PRIVACY POLICY

This privacy policy was last revised on November 05, 2019

About us and scope

The Hartford Steam Boiler Inspection and Insurance Company and its affiliates and subsidiaries (“HSB”, “we”, “us”, or “our”) are committed to protecting the privacy of your personal data. We have established data privacy standards that are designed to reflect this commitment and are intended to comply with applicable data privacy protection laws. The following privacy policy applies to the website located at hsbfrontdoor.com and any related mobile applications, websites, digital portals, and media platforms owned and/or controlled by HSB (individually and collectively, the Site(s)), and explains our policies and practices concerning collection, use, disclosure, and processing of your personal data collected through the Site(s) and by other related means (for example, through e-mail, phone calls and other communications).

By using our Site(s), you consent to this privacy policy without limitation or qualification. If you do not agree with this privacy policy, or if your use of the Site(s) violates any law or regulation, you are prohibited from using the Site(s).

Please be advised that depending on the nature of your relationship with us, the Site(s) that you use, and/or the jurisdiction in which you are located, supplemental or different privacy policies may apply. You are advised to review the privacy policies made available on each of the Site(s) that you use, as well as any other privacy policies, notices, or statements provided by us to you.

  • The privacy statement for HSB Engineering Insurance Limited and HSB Engineering Insurance Services Limited can be found here.
  • The privacy statement for The Boiler Inspection and Insurance Company of Canada can be found here.

Our contact information

For any questions regarding this privacy policy or our collection and use of your personal data, you may contact us at the address below, or via e-mail at customer_solution_center@hsb.com.

The Hartford Steam Boiler Inspection and Insurance Company
Attn: HSB Data Officer
One State Street
P.O. Box 5024
Hartford, CT 06102-5024

Data we collect and how we use it

There are two categories of data that we may collect when you visit the Site(s): data collected automatically; and data that you provide voluntarily.

Data collected automatically

When you access the Site(s), we use automatic data collection technologies to collect your IP address, browser information (such as type, version, location and carrier), operating systems information, referral URL information, network information, user location, login dates and times, language preferences, access information, and information about how and when you use the Site(s) (e.g., page visits and views, link clicks, etc.). We collect this data through cookies, server logs, and other technologies, such as web beacons.

Use of cookies

While you are online, your computer saves “cookies.” A “cookie” is a small file, typically of letters and numbers, that is saved to your device or your browser’s memory. Cookies contain information about your visit to the Site(s) and serve to make our Site(s) more user-friendly, effective and secure.

Some of the cookies that we use are “session cookies,” which are automatically deleted as soon as you leave the Site(s). Other cookies remain on your device until you delete them, which allows us to recognize your browser the next time you visit. Cookies that remain on your device may allow your browser to load previously viewed pages faster.

We often save cookies and analyze them. This allows us to improve the usefulness of our Site(s) and helps us provide the best possible experience. These cookies do not reveal your specific identify (e.g., your name), but may include information related to your device or location (e.g., your IP address). We perform anonymous statistical analyses of our internet presence (e.g., tracking the number of times you visit the Site(s), tracking the number of visitors to our Site(s), analyzing your interactions with our Site(s)), and do not identify you personally in such analyses.

You can change your browser settings so that you are notified when cookies are being used. You can also change your browser settings to allow cookies only once, refuse them completely or refuse them just in certain cases. You may also activate the automatic deletion of cookies when you close your browser. Deactivating cookies may restrict the Site(s) functionality and impact or impair your experience on the Site(s).

