Skip to Main Content

Privacy Policy

Welcome to www.acord.org (the “Site”), a website provided by ACORD Corporation, a not-for profit, Delaware corporation that enables the success of the global insurance industry by leveraging the flow of data and information across all insurance stakeholders through relevant and timely data standards ("ACORD").  ACORD respects your privacy, and this policy covers ACORD’s handling, use and disclosure of information collected from you through the Site, your use of software products licensed from ACORD (“Software”) or other sources in the ordinary course of ACORD’s business.

 

1.         Acceptance

You should review this policy carefully, and be sure you understand it, prior to using the Site or any Software, or otherwise providing any information to ACORD.  Your use of the Site or any Software, or your otherwise providing any information to ACORD, is deemed to be irrevocable acceptance by you of this policy.  If you do not agree to this policy, you should not use, and should immediately terminate your use of, the Site or such Software, as applicable, and not otherwise provide any information to ACORD.  For purposes of this Section, accessing the Site only to review this policy or any terms of use is not deemed to be use of the Site.

 

2.         Information

In this policy:

(a) “Analytical Information” means all Non-Personal Information obtained through the use of cookies (or other code) and server log files (including, but not limited to, (i) your search terms, (ii) your computer’s access date and time, browser, connection speed, Internet protocol address, Internet service provider, language, location, manufacturer, visit details, and operating system, and (iii) whether or not you opened email messages or other electronic communications from ACORD, and if you did, the times they were opened);

(b) “Collected Information” means all (i) Personal Information (including, but not limited to, name, e-mail address, physical address, phone number, photographs, credit card processing information, human resource data from employees and independent contractors of ACORD, and insurance information relating to third-party individuals provided by clients of ACORD), and (ii) Non-Personal Information (including, but not limited to, Analytical Information);

(c) “EU/Swiss Information” means all Personal Information collected by ACORD, whether electronically or manually, through (i) the Site, (ii) any Software, (iii) e-mail messages and other electronic communications that you may send to ACORD, and (iv) other sources in the ordinary course of ACORD’s business, that relates to individuals residing in the European Union or Switzerland;

(d) “Non-Personal Information” means all information collected by ACORD, whether electronically or manually, through (i) the Site, (ii) any Software, (iii) e-mail messages and other electronic communications that you may send to ACORD, and (iv) other sources in the ordinary course of ACORD’s business, that is not Personal Information;

(e) “Personal Information” means all information collected by ACORD, whether electronically or manually, through (i) the Site, (ii) any Software, (iii) e-mail messages and other electronic communications that you may send to ACORD, and (iv) other sources in the ordinary course of ACORD’s business, that relates to an individual and that identifies, or can be used in conjunction with other readily-accessible information to identify, such individual (including, but not limited to, any such information relating to employees of ACORD residing in the United States or the United Kingdom); and

(f) “Sensitive Information” means all EU/Swiss Information of an individual that specifies (i) health data, (ii) racial or ethnic origin, (iii) political opinions, (iv) religious or philosophical beliefs, (v) union membership, (vi) genetic data, (vii) biometric data or (viii) the sex life or sexual orientation of such individual.

 

3.         Collected Information

No Collected Information is obtained from you, unless it is voluntarily provided, except for any Collected Information obtained automatically through the Site as set forth in this policy or any Software in connection with its intended functionality, or through legal process.  Regardless of the method used to obtain Collected Information, ACORD will collect and retain Personal Information in its primary and backup files only to an extent that is relevant to the purposes for which it is provided by you, and except for EU/Swiss Information, for ACORD's other legitimate business purposes (including, but not limited to, marketing).  You are responsible for obtaining any approvals, authorizations, consents and permissions that are required in connection with your providing ACORD with any information (including, but not limited to, any information relating to a third party).

 

4.         Choice

Excluding information to which ACORD is entitled under a separate contract with you or as a matter of law, you may refuse to provide any information to ACORD at any time by terminating your use of the Site and all Software, or in all other cases not involving use of the Site or any Software, by notifying ACORD as set forth in Section 20.  If you refuse to provide any information when requested to do so by ACORD, the Site or any Software, you may not be able to access, or otherwise enjoy the benefits of, certain services from ACORD, features of the Site or functionality of such Software.

 

5.         Electronic Communications

Whether or not you have previously sent ACORD an e-mail message, you consent to ACORD sending you e-mail messages and other electronic communications (a) in connection with your use of the Site or any Software, (b) in the ordinary course of business, or (c) for any other legitimate business purpose (including, but not limited to, marketing).  Since ACORD endeavors to send e-mail messages and other electronic communications only to individuals desiring to receive them, you can unsubscribe to such e-mail messages or other electronic communications at any time by contacting ACORD as set forth in Section 20 or by following the directions contained in such e-mail messages or other electronic communications.

