MDA Insurance & Financial Group (“MDAIFG,” “we,” “us,” or “our”) respects the privacy of our users and all those who submit personal information to MDAIFG through this website or by other means. Accordingly, we have provided this privacy notice (“Notice”) to inform you, the user (“you” or “user”) of how we collect, use, share, store, and protect your personal information. A copy of this Notice can be further found at: https://www.mdaprograms.com/privacy-policy/ . By using or accessing MDAIFG’s website (“Website”) or otherwise submitting your personal information to us through webforms, hard copies, email, fax or any other medium, whether electronic, auditory, visual, or physical, you are representing that you understand the terms of this Notice. If you do not agree to the terms of this Notice, do not continue to use the Website or any of MDAIFG’s services, and do not provide us with your personal information at any time.
Collection of Your Information
When you use the Website or MDAIFG’s services you may choose to provide MDAIFG with certain personal information (“PI”) about yourself. Other PI may be automatically collected by your use of the Website and certain webforms and chatbots therein. Further, we may collect other information about your use of the Website that is not PI. Generally, PI means information about an individual who can be identified from use of that information (or from that information when combined with other information in our possession or likely to come into our possession), including information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Specific types of PI include names, Social Security Numbers, unique identifiers (such as user names), physical addresses, mailing addresses, cookies, geolocation data, phone numbers, and IP addresses. PI does not include aggregated or anonymized data, or data that is otherwise specifically excluded from current data privacy laws.
In the interest of providing transparency to our users, we have provided the following list of the categories of PI that we collect, and some examples of the personal information that would fall into each category. By using the Website, submitting webforms, submitting payment information, submitting emails or faxes, submitting hard copies of documents, or submitting PI through any other medium, whether electronic, auditory, visual, or physical, or providing consent for the use of your PI, you are providing consent for us to collect the following PI.
Except for our collection of your browser data through cookies and pixels when you visit our Website, we only collect PI you voluntarily provide to us, either through your submission of PI (i) through web forms and chat widgets on our Website or any Linked Website (as hereinafter defined), (ii) via email or fax to one of MDAIFG’s employees or agents, (iii) by phone to one of MDAIFG’s employees or agents, (iv) via hardcopy to one of MDAIFG’s, (v) through any means to our third-party marketing vendors, and/or (vi) to Aptify’s database:
- Personal Identifiers – (Name, phone number, email, fax number, date of birth, ADA Number, Social Security Number, education, employment history, medical and health insurance status, medical and health information, and mailing address):
- We may use Personal Identifiers to (i) improve our services and offerings, to inform you about our services or service updates, (ii) conduct recruitment and retention campaigns via phone, email, fax or hardcopy, (iii) provide individualized help and care to our clients, (iv) underwrite insurance applications and prepare insurance quotes, (v) comply with HIPAA and HIPAA HITECH, and other laws, legal processes, or regulations, as well as law enforcement authorities, other government officials or other third parties pursuant to a subpoena, a court order or other legal process, and/or (vi) protect the vital interests of a person, to protect our property, services, and legal rights, and to support our audit, compliance, and governance functions.
- Customer Records – (Name, mailing address, ACH, routing number, and bank account numbers (credit card data is collected by third-party payment processors through a pass-through, third-party link, but is not retained by MDAIFG)):
- We may use Customer Records to (i) process payments for insurance coverage, and other services or offerings (ii) improve our services and offerings, to inform you about our services or service updates, (iii) provide individualized help and care to our clients, (iv) comply with HIPAA and HIPAA HITECH, and other laws, legal processes, or regulations, as well as law enforcement authorities, other government officials or other third parties pursuant to a subpoena, a court order or other legal process, and/or (v) protect the vital interests of a person, to protect our property, services, and legal rights, and to support our audit, compliance, and governance functions.
- Usage Data – (IP address, pixels, unique device identifier cookies, location data, website interactions, and first party cookies which track: advertising conversions, website direction tracking, operating systems used to access website, browser types, and languages):
- We may use Usage Data to (i) provide the services you have requested or authorized and to help us manage the availability and connectivity of the Website, (ii) improve our services and offerings, (iii) inform you about our services or service updates, and to provide individualized help and care to our clients, (iv) analyze your responses to certain web traffic and prompts, (v) build private user profiles and match the PI with publicly available information about you for the purposes of improving this Website and our services, and/or (vi) create targeted marketing based on your use of the Website and our services.
- Geolocation Data – During your use of the Website, we collect your location information through your device’s IP address. We may also gather information about your location using other technologies and forms:
- We may use Geolocation Data to (i) improve our services and offerings, to inform you about location-specific payment services or payment service updates, (ii) provide region-specific targeted advertisements, (iii) provide individualized help and care to our clients, (iv) comply with HIPAA and HIPAA-HITECH, and other laws, legal processes, or regulations, as well as law enforcement authorities, other government officials or other third parties pursuant to a subpoena, a court order or other legal process, (v) analyze our adherence to applicable tax regulations and possible nexus with certain jurisdictions through third-party advisors, and/or (vi) protect the vital interests of a person, to protect our property, services, and legal rights, and to support our audit, compliance, and governance functions.
