Privacy Notice

At Crawford Yingling Insurance Agency (“we,” “our,” “us,” “the Company”), your privacy is important to us. We are committed to safeguarding your personal information in accordance with the Gramm-Leach-Bliley Act (GLBA) and other applicable privacy regulations. The Company is committed to protecting the privacy and confidentiality of personal data collected or processed during its business operations. This Data Privacy Policy outlines the principles and practices that govern the collection, use, and disclosure of personal data by the Company.

INTERPRETATION AND DEFINITIONS

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for You to access our Service or parts of our Service.

Application means the software program provided by the Company downloaded by You on any electronic device, named GloveBox.

Business, for the purpose of the CCPA (California Consumer Privacy Act), refers to the Company as the legal entity that collects Consumers’ personal information and determines the purposes and means of the processing of Consumers’ personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers’ personal information, that does business in the State of California.

Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Crawford Yingling Insurance & Risk Management, 58 West Main Street, Westminster, MD 21157.

For the purpose of the GDPR, the Company is the Data Controller.

Consumer, for the purpose of the CCPA (California Consumer Privacy Act), means a natural person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.

Country refers to: Maryland, United States

Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.

Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.

Do Not Track (DNT) is a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.

Personal Data is any information that relates to an identified or identifiable individual.

For the purposes for GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.

For the purposes of the CCPA, Personal Data means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with You.

Sale, for the purpose of the CCPA (California Consumer Privacy Act), means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer’s personal information to another business or a third party for monetary or other valuable consideration.

Service refers to the Application.

Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.

Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.

Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service.

GDPR PRIVACY

Legal Basis for Processing Personal Data under GDPR
We may process Personal Data under the following conditions:

  • Consent: You have given Your consent for processing Personal Data for one or more specific purposes.
  • Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with You and/or for any pre-contractual obligations thereof.
  • Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which the Company is subject.
  • Vital interests: Processing Personal Data is necessary in order to protect Your vital interests or of another natural person.
  • Public interests: Processing Personal Data is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Company.
  • Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Company.

In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

YOUR RIGHTS UNDER THE GDPR

The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights. You have the right under this Privacy Policy, and by law if You are within the EU, to:

  • Request access to Your Personal Data. The right to access, update or delete the information We have on You. Whenever made possible, you can access, update or request deletion of Your Personal Data directly within Your account settings section. If you are unable to perform these actions yourself, please contact Us to assist You. This also enables You to receive a copy of the Personal Data We hold about You.
  • Request correction of the Personal Data that We hold about You. You have the right to have any incomplete or inaccurate information We hold about You corrected.
  • Object to processing of Your Personal Data. This right exists where We are relying on a legitimate interest as the legal basis for Our processing and there is something about Your particular situation, which makes You want to object to our processing of Your Personal Data on this ground. You also have the right to object where We are processing Your Personal Data for direct marketing purposes.
  • Request erasure of Your Personal Data. You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it.
  • Request the transfer of Your Personal Data. We will provide to You, or to a third-party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which You initially provided consent for Us to use or where We used the information to perform a contract with You.
  • Withdraw Your consent. You have the right to withdraw Your consent on using your Personal Data. If You withdraw Your consent, We may not be able to provide You with access to certain specific functionalities of the Service.

EXERCISING OF YOUR GDPR DATA PROTECTION RIGHTS

You may exercise Your rights of access, rectification, cancellation and opposition by contacting Us. Please note that we may ask You to verify Your identity before responding to such requests. If You make a request, We will try our best to respond to You as soon as possible.

You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. For more information, if You are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.

INFORMATION WE COLLECT FROM WEBSITE ACTIVITY

When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically collected information as “Device Information.”

We may collect Device Information using the following technologies:

“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier.

“Log files” track actions occurring on the Site and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

“Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.

In addition, if you pay your bill or make another form of financial transaction with the Site, we collect certain information from you, including your name, billing address, payment information (including credit card numbers), email address, and phone number. We refer to this information as “Purchase Information.”

We use Device Information that we collect to help us improve and optimize our Site (for example, by generating analytics about how visitors browse and interact with the Site and to assess the success of our marketing and advertising campaigns).

PERSONAL INFORMATION WE COLLECT DIRECTLY FROM YOU

We may collect personal information, such as name, address, email, phone number, and job title, from customers, employees, and stakeholders. We collect personal information through various channels, such as our website, email, phone, and in-person interactions. We may also collect personal information from third-party sources, such as service providers and business partners.

In order to access certain Services, we may collect Personal Information directly from you, including throughout the quoting, application, or claims handling processes. The Personal Information you provide directly to us may include:

  • Identifiers and Contact Information. We may collect personal identifiers and contact information such as your name, address, email address, phone number.
  • Government-Issued Identifiers. We also may collect information such as your driver’s license number, social security number, or other government-issued identifiers.

