Notice of Privacy Policies and Practices

At Glatfelter Insurance Group, protecting your privacy is very important to us. We recognize that our relationships with current and prospective clients are based on integrity and trust. We work hard to maintain your privacy and are very careful to preserve the private nature of our relationship with you. At the same time, the very nature of our business sometimes requires that we collect or share certain information about you with other organizations or companies. Therefore, we want you to be aware of how we handle personal information.


PURPOSE OF THIS NOTICE

This Notice of Privacy Policies and Practices is being provided on behalf of Glatfelter Insurance Group ("GIG") and its affiliates to the extent required by the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

  • GRAMM-LEACH-BLILEY ACT (GLBA)

    LAST UPDATE: 03/2024
    Title V of the Gramm-Leach-Bliley Act (GLBA) generally prohibits any financial institution, directly or through its affiliates, from sharing nonpublic personal information about you with a non-affiliated third party unless the institution provides you with a notice of its privacy policies and practices, such as the type of information that it collects about you and the categories of persons or entities to whom it may be disclosed. In compliance with the GLBA, we are providing you with this document, which notifies you of the privacy policies and practices of GIG and its affiliated companies. For a complete list of GIG affiliated companies, please see the section below titled, "Glatfelter Insurance Group Family of Companies."

    GIG and its affiliated companies do not and will not sell or share nonpublic personal information about you with any non-affiliated third party for any purpose unless you authorize it or it is otherwise permitted by law.

    Our "affiliates" are companies with which we share common ownership and which offer property and casualty, life and health and certain benefit products.


    Information we collect:
    We collect nonpublic personal information about you from various sources to help serve your financial and insurance needs, provide customer service, offer new products or services and fulfill legal and regulatory requirements. “Personal Information” means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.

    The type of information that GIG collects varies according to the products or services you request, and may include:

    • Information we receive from you on applications, interviews, or by other means (such as name, address, Social Security number, assets and income)
    • Information about your transactions with us, our affiliates or others (such as products or services purchased, account balances and payment history)
    • Information from your employer, benefit plan sponsor, or association for any insurance product you may purchase through GIG (such as name, address, Social Security number, age and marital status)
    • Information we receive from a consumer reporting agency (such as credit relationships and history) Information from other non-GIG sources (such as motor vehicle reports, medical information, and demographic information)
    • Information from visitors to GIG websites (such as that provided through online forms, site visitor data and online information collecting devices known as "cookies"). GIG may collect technical information about you when you visit our websites, which your web browser automatically sends whenever you visit a website on the Internet. “Technical Information” is information that does not, by itself, identify a specific individual but which could be used to indirectly identify you. Our servers automatically record this information, which may include your Internet Protocol (“IP”) address, browser type, browser language, and the date and time of your request.
      • This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the Google Analytics cookie policy. These cookies provide a richer and more customized experience for our users. By continuing to browse, you agree to the use of cookies on all Glatfelter websites. You can opt-out from data being used by Google Analytics by going to the Google Analytics opt-out page.

    Under the Fair Credit Reporting Act, you may exercise your right to opt out of Glatfelter Insurance Group's sharing of non- transactional information about you with GIG affiliates. GIG may share other information about you with its affiliates as permitted by law.


    FACTS WHAT DOES GIG DO WITH YOUR PERSONAL INFORMATION?
    Why? Financial companies choose how they share your personal information. Federal and state laws give consumers the right to limit some but not all sharing. Federal and state laws also require us to tell you how we collect, share and protect your personal information. Please read this notice carefully to understand what we do.
    What? The types of personal information we collect and share depend on the product or service you have with us. This information can include:
    • Name, address, age, Social Security number, marital status, assets, income, credit history, demographic information, IP address, browser information
    • Products or services purchased, account balances and payment history, employment Information, motor vehicle reports, medical information
    How? Financial companies need to share customers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons GIG chooses to share; and whether you can limit this sharing.