- Commercial Data – (data relating to your inquiries about services, purchases, service requests):
- We may use Commercial Data to (i) improve our Website, services and offerings, (ii) inform you about our services or service updates, and (iii) provide individualized help, care, and targeted services and advertisements to our clients.
MDAIFG’s Use and Sharing of PI
Other than as specifically outlined above, and excepting the broader use of aggregated data as discussed below, we also generally use the PI we collect in one or more of the following ways:
- Website Administration;
- Marketing and Advertising;
- To improve functionality and our service offerings;
- To coordinate with various government agencies and municipalities, as well as private security;
- To comply with HIPAA and HIPAA-HITECH, as well as any applicable laws or regulations;
- In response to a subpoena, a court order, or other legal process; and/or
- As part of a sale, merger, reorganization, or restructuring.
As a general rule, we may share all of the above listed categories of PI if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our clients, or others. Further, certain aspects and components of our services are performed through contracts with outside persons or organizations, such as marketing, underwriting, accreditation, outcomes data collection, health care services, legal services, etc. At times it may be necessary for us to provide your PI to one or more of these outside persons or organizations who assist us with our operations.
This Notice does not restrict our collection, use, or disclosure of any aggregated information or information that does not identify, or cannot be reasonably linked to, any individual. For example, we may choose to share aggregated data with unaffiliated third parties, in an anonymous form that does not allow the third party to associate the information we shared as being your PI.
To be clear, other than as described herein, we will not collect additional categories of PI or use the PI we collect for materially different, unrelated, or incompatible purposes without providing you notice. Except as described in this Notice, we do not sell, share, distribute, lease, or transfer your PI to any third parties.
In compliance with applicable law and industry standards, we have put in place reasonable physical, electronic, and administrative procedures to safeguard the PI we collect. The PI we directly collect is stored on our cloud-based network, unless stored on third-party servers or third-party cloud-based networks. We take reasonable steps and regularly assess our privacy and security policies and procedures and comply with laws designed to protect the privacy and security of your PI, including (i) encryption during transfer through the Secure Socket Layer (SSL) protocol, and (ii) encryption at rest. We also (i) conduct annual security audits in an effort to further protect PI from breach, loss, or unauthorized access, and (ii) mandate that our employees undergo annual HIPAA training. Unfortunately, transmission of information via electronic or physical means is not completely secure; accordingly, we cannot guarantee the security of any such information. Any transmission of PI or data is entirely at your own risk.
Retention of Information
We will retain your PI only for as long as is necessary for the purposes set forth herein, which shall be at least as long, but in no way limited to, the time that you use the Website or our services. If you would like us to delete your data before our internally designated purge date, you may request that we do so. However, we may retain and use your PI to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Do Not Track Signals and Requests
“Do not track” signals and requests are sent from your browser to websites you visit indicating you do not want to be tracked or monitored. In most circumstances you need to affirmatively elect to turn on the “do not track” signals or requests. Websites are not required to accept these signals or requests, and many do not. At this time, neither our Website nor the widgets existing therein honor “do not track” signals or requests.
You are responsible for any third-party PI obtained, published, or shared through this Website or MDAIFG by your actions, and you represent, warrant, and covenant that you have adequately obtained and complied with said third party’s consent in providing their PI to us.
We provide links to other websites, landing pages, widgets, plug-ins or applications for informational purposes, including but not limited to: Sharpspring, American Dental Association, Marketing General Incorporated, Web Ascender, Google Analytics, Google Tag Manager, Facebook Pixels, Google Adsense, and Cloudflare for your convenience, or to offer additional services such as payment processing (collectively “Linked Websites”). Linked Websites are independent from our Website and are not governed by this Notice. We do not review, maintain, endorse, or control the Linked Websites or the information, software, products, or services available on the Linked Websites. We also have no control over the Linked Websites’ privacy policies or posted privacy notices. Access or use of any of the Linked Websites is entirely at your own risk. If you have any questions about a Linked Website’s privacy policies or notices, you should contact them directly.
International Transfers and Processing of PI
We store information received through or by our Website in our cloud server hosted in the United States. If you are providing the information from another country, you understand that the information will be transferred, stored and used in the United States. Your consent to this Notice followed by your use of the Website or MDAIFG’s services represents your agreement to that transfer.
Protection for Children (Minors)
We have no intention of collecting PI from minors (children under the age of 18). If we become aware that PI from a minor under 18 has been collected without the consent of the parent or guardian of such minor, we will use all reasonable efforts to delete such information.
Changes to the Notice
We reserve the right, at our sole discretion, to amend this Notice at any time. If at any time in the future we plan to use PI in a way that differs from what is described in this Notice or choose to amend this Notice, we will post those changes on the Website. Your continued use of the Website or MDAIFG’s services following the posting of any changes to this Notice constitutes affirmative acceptance of those changes.