Effective Date: August 1, 2024
This Privacy Notice for California Residents (this “Notice”) supplements the information contained in the VIU by HUB LLC Privacy Policy (the “Policy”) and is provided on behalf of VIU BY HUB LLC (“VIU”). Please read both policies.
This Notice provides our “notice at collection” and provides certain mandated disclosures about our treatment of California residents’ information, both online and offline. We adopt this Notice to comply with the California Consumer Privacy Act of 2018 as supplemented by the California Privacy Rights Act of 2020 (collectively, the “CCPA”) and any terms defined in the CCPA have the same meaning when used in this Notice (unless separately defined in this Notice or the Policy). This Notice applies solely to residents of the State of California as defined in the CCPA (“California Residents”) who do business with us directly and/or visit the mobile apps and websites of VIU (“our websites”).
We reserve the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will post the updated Notice on the websites and update the Notice's effective date. We encourage you to look for updates and changes to this Notice when you access our websites. Your continued use of our websites and mobile applications following the posting of changes constitutes your acceptance of such changes with respect to your use of the websites and mobile applications.
If you have special needs with regard to accessing the content of this Notice, we recommend that you or someone on your behalf, contact us by email at: [email protected]. Please indicate “Accessibility Request” in your subject line to help us to identify this request.
Generally, Personal Information under the CCPA and in this Notice means information that identifies (whether directly or indirectly) you, such as your name, postal address, email address, and telephone number. Due to the nature of our business, Personal Information we collect may also include:
Personal Information as defined under the CCPA does not include:
Certain types of Personal Information are considered “Sensitive Personal Information” under the CCPA. Specifically, Sensitive Personal Information is a specific type of Personal Information defined specifically as its own category under California law in the CCPA as information that reveals a consumer’s:
The following categories of Personal Information and/or Sensitive Personal Information may have been collected from California Residents within the last twelve (12) months. Personal Information that falls under the definition of Sensitive Personal Information under the CCPA has been noted in the second column below.
|
Category |
California Sensitive Personal Information may be considered to be within this Category |
Examples of Personal Information |
Collected |
|
A. Identifiers. |
YES |
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. |
YES |
|
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80I). |
YES |
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories. |
YES |
|
C. Protected classification characteristics under California or federal law. |
YES |
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
YES |
|
D. Commercial information. |
NO |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
YES |
|
E. Biometric information. |
YES |
Genetic, physiological, behavioral and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns and sleep, health, or exercise data. |
NO |
|
F. Internet or other similar network activity. |
NO |
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. |
YES |
|
G. Precise geolocation data. |
YES |
Physical location or movements within a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet. |
YES |
|
H. Sensory data. |
YES |
Audio, electronic, visual, thermal, or similar information. |
YES |
|
I. Professional or employment-related information. |
NO |
Current or past job history. |
YES |
|
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). |
YES |
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
YES |
|
K. Inferences drawn from other Personal Information. |
YES |
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
YES |
We may obtain the categories of Personal Information listed above from the following categories of sources:
We may from time to time use your Personal Information for the following reasons:
Under the CCPA, the Sharing of Personal Information means sharing, disclosing, disseminating, making available or otherwise communicating a consumer’s Personal Information to a third party for uses such as targeted advertising for the benefit of the business.
California residents have certain rights under the CCPA around limiting the Sharing of their Personal Information.
The CCPA addresses two distinct categories of information disclosure by businesses, differentiating the Sharing of Personal Information for a Commercial Purposes from the Disclosure of Personal Information for a Business Purpose, as described below.
The CCPA defines the Sharing of Personal Information for a Commercial Purpose as including the sale or sharing of a customer’s Personal Information for monetary or other consideration paid to the sharing business.
In accordance with that definition, in the preceding twelve (12) months, VIU has Shared Personal Information for a Commercial Purpose as disclosed within the Policy, including specifically as described in our Cookie Notice and Notice of Other Web Technologies in relation to sharing personal information for cross-contextual behavioral advertising or targeted advertising.
As provided by the CCPA, California consumers have the right to opt-out of the “sale” of personal information to third parties. To opt-out of the “sale” or “sharing” of personal information related to targeted advertising, interest based advertising and cross context behavioral advertising, take the following steps:
Your cookie selections are specific to the particular device, browser, and website you use. If you use another device or browser, you will need to opt out on each device and browser. Blocking or deleting cookies from your browser may remove your opt-out settings, requiring you to opt-out again.
The CCPA excludes from the definition of Sharing Personal Information any use of Personal Information which was requested by you (the customer), including the expected and typical use of that information by a third party for the reasonably necessary purposes to achieve the requested service. Such an information transfer is considered the Disclosure of Personal Information for a Business Purpose under the CCPA.
