VetMutual

PRIVACY & SECURITY POLICY

GENERAL PROVISIONS

This Privacy & Security Policy ("Policy") is established pursuant to applicable federal and state laws and regulations governing data protection and privacy. ValorMutual Insurance Company and its subsidiaries and affiliates (collectively, "ValorMutual," "we," "us," or "our") have implemented this Policy effective as of the date specified herein. This Policy supersedes all previous iterations and shall remain in force until expressly amended, modified, or terminated by ValorMutual.

DEFINITIONS

For purposes of this Policy, the following terms shall have the meanings ascribed to them herein:

  • Personal Data: Any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Processing: Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Data Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
  • Data Processor: A natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller.

INFORMATION COLLECTION AND CATEGORIZATION

ValorMutual, in its capacity as a Data Controller, may collect, process, and maintain the following categories of Personal Data, including but not limited to:

  1. Personal Identifiers: Legal name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
  2. Protected Classification Characteristics: Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
  3. Commercial Information: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  4. Biometric Information: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
  5. Internet or Other Similar Network Activity: Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
  6. Geolocation Data: Physical location or movements.
  7. Sensory Data: Audio, electronic, visual, thermal, olfactory, or similar information.
  8. Professional or Employment-Related Information: Current or past job history or performance evaluations.
  9. Non-public Education Information: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
  10. Inferences Drawn from Other Personal Information: Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

LAWFUL BASIS FOR PROCESSING

ValorMutual processes Personal Data pursuant to one or more of the following legal bases:

  1. Contractual Necessity: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  2. Legal Obligation: Processing is necessary for compliance with a legal obligation to which ValorMutual is subject.
  3. Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by ValorMutual or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of Personal Data.
  4. Consent: The data subject has given consent to the processing of his or her Personal Data for one or more specific purposes.

DATA UTILIZATION PROTOCOLS

ValorMutual may utilize the collected Personal Data for the following business purposes:

  1. Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance.
  2. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  3. Debugging to identify and repair errors that impair existing intended functionality.
  4. Short-term, transient use, provided that the Personal Data is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer's experience outside the current interaction.
  5. Performing services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.
  6. Undertaking internal research for technological development and demonstration.
  7. Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by ValorMutual, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by ValorMutual.

DATA SECURITY ARCHITECTURE

ValorMutual implements and maintains reasonable security procedures and practices appropriate to the nature of the information to protect Personal Data from unauthorized access, destruction, use, modification, or disclosure. Such measures include, but are not limited to:

  1. Administrative Safeguards:
    • Designation of a Data Protection Officer
    • Development and implementation of formal security policies and procedures
    • Regular security and privacy training for all personnel
    • Implementation of access control procedures
    • Regular risk assessments and compliance audits
  2. Technical Safeguards:
    • Implementation of industry-standard encryption for data in transit and at rest
    • Multi-factor authentication for system access
    • Intrusion detection and prevention systems
    • Regular security patching and updates
    • Network segmentation and firewall protection
    • Advanced threat protection mechanisms
    • Secure development lifecycle processes
  3. Physical Safeguards:
    • Access control to facilities
    • Video surveillance and monitoring
    • Physical security for server rooms and data centers
    • Secure disposal procedures for physical media

THIRD-PARTY DATA SHARING FRAMEWORK

ValorMutual may disclose Personal Data to the following categories of third parties under the conditions specified:

  1. Service Providers: Entities that process Personal Data on behalf of ValorMutual pursuant to written contracts that prohibit the retention, use, or disclosure of Personal Data for any purpose other than the specific purpose of performing the services specified in the contract.
  2. Legal and Regulatory Authorities: Government agencies, law enforcement, courts, and other public authorities to whom disclosure is necessary to comply with applicable laws, regulations, or legal processes.
  3. Corporate Affiliates: Subsidiaries, parent companies, joint ventures, and other corporate affiliates for purposes consistent with this Privacy Policy.
  4. Business Transfer Recipients: Third parties in connection with a merger, acquisition, bankruptcy, or other sale of all or a portion of ValorMutual's assets.
  5. Professional Advisors: Accountants, attorneys, consultants, and other professionals bound by contractual, ethical, or legal obligations of confidentiality.

ValorMutual requires all third parties to respect the security of Personal Data and to treat it in accordance with applicable laws and regulations. ValorMutual does not allow third-party service providers to use Personal Data for their own purposes and only permits them to process Personal Data for specified purposes and in accordance with ValorMutual's explicit instructions.

