Effective Date: January 1, 2024
The California Privacy Policy (“Policy”) supplements Bowhead’s general Privacy Policy and applies to all visitors, users and others who reside in the State of California (“consumers” or “you”). We adopt this Policy to comply with the California Consumer Privacy Act (CCPA) of 2018, as amended by the California Privacy Rights Act of 2020 (“CPRA”).
The Policy applies to all personal information collected by Bowhead about consumers who reside in the State of California, including through platforms that Bowhead owns and controls.
This Policy does not apply to consumers’ personal information exempted from the CCPA, such as: (i) personal information collected pursuant to the federal Gramm-Leach-Bliley Act and its implementing regulations or the California Financial Information Privacy Act; or (ii) certain medical and health information covered by HIPAA.
1. Types Of Personal Information.
Bowhead may collect information that identifies, relates to, describes, is capable of being associated with, or could be linked, directly or indirectly, with policyholders and insurance applicants; parties associated with an insurance claim, such as employees, claimants, and beneficiaries; our reinsurance, underwriting, broker and agent partners; our vendors and other service providers; website visitors and users of our online environments; and Bowhead employees and applicants. Employee data and practices are detailed separately in our Employee Privacy Notice.
Within the last twelve (12) months, we may have collected some or all the following categories of personal information from and about consumers. Note: Bowhead does not generally collect sensitive personal information as described below and we do not sell information to third parties.
| Category of Personal Information | Description |
| Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, date of birth, policy number or other similar identifiers. |
| Personal Information | Information that identifies, relates to, or could be linked with you or your household. For example, it could include your name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inferences from other personal information that could create a profile about your preferences and characteristics.
Some personal information included in this category may overlap with other categories. |
| Sensitive Personal Information | A specific subset of personal information that includes certain government identifiers (such as social security numbers); an account log-in, financial account, debit card, or credit card number with any required security code, password, or credentials allowing access to an account; precise geolocation; contents of mail, email, and text messages; genetic data; biometric information processed to identify a consumer; information concerning a consumer’s health, sex life, or sexual orientation; or information about racial or ethnic origin, religious or philosophical beliefs, or union membership. |
| Personal Characteristics | Race, color, age (40 years and older), ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex, sexual orientation, veteran or military status, or genetic information. |
| Commercial Information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
| Biometric Information | Physiological, biological or behavioral characteristics, including an individual’s deoxyribonucleic acid (DNA), imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise. |
| Internet or Other Electronic Network Activity | Browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement. |
| Geolocation Data | Physical location and/or movements. |
| Professional or Employment-Related Information | Current and/or past employment history including performance evaluations. |
| Education Information | Education records, files, documents, and other materials related to a student maintained by an educational agency or institution or by a person acting for such an agency or institution, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
| Insurance Information | Policy numbers, billing account information, policy benefits and beneficiaries, or ownership structure. |
| Inferences from Other Personal Information | Information used to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
| Audio, Video, and other Electronic Data | Audio information including call recordings, video, and photographs, recorded meetings and webinars. |
2. Sources of Personal Information.
We obtain the above personal information from some or all the following sources:
• Our clients and customers through insurance forms and related interactions;
• Service providers, vendors, and other third parties through our transactions;
• Reporting agencies; or
• Brokers and agents.
3. Uses of Personal Information.
We may use or disclose personal information for the following business purposes:
• Insurance service and product development and maintenance;
• Communications to provide support, notices, and respond to inquiries;
• Insurances claims and related investigations;
• Marketing and advertising;
• Compliance with legal and regulatory requirements;
• Protection of our and our customers rights, property, and safety; or
• Other internal business purposes.
4. Disclosure of Personal Information to Third Parties and other Recipients.
The categories of Personal Information we may have disclosed for a business purpose in the preceding twelve (12) months include: identifiers, online identifiers, customer records, financial information, characteristics of protected classifications, usage data, biometric information, education information, insurance information, commercial information, geolocation data, audio, video, and other electronic data, professional or employment-related information, and inferences.