We may collect Social Security numbers (“SSNs”) in the course of our business.  We strive to protect the confidentiality and security of SSNs in our possession, custody or control by: (i) limiting access to SSNs and (ii) maintaining reasonable administrative, technical and physical safeguards to protect against the loss, misuse or unlawful disclosure of SSNs.  We do not share SSNs for marketing purposes.

  • Account Details. If you register an account with us, we collect information such as your email, phone number, or user ID, and password used to login to your account.
  • Policy or Claims Information. This includes policy information, claim information, including materials you submit as part of your claim, information provided for roadside assistance services, or other information you choose to provide us.
  • Payment Information. If you pay a bill, we may collect information necessary to process your payment such as bank account information, billing address, and any other related information.
  • Commercial Information. We may also collect information about the products, services, or coverage you purchase.
  • Message Contents. We may collect your messages, email contents, or any other information you choose to provide when interacting with our customer service or agents.
  • Audio or Similar Information. If you speak with our customer service team by phone, we may collect a recording for quality assurance and training purposes.
  • Preferences. We may also collect information about the types of Services you use, your communications preferences, wish lists and other preferences you may select in your account or profile.
  • Other Information. We also collect information when you complete online forms, surveys, or leave us product reviews. We will also collect any other information you choose to provide.

We collect information directly from you when you request a quote, apply for insurance, file a claim, or communicate with us. We may also collect information from third parties such as credit reporting agencies, government agencies, or other entities when necessary to provide insurance services.

HOW WE USE YOUR INFORMATION

The Company will only use personal data for the purposes for which it was collected or as otherwise permitted by applicable laws and regulations. Personal data may be used for, but not limited to, the following purposes:

  • Provide, manage, and service your insurance policies
  • Providing products or services requested by individuals;
  • Process claims
  • Communicating with you regarding your policies and claims products, services, or other business-related matters;
  • Conducting market research, analytics, and improving business operations to Improve our services and products;
  • Managing and administering employee or contractor relationships;
  • Complying with legal or regulatory requirements;
  • Protecting the rights and interests of the Company and its customers, including preventing fraud and ensure security.

SHARING OF INFORMATION

We may share personal data with third parties for legitimate business purposes, including but not limited to, service providers, vendors, contractors, and business partners. Personal data may also be disclosed to comply with legal or regulatory requirements, or in response to lawful requests from public authorities. We will take appropriate measures to ensure that third parties receiving personal data are bound by confidentiality obligations and provide adequate protection to the personal data. We may share your personal information with:

  • Insurance carriers, brokers, and agents
  • Third-party service providers that assist us with processing claims, payments, or other business operations
  • Government agencies, law enforcement, or regulators when required by law
  • Credit reporting agencies (as applicable for underwriting purposes).

We do not sell your personal information to any third parties.

We share your Information with third parties to help us provide a better website experience. For example, we use Google Analytics to help us understand how our visitors use the Site. You can read more about how Google uses your Personal Information here:

https://policies.google.com

You can also opt-out of Google Analytics here:

https://tools.google.com/dlpage/gaoptout

We may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive or to otherwise protect our rights.

BEHAVIORAL ADVERTISING

The Company uses remarketing services to advertise to You after You accessed or visited our Service. We and Our third-party vendors use cookies and non-cookie technologies to help Us recognize Your Device and understand how You use our Service so that We can improve our Service to reflect Your interests and serve You advertisements that are likely to be of more interest to You. These third-party vendors collect, store, use, process and transfer information about Your activity on Our Service in accordance with their Privacy Policies and to enable Us to:

  • Measure and analyze traffic and browsing activity on Our Service
  • Show advertisements for our products and/or services to You on third-party websites or apps
  • Measure and analyze the performance of Our advertising campaigns

Some of these third-party vendors may use non-cookie technologies that may not be impacted by browser settings that block cookies. Your browser may not permit You to block such technologies. You can use the following third-party tools to decline the collection and use of information for the purpose of serving You interest-based advertising:

You may opt-out of all personalized advertising by enabling privacy features on Your mobile device such as Limit Ad Tracking (iOS) and Opt Out of Ads Personalization (Android). See Your mobile device Help system for more information.

We may share information, such as hashed email addresses (if available) or other online identifiers collected on Our Service with these third-party vendors. This allows Our third-party vendors to recognize and deliver You ads across devices and browsers. To read more about the technologies used by these third-party vendors and their cross-device capabilities please refer to the Privacy Policy of each vendor listed below.

As described above, we may use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. You may opt out of targeted advertising by visiting:

Facebook: https://www.facebook.com/ads/preferences/

Google: https://adssettings.google.com/

LinkedIn: https://www.linkedin.com/psettings/advertising

Bing: https://choice.microsoft.com/

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal here: http://optout.aboutads.info/

USAGE, PERFORMANCE AND MISCELLANEOUS

We may use third-party Service Providers to provide better improvement of our Service.