In the preceding twelve (12) months, we may have Disclosed the following categories of Personal Information for a Business Purpose:
Category A: Identifiers
Category B: California Customer Records Personal Information categories
Category C: Protected classification characteristics under California or federal law
Category D: Commercial information
Category F: Internet or other similar network activity
Category H: Sensory Data
Category I: Professional or employment-related information
Category J: Non-public education information
Category K: Inferences drawn from other Personal Information
We may Disclose to the following categories of third parties your Personal Information for a Business Purpose to perform services on your behalf and to provide you with the insurance products and services you expect from us:
In the preceding twelve (12) months, we have sold or shared Personal Information as defined by the CCPA, as described herein and in our Cookie Notice and Notice of Other Web Technologies in the Policy in relation to sharing personal information for cross-contextual behavioral advertising or targeted advertising.
You have the right to opt out of the use of your personal information for targeted advertising purposes. You may download one of the supported browsers or extensions to send the Global Privacy Control (“GPC”) signal, which will transmit your request to opt-out of targeted advertising automatically. A list of GPC enabled available browsers or extensions is available here: https://globalprivacycontrol.org/#download.
Your computers or devices also have tools within their browser settings that allow you to manage your acceptance of cookies. These can include the ability to disable or block cookies, remove cookies, automatically accept cookies or to notify you when a cookie is received. Generally disabling or rejecting cookies can impact your user experience; Certain features of our website may not be available if all cookies are disabled, and therefore, disabling, particularly of strictly necessary cookies, may not be available.
In addition, for recruitment and/or employment purposes, in the past twelve (12) months we have collected or may have collected and retained the following categories of Personal Information as necessary from California residents. Personal Information that falls under the definition of Sensitive Personal Information under the CCPA has been noted in the second column below:
|
Category |
California Sensitive Personal Information may be considered to be within this Category (YES or NO) |
Examples of Personal Information |
Collected |
|
Additional personal details, contact details and identifiers. |
YES |
Additional personal details for recruitment/employment purposes, such as national identification number, Social Security number, insurance information, your National Producer Number, marital/civil partnership status, domestic partners, dependents, emergency contact information, and military history; professional/personal calendar availability/scheduling information for meeting/communication purposes. |
YES |
|
Education information and professional or employment-related information. |
NO |
Information about your education and professional or employment-related information, such as your employment history. |
YES |
|
Sensitive data for recruitment purposes. |
YES |
Certain types of sensitive information when permitted by local law or with your consent, such as health/medical information (including disability status), trade union membership information, religion, race or ethnicity, minority flag, and information on criminal convictions and offences. We collect this information for specific purposes, such as health/medical information in order to accommodate a disability or illness (subject to legal limits on the timing of collection of such information and other applicable limitations) and to provide benefits; background checks and diversity-related Personal Information (such as race or ethnicity) in order to comply with legal obligations and internal policies relating to diversity and anti-discrimination. |
YES |
|
Documentation required under immigration laws. |
YES |
Data on citizenship, passport data, and details of residency or work permit (a physical copy and/or an electronic copy). |
YES, as to employees, some job candidates, and contractors of VIU by HUB LLC |
|
Financial information for payroll/benefits purposes. |
YES |
Your banking and other relevant financial details we need for payroll/benefits purposes. |
YES |
|
Talent management information. |
YES |
Information necessary to complete a background check, details on performance decisions and outcomes, performance feedback and warnings, e-learning/training programs, performance and development reviews (including information you provide when asking for/providing feedback, creating priorities, updating your input in relevant tools), driver’s license and car ownership information, and information used to populate biographies. |
YES |
|
Requested recruitment information. |
NO |
Information requested to provide during the recruitment process, to the extent allowed by applicable law. |
YES |
|
Recruitment information you submit. |
NO |
Information that you submit in résumés / CVs, letters, writing samples, or other written materials (including photographs). |
YES |
|
Information generated by us during recruitment. |
NO |
Information generated by interviewers and recruiters related to you, based on their interactions with you or basic Internet searches where allowed under applicable law. |
YES |
|
Recruitment information received from third parties. |
NO |
Information related to you provided by third-party placement firms, recruiters, or job-search websites, where applicable. |
YES |
|
Audiovisual information processed during recruitment. |
YES |
Photograph, and images/audio/footage captured on CCTV or other video systems when visiting our office or captured in the course of recruitment events or video recruitment interviews. |
YES |
|
Recommendations. |
NO |
Recommendations provided on your behalf by others. |
YES |
|
Employment history and background checks. |
YES |
Information about your prior employment, education, and where applicable and allowed by applicable law, credit history, criminal records or other information revealed during background screenings. |
YES |
|
Diversity related information. |
YES |
Information about race / ethnicity / religion / disability / gender and self-identified LGBT status, for purposes of government reporting where required by law, as well as to understand the diversity characteristics of our workforce, subject to legal limits. |
YES |
|
Assessment information. |
YES |
Information generated by your participation in psychological, technical or behavioral assessments. You will receive more information about the nature of such assessments before your participation in any of them. |
YES |
VIU retains certain records of your Personal Information as necessary to operate our business and comply with our legal and regulatory obligations. Such records are retained for legally defined retention periods that may extend beyond the period for which we provide the Services to you. We have implemented appropriate measures to confirm that Personal Information is securely disposed when no longer required.
