- who collects information,
- what information is collected, how this is done, and where the information is stored,
- how CRICO uses and discloses the information that is collected,
- your rights to view and correct information submitted voluntarily to CRICO,
- what security procedures we use to protect your information,
- how the interactive areas of CRICO operate,
- how we comply with the Children’s Online Privacy Protection Act, and
means anonymous, aggregated information where an individual cannot be identified as the source of the information. As a website gathers individual pieces of Non-Personal Information from its users, it may combine similar data from many or all of the users of the website into one big “batch.” For example, the site may add up the total number of users in Peoria, Illinois, (but not their names) who are seeking information about medical malpractice insurance and compare that to the number of people in Petaluma, California seeking the same information.
This sort of statistical information is called Aggregate Information because it reflects the habits and characteristics of a large group of anonymous people. Websites may use Aggregate Information or share it with business partners so that the information and services they provide best meet the needs of the users. Aggregate Information also helps advertisers and sponsors on the Web know how effectively they are reaching and meeting the needs of their target audience.
short for web browser, means a software application used to locate and display pages of the Internet.
“Click Stream Information”
is a record of all the pages you have visited during your visit to a particular website or the services you have accessed from the site or from an email. Click Stream Information is associated with your Browser and not with you personally. It records the archives of your Browser.
means a small data file that is stored on the hard drive of the computer you use to view a website. Cookies are placed by that site or by a third party with a presence on the site, such as an advertiser using a Web Beacon and are accessible only by the party or site that placed the Cookie on the computer (i.e., a Cookie placed on your computer by CRICO is not accessed by any other site you visit, but a Cookie placed on your computer by an advertiser may be accessed by any site on which that same advertiser has a presence). Cookies can contain pieces of Personally Identifiable Information. CRICO encrypts any PII it stores in its Cookies. These Cookies often are used to make the site easier to use. For example, if you check a box to ask that we store your user name on your computer so that you don’t have to enter it each time you visit the site, it’s stored in a Cookie on your computer.
is the translation of data into a secret code. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. This is typically done by so called “secure computer systems.”
is a system designed to prevent unauthorized access to or from a public or private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized users from accessing private portions of public networks. All messages entering or leaving the network pass through the Firewall, which examines each message and blocks those that do not meet specified security criteria.
“Guest Wireless Network”
“Non-Personal Information” or “NPI”
is information that is not traceable back to any individual and cannot be used to identify an individual. For example, Click Stream Information is Non-Personal Information, as is information such as gender, age, city, and physical location, when not linked with other Personally Identifiable Information.
is a secret series of characters, typically alphanumeric (meaning it consists of both letters and numbers) that enables a user to access a file, computer, or program. The user must enter its, his, or her Password before the computer or system will respond to commands. The Password helps ensure that unauthorized users do not access the system. In addition, data files and programs may require a Password.
Ideally, the Password should be something that nobody could guess. In practice, many people choose a Password that is easy to remember, such as their name or their initials. This is one reason it is relatively easy to break into many computer systems.
“Personally Identifiable Information” or “PII”
is information by which an individual may be personally identified (in contrast to Non-Personal Information and Aggregate Information ). Examples of PII include your name, home address, telephone number, email address, and Social Security number.
is a computer that provides services to other computers. A “web server” stores website files and “serves” them to people who request them.
“Secure Sockets Layer” or “SSL”
is a security protocol for transmitting private information via the Internet. SSL works by using a private key to encrypt data that’s transferred over the SSL connection. Many websites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that utilize an SSL connection start with https: instead of http:.
is a name used to gain access to a computer system or program. Usernames, and often Passwords, are required in shared systems, such as the Internet. In most such systems, users can choose their own Usernames and Passwords.
are tiny graphic image files, embedded in a web page in GIF, jpeg, or HTML format, that provide a presence on the web page and send back to its home server (which can belong to the host site, a network advertiser, or some other third party) information from the users’ Browser, such as the IP address, the URL of the page on which the beacon is located, the type of Browser that is accessing the site, and the ID number of any Cookies on the users’ computer previously placed by that Server. Web Beacons can also be used to place a Cookie on the users’ Browser.
Certain General Principles, Terms, and Disclaimers
Keeping your information secure is a priority for CRICO. Consequently our privacy standards are designed to, on a commercially reasonable basis:
- collect and use only information we reasonably determine to be necessary for us to deliver high quality service to users, to administer our business, to improve our business or services, and to let you know of products and services that are available from CRICO,
- protect the information our visitors share with us, maintaining industry standards of security and confidentiality,
- require any other organization that we retain or engage to provide support services to us to conform to our privacy standards or, at minimum, assert that it will maintain the reasonable standard of care for security and confidentiality, and
- keep visitor files, if any, complete, up to date, and accurate.