INDIVIDUAL RIGHTS ARCHITECTURE

Subject to applicable law and certain exemptions, individuals may have the following rights with respect to their Personal Data:

  1. Right to Access: The right to request confirmation as to whether ValorMutual processes Personal Data concerning the individual and, where that is the case, access to the Personal Data and specific information about how ValorMutual processes it.
  2. Right to Rectification: The right to obtain without undue delay the rectification of inaccurate Personal Data concerning the individual. Taking into account the purposes of the processing, the individual shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
  3. Right to Erasure ('Right to be Forgotten'): The right to obtain the erasure of Personal Data concerning the individual without undue delay where specified grounds apply.
  4. Right to Restriction of Processing: The right to obtain restriction of processing where specified grounds apply.
  5. Right to Data Portability: The right to receive the Personal Data concerning the individual, which the individual has provided to ValorMutual, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from ValorMutual.
  6. Right to Object: The right to object, on grounds relating to the individual's particular situation, at any time to processing of Personal Data concerning the individual which is based on legitimate interests pursued by ValorMutual or by a third party.
  7. Right Not to be Subject to Automated Decision-Making: The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the individual or similarly significantly affects the individual.

COOKIES AND TRACKING TECHNOLOGIES IMPLEMENTATION

ValorMutual's digital properties utilize cookies, web beacons, pixels, and similar tracking technologies ("Tracking Technologies") to collect information automatically from devices. These Tracking Technologies are categorized as follows:

  1. Strictly Necessary Tracking Technologies: Required for the operation of our digital properties. These include technologies that allow users access to services that have been requested and technologies that are required to identify irregular site behavior, prevent fraudulent activity, and improve security.
  2. Performance Tracking Technologies: Used to assess the performance of our digital properties, including as part of analytical practices to help improve the functioning of these properties.
  3. Functional Tracking Technologies: Used to enhance the functionality of our digital properties, such as by remembering choices made on previous visits.
  4. Targeting/Advertising Tracking Technologies: Used to deliver content, including advertisements, relevant to individual user interests on our digital properties and third-party sites.

Users may manage their preferences regarding certain Tracking Technologies through browser settings, opt-out mechanisms provided in our digital properties, or industry opt-out tools. However, disabling certain Tracking Technologies may render portions of our digital properties inaccessible or may limit the functionality available to users.

CROSS-BORDER DATA TRANSFERS

In circumstances where ValorMutual transfers Personal Data to countries outside the jurisdiction in which the data was originally collected, such transfers shall be made in compliance with applicable data protection laws, including, where necessary, implementing appropriate safeguards such as:

  1. Standard Contractual Clauses approved by relevant regulatory authorities;
  2. Binding Corporate Rules;
  3. Approved Certification Mechanisms;
  4. Codes of Conduct; or
  5. Other transfer mechanisms approved under applicable law.

Where transfers are made to jurisdictions deemed not to provide an adequate level of data protection, ValorMutual shall ensure that appropriate technical, organizational, and contractual safeguards are implemented to ensure a level of protection equivalent to that guaranteed under applicable data protection laws.

DATA RETENTION GUIDELINES

ValorMutual retains Personal Data for no longer than is necessary for the purposes for which the Personal Data is processed, unless a longer retention period is required or permitted by applicable law. The criteria used to determine the retention periods include:

  1. The period necessary to fulfill the purposes outlined in this Policy;
  2. The period necessary to comply with legal obligations to which ValorMutual is subject;
  3. The period necessary to resolve disputes, establish legal defenses, conduct audits, or for other legitimate business purposes; and
  4. The period necessary based on the guidance of ValorMutual's legal and compliance advisors.

POLICY MODIFICATIONS AND AMENDMENTS

ValorMutual reserves the right to modify, amend, or otherwise update this Policy at any time and at its sole discretion. Material changes to this Policy will be communicated to affected individuals through appropriate channels, which may include email notifications, conspicuous posting on our digital properties, or other means of communication. The revised Policy will be effective immediately upon posting unless otherwise stated.

Continued use of ValorMutual's services following the effective date of a revised Policy constitutes acceptance of and agreement to the Policy as revised.

CONTACT INFORMATION AND PROCEDURAL GUIDELINES

For inquiries, requests, or complaints related to this Policy, individuals may contact ValorMutual's Data Protection Office using the following contact information:

Data Protection Officer
ValorMutual Insurance Company
Email: info@valormutual.com

Individuals wishing to exercise their rights under this Policy must submit a verifiable request to ValorMutual using the contact information provided above. ValorMutual shall respond to verifiable requests within the timeframes required by applicable law.

EFFECTIVE DATE

This Policy is effective as of January 1st, 2025 and supersedes all previous iterations.

© 2025 ValorMutual Insurance Company. All Rights Reserved.