We collect information that identifies, describes, or is reasonably capable of being associated with you (“Personal Information”). Personal Information does not include publicly available information, such as information lawfully made available from government records, information we have a reasonable basis to believe is lawfully made available to the general public by you or by widely distributed media, or by a person to whom you have disclosed the information and not restricted it to a specific audience, or deidentified or aggregated information. As described below, we collect Personal Information directly from you, automatically through your use of the Sites and Services, and from third-party sources. To the extent permitted by applicable law, we may combine the information we collect from publicly available or third-party sources. The Personal Information we collect varies based on your relationship with us.   Personal Information We Collect Directly From You In order to access certain Services, we may collect Personal Information directly from you, including throughout the quoting, application, or claims handling processes. The Personal Information you provide directly to us may include:

• Identifiers and Contact Information. We may collect personal identifiers and contact information such as your name, address, email address, phone number.
• Government-Issued Identifiers. We also may collect information such as your driver’s license number, social security number, or other government-issued identifiers.
• Account Details. If you register an account with us, we collect information such as your email, phone number, or user ID, and password used to login to your account.
• Policy or Claims Information. This includes policy information, claim information, including materials you submit as part of your claim, information provided for roadside assistance services, or other information you choose to provide us.
• Payment Information. If you pay a bill, we may collect information necessary to process your payment such as bank account information, billing address, and any other related information.
• Commercial Information. We may also collect information about the products, services, or coverage you purchase.
• Message Contents. If you contact our customer service team, including through our online web forms, we may collect your messages, emails, or any other information you so choose to provide.
• Audio or Similar Information. If you speak with our customer service team by phone, we may collect a recording for quality assurance and training purposes.
• Preferences. We may also collect information about the types of Services you use, your communications preferences, wish lists and other preferences you may select in your account or profile.
• Other Information. We also collect information when you complete online forms, surveys, or leave us product reviews. We also collect any other information you so choose to provide.

Personal Information We Collect Automatically As described below in the “Cookies and Other Tracking Mechanisms” section, when you visit our Sites or use our Services, we may automatically collect certain Personal Information, including:

• Device Identifiers. We automatically collect IP address, unique device ID, device type, browser type, location information, and information about your browser and browser language.
• Network Activity. We may also collect information related to how you interact with the Services and advertisements, such as page views, links and items clicked and other activity information, referring URL, browsing history, and other similar information. We may use analytics providers and technologies, including cookies and similar tools, to collect this information.
• Geolocation. We may also collect geolocation information, such as physical location or movements. Additionally, depending on your device settings, if you visit our Sites or use our mobile applications, we may collect geolocation information from your IP address which links to the region you live in.

Personal Information We Collect from Other Sources We may collect information about you through our affiliates, business partners, and vendors, including from administrators, adjusters, agents, brokers, or other representatives who provide services or products on our behalf. For example, we may collect information about your policies, including coverage or claim information, through these sources. We may also receive information from consumer reporting agencies, including motor vehicle reports or information about your credit or creditworthiness, and from other, publicly available sources.

When permitted by applicable law, including in cases that require your consent, we may disclose your Personal Information to our affiliates, business partners, vendors and services providers, and others as follows:

• Affiliates, Subsidiaries, and Business Partners. We may disclose the Personal Information we collect with our affiliates, subsidiaries, and agents and brokers. Chubb also partners with other businesses to offer products and services, and we may disclose your Personal Information to those organizations, including those that play a role in insurance transactions such as independent claims adjusters, repair shops, and other claims related companies. If required by law, we will obtain consent prior to disclosing Personal Information.
• Vendors and Service Providers. We may disclose the Personal Information we collect with vendors and service providers who perform functions on our behalf, such as helping complete transactions and process payments, handling claims, servicing your policy or membership, and engaging in credit reporting. We may also disclose your information to vendors and service providers who provide website hosting and analytics, marketing and advertising, email or other communication services, development and research or actuarial studies, customer support, and tax, accounting, and legal services.
• Marketing and Advertising Partners. We may also disclose your Personal Information, such as name and contact information, with our marketing and advertising partners to send you content about certain products and Services.

