Privacy Policy
Last updated: October 24, 2024
Introduction
This privacy policy (“Privacy Policy”) describes the types of information Newfront Insurance Services (“Newfront” or “we”) may collect from you or that you may provide when you visit www.newfront.com and all pages within that domain (our "Website”) or other Newfront-managed webpages where this Privacy Policy is posted; information we receive from your employer, our client (“Client”) on your behalf as part of our provision of services to that Client; and information we collect from you or receive on your behalf from the Client in connection with our mobile application, Navigator™ platform, BenefitsU™ sites, Benji™, or other applications (collectively, the “Services”). This Privacy Policy details our practices for collecting, using, maintaining, protecting, and disclosing that information. For the purpose of this Privacy Policy, “Personal Information” means information that identifies or can identify you personally.
This Privacy Policy does not apply to the websites of our affiliates or to the practices of our clients or third parties, who maintain their own respective privacy policies.
Please read this Privacy Policy carefully to understand our practices regarding your Personal Information. By accessing or using the Services, you are giving Newfront your consent to collect, use, and disclose your information as described in this Privacy Policy. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check the Privacy Policy periodically for updates.
How Do We Collect Your Personal Information?
Personal Information Voluntarily Provided Directly by You via Our Website or Mobile Application:
In the course of using this Website, you may choose to provide us with information to help us meet your needs. For example, you may enter your information on our “Contact” page with your name, e-mail address, telephone number, street address, and/or any other information you voluntarily enter in order to request information. You may also provide your Personal Information to us in the course of completing a survey, or registering for an event, or otherwise communicating with Newfront, including at in-person events.
Personal Information Provided by Your Employer:
In order to provide Services to our Clients and to you as an employee of our Clients, we may collect Personal Information directly from your employer or indirectly from insurance carriers at your employer’s direction. For example, to create an account within our mobile application, your employer will provide your name and email address. Eligibility information such as name, date of birth, social security number, title, and compensation are provided to Newfront by your employer to secure benefits and display benefits-related information to you in BenefitsU™ or our mobile application. If you have questions about the Personal Information provided by your employer, you should contact your employer. If we do not receive your Personal Information, it may delay or prevent us from providing the Services to you.
Personal Information Collected Through Automated Means via Our Website:
As you navigate through and interact with our Website, we and our third party vendors such as Google Analytics may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including details of your visits to our Website, including the resources that you access and use on the Website as well as other communication data.
The data collection technologies we use include cookies, tracking code, and web beacons. Cookies are small pieces of text that a website places on your computer to help remember information about your visit. Tracking code, such as Google Analytics tracking code, is used to send traffic-related data related to Website visitors to Google Analytics. Web beacons are tiny graphics with a unique identifier that are embedded invisibly on the web pages.
We use information collected from these technologies to improve your experience and the overall quality of our services. We may also use these technologies to in conjunction with third parties (such as online search engines) to help advertise our products and services, to analyze the effectiveness of our marketing or the performance of this Website, and to determine whether you may be interested in other products or services.
These technologies do not read data off your computer's hard drive or your device You can refuse to accept and delete cookies by adjusting your browser settings. You can also opt-out of our use of certain cookies by adjusting your . To learn more, please refer to our Cookies notice.
Personal Information Collected Through Our Applications:
In connection with your use of our mobile and desktop applications, Newfront may collect Personal Information directly from you for authentication purposes for account creation, such as name, email address, and password. We may also collect information from you directly when you interact with the applications or use any chat features embedded in our applications. We may also automatically collect Personal Information about the hardware and operating system you use to access the application, in addition to the IP address, network information, and details about your interactions with the applications. Note that any information provided by your employer that is presented or used to provide mobile or desktop applications is considered “Personal Information Provided by Your Employer,” as described above.
How Do We Use the Personal Information We Collect?
We use the Personal Information we collect for one or more of the following business purposes:
To fulfill or meet the reason for which the information is provided. For example, if your employer provided your name to receive medical benefits, we will use that information as part of a submission to an insurance carrier.
To provide you with information, products or Services that you or your employer request from us.
To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you or to host corporate events on behalf of Newfront.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To improve our Website and present its contents to you, including to gather your feedback or survey responses.
For testing, research, analysis and product development.
As necessary or appropriate to protect the rights, property or safety of us, our Clients or others.
To maintain network security and performance and protect against cyber incidents.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations
As otherwise described to you at the point of collection or pursuant to your consent.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us is among the assets transferred.
Newfront is a technology and data-driven company, and we use data to develop innovative products and deliver cutting-edge services. Newfront takes steps designed to ensure that your data is protected through the use of aggregated or otherwise de-identified data. Newfront will retains Personal Information in accordance with our data retention policies, legal, and regulatory obligations.