The CCPA at Section 7011 (e)(2) provides California Residents with specific rights regarding their Personal Information:
(A) Access. The right to know what Personal Information the business has collected about the consumer, including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom the business discloses Personal Information, and the specific pieces of Personal Information the business has collected about the consumer;
(B) Deletion. The right to delete Personal Information that the business has collected from the consumer, subject to certain exceptions;
(C) Correction. The right to correct inaccurate Personal Information that a business maintains about a consumer;
(D) Opt-out of Sale or Sharing. If the business sells or shares Personal Information, the right to opt-out of the sale or sharing of their Personal Information by the business;
(E) Limitation on the Use of Sensitive Personal Information. If the business uses or discloses sensitive Personal Information for reasons other than those set forth in section 7027, subsection (m), the right to limit the use or disclosure of sensitive Personal Information by the business; and
(F) Non-discriminatory Treatment. The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicant’s, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights.
The following sections describe these CCPA rights in further detail and explain how to exercise those rights.
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request for Access rights (refer to “Exercising Access, Data Portability and Deletion Rights”), we will disclose to you to the extent reasonably available, and to the extent that we can continue to protect your data while providing such disclosure:
In addition to the rights listed above, you may request limitations on the use of your Sensitive Personal Information consistent with the terms and limitations described in the CCPA, and pursuant to Civil Code Section 1798.120 et.seq. Limited use of Sensitive Information may continue to include those uses which the average consumer would reasonably expect in context, and for uses which are reasonably necessary and proportionate for our business.
You have the right to request that we delete any of your Personal Information that we collected from you and retained. Once we receive and confirm your verifiable consumer request (refer to “Exercising Access, Data Portability and Deletion Rights”), we will delete your Personal Information from our records, unless an exception applies.
We may deny your deletion request in whole or in part for other reasons and exceptions described in the CCPA.
To exercise the access, data portability and deletion rights described above, please submit a verifiable consumer request to us by:
To protect your information and privacy, only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. Please indicate in your subject line “California Privacy Rights Request” so that we can better respond to you. Designated agents making any request will be required to provide signed permission for the agent to submit a request. In addition, when an authorized agent submits a request, we may also require that you verify your own identity directly to us or confirm with us that you have requested that the agent to submit the request. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We will only use Personal Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
We will acknowledge receipt of your request within ten (10) days. We will endeavor to respond in substance to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the extension period which may not exceed an additional forty-five (45) days beyond the original forty-five (45) day period.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily usable and should allow you to transmit the information from one entity to another entity without significant hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our website who are California Residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please write us at the mailing address shown beneath the heading “Contact Information for Requests under this Notice.”
If you have any questions or comments about this Notice, the ways in which we collect and use your Personal Information described herein, and in the Policy, your choices, and rights regarding such use, or wish to exercise your rights under California law, please contact us at:
Chief Legal Officer
VIU by HUB LLC
150 N Riverside Plaza, 17th Floor
Chicago, IL 60606
Or by:
Please indicate the purpose of your Email in the subject line, for instance “California Privacy Rights Request,” so that we can identify your Email properly.
Situations Where Rights Cannot Be Granted
There may be situations where we cannot grant a particular request — for example, if you ask us to delete your transaction data but we are legally obligated to keep a record of that transaction to comply with law, or if we are unable to verify your identity through standard and reasonable requirements. We may also decline to grant a request where doing so would undermine our legitimate use of data for antifraud and security purposes, such as when you request deletion of an account that is being investigated for security concerns. Other reasons your privacy request may be denied could be that granting the request would jeopardize the privacy of others; that the request is substantively frivolous or vexatious; or that granting the request would be highly impractical in the context of our legitimate business purposes.