We also may disclose your Personal Information in the following circumstances:

• Business Transfers. As we continue to develop our business, we may buy, merge, or partner with other companies. We may disclose Personal Information as part of those commercial transactions (e.g., mergers, acquisitions, financings, asset sales or transfers, bankruptcy or reorganization or other similar business transactions), as well as in contemplation of such transactions (e.g., due diligence). Where possible we will do so under appropriate confidentiality agreements. Similarly, if all or part of our business, assets, or Sites are merged with or sold to another company, or as part of a bankruptcy proceeding, your Personal Information may be transferred to the surviving or acquiring company.
• In Response to Legal Process. Personal Information may be disclosed to third parties, as required by law or subpoena, or if we reasonably believe such action is necessary to comply with the law and the reasonable requests of regulators, law enforcement or other public authorities. We also may disclose the information we collect in order to comply with a judicial proceeding, court order, or other legal process, including responding to national security or law enforcement disclosure requirements.
• To Prevent Fraud and Protect Us and Others. We also may disclose the Personal Information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of this Policy or our Terms of Use, or as evidence in litigation in which we are involved. We may also disclose Personal Information to protect our rights and the rights of others. This may include exchanging information with other companies and organizations for fraud prevention, spam/malware mitigation, and similar purposes.
• Aggregate and De-Identified Information. We may disclose aggregate or de-identified information about users with third parties for marketing, advertising, research or other purposes.
• With Your Permission. We may disclose Personal Information in other ways not described above. If we do so, we will notify you and, if necessary, obtain your consent.

We and our third-party service providers use cookies, pixels, tags, and other similar tracking mechanisms to automatically collect information about browsing activity, type of device and similar information within our Services and to target advertising and content across our Services and third-party sites and services. We use this information to, for example, analyze and understand how users access, use and interact with others through our Services, as well to identify and resolve bugs and errors in our Services and to assess, secure, protect, optimize and improve the performance of our Services. Cookies. “Cookies” are alphanumeric identifiers we transfer to your device’s hard drive through your web browser for tracking purposes. Some cookies allow us to make it easier for you to navigate our Services, while others are used to enable a faster log-in process, support the security and performance of the Services, or allow us to track activity and usage data within our Service. Clear GIFs, Pixel Tags, and Other Technologies. In addition to cookies, we may also use pixel tags (sometimes called web beacons or “clear GIFs”) to collect information about you and your use of our Services. While cookies are stored locally on your device, pixel tags are embedded invisibly within web pages and online content. We may use these, in connection with our Services to, among other things, track the activities of users, help us manage content and compile usage statistics. We may also use these in HTML e-mails we send, to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded. Third-Party Analytics and Tools. We use third party tools, such as Google Analytics, which are operated by third party companies. These third-party analytics companies may collect usage data (using cookies, pixels and similar tools) about our Services in order to provide us with reports and metrics that help us evaluate usage of our Services, improve our Sites, and enhance performance and user experiences. To learn more about Google’s privacy practices, please review the Google Privacy Policy at https://www.google.com/policies/privacy/partners/. You can also download the Google Analytics Opt-out Browser Add-on to prevent your data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout. Cross-Device Tracking. We and our third-party providers may use the information that we collect about you within our Services and on other third-party sites and services to help us and these third parties to identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.). Targeted Advertising. We work with third parties, such as ad networks, channel partners, mobile ad networks, analytics and measurement services and others to personalize content and display advertising within our Services. We may share certain information with these organizations, and we and them may use cookies, pixels tags, and other tools to collect usage and browsing information within our Services such as IP address, location information, device ID, cookie and advertising IDs, and other identifiers, as well as browsing information. We and these organizations use this information to provide you more relevant ads and content within our Services, and to evaluate the success of such ads and content. Do Not Track. We do not currently respond to web browser “Do Not Track” signals.

Our Services are not designed for children, and we do not knowingly collect Personal Information from children under the age of thirteen (13). If we learn that we have received information directly from a child who is under the age of 13, we will delete such information from our systems. If you are a parent or legal guardian and you believe we have collected your child’s information in violation of applicable law, please contact us using the contact information below.

We may offer blogs, online forums or other interactive features in connection with our Services that enable you to share information about the Services or other issues of interest. You should be aware that any communications you submit or post to any such interactive features on the Services may be viewable by other participants or users. By submitting or posting to such interactive features you acknowledge and agree that you have no expectation of privacy or confidentiality in the content you submit for such features, whether or not it contains Personal Information about you.

This Policy is current as of the Effective Date set forth above. We may change this Policy at any time and from time to time. Any amendments or modifications to this Policy will become effective immediately upon posting. We will let you know of amendments or modifications by appropriate means such as by posting the revised statement on this page with a new “Last Updated” date. Your continued use of any of our Services following the posting of a revised version of this Policy will constitute your acceptance of the revised Policy. If you do not agree with the revised Policy, do not use any of our Services.

By using the Services or by consenting using a consent mechanism where provided you signify your consent to this Policy and this site’s Terms of Use. If you do not agree to this Policy or the site’s Terms of Use, please do not use the Services. The Services are not for use within any country or jurisdiction or by any persons where such use would constitute a violation of law. If this applies to you, you are not authorized to access or use any of the Services.