    Reasons we can share your nonpublic personal information Does GIG share? Can you limit sharing?
    For our everyday business purposes — as permitted or required by law, such as to process your transactions, maintain your account(s), conduct research including data analytics, respond to court orders/legal investigations, or report to credit bureaus Yes No
    For our marketing purposes — to offer our products and services to you Yes No
    For joint marketing with other financial companies Yes No
    For our affiliates' everyday business purposes — information about your transactions and experiences Yes No
    For our affiliates' everyday business purposes — information about your creditworthiness Yes Yes
    For nonaffiliates to market to you No We don't share
    To limit our sharing / Questions? Call us at (800) 233-1957and ask for the Privacy Coordinator or Legal Department.
    Please note: When you are no longer a customer, we continue to share your information as described in this notice. However, you can contact us at any time to limit our sharing.

    Who we are / Companies to which this notice applies
    This notice applies to, and is being provided on behalf of, the following Glatfelter Insurance Group affiliates: Arthur J. Glatfelter Agency, Inc., Glatfelter Brokerage Services, Glatfelter Claims Management, Inc., Glatfelter Commercial Ambulance, Glatfelter Healthcare, Glatfelter Insurance Services, Glatfelter Ministry Care, Glatfelter Public Entities, Glatfelter Specialty Benefits, Glatfelter Underwriting Services, Inc., Susquehanna Agents Alliance, LLC, The Glatfelter Agency, Inc., VFIS, VFIS Claims Management, and Volunteer Firemen's Insurance Services, Inc.

    What we do
    How does GIG protect my personal information? To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include physical, electronic, and procedural safeguards. We require and train our employees to comply with our privacy standards and policies, which are designed to protect customer information.
    How does GIG collect my personal information? We collect your personal information, for example when you: visit our websites, apply for insurance or pay insurance premiums, file an insurance claim or give us your income information, provide employment information. We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
    Why can't I limit all sharing? Federal law gives you the right to limit only: sharing for affiliates' everyday business purposes - information about your creditworthiness, affiliates from using your information to market to you, sharing for nonaffiliates to market to you. State laws may give you additional rights to limit sharing. See below for more on your rights under state law.

    Definitions
    Affiliates Companies related by common ownership or control. They can be financial and nonfinancial companies.
    • Our affiliates are companies with which we share common ownership and which offer P&C, life and health, and certain benefit products.
    Nonaffiliates Companies not related by common ownership or control. They can be financial and nonfinancial companies.
    • GIG does not share with nonaffiliates so they can market to you.
    Joint marketing A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
    • Our joint marketing partners include insurance companies and other companies that provide financial products and services.

    Other important information
    CA and VT Residents: We will not share your information except for our everyday business purposes, for marketing our products and services to you, as required by law, or with your consent. For VT Residents, we also will not share your credit information to our affiliates without your consent. NV Residents: We are providing this notice to you pursuant to NV state law. To stop marketing calls from us follow the directions in the section "To limit our sharing". NV law requires that we also provide you with the following contact information: Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington Street, Suite 3900, Las Vegas, NV 89101
    Phone #: 702-486-3132 email: bcpinfo@ag.state.nv.us.
    For more information, contact: Glatfelter Insurance Group, Attn: Privacy Coordinator, P.O. Box 2726, York, Pennsylvania 17406, (717) 741-0911, or visit www.glatfelters.com/privacy-policy. This privacy page on our website includes a Google Analytics opt-out link.

  • HIPAA PRIVACY NOTICE

    This HIPAA Privacy Notice is effective as of March 19, 2024.

    1. Statement of Our Duties
    We are committed to protecting the privacy of your protected health information (PHI). PHI is your individually identifiable health information, including demographic information, collected from you or created or received by a health care provider, a health plan, your employer, or health care clearinghouse which is then provided to us and that relates to: (i) your past, present or future physical or mental health or condition; (ii) the provision of health care to you; or (iii) the past, present or future payment for the provision of health care to you. We are required by law to maintain the privacy of your PHI and to provide you with this notice of our privacy practices and legal duties. We are required to abide by the terms of this notice.

    WE RESERVE THE RIGHT TO CHANGE THE TERMS OF THIS NOTICE AND MAKE ANY NEW PROVISIONS EFFECTIVE TO ALL OF THE PHI WE MAINTAIN ABOUT YOU. IF WE CHANGE OUR NOTICE, WE WILL POST IT ON OUR WEBSITE AND SEND YOU A COPY IN OUR ANNUAL MAILING, OR YOU MAY OBTAIN A COPY OF THE REVISED NOTICE BY CONTACTING OUR PRIVACY COORDINATOR USING THE INFORMATION IN PARAGRAPH 9.

    2. Statement of Your Rights
    You have a right to know how we may use or disclose your PHI. This notice informs you of those uses and disclosures. There are certain uses and disclosures of your PHI that we are permitted or required to make by law without your permission. For all other uses and disclosures, we first must obtain your permission or written authorization. In addition, you have the following rights:

    • The right to request, in writing, that we place additional restrictions on our uses and disclosures of your PHI. However, we are not obligated to agree to impose any such additional restrictions.
    • The right to access, inspect and copy the protected information pertaining to you that we maintain in our files about you, and the right to have us correct or amend any information that we create in error. Requests to access or amend your PHI must be made in writing and sent to the contact person and address provided in paragraph 9.
    • The right to receive an accounting of the disclosures of your PHI that we make for purposes other than activities related to your treatment, or our payment functions or other health care operations. You must request an accounting in writing by contacting us at the address in paragraph 9. Your request may be for disclosures made up to 6 years before the date of your request, but in no event, for disclosures made before April 14, 2003.
    • The right to request, in writing, that you receive communications about your PHI in a confidential manner, for example, by alternative means or an alternative location, such as your work address or work email.
    • The right to request an amendment to your PHI if you believe that your PHI is incorrect or incomplete. Your request must be in writing and explain why the PHI should be amended.
    • The right to obtain a paper copy of this notice from us on request.

    3. Information We Collect About You
    In order to administer your health benefit programs effectively, we collect the following categories of PHI about you from the following sources:

    • PHI that we obtain directly from you, in conversations or on applications or other forms that you fill out.
    • PHI that we obtain as a result of our transactions with you.
    • PHI that we obtain from your medical records or from medical professionals, which is provided by you or to us with your permission.
    • PHI that we obtain from other entities, such as health care providers or other insurance companies, in order to service your policy or carry out other insurance-related needs.

    4. Uses and Disclosures of Protected Information

    A. For Treatment, Payment and Operations. In order to administer your health benefit programs effectively, we use and disclose PHI for certain of our activities, including:

    • To Carry Out Treatment Functions. We may use or disclose your PHI without your permission to enable health care providers to provide you with treatment.
    • To Carry Out Payment Functions. We may use or disclose your PHI without your permission to carry out activities relating to reimbursing you for the provision of health care, obtaining premiums, determining coverage, and providing benefits under the policy of insurance that you are purchasing, such as enabling a health care provider to make payment arrangements. Such functions may include reviewing health care services with respect to medical necessity, coverage under the policy, appropriateness of care, or justification of charges.
    • To Carry Out Certain Operations Relating To Your Benefit Plan. We also may use or disclose your PHI without your permission to carry out certain limited activities relating to your health insurance benefits, including reviewing the competence or qualifications of health care professionals, placing contracts for stop-loss insurance and conducting quality assessment activities.
    • To facilitate the underwriting of insurance; however, we are prohibited from using or disclosing your genetic information for the purpose of underwriting insurance.

    B. Uses and Disclosures of PHI to Other Entities.We also may use and disclose PHI to other covered entities, business associates or other individuals (as permitted by the HIPAA Privacy rule) who assist us in administering your benefit plan and delivering services to its members. In connection with our payment and operations activities, we may contact individuals and other entities (“Business Associates”) to perform various functions on our behalf or to provide certain types of services (such as enrollment or member service support). To perform these functions, Business Associates must agree in writing to contract terms designed to appropriately safeguard your PHI.


    C. Other Possible Uses and Disclosures of PHI.
    We may use and disclose your PHI without your written permission for the following purposes:

    • To plan sponsors of your group health plan to permit the plan sponsor to perform administrative functions, such as to address member questions, concerns or issue regarding claims, benefits, services, coverage, etc., and summary health information about enrollees in the plan to obtain premium bids for health insurance coverage offered through the group health plan or to modify, amend or terminate your group plan.
    • To the extent that federal or state law requires the use or disclosure, such as to Health and Human services upon request for purposes of determining compliance with federal privacy laws, as required by law enforcement officials or pursuant to a court order or subpoena.
    • As authorized by and to the extent necessary to comply with workers' compensation or other similar programs that provide benefits for work-related injuries or illnesses.
    • As authorized by law and to the extent necessary to service insurance policies and benefits that are exempt benefits, such as in connection with servicing life, disability, property and casualty, accident and sickness, workers' compensation and auto insurance or other similar insurance coverage under which benefits for medical care are secondary or incidental to other insurance benefits.
    • To a public health authority for purposes of public health activities as permitted or required by law.
    • To a coroner/medical examiner for purposes of identifying a deceased person, determining cause of death or for such official to perform other duties authorized by law. Also to funeral directors so they may carry out their duties, and to organizations that handle organ, eye or tissue donation or transplantation.
    • To a government authority, including a social service or protective services agency, authorized to receive reports of abuse, neglect or domestic violence or to prevent a serious threat to the health or safety of the public.


    D. For Any Purposes to Which You Have Not Objected.
    Unless you object, we may disclose your PHI to a friend or family member that you have identified as being involved in your health care. We also may disclose your PHI to an entity to assist in disaster relief efforts and so that your family can be notified about your condition, status and location. If you are not present or able to agree to these disclosures of your PHI, then we may determine whether the disclosure is in your best interest.


    E. As Permitted By Plan Documents.
    In certain limited circumstances where we may be acting as a third party administrator, we may disclose your PHI to plan sponsors pursuant to the restrictions imposed on the plan sponsor in the sponsor's plan documents.


    5. Required Disclosures of Your PHI
    We are required to disclose your PHI to the Secretary of the U.S. Department of Health and Human Services when the Secretary is investigating or determining compliance with the HIPAA Privacy Rule. We are required to disclose to you most of your PHI that is in a “designated record set” when you request access to this information. We are also required to provide, upon written request, an accounting of any disclosures of PHI that are for reasons other than payment or health benefits operations.


    6. Other Uses and Disclosures of Your PHI
    Sometimes we are required to obtain written authorization for use and disclosure of your health information. The uses and disclosures that require an authorization under 45 C.F.R. §164.508(a) are: (i) for marketing purposes; (ii) if we intend to sell your PHI; or (iii) for psychotherapy notes. We do not and will not sell or share your PHI with any non-affiliated third party for any purpose unless you authorize it or it is otherwise permitted by law. Other uses and disclosures of your PHI that are not described above will be made only with your written, permission, and any permission that you give us may be revoked by you at any time. However, the revocation will not be effective for information that we already have used or disclosed, relying on the authorization.


    7. Questions and Complaints About Use of PHI
    If you want more information about our privacy policies or practices or have any questions or concerns, please contact us using the information in paragraph 9. You may submit a written complaint either directly to us or to the U.S. Department of Health and Human Services (HHS) if you believe that your rights with respect to our protection of your PHI have been violated. We will provide you with the address to file your complaint with HHS upon request. To file a complaint with us, you may submit a complaint in writing that includes as many details (such as names and dates) as possible to our Privacy Officer at the address in Paragraph 9. We support your right to protect the privacy of your PHI. You will not be retaliated against in any way for filing a complaint.


    8. Our Practices Regarding Confidentiality and Security
    We restrict access to PHI about you to those employees who need to know that information in order to provide products or services to you. We maintain physical, electronic, and procedural safeguards that comply with federal regulations to guard your PHI. We do not engage in fundraising activities using PHI, however, if we did engage in such activity, then you would have the opportunity to opt out of receiving fundraising communications. Subject to applicable regulatory reporting requirements, exceptions and safe harbors, we will notify affected individuals following a breach of their unsecured PHI.


