Berkshire Hathaway Direct Insurance Company Data Privacy Policy

Information We May Collect

Personal information that is provided to BHDIC through our website is gathered and maintained to provide users with the insurance products or services requested and to service customer accounts.  Personal information includes information that identifies, relates to, describes, or is reasonably capable of being associated with or to a particular individual.  Examples of such information may include the following categories*:

• Name
• Phone number
• Address
• Credit report or other consumer report information
• Mailing address
• Social security number
• Driver’s license number
• Email address
• Financial information
• Information related to a protected classification (e.g., race, ethnicity)
• Employment and professional information
• Education information
• Biometric data
• Geolocation data

*These categories of personal information are intended as examples only. BHDIC does not expressly state or imply that it actually collects or maintains such information, and it is possible that BHDIC may not collect or maintain any personal information on every individual who visits our site. The above-listed personal information and ways of gathering it are examples and may not be all-inclusive. BHDIC may preserve all information about a user for as long as required or permitted by regulation or law.

The information collected will be used in the normal course of business to provide services and enhance the user experience.  Personal information may be shared with our affiliated companies and third parties as necessary to provide services to the user, or otherwise as required or permitted by regulation or law.  These third parties may include but are not limited to:

• Other insurance companies or consumer reporting agencies involved in an application/policy/claim;
• Independent claims adjusters;
• Service providers;
• Insurance support organizations for fraud prevention;
• Authorized persons by court order or as required by law;
• Policyholders;
• Law enforcement, regulators or other governmental authorities (e.g. to help with fraud prevention).

Information Security and Confidentiality

We restrict access to a user’s personal information to our employees who need to know the information necessary to provide products or services. We maintain physical, electronic, and procedural safeguards that comply with applicable laws and regulations to safeguard your information. 

BHDIC restricts personal information to authorized users.  BHDIC employees become authorized after meeting certain identification criteria and are assigned login credentials for their secure access.  BHDIC uses Secure Socket Layer (SSL) encryption technology to protect transmitted information from being intercepted while in transit over the internet.  Once confidential information is gathered and stored within BHDIC’s systems, it is protected by firewalls and other access control systems and processes to keep it secure from unauthorized access.   Although BHDIC uses reasonable technical and administrative safeguards to protect your information during transmission and while stored in our systems, no method of transmission over the internet or electronic storage is guaranteed to be 100 percent secure.

Do not Track

BHDIC does not collect or track personal information about a user’s online activities over time and across third-party websites or online services for targeted advertising or any other purpose.  BHDIC only uses cookies and similar technologies to track non-personally identifiable technical data related to a user’s browsing behavior on this site as stated in the Cookies section of this policy.    

Third-Party Behavioral Tracking

BHDIC does not give permission to third parties engaging in online behavioral tracking to collect personal information about a user’s online activities from this site.  Third parties that have content embedded on this site (such as the web chat feature) may set cookies on a user’s browser and/or obtain information about the web browser’s utilization of the chat feature from a certain IP address. Third parties cannot collect any other personally identifiable information from this website unless the user provides it to them directly.

Right to Access and Correct Your Personal Information

Our users have the right to access and request correction of personal information.  If you believe any information BHDIC holds about you is inaccurate or incomplete, please contact us with your request to update or amend the details.  We will promptly review and address your concerns in accordance with applicable data privacy laws.  To exercise this right, please submit a written request to either customerservice@biBerk.com or service@threeinsurance.com.  BHDIC will follow strict procedures to verify your identity before providing access to your personal data and will respond to your request within a reasonable timeframe. 

Data Privacy Notice Changes

Please be aware that BHDIC reviews our Data Privacy Policy on an on-going basis and makes any necessary changes. Visitors should revisit this policy periodically to learn of any changes.  Your continued use of this website after enhancements are made will be considered acceptance of those changes.  BHDIC may terminate or suspend any function of this website. We may also impose limits on some functions or restrict access to any part of the site without notice or liability.

Third-Party Disclaimer

Access to third-party websites is provided to users as a convenience only. BHDIC does not endorse, control, or approve the products, services, or information offered to users on any third-party website. If a user decides to access a linked third-party website, they do so solely at their own risk and are therefore responsible for protecting themself against viruses or other destructive elements that may occur or result from the use of any third-party website. Third party websites may use cookies.  This site may also include widgets or tools, such as links.  These features may collect IP addresses, the pages visited on our site and may set a cookie to enable these features to function properly.  Third parties may have access to web-browsing history on this page where the widgets, tools, or embedded information are placed on this site.  BHDIC is not responsible for how cookies are by these third-party sites or for how they collect, use, secure, or disclose the information provided to those third-party sites.  The user should reference the privacy policies of the third-party sites for their usage of cookies and usage of information. 

