right to request that We delete any of your personal information that We collected from you and retained, subject to certain exceptions. Once We receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), We will delete (and direct our service providers to delete) your personal information from Our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for Us or Our service provider(s) to:

• Complete the transaction for which We collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of Our ongoing business relationship with you, or otherwise perform Our contract with you.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
• Debug products to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
• Comply with a legal obligation.
• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

b. Response Timing and Format

We endeavor to respond to a verifiable consumer request within Sixty (60) days of its receipt. If We require more time (up to 90 days), We will inform you of the reason and extension period in writing.

If you have an account with Us, We will deliver our written response to that account. If you do not have an account with Us, We will deliver Our written response by mail or electronically, at your option.

Any disclosures We provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response We provide will also explain the reasons We cannot comply with a request, if applicable.

If you have any questions or comments about this notice, the ways in which We collect and use your information described below and in the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under Nevada law, please do not hesitate to contact Us at:

Email: PrivacyPolicy@ProAssurance.com

Postal Address:

ProAssurance Corporation

Attn: Legal

100 Brookwood Place, Suite 300

Birmingham, AL 35209