Below, we explain the cookies that we use and why:

Source

Cookie name

Purpose/Content

More Information

hsbfrontdoor.com

ApplicationGatewayAffinity

LoadBalancer cookie (Cookie-based Affinity) / Random string to identify the server, the request should be sent to (no PI data)

Session Cookie

hsbfrontdoor.com

JSESSIONID

To maintain http session / Random string (no PI data)

Session Cookie

hsbfrontdoor.com

QSI_HistorySession

This cookie stores what pages a visitor has visited for the current session (no PI data)

Session Cookie

hsbfrontdoor.com

saml_request_path

This cookie stores the page to which the user will be redirected to after logging in (no PI data)

Session Cookie

hsbfrontdoor.com

languagepage

This cookie stores the language page user signed in/registered from, to redirect user to same language page (no PI data)

1 year

hsbfrontdoor.com

login-token

This cookie stores an unique AEM session ID for logged-in user (no PI data)

Session Cookie

hsbfrontdoor.com

entity

This cookie stores the value of entity, which is fetch from the URL / EIL or BII or IIC (no PI data)

Session Cookie

hsbfrontdoor.com

time-out-request

This cookie is set to let system know that user’s session is timed out or intentionally logged out / ‘Y’ (no PI data)

Session Cookie

hsbfrontdoor.com

AMCV_###@AdobeOrg

This cookie is used to identify a unique visitor

2 years

mruscloud.com

AMCV_###@AdobeOrg

This cookie is used to identify a unique visitor

2 years

hsbfrontdoor.com

AMCVS_###@AdobeOrg

This cookie collects anonymous information about how visitors use the website

Session Cookie

mruscloud.com

AMCVS_###@AdobeOrg

This cookie collects anonymous information about how visitors use the website

Session Cookie

hsbfrontdoor.com

s_sq

This cookie is set and read by the JavaScript code when the ClickMap functionality and the Activity Map functionality are enabled; it contains information about the previous link that was clicked on by the user

Session Cookie

mruscloud.com

s_sq

This cookie is set and read by the JavaScript code when the ClickMap functionality and the Activity Map functionality are enabled; it contains information about the previous link that was clicked on by the user

Session Cookie

hsbfrontdoor.com

s_cc

This cookie is set and read by the JavaScript code to determine if cookies are enabled (simply set to "True")

Session Cookie

mruscloud.com

s_cc

This cookie is set and read by the JavaScript code to determine if cookies are enabled (simply set to "True")

Session Cookie

demdex.net

demdex

Audience Manager sets this cookie to assign a unique ID to a site visitor. The demdex cookie helps Audience Mangerperform basic functions such as visitor identification, ID synchronization, segmentation, modeling, reporting, etc. / The demdex cookie contains a Unique User ID (UUID)

Session Cookie

hsbfrontdoor.mruscloud.com

x-ms-cpim-sso:hsbaadprodp01.onmicrosoft.com_0

To maintain the session of the user from AAD side.

Session Cookie

hsbfrontdoor.com

userdetails

Used for storing the invited user's details (email id, timestamp, group id, language, entity)

15 days

hsbfrontdoor.com

samlRequest

Contains SAML request generated from AEM to send to AAD (no PI data)

session

hsbfrontdoor.com

skipSSO

Used to detect if user is internal SSO or not (no PI data, only contains 'false' as value)

7 days

hsbfrontdoor.com

logoutpage

Used to save current page path, to redirect the user to the same locale logout page

session

hsbfrontdoor.com

deeplink

Used to navigate the user to the requested application after a successful login

session

 

Server Log Files

Data that your browser sends us is collected automatically and saved in server log files. They contain:

  • Browser type, version, location and carrier
  • Operating system used
  • Referrer URL (the URL that the user comes from)
  • Host name (network name) of the accessing computer
  • Time of server request

This data cannot be traced to individual people. We do not merge this data with other data sources. We reserve the right to review the information subsequently, and report it to authorities (such as the police or public prosecutor’s office), if there are concrete indications that our internet presence is being used illegally (for example, a hacking attack on our network).