Information Collection and Cookies

BHDIC may use cookies and other similar technologies, such as pixel tags, web beacons, clear GIFS, and Local Shared Objects (sometimes referred to as “Flash Cookies”), when a user visits our website or mobile application to automatically collect common information about the user’s computer or mobile devise.  BHDIC uses these technologies to collect anonymous technical information, such as:

• Browser information
• Internet Protocol (IP) Address
• Operating system (OS)
• Internet Service Provider (ISP)
• Session ID
• Webpage accessed
• Time of visit
• Referring site
• Mobile device information
• Geographic information
• Downloaded information
• Form field usage

BHDIC uses this information to improve the content, services, and functionality of our website for the user.

Cookies are small text files that are sent to your computer when you visit our website. They allow the website to recognize your web browser and may capture and store certain common technical information. Cookies are very useful and enable a website to recognize and remember you, enhancing your browsing experience with additional functionalities. You may be able to block cookies, receive a warning when a cookie is being sent (typically in the privacy settings of your browser), or delete stored cookies at any time. However, some features of our website may not function properly without the cookie. Certain cookies may gather limited information about you, but the above sections of the BHDIC Data Privacy Policy contain information about how we protect any data we receive from you. We do not share any of the information collected through cookies on our website.

Children’s Privacy

BHDIC does not direct products or services towards children under the age of 18.  This website is not intended for children.  BHDIC does not intend to collect any information from children and requests no nonpublic, personal identifiable information be provided to us from children. BHDIC does not knowingly collect or post information children pursuant to child privacy laws, including the Children’s Online Privacy Protection Act (COPPA). 

California Consumer Privacy Act Policy

This California Consumer Privacy Act Policy of the National Indemnity group of insurance companies, which includes BHDIC (collectively, “we,” “us,” or “our”) applies solely to individuals who reside in the State of California (“consumers” or “you”). We adopt this policy to comply with the California Consumer Privacy Act of 2018 (“CCPA”). Any terms defined in the CCPA have the same meaning when used in this policy.

Your Right to Know About Personal Information Collected, Disclosed, or Sold

You have the right to request that we disclose to you information about the collection and use of your personal information over the last 12 (twelve) months, including:

• The categories of personal information we have collected about you;
• The categories of sources from which we have collected the personal information;
• The business or commercial purpose for collecting or selling personal information;
• The categories of third parties to whom we share personal information;
• The specific pieces of personal information we have collected about you;
• The categories of personal information we have disclosed about you for a business purpose; and
• The categories of third parties to whom your personal information as disclosed, by categories or
• categories of personal information disclosed.

We have not sold personal information about consumers in the last 12 months.

How to Submit a Request

To exercise any of your rights described in this California Consumer Privacy Act Policy, please submit a request to us by contacting us via one of the following methods:

(800) 488-2930

biBerk Customer Service
P.O. Box 3300
Wilkes Barre, PA 18773-3300

THREE Customer Service
P.O. Box 1668
Wilke Barre, PA 18703

Our Process to Verify Your Request

We will contact you to collect additional information to verify your identity. Depending on the nature of the request, we will require you to provide either two or three pieces of information to allow us to verify that you are the person about whom we collected personal information. We may also require you to submit a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.

Any information we collect for the purpose of verifying your identity will not be used for any other purpose. If we are unable to verify that you are the person about whom we collected personal information, or that you have authority to make the request on that person’s behalf, we will notify you that we will not be able to respond to your request.

We will endeavor to respond to your request within 45 (forty-five) days of the date you submit it. If we require additional time, we will notify you of the extension in writing.

We will not respond to more than two requests from the same consumer in any 12 month period.

Information We Collect

“Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include publicly available information.

We may collect various types of personal information.

• A. Identifiers: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
• B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): Identifiers listed in A. above, plus the following: signature, physical characteristics or description, telephone number, state ID number, insurance policy number, education, employment or employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, and health insurance information. Some personal information included in this category may overlap with other categories.
• C. Protected classification characteristics under California or federal law: Race, color, ancestry, national origin, religion, creed, age (over 40), disability (mental/physical), sex (including gender, gender identity, gender expression, pregnancy, childbirth, medical conditions related to pregnancy or childbirth, and breastfeeding or medical conditions relating to breastfeeding), sexual orientation, medical conditions, genetic information, marital status, military and veteran status, political affiliations or activities, status as a victim of domestic violence, assault or stalking, citizenship, language, accent, or English proficiency, changes in name and pronoun, bathroom and facility usage.
• D. Commercial information: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
• E. Biometric information: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke patterns or rhythms, gait patterns or rhythms, or other physical patterns, and sleep, health, or exercise data.
• F. Internet or other electronic network activity information: Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
• G. Geolocation data: Roadside assistance, fitness monitors, smartphone info, and GPS trackers/fleet trackers.
• H. Sensory data: Audio, electronic, visual, thermal, olfactory, or similar information.
• I. Professional or employment-related information: Current or past job history or performance evaluations.
• J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)): Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
• K. Inferences drawn from other personal information to create a profile about a consumer: Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

We collect each category of personal information about consumers from the following categories of sources:

• Directly from you or someone providing information on your behalf, such as an insurance agent or your employer in connection with obtaining commercial insurance;
• External data sources, such as consumer reporting agencies and other companies that provide data related to a specific consumer, business, or property;
• Via our website, directly or indirectly from information submitted through a web portal or through the use of cookies and other data tracking systems;
• Sources used to facilitate the transaction of insurance and the investigation of associated claims including, but not limited to, medical providers, regulators, auditors, attorneys, investigators, adjusters, and other insurance companies.

We collect each category of personal information about consumers for the following business or commercial purposes:

• To facilitate the transaction of insurance and the investigation of associated claims;
• Auditing related to a current interaction with the consumer and concurrent transactions;
• Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
• Debugging to identify and repair errors that impair existing intended functionality;
• Undisclosed short-term, transient use;
• Performing services on behalf of the business or service provider;
• Undertaking internal research for technological development and demonstration;
• Undertaking activities to verify or maintain the quality or safety of a service;
• To confirm eligibility for insurance benefits or payments;
• To detect or prevent crime or fraud;
• In response to subpoenas, search warrants or other court orders;
• For actuarial or research studies;
• In connection with a sale of our business;
• In connection with employment or application for employment;
• In connection with your provision of services to us;
• As otherwise required by law.

We will provide you notice and obtain your explicit consent if we collect additional categories of personal information or use the personal information we previously collected for materially different purposes.

Information We Disclose

We may disclose your personal information to a third party for business purposes.

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

Category A: Identifiers.

Category B: California Customer Records personal information categories.

Category C: Protected classification characteristics under California or federal law.

Category D: Commercial Information.

Category F: Internet or Other Electronic Network Activity Information.

Category G: Geolocation Data.

Category H: Sensory Data.

Category I: Professional or employment-related information.

Category J: Non-public education information.

Category K: Inferences drawn from other personal information.

We share personal information about consumers with the following categories of third parties:

• Entities that facilitate our transaction of insurance and the investigation of associated claims;
• Third Party Administrators, independent adjusters, outside counsel, investigators, and other parties for purposes of investigating and resolving claims;
• Regulatory and other government agencies;
• Consumer reporting agencies or insurance support organizations;
• Entities that have an interest in policies issued by us, such as a certificate holders, additional insureds, group policy owners, or lienholders;
• Entities who perform administrative, business, professional, or employment functions on our behalf;
• Insurers, reinsurers, policyholders, and claimants;
• To our lawyers, accountants and auditors;
• As otherwise required by law.

We have not sold personal information about consumers in the last 12 (twelve) months.

Consumer Rights

The CCPA confers certain rights on consumers regarding personal information, including:

• The right to know what personal information we have collected about the consumer, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purposes for collecting, selling or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about the consumer;
• The right to delete personal information we have collected from the consumer, subject to certain exceptions;
• The right to correct inaccurate personal information that we maintain about the consumer;
• The right not to receive discriminatory treatment by us for the exercise of privacy rights conferred by the CCPA; and
• If the consumer is an employee, an applicant for employment, or an independent contractor, the right not to be retaliated against for the exercise of the consumer’s rights.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions described below. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers, or contractors to:

• Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
• Assist our network or information systems detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information;
• Ensure the physical safety of any individual;
• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.);
• Engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's ability to complete such research, if you previously provided informed consent;
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us and compatible with the context in which you provided the information;
• Comply with a legal obligation.

Correction Request Rights

You have the right to request that we correct any inaccurate personal information that we retain about you. Once we receive and verify your request, we will use commercially reasonable efforts to correct (and direct our service providers and contractors to correct) your personal information in our records, unless the information is found to be accurate.

Non-Discrimination

A business may not discriminate against a consumer because the consumer exercised any of the foregoing rights.

Authorized Agent

You may use an authorized agent to submit requests to us as described in this privacy notice. An authorized agent is a natural person or a business entity that you have authorized to act on your behalf. If you use an authorized agent to submit a request to us, we will require you to (1) provide the authorized agent with written permission to make requests on your behalf and then verify the consumer’s own identity directly with us; or (2) provide the authorized agent with a power of attorney pursuant to California Probate Code sections 4000 to 4665. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.

Contact for More Information

For questions or concerns about our privacy policies or practices, please contact us at (866) 720-7861. If you have a disability, you may contact us to access this notice in an alternative format.

Information Not Subject to CCPA

In accordance with the CCPA, this California Consumer Privacy Policy does not apply to: (1) certain medical information governed by the Confidentiality of Medical Information Act; (2) certain information that is furnished to or collected from a consumer reporting agency in accordance with the Fair Credit Reporting Act; (3) personal information collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act, and implementing regulation, or the California Financial Information Privacy Act; (4) information collected, processed, sold, or disclosed pursuant to the Driver’s Privacy Protection Act of 1994; (5) certain information collected about a consumer in the course of their employment or application for employment; and (6) certain information collected about a consumer in the scope of a business-to-business transaction or communication.