DO NOT TRACK

Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.

Individuals have the right to access, correct, and delete their personal information, as well as the right to object to the processing of their personal information. Individuals may exercise these rights by contacting our organization’s privacy officer at info@crawfordyingling.com. We will respond to all requests in accordance with applicable data protection laws.

If you are a European resident, you have the right to access Personal Information we hold about you and to ask that your Personal Information be corrected, updated or deleted. If you would like to exercise this right, please contact us. Additionally, if you are a European resident we note that we are processing your information to fulfill contracts we might have with you (for example, if you request information through the Site) or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.

RECORD-KEEPING PRACTICES

Personal data will be retained for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws and regulations. When personal data is no longer needed, it will be securely disposed of or anonymized, unless otherwise required by law.

SECURITY OF YOUR INFORMATION

We are committed to maintaining the security and confidentiality of personal data. Appropriate technical, organizational, and administrative measures will be implemented to protect against unauthorized access, loss, or misuse of personal data. Employees, contractors, and third parties who have access to personal data will be trained and required to comply with the Company’s data privacy and security policies.

We take appropriate technical and organizational measures, as well as using industry-standard security measures, including encryption and access controls to protect personal information from unauthorized access, use, disclosure, alteration, or destruction. We limit access to personal information to authorized employees and third-party service providers who need to know the information to perform their duties. We regularly review and update our security measures to ensure they are effective and appropriate. Please be aware that despite our efforts, no data security measures can guarantee security.

We also encourage you to take your own steps to protect your information, such as maintaining secure passwords and safeguarding your personal devices.

SECURITY BREACH NOTIFICATIONS

In the event of a data security breach, the Company will notify affected individuals as required by applicable state and federal laws. Notifications will include information on the nature of the breach, the types of information affected, and steps individuals can take to protect themselves.

THIRD-PARTY LINKS

Our website may contain links to third-party websites for your convenience. These links do not imply endorsement or approval by the Company, and we are not responsible for the privacy practices of these other sites, including their collection of your Personal Information. You should review the terms and conditions and privacy policies of these other sites before providing your information. Use these links at your own risk.

Electronic Communications Disclosure

By providing your contact information, you agree to receive electronic communications from the Company. These communications may include policy updates, billing notices, and marketing materials.

Crawford Yingling Insurance Agency is committed to complying with the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act. This means that all marketing and promotional emails sent from our agency will:

  • Clearly identify the message as an advertisement, if applicable.
  • Include a valid physical postal address of our business.
  • Provide clear and conspicuous instructions on how to opt out of receiving future emails.
  • Honor opt-out requests promptly, ensuring that you are removed from our mailing list within 10 business days.

If you no longer wish to receive marketing emails from us, you can opt out at any time by clicking the “unsubscribe” link included in the email, or by contacting us at info@crawfordyingling.com. Please note that even if you opt out of receiving marketing emails, we may still send you non-promotional messages related to your policies or claims.

USER’S RESPONSIBILITIES

You are responsible for ensuring that the information you provide to us through the website is accurate, complete, and current. You agree not to use this website for any unlawful or prohibited activity, including but not limited to:

  • Engaging in unauthorized access to systems, data, or other users’ information.
  • Introducing viruses, malware, or other harmful code.
  • Attempting to disrupt or interfere with the operation of the website or its associated services.

CONSUMER RIGHTS INFORMATION

You have the right to:

  • Access the personal information we hold about you
  • Request corrections to inaccurate or outdated information
  • Request deletion of your personal data, subject to certain legal or contractual restrictions
  • Opt out of receiving marketing communications at any time.

To exercise these rights, please contact us using the contact details below.

CHILDREN’S INFORMATION

The Company y complies with the Children’s Online Privacy Protection Act (COPPA) and does not knowingly collect, use, or disclose personal information from children under the age of 13. Our website and services are not directed at or intended for children.

If we become aware that we have inadvertently collected personal information from a child under thirteen (13) without parental consent, we will take steps to delete that information from our records as quickly as possible.

If you believe that we might have any information from or about a child under 13, please contact us immediately at:

Crawford Yingling Insurance & Risk Management

58 West Main Street
Westminster, MD 21157

Call: 410-848-7464

Email: info@crawfordyingling.com

POLICY UPDATES

This Data Privacy Policy may be updated from time to time to reflect changes in business operations, legal or regulatory requirements, or industry best practices. The updated Policy will be communicated to employees, contractors, and other relevant parties, and will be made available on the Company’s website or other communication channels.

CONTACT INFORMATION

For any inquiries, questions about our policies or disclosures, or service-related questions, you can reach Crawford Yingling Insurance Agency at: