Privacy Notice

Effective Date: June 1, 2024

Introduction

Sterling Benefits, LLC (“we”, “us”, or “our”) is committed to protecting the privacy and confidentiality of the information that identifies or relates to an identifiable individual (“Personal Information” or “Personal Data”) that we collect, use, disclose, store, and transmit (process) in the course of providing our insurance brokerage, risk advisory, and other related services (the “Services”). This Privacy Notice is intended to inform you of the ways in which we collect, use, and disclose personal information and sets forth your rights.

Please take a moment to familiarize yourself with our privacy practices outlined below. By using our website, www.sterlingben.com, or our Services, you acknowledge that you have read, understand, and accept this Privacy Notice.

This Privacy Notice is subject to change at any time. If we make changes to this Privacy Notice, we will update the “Effective Date” at the top of this page and post it on our website. Where required by local law, we will also notify you of any changes we make to this Privacy Notice in accordance with law and the notice provisions in the terms of our engagement. To the extent permitted by law, any changes we make to this Privacy Notice become effective immediately.

Our contractual commitments to clients will supersede any terms in this Privacy Notice.

Our Role

In the United States, we generally collect personal information in the course of providing our Services pursuant to a contract we have with a commercial client (our “Client”). In such circumstances, we act as a “service provider” or “processor” under applicable US privacy laws and are thus obligated to process personal information in accordance with instructions from our Client, the business ultimately responsible for determining how your personal information will be handled. Accordingly, if you disclose personal information to us in connection with your role as an employee of our Client, or by virtue of some other relationship you have with our Client, we encourage you to review that Client’s privacy notice to understand the full scope of how your personal information will be handled. Further, in any case where we are acting as a service provider to a Client, if you or your authorized agent (together referred to hereinafter, where applicable, as “you”) wish to exercise any rights that may be available to you under law, you should direct your request to our Client, who is the party responsible for receiving, assessing, and responding to your requests.

Under the privacy laws in other countries, we generally act as a data controller and will determine the purposes and means of the processing of personal information and will be responsible for handling any request you submit to exercise your rights under such privacy laws.

If you are not certain what our role is with respect to your personal information, please contact us through one of the methods described at the end of this Privacy Notice.

Personal Information We Collect

The types of personal information we collect will vary depending on the nature of our relationship with our clients, such as the type of product or service we provide or the type of site being accessed. In either case, we limit the personal information that we collect to that which will allow us to fulfill our intended business purposes. In many cases, the personal information we collect is required for us to provide our clients with our services or meet legal requirements, and failure to provide us with the information may prohibit us from delivering requested services.

Generally, we may collect and process the following types of personal information about individuals and, if required for the services provided, their dependents or beneficiaries under an employer, association, group, or benefit program sponsor:

• Individual Contact and Demographic Information (which may include Family Members): Name, address and/or proof of address, email address, telephone number, gender, marital status, family details, date and place of birth, employment information – employer, job title, employee ID, and employment history, and/or the individual’s relationship to the policyholder, insured, beneficiary or claimant, images.
• Business Contact Information: Employer, job title, business address, email, and phone numbers.
• Identification Details: Identification numbers issued by government bodies or agencies (e.g., social security or national insurance number, passport number, tax identification number, ID number, or driver’s license number), and/or insurance provider (e.g., policy number or claim number).
• Benefits Information: Benefit elections, pension entitlement information, date of retirement and any relevant matters impacting your benefits such as voluntary contributions, pension sharing orders, tax protections or other adjustments.
• Financial Information: Payment card number and related data, bank account number and account details, income, and other financial information.
• Insurable Risk Information: The information necessary for us to secure insurance products/quotes, provide risk consulting services, and/or offer guidance on other financial products and services. This information may include to the extent relevant to the risk being insured:
  • Criminal records data – criminal convictions, including driving offenses;
  • Vehicle information – vehicle identification number and other vehicle details;
  • Health data – current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g., smoking), medical history, previous health insurance information;
  • Policy information – historical information about the insurance quotes individuals receive and the policies they obtain;
  • Claims information – information about current and/or previous claims, including health data; and
  • Other Special Categories of Personal Information – Racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and/or data concerning an individual’s sex life or sexual orientation.
• Credit and Anti-fraud Data: Credit history and credit score, individual information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies.
• Marketing Data: Whether or not an individual has consented to receive marketing from us and/or from third parties; interaction with our sites, marketing communications, articles, and social media.
• Event and Survey Information: Information related to Sterling Benefits-sponsored events that you have attended and product or service-related surveys you have completed.
• Site-Related Information: Information related to the operation of and use of a site and information collected through cookie or other tracking technologies, which may include log-in credentials, IP addresses, domain names, browser versions and operating system, traffic data, the resources you access, and other site-related information.

To learn more about each category of personal information we collect, the purpose for collection, the sources, and the parties to whom to disclose such personal information, please view this comprehensive chart.

Special Categories of Personal Information, Including Criminal Data

When we collect, use, or disclose to third parties (such as insurers, intermediaries, and reinsurers) special categories of personal information and criminal records data, we typically do so for reasons of substantial public interest, namely because it is necessary for the wide range of insurance-related activities that we undertake or because it is necessary for fraud prevention purposes.

Where we collect, use, or disclose special categories of personal data in the administration of a government arrangement to provide compensation to industries affected by the COVID-19 pandemic, we may do so for reasons of substantial public interest insofar as it is necessary for government purposes.

Before you provide us with special categories of personal data and criminal records data about a person other than yourself, you agree to notify such person of our use of their personal information and, if requested by us, to obtain their consent to our use of their special categories of personal information and criminal records data (for example, by requiring the individual to sign a consent form).

How We Collect Personal Information

Information Provided by You, Your Representatives, or Third Parties: We may collect information from you, your representatives, your employer, association, group or benefit program/plan sponsor, and/or third parties that have roles in delivering services to our clients. These third parties may include insurance companies, plan administrators and service providers, brokers or agents, credit agencies, financial institutions, and government agencies or persons acting on behalf of such parties. You might provide this information when you visit a site; apply or request a quote for insurance coverage; enroll in an association, group, or employer benefits program; communicate with us or our service providers through email, chat, and instant messenger; speak to a Sterling Benefits representative by phone or in a call center; enroll in events, or marketing or business development activities, or send mail to our office. In addition, your employer or program/plan sponsor or someone acting on their behalf may provide us with information about you.

If you supply us with personal information about other people, you represent that you have the authority to provide this information on their behalf and have obtained their consent where necessary. In these instances, you further represent that the individuals to whom this information relates have been informed of the information in this Privacy Notice and understand the reason(s) for obtaining the information, the manner in which this information will be used and disclosed, and have consented to such use and disclosure.

Collection by Automated Means: We use cookies on our company-branded websites. If available, site users can opt-out of our use of certain cookies using our Cookie Management Tool linked at the bottom of the site. To find out more about how we use cookies, please see our Cookie Notice.

How We Use the Personal Information We Collect

Sterling Benefits may use the personal information received from you or your broker, insurance carrier, employer, or association, group, or benefit program/plan sponsor to:

• Verify your identity;
• Register and service your online account;
• Contact you when necessary and respond to your requests and inquiries;
• Process an insurance transaction, enrollment, or service requested by you directly, or by a third party, including the following:
  • The procurement of insurance (new and renewals);
  • Insurance policy administration;
  • Claims processing;
  • Consulting and related risk control services; and/or
  • General risk modeling, benchmarking and/or other analytics services;
• Allow you to manage the services requested by you, or through or third party;
• Market our services to you, including ours, those of our affiliates, and those of third parties;
• Analyze, administer, develop, personalize, and improve our products and services and evaluate the overall effectiveness of our marketing activities, sites, and overall service;
• Maintain network security and performance and protect against cyber-attacks;
• Comply with and enforce applicable laws, industry standards, and our own policies;
• Prevent and detect fraud and other legal or policy violations;
• Perform benchmarking and analytics that support our client services;
• De-identify information; and/or
• As otherwise described to you at the point of collection, for our legitimate business purposes, or pursuant to your consent.

We may also process de-identified information that is not reasonably likely to identify you for commercially legitimate and lawful business purposes. Where we have de-identified information, we will maintain and use it without attempting to re-identify the data other than as permitted under law.

Legal Basis for Processing Your Personal Information

The legal basis for our ability to process your personal information depends on which services we provide to you. Note that we may process your personal information for more than one legal basis depending on the specific purpose for which we are using your data.

We do not generally rely on consent as a legal basis for processing your personal information other than in relation to sending third-party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us at info@sterlingben.com or by contacting our privacy office using the contact details in the Questions or Concerns section below.

Disclosure of Your Personal Information

We may need to disclose your personal information in order to deliver the insurance and consulting products or services requested by you or your employer, or association, group, or benefit sponsor, and/or to administer our sites. We may disclose this information:

• To perform the services you request from us: We may disclose your personal information to insurers, and/or third-party agents/brokers in connection with providing insurance quotes, binding insurance coverage, administering claims, and other services.
• With your employer, association, group, or benefit program sponsor (when applicable): To assist in the administration of a group insurance program, insurance program-related personal information required for the administration and governance of the group program may be disclosed.
• With affiliates: To enable them to provide services to you or contact you regarding additional products and services that you have expressed an interest in.
• With agents or third-party service providers: We sometimes contract with other companies and individuals to perform functions or services for us or on our behalf. To perform these services, they may have access to personal information required to perform these services, but are contractually restricted from using it for purposes other than providing services for or on behalf of Sterling Benefits.
• With marketing partners: This sharing may occur, to the extent permitted by law, if you have requested a quote or service from us through such partners.
• In the context of mergers, acquisitions, and asset sales.
• To address legal matters: Sterling Benefits may preserve, and has the right to disclose, any information about you related to our rendered services or your use of this site without your prior permission if we have a good faith belief that such action is necessary to: (a) protect and defend the legal rights, safety, and security of Sterling Benefits, our affiliates and business partners, and users of this site; (b) enforce the Terms of Use of a site; (c) respond to claims of suspected or actual illegal activity; (d) respond to an audit or investigate a complaint or security threat; or (e) comply with applicable law, regulation, legal process, or governmental requests.

We may also disclose de-identified information that is not reasonably likely to identify you for commercially legitimate and lawful business purposes. Where we have de-identified information, we will maintain and use it without attempting to re-identify the data other than as permitted under law.

Steps We Take to Protect Your Information

We have implemented commercially reasonable physical, administrative, and technical safeguards in an effort to protect your personal information from unauthorized access, use, alteration, and deletion. These safeguards may vary depending on the sensitivity, format, location, amount, distribution, and storage of the personal information, and include measures designed to keep personal information protected from unauthorized access. However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our systems, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet.

Your Data Protection Rights

Certain jurisdictions extend enhanced personal information rights to residents of or persons located in the jurisdiction. You may have some or all of the following rights in relation to the personal information we collect about or from you, depending on the jurisdiction and our reason for processing your information:

• Right of access: You may ask us to confirm whether we are processing your personal information and the specific pieces of personal information we have collected and, if necessary, provide you with a copy of that personal information (along with certain other details).
• Right to correct (rectify): If the personal information we hold about you is inaccurate or incomplete, you may be entitled to request to have it corrected, taking into account the nature of the personal information and the purposes of the processing of your personal information.
• Right to delete: You may have a right in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable), to request that we delete or remove your personal information.
• Right to restrict/limit processing: You may have a right to restrict the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to us. Please note that we process sensitive personal information solely as necessary in performance of the services, to ensure the security and integrity of the information, or as otherwise authorized under law or regulation. Because we do not process your sensitive personal information for other purposes, you may not have a right to limit our processing of such information.
• Right to data portability: You may have the right to receive a copy of personal information we’ve obtained from you, where technically feasible, in a structured, commonly used, and machine-readable format, and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
• Rights in relation to automated decision making and profiling: We do not engage in wholly-automated processing of personal information to make decisions that produce a legal or other significant effect. Because we do not engage in such automated processing, we do not provide a mechanism for you to limit our processing of personal information in such a manner.
• Right to withdraw consent: If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you may have the right to withdraw that consent. If you withdraw your consent, we may not be able to carry out your instructions or perform the contract we have or are trying to enter into with you.

If you wish to exercise any of the above rights, opt out of marketing communications, or appeal a decision or denial we have made with respect to your personal information, please contact us at info@sterlingben.com. For your protection, we will need to validate the identity of anyone making a request relating to your personal information. We will respond to your request within a period of time required under law (generally within 30-45 days) unless it is reasonably necessary for us to extend our response time.

You may also have some or all of the following rights:

• Right to lodge a complaint: If you have a concern about any aspect of our privacy practices, including the way we’ve handled your personal information, you may report it to the relevant supervisory or regulatory authority. You may contact us as provided at the bottom of this Privacy Notice if you would like to receive contact information for your local authority.
• Right to Opt in or out of Sale or Sharing for Cross-Context Advertising: If you visit one of our sites, we may share your internet or other electronic network activity information for cross-context targeted advertising purposes utilizing advertising cookies. Under some laws, this activity may be considered a sale of information. As such, you may have the right to opt in or out of the sale of your personal information or the sharing of your personal information for cross-context behavioral advertising or targeting purposes. To opt in or out of our selling or sharing of your personal information on our websites or to view the names of specific third parties with whom we have sold or shared your information, please click on the “Manage Cookies” link at the bottom of our webpage, where you will find instructions on how to manage cookies and other online trackers that may collect and share personal information in a manner that could be considered a sale or sharing under applicable law. If you would like to opt out of the sale or sharing of your information, ensure the toggles for “Advertising” and “Analytics” trackers are set to “No”.
• Direct Marketing and Do Not Track Signals: You may have a right to request and obtain a notice once a year about the personal information we disclosed to other businesses for their own direct marketing purposes. If applicable, such a notice will include a list of the categories of personal information that were disclosed (if any) and the names and addresses of all third parties with which the personal information was disclosed (if any). The notice will cover the preceding calendar year. You may contact us as provided at the bottom of this Privacy Notice if you would like to learn if this right applies to you