McGriff Statement of Online Privacy Practices
Updated December 2023
McGriff is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. This Statement of Online Privacy Practices applies the McGriff site and governs data collection and usage. By using the McGriff site, you consent to the data practices described in this statement.
What does this policy cover?
This Statement of Online Privacy Practices (“Privacy Policy”) describes how we collect information when you visit or use McGriff’s websites, mobile applications, and other online services (“Online Services”) that link to this Privacy Policy. It also describes how we use and share such information and explains your privacy rights and choices.
Our Online Services are intended for a U.S. audience. The terms “McGriff, ” “we,” “us,” or “our” mean McGriff and its U.S. affiliates. “You” means an individual who visits our Online Services and does not refer to a business or other entity or to individuals outside the U.S.
If you should have any questions, please contact the McGriff office from which your policy is written. You may also call our Client Contact Center at 800-228-1820.
What isn’t covered by this policy?
This Privacy Policy does not apply to the websites, mobile applications, or services of McGriff’s businesses and affiliates that do not directly link to this policy. Some McGriff businesses and affiliates have their own privacy policies, which can be found on their websites. It also does not apply to non-McGriff companies, such as third-party websites to which we link online. Please review the privacy policies of other websites and services you visit to understand their privacy practices.
Other important notices
Our Consumer Privacy Notice applies to information that we collect about individuals who seek, apply for, or obtain our products and services for personal, family, or household purposes. In addition, our CCPA Notice At Collection related to the California Consumer Privacy Act applies to certain information we collect about California residents.
What information does McGriff collect?
When you visit a McGriff website, application, or otherwise interact with us online, we may collect the following information:
- Your browser type (such as Google Chrome, Microsoft Edge, Apple Safari, Mozilla Firefox)
- Your Internet Protocol or “IP” address (Your IP address is a number that is automatically assigned to your device by your Internet Service Provider. An IP address is identified and logged automatically whenever you visit a site, along with the time of the visit and the page(s) that were visited.)
- The presence of any software on your device that may be necessary to view our site.
- Configuration information about the device you are using, including, but not limited to, your device type, web browser type and version, operating system type and version, display/screen settings, and language preferences.
- Information from your mobile device, such as contacts, photos, mobile network information, and cross-device IDs
- Personal information submitted on applications, forms, and onsite electronic messaging. Types of personal information typically include:
- Name
- Social Security number
- Driver’s license number or other government-issued ID
- Address
- Telephone number
- Policy or other account information
- Usernames
- Passwords and other authentication information
- Other non-public information, including credit and income information, and in certain cases Protected Health Information (as defined by the U.S. Health Insurance Portability and Accountability Act)
- Website analytics information such as pages visited and average time spent on a particular page
- Search engine traffic referral information
- Responses to advertisements and promotions
- Transactional information from behind the secure login about your relationship with us (such as types of accounts and/or policies)
1About biometric-enabled sign-ons: Your device stores the information it needs to recognize your facial features or fingerprints. Mobile App uses your device’s functionality to obtain a signal that your device recognizes your facial features or fingerprints when you sign on. McGiff does not have access to the information your device uses to enable facial or fingerprint recognition, nor does McGriff have access to or store your facial image or fingerprint data. You can always turn off facial or fingerprint recognition and go back to inputting user ID and password at any time. Your device’s user information will have additional information regarding its user controls and settings, including its privacy and security controls.
How does McGriff use collected information?
The information we collect online helps McGriff to:
- Effectively manage your account:
- Ensure your identity and protect the security of your personal and account information from unauthorized access
- Process transactions on your account
- Respond to product applications and questions
- Fulfill regulatory requirements
- Analyze our site usage and enhance the user's experience:
- Diagnose server problems
- Alert users of any possible software compatibility issues
- Help us make decisions about how various technologies are used and identify usage trends
- Send marketing communications:
- Present personalized or targeted offers, ads, or content we believe may be of interest to you
- Determine the effectiveness of promotional campaigns
- Make business decisions
- Analyze data
- Perform market research
- Conduct audits
- Develop and improve products and services
- Carry out other day-to-day business operations, such as to comply with applicable laws; share with our affiliates and subsidiaries; disclose to contractors, business partners, and other third parties under specific contracts and agreements; perform compliance activities; conduct credit reporting activities; and engage in human resources activities
- Prevent and detect fraud
- Protect against risks to security:
- Monitor network activity logs
- Detect security incidents and conduct data security investigations
- Protect against malicious, deceptive, fraudulent, or illegal activity
We only use personal information that we have about you when we have a legal basis to use such personal information under applicable data protection laws.
How does McGriff share collected information?