Web analytics tools and other technologies

We use web analytics tools and applications, such as Adobe Analytics, to collect data so that we may better understand our traffic and make the Site(s) more user-friendly, efficient, and secure. Data collected automatically through Adobe Analytics includes, IP addresses, user group and preference information, browser types, carrier and location, referring pages, pages visited and viewed, link clicks, login date and time spent on a particular Site(s). Adobe Analytics may use cookies to collect and report data on an anonymous basis. For more information about Adobe Analytics and how to opt-out from specific Adobe Analytics cookies, please visit: https://www.adobe.com/privacy/opt-out.html.

Data that you provide voluntarily

Our relationship with you

Our relationship with you (including the Site(s) that you use and the products and/or services you request) will dictate the types of personal data that we collect from you, and our uses of such data. For example, we collect and use different personal data according to whether you are an insured policyholder, a claimant, a customer to whom we provide inspection services, a passive visitor of our Site(s), or a job applicant.

Where you provide personal data to us about other individuals (for example, where you are a customer to whom we provide services and you provide us with personal data about your employees or your own customers), we will also be responsible for their personal data (if any). You should refer them to this privacy policy, before supplying us with personal data on their behalf.

Collecting and processing your personal data

Personal data that we collect from you may include the following:

  • Contact information, such as: first and last name, title, company name, e-mail address, phone number, location and postal address.
  • Authentication and access information, such as: username, password and related security information.
  • Policy and claim information (including materials submitted as part of a claim).
  • Feedback, inquiries and/or other communications about the Site(s) and our products and services.
  • Your preferences, such as: language, date format, notification method, postal code, and time zone.
  • Your profile picture (if provided voluntarily).

We process your personal data in accordance with applicable laws and always for one or more of the following reasons:

  • To enter into or perform a contract: For example, we use your personal data to provide quotes; investigate claims; fulfill orders for products and/or services; communicate with you; respond to customer service requests; facilitate use of the Site(s), etc.
  • Our legitimate business interests: For example, we use your personal data to improve our Site(s), our internal operations, our security efforts, and our products and services.
  • With your consent: For example, we will obtain your consent to process your personal data for purposes of sending you marketing or promotional material. Consent can be withdrawn in these circumstances by opting out of such communications; provided, however, that it will not affect data processed prior to such withdrawal.
  • As otherwise permitted by law or where required to comply with one or more of our legal obligations.

Sharing your personal data

We will keep your personal data confidential and only share it with others in furtherance of one or more of the purposes above.

Internal disclosures

We share your personal data, on a confidential basis, with those departments and staff members who are responsible for the applicable use and/or processing activity.

Disclosures to third parties

We may share your personal data with our parent, Munich Re (and its subsidiaries), as well as third party service providers. A list of the categories of third party service providers to whom your data may be disclosed is provided below:

  • Any agent or representative acting for you
  • Insurers or reinsurers
  • Third parties in the insurance distribution chain who we rely on to administer insurance, such as brokers, insurers, and other intermediaries
  • Actuaries
  • Auditors
  • Law firms and other advisors
  • Credit referencing, debt collection and fraud and prevention agencies
  • Marketing service providers
  • IT service providers, IT maintenance providers, and cloud service and hosting providers
  • Regulators and other applicable governmental bodies
  • Selected third parties in connection with any sale, transfer, or disposal of our business
  • Any other person where necessary to perform a contract with you, to protect ourselves from risk, or to ensure regulatory compliance or good governance.

Transmitting your data internationally

Please be aware that data collected through the Site(s) may be transferred to, stored in, or processed in the United States, where our servers are located and our database is operated, or where our third-party service providers servers and/or databases are located. If you are visiting the Site(s) from outside of the United States, please be advised that the data protection laws of the United States may not be as comprehensive as those in your country of residence, but that we will take all necessary measures to protect your personal data in accordance with this privacy policy and all applicable laws.

You may also request more information regarding our data transfers and the steps we take to safeguard your personal data by contacting us using the contact information set forth above.