    9. Contact Person For Filing Complaint or Obtaining Further Information


    GLATFELTER INSURANCE GROUP
    ATTN: PRIVACY COORDINATOR / LEGAL DEPARTMENT
    183 Leader Heights Road, P.O. Box 2726, York, PA 17405
    (717) 741-0911
    www.glatfelters.com/privacy-policy

  • CALIFORNIA CONSUMER PRIVACY ACT OF 2018 (CCPA)

    LAST UPDATE: 12/12/2019

    This Consumer Privacy Notice ("Notice") is provided on behalf of Glatfelter Insurance Group ("GIG") and its affiliates.  We are providing this Notice in accordance with our obligations under applicable law and as part of our commitment to handling your personal information responsibly and transparently.  Please review this Notice to understand our privacy practices, including what personal information we collect, why we collect it, how we collect it, and how you can exercise your rights with respect to your personal information.

    This Notice applies to individuals associated with corporations, partnerships, other non-individual clients, and other non-client individuals who are California residents and whose personal information GIG collects. The Notice should be read in conjunction with any other privacy notices you receive from all GIG companies and affiliates.  We refer to any company that is not part of GIG as a non-affiliated third party.

    This Notice is not applicable to current and former individual clients of GIG who purchased or are seeking to purchase products primarily for personal, family or household use such as life insurance, retirement products, home owner's insurance, travel insurance etc.  If you are an individual client who has obtained or is covered by such a product or service from GIG, federal law requires that we provide you with a separate notice at the establishment of the customer relationship and annually thereafter, which explains what personal information we collect and what rights you may exercise with respect to your personal information.

    If you are not a California resident or this Notice does not otherwise apply to you, please return to our general Privacy Policy page for more information about how GIG handles personal information.

    1. What Personal Information Does GIG Collect?

    The type of personal information we collect may vary depending on your relationship with us, such as if you are a client, a representative of one of our corporate or institutional clients, or a third party filing a claim.  We may have collected the following categories of personal information:

    1. Identifiers, such as name, contact information, online identifiers and Social Security numbers and other government-issued ID numbers;
    2. Personal information, as defined in the California customer records law, such as insurance policy number, education, employment, employment history, financial information and medical information;
    3. Characteristics of protected classifications under California or federal law, such as sex, age, race, religion, national origin, disability, medical conditions and information, citizenship, immigration status and marital status;
    4. Commercial information, such as transaction information and history;
    5. Internet or network activity information, to the extent you visit our websites or use our software applications, such as browsing history and interactions with our and other websites and systems;
    6. Geolocation data, to the extent you use our mobile applications and choose to share your device geolocation data;
    7. Audio, electronic, visual, and similar information, such as photographs or video recordings created in connection with our business activities, and recordings of calls to our representatives and call centers;
    8. Professional or employment-related information, such as work history, prior employer, information relating to references, details of qualifications, skills and experience, human resources data, and data necessary for benefits and related administration services; and
    9. Inferences drawn from any of the personal information listed above to create a profile or summary about, for example, an individual's preferences and characteristics.

     

    2. What Are GIG's Sources of Personal Information?

    We collect the personal information described above directly from you such as through your transactions with GIG and our business partners, and your interactions with us on our websites and social media pages. We also collect this personal information from other categories of sources such as publicly available databases, consumer reporting agencies, commercially available sources, third parties authorized by you such as doctors, financial advisors, and prior and current employers, when they share the information with us.

    3. How Does GIG Use Personal Information?

    Depending on your relationship with us, we may use the personal Information described above for the following purposes:

    • to operate, manage, and maintain our business, such as to make insurance decisions, communicate with you and others as part of our business, provide our products and services, and maintain records;
    • to develop and improve our products and services, such as to undertake quality and safety assurance measures, audit customer interactions, facilitate social sharing functionality, resolve complaints, and evaluate customer service;
    • for our employment and vendor management purposes;
    • for security purposes, such as to maintain our facilities and infrastructure, protect against malicious, deceptive, or fraudulent activity, and conduct internal investigations;
    • for monitoring purposes, such as to establish the existence of facts, maintain compliance with regulatory or self-regulatory practices, or for other purposes permissible under applicable law;
    • to perform other necessary and appropriate internal functions, such as accounting and auditing;
    • to report to credit bureaus;
    • to conduct research, analytics, and data analysis, and for marketing purposes, such as to personalize, advertise, and market our products and services and administer contests and promotions, in accordance with applicable law; and
    • to comply with legal and regulatory requirements, defend legal claims, and assist with legal processes such as investigations, and regulatory requests, litigation, and arbitration.