 

6.         Analytical Information

When you access the Site or use any Software that is licensed as “software as a service” or otherwise hosted by ACORD, ACORD will collect Analytical Information.  Your browser may provide you with the ability to not accept cookies, as well as the ability to delete already-existing cookies.  If you refuse, or delete previously existing, cookies, you may not be able to enjoy some features of the Site or functionality of any Software.

 

Analytical Information will only be used by ACORD (a) to record your use of the Site or any Software, (b) to diagnose problems with the Site or any Software, (c) to improve the Site or any Software and make the Site or such Software, as applicable, more useful to you and other users, and (d) for other legitimate business purposes of ACORD (including, but not limited to, marketing).  ACORD will collect Analytical Information either directly or through third parties acting on its behalf.

 

7.         Sensitive Information

Any provision of this policy to the contrary notwithstanding, if ACORD collects any Sensitive Information from you, your explicit consent (i.e. among other things, you must “opt in”) will be obtained before such Sensitive Information is (a) disclosed to a third party or (b) used for a purpose other than the purposes for which such Sensitive Information was originally collected or subsequently authorized by such individual through the exercise of an “opt-in” choice.  ACORD will also treat as Sensitive Information any Personal Information of an individual received by ACORD from a third party if the third party identifies it in writing to ACORD, and treats it, as sensitive.

 

8.         Controller

All electronic Personal Information is controlled by ACORD on servers residing at ACORD’s place of business in Pearl River, New York, and on servers residing at off-site data centers in the United States and other locations.  ACORD may transfer Collected Information to a third-party sub-controller or processor only pursuant to Section 10.

 

9.        Protection

Except as provided in the immediately following sentence, ACORD will use commercially reasonable efforts to protect Personal Information from loss, misuse and unauthorized access, alteration, destruction and disclosure.  Certain Personal Information posted by you on the Site may be accessible to the general public, and ACORD is not responsible for protecting such Personal Information from loss, misuse or unauthorized access, alteration, destruction or disclosure.  For example, if you participate in a public forum on the Site, any information disclosed by you when doing so may be available to the general public.  Also, since no transmission of information over the Internet or electronic storage of information is completely secure, it is possible that Collected Information could be lost, misused or accessed, altered, destroyed or disclosed without authorization, even if ACORD uses such reasonable efforts.  In providing information to ACORD, you must assume the risk that Collected Information could be lost, misused or accessed, altered, destroyed or disclosed without authorization.

 

10.      Use and Transfer of Collected Information

All Collected Information may be used by ACORD for any legitimate business purpose (including, but not limited to, marketing), except that, in the case of EU/Swiss Information only, such purpose (a) is relevant to the purpose for which EU/Swiss Information has been provided by you or (b) has been subsequently authorized by you.  If ACORD expressly states in this policy or in another writing that any Collected Information will only be used for a specific purpose, ACORD will only use such Collected Information for such purpose, unless you subsequently consent to its being used for another purpose.

 

Any Collected Information obtained by ACORD, whether or not for a specific purpose, may be disclosed to third parties retained by ACORD (including, but not limited to, any distributors, sub-contractors or vendors of ACORD) for any purposes for which ACORD could use such Collected Information, except that, in the case of EU/Swiss Information only, (a) such third party’s right to use EU/Swiss Information is limited to such purposes, (b) such third party is obligated to provide at least the same level of privacy protection as is required by the European Union’s General Data Protection Regulation (the “GDPR”), (c) ACORD takes commercially reasonable steps to ensure that such third party effectively processes EU/Swiss  Information in a manner consistent with ACORD’s obligations under the GDPR, (d) such third party is required to notify ACORD if such third party makes a determination that it can no longer meet its obligation to provide the same level of privacy protection as required under the GDPR, and (e) upon such notice, ACORD must take commercially reasonable steps to stop and remediate unauthorized processing of EU/Swiss Information.  In cases of onward transfers to third parties of EU/Swiss Information, ACORD is potentially liable for the failure of such third party to comply with the GDPR.

 

ACORD may also at any time, in its sole discretion, disclose and use any Collected Information (including, but not limited to, a computer’s Internet protocol addresses), whether or not you furnished such Collected Information for a specific purpose, to (a) comply with, or as permitted by, any applicable law or government request, (b) cooperate with law enforcement, and other third parties, in investigating a claim of fraud, illegal activity or infringement of intellectual property rights, (c) protect the rights, property or legitimate business interests of ACORD or a third party, or (d) transfer such Collected Information to a third party purchasing all, or substantially all, of ACORD’s assets.  If Collected Information is so transferred, ACORD will have no responsibility for any action of the third party to whom or which such Collected Information is transferred.

