CA Privacy Notice
This Policy explains how we collect, use, retain, and disclose Personal Information about California residents. If you are not a resident of California, we may still process your request if you submit one, but we are not required to do so under the California Consumer Privacy Act. In the event that we agree to process a request submitted by a person who is not a California resident, we will apply the same guidelines and procedures to your request that we would to a request submitted by a resident of California. We reserve the right to not accept a request submitted by a non-California resident, or to stop or change our procedures as to requests submitted by U.S. residents outside the state of California.
Please note that the CCPA does not currently apply in all respects to Personal Information that We collect from a person in the course of the person acting as a job applicant, employee, owner, director, officer, or contractor of Asteya to the extent that the person’s Personal Information is collected and used by Us solely within the context of the person’s role, or former role, as a job applicant, employee, owner, director, officer, or contractor of Asteya. The CCPA also does not apply to Personal Information that We collect that constitutes emergency contact information of a person acting in any of the aforementioned roles to the extent that the Personal Information is collected and used solely within the context of having an emergency contact on file. Lastly, the CCPA does not apply to Personal Information that is necessary for Us to retain in order to administer benefits relating to a person’s capacity in any of the aforementioned roles to the extent that the Personal Information is collected and used by Asteya solely within the context of administering those benefits.
Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the “CCPA”), “Personal Information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular California resident or household.
We collect Personal Information through multiple avenues, for example, information voluntarily provided when filling out an insurance application. The Personal Information We collect will vary based upon our relationship and interactions with that person.
We have collected the following categories of Personal Information over the past 12 months:
- (1) Personal Identifiers – this includes identifiers such as a real name, alias, postal address, Internet Protocol address, social security number, driver’s license number, or another similar personal identifier.
- (2) Personal Information – including, but not limited to, contact details, financial information, medical information, insurance information, employment information, or any other information which you might provide to Us. Personal Information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.
- (3) Characteristics of Protected Classes – characteristics of classifications (such as classes or groups) which are protected under federal or California state law, for example, sex, disability, citizenship, primary language, etc.
- (4) Commercial Information – including purchase information, products or services obtained, or considered, or other purchasing or consuming histories or tendencies.
- (5) Internet or Other Online Information – including, but not limited to, browsing history, search history, or other information regarding your interactions with Our Website.
- (6) Geolocation Data – such as device location.
- (7) Audio or Visual Information – including audio, electronic, visual, or similar information, such as video or audio calls.
- (8) Employment Information – Professional or employment-related information, such as work history and prior employer, information from background checks, resumes, etc.
- (9) Education Information – this includes information under the Family Educational Rights and Privacy Act, such as student records.
- (10) Inferences – this includes any information about a consumer which could be used to draw inferences about that person to create a profile about their, for example, characteristics and preferences.
(11) Sensitive Personal Information – Sensitive Personal Information includes, but is not limited to:
- Social Security number, driver’s license, state identification card, or passport number;
- Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
- Precise Geolocation;
- Racial or ethnic origin, religious or philosophical beliefs, citizenship, or immigration status;
- The contents of mail, email, and text messages unless We are the intended recipient of the communication;
- Information related to health;
- Information related to sexual orientation.
The purposes for which We use your Personal Information will be dependent upon, among other things, our communications and relationship with a particular California resident. We may collect Personal Information from the following sources:
- Directly from California consumers, or individuals acts on their behalf, for example, on calls, or when consumers fill out the Employment Application, Insurance Application Form, or Insurance Claim Form.
- Widely available sources, like public records, information from the media, or other information provided by local, state, or federal authorities.
- Outside organizations or companies that provide information to support, for example, providing referrals, underwriting, fraud prevention, and marketing.
- Outside organizations or companies that provide Us with Personal Information to support Our daily workplace functions, for example, providing products and services, human resources, workforce management, or security monitoring.
- Automatically collected Personal Information from Website usage, such as cookies, flash cookies, or web beacons.
The purposes for which We use your Personal Information will be dependent upon, among other things, our communications and relationship with a particular California resident. The chart below summarizes the purposes for which We collect Personal Information.
|Purpose for Collection and Use||Examples|
|To present and administer Our products and services||
|Management of Employment and Human Resources||
|Oversight of standard operating procedures, for example, compliance with risk and legal requirements||
|For the management, development, and improvement of Our Website and business||
|Our use of Sensitive Personal Information||
The categories of third parties to which We disclose your Personal Information will be dependent upon, among other things, our communications and relationship with a particular California resident. Such parties may include:
- Affiliated Companies and Joint Venture Partners
- Identity Verification Services
- Insurance/Reinsurance Companies and Administrators
- Collection Agencies
- Marketing Service Providers
- Employment Benefits Service Providers
- Referral Providers
- Government Agencies for Regulatory and Legal Requirements
The table below shows, for the past twelve (12) months, as to each category of Personal Information, the categories of the third parties to whom we shared Personal Information for our business purposes.
|Category of Personal Information||Category of the Third Party that We Disclose Personal Information to for Business Purposes|
|Characteristics of Protected Classes||
|Internet or Other Online Information||
|Audio or Visual Information||
|Sensitive Personal Information||
We will keep Personal Information no longer than We must to fulfill the Purposes for Which We Use Personal Information. We destroy Personal Information after we no longer need it according to the specific retention period. However, Asteya may hold Personal Information for longer than the retention periods to comply with regulatory requirements, audits, investigations, or other legal matters. Our third-party service providers are also held to these requirements.