     

    4. How Does GIG Share Personal Information?

    Due to the size and complexity of our operations, we cannot identify every recipient of your personal information.  Depending on your relationship with us, we may share your personal information for the purposes described in Section 3 above with the following categories of recipients: entities within the GIG family, including subsidiaries and affiliates; insurance and distribution parties; service providers; providers of Internet-connected devices and associated software; governmental authorities and third parties involved in court action; parties to a merger or acquisition; and our business partners or other third parties as may be required and where we have obtained the appropriate authorization.

    The following categories of personal information may have been disclosed as described above:

    1. Identifiers, such as name, contact information, online identifiers and Social Security numbers and other government-issued ID numbers;
    2. Personal information, as defined in the California customer records law, such as insurance policy number, education, employment, employment history, financial information and medical information;
    3. Characteristics of protected classifications under California or federal law, such as sex, age, race, religion, national origin, disability, medical conditions and information, citizenship, immigration status and marital status;
    4. Commercial information, such as transaction information and history;
    5. Internet or network activity information, to the extent you visit our websites or use our software applications, such as browsing history and interactions with our and other websites and systems;
    6. Geolocation data, to the extent you use our mobile applications and choose to share your device geolocation data;
    7. Audio, electronic, visual, and similar information, such as photographs or video recordings created in connection with our business activities, and recordings of calls to our representatives and call centers;
    8. Professional or employment-related information, such as work history, prior employer, information relating to references, details of qualifications, skills and experience, human resources data, and data necessary for benefits and related administration services; and
    9. Inferences drawn from any of the personal information listed above to create a profile or summary about, for example, an individual's preferences and characteristics.

    When we share personal information with a non-affiliated third party, that third party cannot use the information except to perform services for GIG, or as may be permitted or required by law.

    We do not sell personal information. However, this website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the Google Analytics cookie policy. These cookies provide a richer and more customized experience for our users. By continuing to browse, you agree to the use of cookies on all GIG/Glatfelter websites. You can opt-out from data being used by Google Analytics by going to the:

    Google Analytics opt-out page

    5. What Rights Are Available?

    If you are a California resident and this Notice applies to you, you may request that we:

    1. Disclose to you the following information covering the 12 months preceding your request:

      • The categories of personal information we collected about you and the categories of sources from which we collected such personal information;

      • The specific pieces of personal Information we collected about you;

      • The business or commercial purpose for collecting personal information about you;

      • The categories of personal information about you that we otherwise shared or disclosed, and the categories of third parties with whom we shared or to whom we disclosed such personal information (if applicable).

    2. Delete certain personal information we collected from you.  In the event that you choose to exercise this right, please note that we may nevertheless retain your personal information as permitted under applicable law, including but not limited to the following purposes:

      • To provide goods or services within the context of our relationship with you;

      • To detect security incidents or other fraudulent or illegal activity;

      • To comply with GIG's legal and regulatory obligations; and

      • To enable other uses that are compatible with your expectations or appropriate given the context in which the personal information was collected.

    In order to make either of the requests listed above, please contact us using either of the methods below:

    1. Call us at (800) 233-1957 and ask for the Privacy Coordinator; or

    2. Submit a request via the web links below:

    Either method will include instructions about how to submit a verifiable request, which will require that you or your authorized representative provide certain identifying information.  Authorized representatives will also be required to provide proof of their authority to act on your behalf. If we are unable to verify your identity, or confirm that you have authorized the request, we may not be able to respond to your request in full.

    Under California law, you are entitled to exercise your rights without experiencing any discriminatory treatment.

    Changes to this CCPA Notice

    We may change or update this CCPA Notice from time to time.  When we do, we will post the revised CCPA Notice on this page with a new "Last Updated" date.