The following identifies the categories of Personal Information we may collect about you (and may have collected in the prior 12 months). Note that our collection, use and disclosure of Personal Information about you will vary depending upon the circumstances and nature of our interactions or relationship with you. Depending on how you use our Services, we may collect the following categories of Personal Information:

• Identifiers, such as real name, alias, job title, address, email address, date of birth, policy number, salary information, social security number, driver’s license number, other government identifiers, credit card number, and tax ID.
• Online Identifiers, such as unique personal identifiers, device IDs, ad IDs, IP addresses, and cookie data.
• Customer or Claimant Records, such as paper or electronic customer or claimant records containing Personal Information, as well as information provided by an insurance broker/agent or reinsurer for underwriting purposes and information included in a list of claims, such as name, signature, physical characteristics or description, address, telephone number, education, current employment, employment history, social security number, passport number, driver’s license or state identification card number, insurance policy number, bank account number, payment card number, gender, height, weight, medical information (including reports and medical bills), health insurance information, details about home address, security and travel plan arrangements, records of personal property, products or services purchased or obtained.
• Financial Information, such as your bank account or credit card number and other payment details.
• Characteristics of Protected Classifications under California Law, such as age (40 years or older), race, national ancestry, national origin, citizenship, religion or creed, marital status, pregnancy, medical condition, physical or mental disability, sex, sexual orientation, and veteran or military status.
• Usage Data, such as Internet or other electronic network activity information regarding a California resident’s interaction with portals, Internet websites, applications, or advertisements, including, but not limited to, browsing history, clickstream data, search history and content of public posts.
• Biometric Information, such as individual biological or behavioral characteristics including measurements of physical characteristics such as height, weight and blood pressure, sleep, health, or exercise data that contain identifying information.
• Education Information, such as education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes and student disciplinary records.
• Geolocation Data, such as physical location or movements.
• Audio, Video and Other Electronic Data, such as audio information including call recordings, video and photographs, recorded meetings and webinars, and CCTV footage to secure our offices and premises.
• Professional or Employment-Related Information, such as employment history, qualifications, licensing, and disciplinary record.
• Inferences and Preferences, such as inferences drawn from any of the information described in this section about a consumer including inferences reflecting the consumer’s preferences, characteristics, behavior and abilities.
• Sensitive Personal Information, such as social security number, driver’s license number, racial or ethnic origin, religious or philosophical beliefs, medical condition, and physical or mental disability.

Sources of Personal Information We generally collect Personal Information from the following categories of sources:

• Directly from you and automatically;
• Our affiliates and subsidiaries;
• Brokers and agents;
• Corporate policyholders; and
• Our vendors and service providers (e.g., third party administrators).

Purposes for Collecting and Disclosing Personal Information As described in the “How We Use Personal Information” section above, in general, we collect and otherwise process the personal information we collect for the following business or commercial purposes:

• Operate our business;
• Provide you products and services;
• Communicate with you;
• Evaluate and improve our products and services;
• Analytics models to support our business;
• Marketing and advertising;
• Inferences;
• Find locations on request;
• Fraud and security purposes;
• Legal requirements;
• Business transfers; and
• Other operational and business purposes.

Sensitive Personal Information Notwithstanding the purposes described above, we do not collect, use, or disclose “sensitive personal information” beyond the purposes authorized by the CCPA. Accordingly, we only use and disclose sensitive personal information as reasonably necessary and proportionate: (i) to perform our services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our services; (v) for compliance with our legal obligations; (vi) to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.   Retention of Personal Information We retain the Personal Information we collect only as reasonably necessary for the purposes described in this Privacy Policy or otherwise disclosed to you at the time of collection. For example, we will retain certain identifiers for as long as it is necessary to comply with our tax, accounting and recordkeeping obligations, to administer certain policies and coverage, and for research, development and safety purposes, as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, and to comply with our legal obligations. From time to time, we may also deidentify your Personal Information, retain it and use it for a business purpose in compliance with CCPA.   Disclosure of Personal Information to Third Parties and Other Recipients The categories of Personal Information we have disclosed for a business purpose in the preceding twelve (12) months include: identifiers, online identifiers, customer records, financial information, characteristics of protected classifications, usage data, biometric information, education information, geolocation data, audio, video, and other electronic data, professional or employment-related information, inferences, and sensitive personal information. The categories of third parties and other recipients to whom we may disclose personal information for a business purpose may include:

• Affiliates, subsidiaries, and business partners;
• Vendors and service providers;
• Acquirers of business assets;
• Advisors, auditors, consultants, and representatives;
• Agents and brokers;
• Reinsurers;
• Regulators, government entities, and law enforcement;
• Operating systems and platforms; and
• Others as required by law.