Third Party Sites

For your convenience, our website may contain links (embedded or otherwise) to websites, online services, or mobile applications that are operated by third-parties (“Third Party Sites”). These Third Party Sites are operated independently from our Site(s). We are not responsible for the content, security or privacy policies of any such Third Party Sites. You should review the specific privacy policies of those Third Party Sites to determine how they collect, protect, store, use, and process your personal data.

Security

We take the security of your personal data seriously. We have implemented appropriate security measures and procedures designed to protect against loss, misuse, unauthorized access, alteration, and disclosure of your personal data.

Retention of your data

We will keep your personal data for as long as reasonably necessary to fulfill the purposes for which it was collected, in accordance with this privacy policy, and to comply with our legal and regulatory obligations. We have a detailed retention policy in place that governs how long we will retain your personal data. The exact time period will depend on your relationship with us and the type of personal data collected, as well as applicable laws. If you would like more information regarding the periods for which your personal data will be stored, please contact us using the contact information set forth above.

Your rights

To the extent provided by the law of your jurisdiction, you may have the right to: access your personal data; request transfer of your personal data; request updates or corrections to your personal data; request that we delete, erase, or restrict access to your personal data; and/or lodge a complaint with your local data privacy regulator. These rights may not apply in every circumstance or to every user. You can exercise your rights, or request more information about your rights, by contacting us using the contact information above.

Please note that there may be certain circumstances where we cannot comply with your request; such as where complying with it would mean that we couldn't comply with our own legal or regulatory requirements. In these instances, we will let you know why we cannot comply with your request.

In some circumstances, complying with your request may result in your insurance policy or inspection services contract being cancelled or your claim being discontinued. We will inform you of this at the time you make such a request.

California Residents: Your Privacy Rights

Under the California Consumer Privacy Act of 2018 (“CCPA”), California residents have certain rights with respect to HSB’s collection, use, and sharing of their personal data.

HSB collects various categories of personal data when you use the Site(s). A detailed description of the data HSB collects and how we use it is provided above (Section entitled - “Data we collect and how we use it”). You will find that the Section entitled “Sharing your personal data” describes the categories of third parties with whom we share your personal data and what information may be shared under different circumstances.

We will not discriminate against you for exercising your rights under the CCPA. We will not: (i) deny goods or services to you, (ii) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, (iii) provide you a different level or quality of goods or services, or (iv) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. We do not offer financial incentives associated with our collection, use, or disclosure of your personal data.

Separate from the CCPA, California’s Shine the Light law gives California residents the right to ask companies what personal data they share with third parties for those third parties’ direct marketing purposes. We do not disclose your personal information to third parties for the purpose of directly marketing their goods or services to you unless you request such disclosure.

If you have any questions regarding this privacy policy or wish to submit a rights request through HSB’s Customer Solutions Center, you may contact us using the contact information provided below.

How to ‘opt out’ from marketing

You have control over the extent to which we market to you and can request that we stop sending you marketing messages at any time. You can do this by either clicking on the "unsubscribe" button in any marketing email that we send to you or by contacting us using the contact information set forth above.

Please note that even if you opt out from receiving marketing communications, we may still send you service-related and administrative communications from which you cannot opt out without choosing to discontinue doing business with us.

Children’s Use of the Site(s)

We do not seek or knowingly collect personal data from individuals under the age of 18. If you are under the age of 18, we request that you do not access or use the Site(s).

Do Not Track Disclosure

“Do Not Track” is a preference that you may be able to set on your browser (if supported) to opt out from online behavioral tracking. The Site(s) do not collect personally identifiable data about you as you move across different websites over time in order to provide targeted advertising and, therefore, do not respond to “Do Not Track” signals.

Changes to this Privacy Policy

From time to time, we may need to make changes to this privacy policy (for example, as the result of changes to law, technologies, Site content or other developments). We will provide notice of such changes by posting them on the Site(s). You can also view this page periodically to view the most recent version of this privacy policy.