In accordance with the California Consumer Privacy Act, California residents may submit a Verifiable Consumer Request in order to request that Asteya:
Discloses to you the information below which We collected over the 12-month period prior to your request (also known as a request under the “Right to Know”):
- The categories of Personal Information which We collected about this California resident, as well as the sources from which We collected that information;
- The purposes for which We collected Personal Information about you;
- The categories of third parties that We disclosed your Personal Information to, as well as the categories of Personal Information we disclosed;
- The specific pieces of Personal Information which We collected about you.
- Delete Personal Information which We have collected about you (pursuant to the “Right to Delete”).
- Correct inaccurate Personal Information which We have retained about you (under the “Right to Correct”).
All California residents, including but not limited to those acting in their capacity as an applicant, employee, or independent contractor, have the right to be free from discrimination by a business for exercising any or all the rights afforded by the California Consumer Privacy Act.
Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the “CCPA”), a “sale” is defined as the selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by other electronic means, a consumer’s Personal Information by the business to a third party for monetary or other valuable consideration. Asteya does not sell Personal Information, including Sensitive Personal Information, and has not done so within the last twelve (12) months.
Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the “CCPA”), “cross-context behavioral advertising” is defined as the targeting of advertising to a consumer based on the consumer’s Personal Information obtained from the consumer’s activity across businesses, directly-branded websites, applications, or services, other than the business, directly-branded website, application, or service with which the consumer intentionally interacts. As of January 1, 2023, Asteya does not share Personal Information for cross-context behavioral advertising within the scope of the CCPA.
Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the “CCPA”), “Verifiable Consumer Request” means a request that is made by a consumer, by a consumer on behalf of the consumer’s minor child, by a natural person or a person registers with the Secretary of State, authorized by the consumer to act on the consumer’s behalf, or by a person who had power of attorney or is acting as a conservator for the consumer, and that the business can verify, using commercially reasonable methods, the consumer making the request has the right to access the Personal Information the business has collected.
If you are a California resident seeking to exercise your Rights to Know, Delete, or Correct, please submit a Verifiable Consumer Request to Us by either:
- Calling Us at +1(954) 246-3509; or
- Emailing Us at firstname.lastname@example.org
Only you, or someone legally authorized to act on your behalf, may make a Verifiable Consumer Request related to your Personal Information. You may exercise your Rights to Know, Delete, or Correct twice within a 12-month period. When a Verifiable Consumer Request is submitted pursuant to the Rights under the CCPA, that Verifiable Consumer Request must:
- Provide sufficient information that allows Us to reasonably verify you are the person about whom We collected Personal Information or an authorized representative of a person about whom We collected Personal Information; and
- Describe the request in sufficient detail that allows Us to properly understand, evaluate, and respond to that request.
After We receive a Verifiable Consumer Request from you, We will take steps to verify it is you making the request. Given the nature of Personal Information that is subject to Verifiable Consumer Requests, We will require authentication of your identity. We cannot and will not provide Personal Information to you if we cannot verify your identity or status as a representative of a person with the authority to submit a Verifiable Consumer Request for Personal Information.
We will make every effort to respond to Verifiable Consumer Requests within forty-five (45) days of its receipt. If We require more time, We will inform you of the reason and extension period in writing.
Any disclosure We make will only cover the twelve (12) months preceding our receipt of your Verifiable Consumer Request. The response We provide will also explain the reason(s) we cannot comply with a request, if applicable.
We do not charge a fee to process and respond to a Verifiable Consumer Request unless it is excessive, repetitive, or manifestly unfounded. If We determine that the request warrants a fee, We will tell you why We made that decision and provide you with a cost estimate before completing your request.
Please note that privacy and information protection laws other than the CCPA apply to much of the Personal Information that We collect, use, and disclose about California individuals. When these other laws apply, We may deny Verifiable Consumer Requests for Personal Information. For example, information protected by the Health Insurance Portability and Act is exempt from requests made pursuant to the California Consumer Protection Act. The result of this is, requests made under the “Right to Know,” We may be required by law to deny all or part of your Verifiable Consumer Request related to exempt Personal Information. Furthermore, if a consumer requests to delete or correct exempt information, We may not delete or correct some or all of it. Other situations where we might not include Personal Information in responding to Verifiable Consumer Requests include, but are not limited to, when disclosure of that Personal Information would adversely affect the privacy rights of the individual the data pertains to, or when retention of the data is necessary for compliance with a legal obligation.
We will respond to Verifiable Consumer Requests in accordance with applicable law, while considering the category and sensitivity of the information being requested.
Asteya has no actual knowledge that We sell or share the Personal Information of residents of California who are 16 years of age or less.
Asteya does not share your information with non-affiliated third parties for their own marketing use without your consent. Asteya does not share your information with corporate affiliates.
We may change or update this Notice periodically. When We do, we will post the revised Notice on this webpage, indicating when the Notice was “Last Updated.”
This Notice is provided by Asteya and its subsidiaries that either: (1) act as a business within the meaning of the CCPA, or (2) are controlled by Asteya and use the Asteya name.
For questions or concerns about the Our privacy policies and practices, please contact Us by either:
- Calling Us at +1(954) 246-3509; or
- Emailing Us at email@example.com