Personal Information We Collect
The categories of Personal Information we collect, the business purposes (from the list above) for which the information may be used and the categories of third parties to whom we have disclosed information to include:
Category | Examples | Business Purpose(s) | Categories of Third-Party Recipients |
Identifiers | A real name, alias, postal address, unique personal identifier, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11 | Client companies Insurance and financial services providers Marketing service providers Platform- or Infrastructure-as-a-Service and other Providers |
Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories. | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11 | Client companies Insurance and financial services providers Marketing service providers Platform- or Infrastructure-as-a-Service and other Providers |
Protected classification characteristics under California or federal law | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | 1, 2, 9 | Client companies Insurance and financial services providers Platform- or Infrastructure-as-a-Service and other Providers |
Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | 1, 2, 3, 4, 5, 6 | Client companies Insurance and financial services providers Marketing service providers Platform- or Infrastructure-as-a-Service and other Providers |
Biometric information | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | Not collected | None |
Internet or other similar network activity | Browsing history, search history, online identifier, Internet Protocol address, information on a consumer's interaction with a website, application, or advertisement. | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11 | Client companies Insurance and financial services providers Marketing service providers Platform- or Infrastructure-as-a-Service and other Providers |
Geolocation data | Physical location or movements. | Not collected | None |
Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | Not collected | None |
Professional or employment-related information | Current or past job history or performance evaluations. | 1, 2 | Client companies Insurance and financial services providers Platform- or Infrastructure-as-a-Service and other Providers |
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. Examples: Education level, school attended. | Not collected | None |
Inferences drawn from other Personal Information | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | 1, 2, 3 | Client companies Insurance and financial services providers Marketing service providers Platform- or Infrastructure-as-a-Service and other Providers |
Changes to Our Privacy Notice
We reserve the right to amend this Privacy Policy at our discretion and at any time. When we make changes to this Privacy Policy, we will post the updated notice on the Website and update the notice's effective date. Your continued use of the Services following the posting of changes constitutes your acceptance of such changes.
Applicability of This Privacy Policy to International Users
This Privacy Policy is crafted and provided in accordance with and subject to U.S. law. If you access the Services from a location outside of the United States, you agree that your use of the Services is subject to the terms of this Privacy Policy. You also agree and accept that your Personal Information will be transferred to and processed in the U.S. in accordance with U.S. law, and not the specific laws of the country where you reside.
Privacy Policy for California Residents
This Privacy Policy for California Residents supplements the information contained in our Privacy Policy and applies to all visitors, users, and others who reside in the State of California ("consumers" or "you").
In particular, our Website has collected the following categories of Personal Information from consumers within the last twelve (12) months:
Categories of information collected from you:
For details about the categories of your Personal Information we collect, the business purposes for such collection, and the categories of third parties who may access that information, click here.
What Are Sources of Personal Information?
We may receive Personal Information from you from you, your employer (our Client), or from the following sources:
From you, through direct interactions, including forms.
Internet websites, through passive collection of information about your interactions, including page clicks, time spent, or other automatically collected metadata.
Internet cookies. For more information, see our Cookies Notice.
Advertising networks.
Internet service providers.
Data analytics providers.
Operating systems and platforms.
Search terms.
Data brokers or resellers.
Social media services, like Instagram or Facebook.
Government databases.
How Do We Use the Personal Information We Collect and With Whom Do We Share It?
Click here for an explanation of how we use Personal Information.
Click here for an explanation of who may have access to your Personal Information.
Your Rights as a California Resident
Under California law, some California residents have specific rights regarding their Personal Information, described below. When required and for any information provided directly to us by you, we will respond to most requests within 45 days, unless it is reasonably necessary for us to extend our response time. However, for any Personal Information provided to us by our Client on your behalf, or at the Client’s direction on your behalf, you will need to direct your request to your employer.
Right to Know and Data Portability
You have the right to request that We disclose to you any of the information below, provided that you submit a valid and verifiable request:
The categories of Personal Information we have collected about you in the last 12 months (also called a data portability request).
The categories of sources for the Personal Information we have collected about you in the last 12 months.
Our business or commercial purpose for collecting that Personal Information.
The categories of third parties with whom we share that Personal Information.
The specific pieces of Personal Information we collected about you.
If we sold your Personal Information for a business purpose, a list of the Personal Information types that each category of recipient purchased.
If we disclosed your Personal Information to a third party for a business purpose, a list of the Personal Information types that each category of recipient received.
Right to Delete Personal Information
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. If you submit a valid and verifiable request and we can confirm your identity and/or authority to make the request, we will determine if retaining the information is necessary for us or our service providers to:
Complete a transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent;
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
Comply with a legal obligation; and/or
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
If none of the above retention conditions apply, we will delete your Personal Information from our records to the extent we are able in accordance with our legal and regulatory compliance obligations and direct any applicable service providers to do the same.
Right to Correct
If you believe any Personal Information collected by this Website is inaccurate, you have the right to submit a verifiable request that the Company correct the information.