Additionally, the CCPA defines “sale” as disclosing or making available personal information to a third-party in exchange for monetary or other valuable consideration, and “sharing” includes disclosing or making available personal information to a third-party for purposes of cross-contextual behavioral advertising. While we do not “sell” Personal Information, we may “share” the following categories of Personal Information: online identifiers, and usage data. We disclose this information to third-party advertising networks, analytics providers, and social networks for purposes of marketing and advertising. We do not sell or share “sensitive personal information,” nor do we sell or share any Personal Information about individuals who we know are under sixteen (16) years old.   Rights Regarding Your Personal Information The CCPA provides California residents with specific rights regarding Personal Information. This section describes your rights under the CCPA and explains how to exercise those rights. Subject to certain exceptions, California consumers have the right to make the following requests: Right to Know. With respect to the Personal Information we have collected about you in the prior (twelve) 12 months, you have the right to request from us (up to twice per year and subject to certain exemptions and carveouts):

• The categories of Personal Information we collected about you;
• The sources from which we have collected that Personal Information;
• Our business or commercial purpose for collecting, selling, or sharing that Personal Information;
• The categories of third parties to whom we have disclosed that Personal Information; and
• A copy of the specific pieces of your Personal Information we have collected.

Right to Correct. Subject to certain restrictions, you have the right to request that we correct inaccuracies in your Personal Information. Right to Delete. Subject to certain conditions and exceptions, you have the right to request deletion of your Personal Information that we have collected about you. Right to Opt-Out. You have the right to opt-out of “sales” and “sharing” of your Personal Information, as those terms are defined under the CCPA. While we do not “sell” Personal Information, our use of certain third-party analytics and advertising cookies may constitute “sharing” under the CCPA. To exercise your right to opt-out of the “sharing” of your Personal Information, please use the Do Not Sell or Share My Personal Information link at the bottom of our Site. You also have the right to opt-out of “sales” and “sharing” of your Personal Information through the use of an opt-out preference signal. If our Site detects that your browser or device is transmitting an opt-out preference signal, such as the “global privacy control”—or GPC— signal, we will opt that browser or device out of cookies on our Site that result in a “sale” or “sharing” of your Personal Information. If you come to our Site from a different device or from a different browser on the same device, you will need to opt-out, or use an opt-out preference signal, for that browser and/or device as well. Right to Limit Use and Disclosure of Sensitive Personal Information. We do not engage in uses or disclosures of Personal Information that would trigger the right to limit use of sensitive personal information under the CCPA. Right to Non-Discrimination. We will not discriminate against you for exercising any of the rights described in this section.   Exercising Your Rights If you are a California resident and would like to exercise your CCPA rights, you may do so via any of the methods described below:

• Accessing our Data Subject Request web page; or
• Calling us at 1-833-324-9798

Authorized Agent. You may designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us, and we may also require that you directly verify your identity and the authority of your authorized agent. Businesses operating as an authorized agent on behalf of a California resident must provide both of the following: (1) Certificate of good standing with its state of organization; and (2) A written authorization document, signed by the California resident, containing the California resident’s name, address, telephone number, and valid email address, and expressly authorizing the business to act on behalf of the California resident. Individuals operating as an authorized agent on behalf of a California resident must provide a written authorization document, signed by the California resident, containing the California resident’s name, address, telephone number, and valid email address, and expressly authorizing the individual to act on behalf of the California resident. We reserve the right to reject (1) authorized agents who have not fulfilled the above requirements, or (2) automated CCPA requests where we have reason to believe the security of the requestor’s personal information may be at risk. Verification. Before responding to your request, we must first verify your identity using the Personal Information you recently provided to us. The information we need in order to verify your identity differs depending on the request made and our relationship with you and might include (as applicable) your name, the email address you regularly use to interact with us, your phone number, your date of birth, and, if available, your policy number. We will take steps to verify your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information to verify your identity, or where necessary to process your request. In some cases, we may also carry out checks, including with third party identity verification services, to verify your identity before taking any action with your Personal Information. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.   Contact Us If you have any questions or comments about this section of the Privacy Policy, the ways in which we collect and use your Personal Information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at: Chubb Group Attention: Privacy Inquiries 202 Hall’s Mill Road, P.O. Box 1600 Whitehouse Station, NJ 08889-1600 Telephone: 1-833-324-9798 E-mail: NAPrivacyOffice@chubb.com