 

11.      Third-Party Sites

The Site and any Software may contain links to, or be accessible from, websites provided by third parties (individually a “Third-Party Site”).  Your use of a Third-Party Site will be subject to its terms of use and other provisions, and you are responsible for complying with such terms and other provisions.  This policy does not cover the privacy policies or practices of any Third-Party Site, and ACORD is not responsible for any information you submit to, or otherwise collected by, any Third-Party Site.  ACORD is only responsible for Collected Information obtained by it (a) through your authorized use of the Site or any Software, or (b) from other sources in the ordinary course of its business.  You should consult each Third-Party Site for its privacy policy or practice before submitting any information to, or otherwise using, such Third-Party Site.

 

12.      Access

ACORD does not warrant or represent that any Collected Information will be accurate or error-free.  However, upon your request, ACORD will grant you access to your EU/Swiss Information in the possession, or under the control, of ACORD solely for the purpose of your correcting or deleting such EU/Swiss Information that is inaccurate or has been processed in violation of the GDPR, except where the burden or expense of providing such access would be disproportionate to the risks to your privacy or where the rights of a third party would be violated.  If you desire access to any EU/Swiss Information, you must contact ACORD in writing as set forth in Section 20.

 

13.       Children

The Site is not intended for children under 13 years of age.  However, if a parent or guardian of a child who is under 13 years of age discovers that the child’s personal information has been submitted to ACORD through the Site without the parent’s or guardian's consent, ACORD will use commercially reasonable efforts to remove such information from the Site and ACORD’s servers at the parent’s or guardian's request.  To request the removal of personal information of a child under 13 years of age, the parent or guardian must contact ACORD as set forth in Section 20, and provide all information requested by ACORD to assist it in identifying the information to be removed.

 

14.      Applicable Law

This policy shall be governed by, and construed and interpreted in accordance with, (a) the laws of the state of New York, without regard to its principles of conflict of laws, and in the case of EU/Swiss Information, (b) the GDPR.  If there is any conflict or inconsistency between any provision of this policy and any provision of any applicable law or, as applicable, the GDPR, the latter shall control.

 

15.      Complaints

Any complaint by you regarding any Collected Information, or otherwise relating to this policy must first be submitted to ACORD as set forth in Section 20, and ACORD must be given a reasonable opportunity of not less than 30 days to investigate and respond to your complaint.  Upon ACORD completing such investigation and so responding, ACORD and you must then attempt, in good faith, to promptly resolve any remaining aspects of your complaint.  If any aspect of your complaint remains unresolved after an additional reasonable period of time of not less than 30 days, (a) you may commence litigation against ACORD in connection with the unresolved portion of your complaint only in a court located in Westchester County, New York, and having subject matter jurisdiction over your complaint, and (b) you consent to any such court’s being, and waive any objection (including, but not limited to, any such objection based on inconvenience) to such court’s not being, a proper venue for your complaint.

 

16.      Entire Agreement

Except as set forth in this Section, this policy contains the entire agreement, and supersedes all prior oral and written agreements, proposals and understandings, between you and ACORD, with respect to Collected Information.  If you use the Site or any Software, or otherwise have business dealings with ACORD, such use or dealings will be subject to this policy, plus any other written agreement between the parties that is applicable thereto (including, but not limited, any applicable terms of use and license agreements).  To the extent there is any conflict or inconsistency between any provision of this policy and any provision of such other agreement, the former shall control.

 

17.      Severability

Whenever possible, each provision of this policy shall be interpreted to be effective and valid under applicable law.  If, however, any such provision shall be prohibited by or invalid under such law, it shall be deemed modified to conform to the minimum requirements of such law, or if for any reason it is not so modified, it shall be prohibited or invalid only to the extent of such prohibition or invalidity without the remainder of such provision, or any other provision of this policy, being prohibited or invalid.

 

18.      Revisions

ACORD may revise any provision of this policy from time to time by posting the revised provision on the Site so long as such revision does not conflict with applicable law.  Any such revision will take effect immediately upon such posting, and will apply to all Collected Information obtained by ACORD after such posting.  It is your responsibility to periodically check this policy on the Site for revisions to this policy.

 

19.       Expenses

Except as provided in this policy or in the applicable law, you are solely responsible for all fees and disbursements of any attorney or other advisor retained by you in connection with you enforcing your rights under this policy.

 

20.      Additional Information

If you have any questions or complaints, or desire additional information, regarding ACORD’s handling of any Collected Information or otherwise relating to this policy, please promptly contact:

 

ACORD Corporation

Attn:  General Counsel

1 Blue Hill Plaza, 15th Floor

Pearl River, New York 10965

United States of America

legalwork@acord.org

 

 

Effective Date:  June 15, 2018