Right to Limit Use
As a California resident, you also have the right to restrict sensitive Personal Information use and disclosure for the same. We do not collect “protected classification characteristics” of Personal Information as defined under California law using this Website.
How to Exercise These Rights
To exercise your rights described above, please submit a verifiable consumer request to us as follows:
Email: privacy@newfront.com
A “verifiable consumer request” means a request that provides sufficient information to enable us to reasonably verify you and fulfill your request. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Examples of information necessary include:
Confirmation of certain pieces of information about you, such as phone number and address;
Proof of identity;
Detail to allow us to understand, evaluate, and respond to your request.
Only you or a person legally authorized to act on your behalf may make a verifiable consumer request related to your Personal Information. You may make a verifiable consumer request for access or deletion no more than twice within a 12-month period. You will not be required to create an account with us in order to submit a verifiable request, though we may communicate with you about your request via a pre-established account if applicable.
Do Not Sell My Personal Information
Although we do not sell your Personal Information, you have the right to opt-out of sharing Personal Information for cross-context behavioral advertising purposes, also known as “targeted advertising.” Personal Information related to targeted advertising is generally collected through the use of third party cookies. To opt-out of sharing your personal information for cross-context behavioral advertising purposes, you can adjust your Website . For more information about cookies, see our Cookies notice.
Non-Discrimination
We will not discriminate against you for exercising any of your rights under California law. Unless permitted by law, we will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Notice at Collection
By completing a “Schedule a Consultation” request form, you acknowledge that Newfront is collecting your Personal Information to support its business operations, including to contact you at your request. We will not share or sell this contact information and will retain such information in accordance with our data retention policies and regulatory obligations.
Privacy Policy for EU Citizens
This Privacy Policy for European Union citizens supplements the information contained in our Privacy Policy and applies solely to all visitors, users, and others who are citizens of the EU, regardless of physical location ("consumers" or "you").
How Do We Use the Personal Information We Collect and With Whom Do We Share It?
Click here for an explanation of how we use Personal Information.
Click here for an explanation of who may have access to your Personal Information.
In addition to the partners listed above, we may transfer certain Personal Information across geographical borders to Newfront partners through the Worldwide Broker Network (WBN), authorized service providers or business partners in other countries working on our behalf in accordance with applicable law. Our affiliates and third parties may be based locally, or they may be overseas some of which have not been determined by the European Commission to have an adequate level of data protection.
When we do, we use a variety of legal mechanisms to help ensure your rights and protections travel with your data:
We seek to cover applicable data transfers with agreements based on the EU Commission’s standard contractual clauses, which contractually oblige each member to ensure that Personal Information receives an adequate and consistent level of protection wherever it resides within Newfront;
where we transfer your Personal Information outside Newfront or to third parties who help provide our products and services, we seek to obtain contractual commitments from them to protect your Personal Information. Some of these assurances are well recognized certification schemes like the EU – US Privacy Shield for the protection of Personal Information transferred from within the EU to the United States, or the standard contractual clauses; or
where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any Personal Information are disclosed.
If you would like further information about whether your information will be disclosed to overseas recipients, please contact us as noted below. You also have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments, which may be redacted for reasons of commercial confidentiality) to ensure the adequate protection of your Personal Information when this is transferred as mentioned above.
Your Rights Under GDPR
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your Personal Information.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the Personal Information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to Access: You have right to access Personal Information which Newfront holds about you. If you have created a profile, you can access that information by visiting Newfront Connect.
Right to Rectification: You have a right to request us to correct your Personal Information where it is inaccurate or out of date.
Right to be Forgotten (Right to Erasure): You have the right under certain circumstances to have your Personal Information erased. Your information can only be erased if your data is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the data.
Right to Restrict Processing: You have the right to restrict the processing of your Personal Information, but only where:
its accuracy is contested, to allow us to verify its accuracy; or
the processing is unlawful, but you do not want it erased; or
it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
you have exercised the right to object, and verification of overriding grounds is pending.
Right to Data Portability: You have the right to data portability, which requires us to provide Personal Information to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on (i) consent; or (ii) the performance of a contract to which you are a party.
Right to Object to Processing: You have the right to object the processing of your Personal Information at any time, but only where that processing has our legitimate interests as its legal basis. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to Decline Automated Decision Making: You have the right to not be subject to decisions based solely on automated decision making, which produce legal or significant effects for you, except where these are (i) necessary for a contract to which you are a party; (ii) authorized by law; (iii) based on your explicit consent.
Even where such decisions are permitted, you can contest the decision and require Newfront to exercise human intervention.
We currently do not use automated decision making (including automated decision making using profiling) when processing your Personal Information. If we ever use an automated decision-making solution, you have a right to request that a decision based off your Personal Information cannot be solely decided via an automated process.
Contact Us
To exercise your rights described above, please contact us:
Email: privacy@newfront.com
