The Mutual Group Privacy Policy
I. Introduction
TMG Insurance Services, LLC (“The Mutual Group”) developed this Privacy Policy to help you obtain information about our privacy practices and to help you understand your privacy choices when you use our websites, products and services.
II. Our Commitment to Privacy
Our privacy commitments are fundamental to the way we run our business. These commitments apply to everyone who has a relationship with us – including customers, partners and website visitors. The Mutual Group is committed to respecting your privacy. We will protect your privacy and keep your personal data safe. We use encryption and other security safeguards to protect customer data. We will not sell your personal data to anyone, for any purpose. That’s the bottom line.
III. Scope
This policy applies to all information we collect about you, information we collect directly from you, information we automatically collect, information we collect through our mobile application(s) and information we collect from third parties.
IV. Personal, Anonymous and Aggregate Information
Personal data, also referred to as PII or personally identifiable information is information that identifies or reasonably can be used to identify you. Anonymous information (i.e. information that doesn’t or can’t be reasonably used to identify you specifically) and aggregate information (i.e. information taken from many peoples’ data that is combined into groups or categories) are not considered personal data. Examples of personal data include your: (i) Name, (ii) Mailing address, (iii) Email address, (iv) Phone number, (v) Date of birth or age, (vi) Credit/debit card number, (vii) Purchase information, (viii) Mobile device information, (ix) How you use our sites and mobile applications, (x) Geo-location related information, and (xi) Social media information. Anonymous information is information that doesn’t identify you and can’t reasonably be used to identify you specifically. Finally, aggregate information is information taken from many people’s data and combined into anonymous groups or categories.
V. The Personal Data We Use
We want you to know exactly what data we collect and use. The Mutual Group may collect and use the following information:
- Your name
- Login and authentication information
- Information about the device(s) you use
- Information about the service usage
- Subscription preferences
- Any other information you upload or provide to us
VI. How We Use Personal Data
We will only use your personal data if we have a contractual relationship governing our use of your personal data or a pre-existing business relationship. Otherwise, The Mutual Group does not use your personal data in any way.
VII. Opting Out of Data Usage
We strive to let you know in advance what will happen to your personal data. If we intend to use your personal data for purposes other than those listed in this policy, or if we intend to disclose it to a third party acting as a controller not previously identified, we will only do so with your explicit consent.
VIII. Retention of Personal Data
We follow all applicable laws governing the retention of your data. The factors that influence how long we retain your data include:
(1) which information is needed to provide products, services and experiences to you,
(2) which information is needed to ensure secure payment, contact you and the data needed to serve any advertising based on personal interests and preferences.
We retain the data we collect from you for different periods of time depending on your applicable preferences and the purposes we use it for. Data of yours that we retain falls into the following categories:
(i) Information retained until you remove it – we keep this data until you ask us to delete it.
(ii) Information that we delete after a specific period of time or in response to an event – we store this data for a predetermined period of time. We set retention timeframes based on the reason for its collection and compliance with applicable law.
(iii) Information retained for specific business or legal purposes – Sometimes business and legal requirements oblige us to retain certain information, for specific purposes, for an extended period of time. For example, when we process a payment for you or when you make a payment to us, we will retain this data for longer periods of time as required for tax or accounting purposes.
(iv) Based on the applicable laws of your region, you may have the right to request deletion of personal information we collect from you.
IX. Your Rights – USA
We provide you with certain rights regarding your personal data, subject to certain exceptions and limitations –
(1) Right to request access to the personal data we have collected about you, transfer and restrict the processing of specific pieces of personal information we collected about you and learn how we collect this information, our purpose in collecting it and the types of parties we may have disclosed it to
(2) Right to delete the personal data we have collected from you
(3) Right to opt-out of selling or sharing of your personal data with third-parties, if applicable.
(4) Right not to receive discriminatory treatment for the exercise of the relevant privacy rights conferred by applicable laws.
Under CPRA, residents of California may exercise employee rights. If applicable, we provide employees with certain rights regarding your personal data, subject to certain exceptions and limitations –
(1) Right to request access to the personal data we have collected about you, restrict the processing of specific pieces of personal information we collected about you and learn how we collect this information, our purpose in collecting it,
(2) Right to correct or delete the personal data we have collected from you,
(3) Right to opt-out of our sale(s) of your personal data,
(4) Right to limit use and disclosure of sensitive personal information, if applicable and
(5) Right not to receive discriminatory treatment for the exercise of [the relevant] privacy rights conferred by applicable laws.
X. Exercising Your Rights
We may require additional information from you to verify your identity and residence before we can process your request. We also reserve the right not to restrict access to your information or to limit your rights (e.g., if such disclosure is prohibited by law or if the rights of another individual might be violated). In some instances, this may mean that we are able to retain your personal data even if you withdraw your consent. California residents may designate an authorized agent to make a CCPA request on your behalf by completing and signing the form available here.
XI. Adequate Protection
The Mutual Group will take appropriate steps to make sure that transfers of personal data are in accordance with applicable law and carefully managed to protect your privacy rights and values. Also, transfers will be limited to countries which are recognized as providing an adequate level of legal protection.
XII. Conflicts between Law and this Policy
If there is a conflict between this policy and an applicable law, we will apply the standard that provides more protection to you.
XIII. Information Sharing with Authorities
The Mutual Group will cooperate with law enforcement and regulatory officials possessing the appropriate jurisdiction. The Mutual Group will disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, as well as data breach notification requirements.