McGriff shares your information in different ways as permitted and required by law. For example, we may share your information with:
- Affiliates and other entities in the McGriff family
- Businesses with which we partner to offer products and services for our clients or prospective customers, such as joint marketing partners or bill pay partners
- Service providers that provide various services to us, such as those we use to help detect and prevent fraud, improve our online services, and to better market and advertise our services to you
- Other parties when you authorize or direct us to share your information,
- Government entities and other third parties as needed for legal or similar purposes, such as:
- To respond to requests from our regulators
- To respond to a warrant, subpoena, governmental audit or investigation, law enforcement request, legal order, or other legal process
- To facilitate a merger, acquisition, sale, bankruptcy, or other disposition of some or all of our assets
- To exercise or defend legal claims
Please see the McGriff Consumer Privacy Notice for more information on how McGriff may share your personal information and how you may be able to limit certain types of sharing.
Please note, we may also share aggregated and de-identified data, such as aggregated statistics regarding product usage, with third parties.
We reserve the right to transfer personal information we have about you in the event we sell or transfer all or a portion of our business or assets (including, without limitation, in the event of a reorganization, dissolution, or liquidation).
What if I’m visiting the McGriff website from outside the United States?
If you are visiting the McGriff website, please be aware that your personal information may be transferred to, or stored and processed in, the United States. We will rely on legally provided mechanisms (for example, derogations such as performance of a contract) to lawfully transfer personal data across borders.
How long does McGriff retain records?
We store your personal information as long as it is required to meet our contractual and legal obligations, or if we have a legitimate business need to do so.
What technologies does McGriff use?
McGriff and its online advertising and marketing partners may employ various technologies to collect information, including:
- Cookies – Cookies are pieces of information stored directly on your device. Cookies provide information that is used for security purposes, to facilitate navigation, to display information more effectively, and to personalize/customize your online experience. The cookies McGriff uses do not collect or store any personally identifiable information about you. McGriff uses persistent cookies to learn how visitors use our site, such as which pages are viewed the most, to identify the most common navigation paths, or to customize the presentation of information on the site. McGriff also uses session cookies to assist in delivering some online transactions. Session cookies are no longer active after you log off the service that initiated them, and all session cookies are automatically deleted when you close all browser windows. McGiff may also contract with third parties, including, but not limited to, Adobe (see Cross-Device Tracking, below), to track user activity on our website. You can choose to block or disable these cookies as most devices and browsers offer their own privacy settings. Doing so, however, may result in diminished performance on our site.
- Marketing pixels, web beacons, clear GIFs, or other technologies – This technology may be placed on certain pages of our website, applications, emails, and other marketing initiatives. These tags usually work in conjunction with cookies and allow us to measure the effectiveness of our site and compile statistics about usage and response rates.
- Software Development Kits (SDKs) – Our mobile applications may include third-party SDKs that allow us and our service providers to collect information about your mobile app activity. In addition, some mobile devices come with a resettable advertising ID (such as Apple’s IDFA and Google’s Advertising ID) that, like cookies and pixel tags, may allow us and our service providers to identify your mobile device over time for advertising purposes in compliance with applicable app store consent rules.
- Advertising and Cross-Device Tracking –McGriff uses certain Adobe Analytics services and products, which help companies build websites, applications, and advertisements that seamlessly flow between all your devices (such as a desktop, laptop, tablet, phone, or smart watch). The Adobe services recognize which of your devices are linked through use of technology that includes cookies and your IP address (without collecting your sensitive personal information). Visit the Adobe website for more information on opting out of certain services, cross-device tracking, and/or to unlink your devices. NOTE: Adobe needs to install a cookie on your browser to identify that you have opted out. If you delete the opt-out cookie, or change devices or web browsers, you will need to opt out again.
- Firewalls, passcodes, data encryption, and other safety features – McGriff uses these technologies to ensure that the information you provide us remains secure.
- Third-party plugins – Other companies may have plugins that appear on certain pages of our website or applications. Some of these, for example, may be from social media companies (for example, the Facebook “Like” button). These plugins may collect information, such as information about the pages you visit, and share it with the company that created the plugin even if you do not click on the plugin. These third-party plugins and the way they operate are governed by the privacy policies and terms of the companies that created them.
How does McGriff interact with me online?
Online advertising on McGriff websites and applications
McGriff advertises its products and services on pages within our sites and on mobile applications. To make the content and advertising as informative and useful as possible, McGriff may target and personalize content and advertisements for products and services on our site.
If you would prefer to not receive a specific advertisement, content or offers on McGriff’s authenticated (after signing in) pages, you can click “No Thanks” to the specific pop-up ad you’re being presented. Note that this will not prevent you from potentially receiving other ads, content, or offers for a different product or service. Also note that simply closing the pop-up message by clicking on the “X” will not register that you do not wish to receive this specific message again.