The categories of third parties and other recipients to whom we may disclose personal information for a business purpose may include:
• Insurance or financial institutions;
• Insurance agents and brokers;
• Service providers and vendors;
• Advertising, social media networking, or marketing firms;
• Law enforcement, regulators, or other governmental agencies; or
• Advisors, auditors, consultants, and representatives.
5. Your Rights.
Rights Regarding Your Personal Information
The CCPA provides California residents with specific rights regarding their Personal Information. This section describes your rights under the CCPA and explains how to exercise those rights. Subject to certain exceptions, California consumers have the right to make the following requests:
Right to Know. With respect to the Personal Information, we may have collected about you in the prior (twelve) 12 months, you have the right to request from us:
• The categories of Personal Information we collected about you;
• The categories of sources from which we have collected that Personal Information;
• Our business or commercial purpose for collecting, selling, or sharing that Personal Information;
• The categories of third parties to whom we have disclosed that Personal Information; and
• The specific pieces of your Personal Information we have collected.
Right to Correct. You have the right to request that we correct inaccuracies in your Personal Information. We may deny your request to correct if we are unable to verify your identity.
Right to Delete. You have the right to request deletion of your Personal Information that we have collected about you. We may deny your request to delete if we are unable to verify your identity.
Right to Opt-Out. You have the right to opt-out of the selling and sharing of your Personal Information. To submit an opt-out request, please access the below link. We will process your request(s) in accordance with applicable law. Note: Bowhead does not sell personal information.
Right to Limit Use and Disclosure of Sensitive Personal Information. We do not generally, use, or disclose sensitive personal information for purposes beyond those authorized by the CCPA. However, if we discover that we have, you have a right to limit the use of sensitive personal information that is collected or processed.
Right to Non-Discrimination. We will not discriminate or retaliate against you for exercising any of the rights described in this policy.
We may deny your request in accordance with applicable law.
Exercising Your Rights
To exercise any of your rights described above, please submit a request to us either by:
• Completing the request form found below, or
• Phone at 1-833-240-8996
Response Timing and Format
We strive to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response electronically unless you indicate preference to receive a response by mail.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
Authorized Agent. You may designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us, and we may also require that you verify your identity and the authority of your authorized agent.
a. Businesses operating as an authorized agent on behalf of a California resident must provide both of the following:
i. Certificate of good standing with its state of organization; and
ii. A written authorization document, signed by the California resident, containing the California resident’s name, address, telephone number, and valid email address, and expressly authorizing the business to act on behalf of the California resident.
b. Individuals operating as an authorized agent on behalf of a California resident must provide a written authorization document, signed by the California resident, containing the California resident’s name, address, telephone number, and valid email address, and expressly authorizing the individual to act on behalf of the California resident.
We reserve the right to reject in accordance with the law
i. authorized agents who have not fulfilled the above requirements, or
ii. automated CCPA requests where we have reason to believe the security of the requestor’s personal information may be at risk.
Identification. Before responding to certain requests, we must determine your identity using the Personal Information you recently provided to us. The information we need to determine your identity differs depending on the request made and our relationship with you and might include (as applicable) your name, the email address you use to interact with us, your phone number, your date of birth, and, if available, your policy number. We will take steps to verify your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information to verify your identity, or where necessary to process your request. In some cases, we may also conduct checks, including with third party identity verification services, to verify your identity before taking any action with your Personal Information. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.
6. Retention of Personal Information
We retain the Personal Information we collect only as reasonably necessary for the purposes described in this Privacy Policy or otherwise disclosed to you at the time of collection.
7. Children’s Information
Our Services are not designed for children, and we do not knowingly collect Personal Information from children under the age of sixteen(16). If we learn that we have received information directly from a child who is under the age of sixteen (16), we will delete such information from our systems. If you are a parent or legal guardian and you believe we have collected your child’s information in violation of applicable law, please contact us using the contact information below.
8. Contact Us.
If you have any questions or concerns about data privacy and security, the handling of your personal information or wish to make a request to access your information, please contact us at:
Bowhead Specialty Insurance Services
Attention: Regulatory Counsel
667 Madison Ave, 5th Floor
New York, NY 10065
Telephone: 1. 833-240-8996
E-Mail: [email protected]