XIV. Getting in Touch With Us
Communicating with us through email, text messages and social media is inherently insecure. Please don’t send us sensitive personal data via these forms of communication.
XV. Complaints
In certain jurisdictions, you have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal data. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time. If you have any questions, concerns, or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us at:
Attn: Privacy Office
The Mutual Group
1111 Ashworth Road
West Des Moines, IA 50265-3538
877-448-4331
LegalWorkRequests@themutualgroup.com
XVI. Specification of Use and Need
Prior to collecting, using or sharing personal data, we define and document the specific, legitimate business purposes for which it is needed. We determine and document how long personal data is needed for those defined business purposes and applicable legal requirements. We do not collect, use or share more personal data than is needed or retain it in identifiable form for longer than is needed for those defined business purposes and applicable legal requirements.
XVII. Cookies
When you visit this site, basic information is passively collected through your web browser via use of tracking technologies, such as a “cookie” which is a small text file that is downloaded onto your computer or mobile device when you access the site. It allows us to recognize your computer or mobile device and store some information about your actions.
We use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses cookies to help us analyze how you use the site and enhance your experience when you visit the site. For more information on how Google uses this data, please visit www.google.com/policies/privacy/partners/. You can learn more about how to opt out of Google Analytics by visiting https://tools.google.com/dlpage/gaoptout. The information Google Analytics collect through cookies and other means does not individually identify you. This information is stored anonymously by assigning a randomly generated number to recognize unique visitors. For additional information on Google Analytics cookies please visit https://policies.google.com/technologies/cookies?hl=en-US.
When your browser or device allows it, we use both sessions cookies and persistent cookies to better understand how you interact with our services and to monitor aggregate usage patterns. Under no circumstances will The Mutual Group track user’s individual activity on the Internet outside of the website or application from which the technology originates, share the data obtained through such technologies, cross-reference, any data gathered from web measurement and customization technologies against personal data to determine individual-level online activity, or collect personal data without the user’s explicit consent.
XVIII. Do Not Track (DNT) Functionality
Our website does not track visitors’ behavior.
XIX. Pixels
Pixels are used by many companies to track your usage of websites in a fashion similar to cookies. However, The Mutual Group does not use pixels.
XX. Complying with this Policy
The Mutual Group ensures compliance with this policy through a comprehensive audit and enforcement plan. This audit and enforcement plan ensures that the policies set forth are consistently and accurately implemented. Additionally, we undertake periodic reviews of this policy to determine whether provisions should be updated.
XXII. Automatic Collection During Website Session
No data will be collected during the course of browsing our websites.
XXIII. Restriction on Children’s Information
We do not collect personal data online from children under the age of 18 or sell their personal information. Adults who interact with The Mutual Group should take care not to provide any information about children under the age of 18. If we learn that we have received information directly from a child who is under the age of 18, we will take appropriate action in accordance with applicable law. To learn more about the Children’s Online Privacy Protection Act (COPPA) please visit the Federal Trade Commission’s (FTC) website at https://www.ftc.gov/.
XXIV. Your Right to Your Data
It’s your data, so you should know what data we have about you and how you can access it. For certain types of data, you can contact us and ask to know what information we have about you. You can also ask us to update incorrect information, delete it, object to our use of it, or get a copy of it. In certain jurisdictions, you may have the right to take your case to a privacy regulator if you do not find our response satisfactory. We will provide you the data you requested in 30 days.
XXV. Legal Basis for Processing
We will only collect, use and share your personal data where we have a legal right to do so. In these cases we will look after your information at all times in a way that is proportionate and respects your privacy rights.
XXVI. Your Right to Correct or Amend Personal Data
We want the data about you to be correct. You have a right to request that we change certain inaccurate personal data. We may seek to verify the accuracy of the personal data before rectifying it.
XXVII. Definitions
– “Personal data”, “personal information”, or “PII” means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly — in particular, by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.
– “Special Categories of Personal Data” pertains to personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and the processing of data concerning health or sexual orientation.
– “Sensitive personal data” either indicates “special categories” (see above), or is personal data of which the sensitivity level has been assessed and classified, indicating potential severe impact on an individual when confidentiality of such data is breached.
– If applicable under CPRA, “Sensitive personal information” means: (A) personal information that reveals your social security, driver’s license, state identification card, or passport number; account log‐in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of your mail, email and text messages, unless we are the intended recipient of the communication; genetic data; and the processing of biometric information for the purpose of uniquely identifying you; (B) personal information collected and analyzed concerning your health; or (C) personal information collected and analyzed concerning your sex life or sexual orientation. Note that “Sensitive personal information” excludes information that is made publicly available.
– “Anonymization” is the deletion or changing of personal data in such a way that it can no longer be foreseeably assigned to a certain or ascertainable individual or only with a disproportionately high effort in terms of time, cost and work.
– “Pseudonymization” is the replacement of an individual’s name and other identifiable characteristics with a label to prevent identification of the individual by unauthorized parties or to render such identification substantially difficult. Pseudonymization techniques include certain levels of masking, redaction, tokenization and/or encryption of personal data.
– “Consent” is any freely given, specific and transparently, unambiguous, well-informed indication of the will of the individual, whereby the individual agrees that his or her personal data may be processed. Particular requirements about consent can arise from the respective national laws. Where possible, consent is obtained in an explicit manner (unambiguously).