Online advertising on third-party websites and applications
McGriff advertises its products and services on websites and applications not affiliated with McGriff. The third-party companies we hire to display these ads use their own tracking technologies to measure the effectiveness of these ads and to understand your interests. Many of our third-party partners have their own privacy policies. We encourage you to review these policies carefully.
Some of our third-party advertising is interest-based and may use information about your online interests to customize the online ads you see. McGriff has adopted the use of the AdChoices Icon for our interest-based advertising (excluding ads appearing on platforms that do not accept the icon). Anyone receiving an interest-based ad can click on the displayed icon to receive more information. The AdChoices Icon does not prevent you from receiving advertisements; instead, it allows you to control whether you receive interest-based advertisements and from which companies.
Visit the Digital Advertising Alliance website for more information about the AdChoices Icon and interest-based advertising. If you would like to know more about how to opt out with your specific browser and device, you may visit the DAA Webchoices Browser Check and NAI Opt Out of Interest-Based Advertising tools for additional options. You can also download the AppChoices app to opt out in mobile apps.
Social media
McGriff provides experiences on social media platforms such as Facebook, Instagram, LinkedIn, or “X” that enable online sharing and collaboration. We use social media to facilitate social engagement and sharing, when such sharing is appropriate and safe.. Please note, any content you post, such as pictures, information, opinions, or any personal information that you make available to other participants on these social platforms, is subject to the terms of use and privacy policies of those platforms. Please refer to them to better understand your rights and obligations with regard to such content.
Given the very public nature of social media, it is critical that we all safeguard confidential financial information. If you post information on a McGriff site that we feel should be shielded from public view, we will remove it. This includes not only specific details about your private, confidential information (such as your Social Security number), but details of information relayed in private conversations between you and McGriff representatives. Please know that in taking down or editing your posts, we are focusing our experience and best judgment to keep your personal information safe.
Email transmitted across the internet is normally not protected and may be intercepted and viewed by others. Therefore, you should refrain from sending any confidential or private information via unsecured email to McGriff. We'll never ask you to send confidential information to us via email, such as your logon ID, password, full policy or account numbers, or Social Security number.
Occasionally, we will retain the content of your email—and our replies—to confirm proper responses to your questions and requests, to comply with legal and regulatory requirements, and to ensure that we consistently deliver an enjoyable client experience to you.
Linking to other sites
McGriff may provide links to non-McGriff companies and will notify you when leaving the McGriff site. If you choose to link to websites not controlled by McGriff, we are not responsible for the privacy or security of these sites, including the accuracy, completeness, reliability or suitability of their information. If you are asked to provide information on one of these sites, we urge you to carefully study their privacy policies before sharing.
Control your online and other privacy preferences
In summary, the following links can help you to customize and control your privacy preferences when interacting with McGriff online:
- You can also control your marketing preferences for direct mail, email, and telemarketing preferences, along with the sharing of your personal information via our automated voice response line at 866-858-5158, or via email to tihcompliance@truist.com.
- Do Not Track and Global Privacy Control
- We will respond to the Global Privacy Control signal as explained further in our CCPA Notice at Collection. At this time, we do not currently respond to other browser “do not track” signals or other mechanisms that allow you to tell websites you do not want to have online activities tracked.
How does McGriff protect my children?
McGriff strictly follows the federal guidelines of the Children’s Online Privacy Protection Act (COPPA), which gives parents control over what type of information is collected online about their children. We do not knowingly collect, maintain, or use personally identifiable information from children under age 13 on our websites. We are not responsible for the data collection and use practices of nonaffiliated third parties that are linked from our websites. Visit the Federal Trade Commission’s COPPA Website for more information.
How does McGriff protect me from fraud and secure information?
To protect personal information from unauthorized access and use, we use security measures that comply with applicable federal and state laws. These measures may include device safeguards and secured files and buildings as well as oversight of our third-party service providers to ensure information remains confidential and secure.
How can I make sure my information is accurate and use my individual rights?
Keeping your information accurate and up to date is very important. If your information is incomplete, inaccurate or not current, please contact us at tihcompliance@truist.com or by calling 866-858-5158.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We will ask you to verify your identity to help us respond efficiently to your request.
Under non-U.S. data protection laws, you may have the right to complain to a data protection authority about our collection and use of your personal information.
How will McGriff notify me about online privacy practices updates?
McGriff’s Online Privacy Practices may be revised from time to time, so please review them periodically. Any changes will become effective when we post the revised Practices on the site (Please note the effective date listed at the top of this page). If we revise our Online Privacy Practices in a material way, we will provide a conspicuous notice on our website when any changes take effect.
How can I contact McGriff?
If you have any questions or comments on this notice or our privacy practices generally, please contact us at 866-858-5158.
Copyright © 2024 Marsh & McLennan Agency LLC. All rights reserved. CA license # #0H18131