Some features on the Website may require you to register as a user and to receive our authorization before you can use those particular features. Whether you are an individual or a corporation, partnership, or other form of entity, in order for you to obtain our authorization to use those features and to be considered a registered user, you may be required to provide us with certain information about you or your business and, if a business, any or all individuals you designate to represent that business in connection with your use of the Website (e.g., names, addresses, email addresses, telephone numbers, and other Personally Identifiable Information of each individual who will use the Website). Once we have authorized you as a registered user, we may provide you with a customer identification number and you will select a unique Username and Password. Generally, you will be able to change your Password and any Personally Identifiable Information you have given us in order to protect the security of your Password and reflect updates to your information. If you are a designated representative of a business, keep in mind that a properly authorized representative of that business may revoke your status and, if we are notified of this revocation, CRICO will immediately terminate your right to use the Website as a registered user representing that business. Please note that submitting information to us is not a guarantee or assurance that we will grant authorization to you or permit you, or anyone you designate, to use any or all of the services of the Website. If for any reason you are not granted authorization we will retain the information you submit to us only in order to communicate with you regarding your application; we may, however, request additional or follow-up information for audit purposes or as may be required by law or regulation.
If you are submitting Personally Identifiable Information on behalf of others in your family, business or other organization for registration purposes or otherwise, you represent and warrant that you have their permission, agreement and full authorization to provide this information to us. We reserve the right (a) to ask you to provide evidence of your authority at any time during, or even after, the submission process and (b) to contact those individuals to confirm your authority at any time. If we determine that your authority has not been properly obtained, we may immediately and without notice to you discontinue your authorized use of those features of the Website for which you have registered.
Who Collects Information Through the Website
Information We Collect and How it is Used
The following list provides examples of how we may use your Non-Personal Information and Personally Identifiable Information.
- To display content we think may be of interest you and others and otherwise help us customize what you see when you visit the Website.
- To solicit user feedback to assess user-satisfaction or other needs and interests.
- To help us in creating new tools, features, and services.
- To provide you with notice of new features or other changes relating to the Website or Wireless Network.
- To contact you with regard to any registration you may have with the Website or Wireless Network.
- To confirm or fulfill an order you have made through the Website.
- To send you material on behalf of our partners.
- To assess and monitor usage of the Website or Wireless Network and specific features or services.
How we collect NPI.
Anonymous nature of NPI; linking of NPI and PII.
Generally, the NPI we collect about you is attached to arbitrary, anonymous system names that are assigned to visitors when they enter the Website. Please note, however, that during the registration process, or at other times during your use of the Website, we may ask for your permission to link your NPI with your PII.
Examples of how we may use NPI.
The anonymous NPI we obtain from you is generally used to render, administer, and improve the Website, our services, and our business. We may use NPI to do any of the following (please note that this list is not exhaustive, only representative and provided only to assist you in understanding how we might use the NPI we collect).
- To help dynamically generate content on web pages or in newsletters.
- To statistically monitor how many people are using the Website.
- To track generic user behavior (see, for example, the definition of “Click Stream Information”).
- To monitor how many people open our emails.
- To help us evaluate the purpose our users undertake certain activities, including those listed immediately above.
- To determine the popularity of certain content.
- To facilitate users’ log-in and navigation and as session timers.
- To restrict underage use of our services.
Disclosure of Aggregate Information. CRICO may provide Aggregate Information to third parties. For example, we might inform third parties regarding the number of users of the Website and the activities they conduct while on the Website. We require parties with whom we share Aggregate Information to agree that they will not attempt to make this information Personally Identifiable Information, such as by combining it with other databases.
How we collect PII. The PII that we collect and store generally consists of information gathered when you register with the Website for specific services and/or when you update any registration or profile information, but may also include other data input, forms, and information you provide to us whether electronically, by phone, by telecopier, in writing, in person, or by any other means.
If you are registered to use particular services, you acknowledge and also consent to our tracking activities and use of the Website under your Username in connection with those services (e.g., in order to maintain quality control and contact you concerning your transactions or subscriptions, should it be necessary or appropriate to do so).
Disclosure of Your Personally Identifiable Information
CRICO will not disclose your Personally Identifiable Information to any third party other than: (a) at your request or with your consent, (b) to outsource one or more of our internal functions, products, or services, or (c) to private entities and law enforcement or other government officials as we, in our sole discretion, believe necessary or appropriate (i) to investigate or resolve possible problems or inquiries, (ii) to protect our own business and assets, or (iii) in special cases, such as a physical threat to you or others.
Your Rights to View and Correct Information Submitted Voluntarily
In most cases, the tools that collect and store Personally Identifiable Information allow you to correct, update or review that information (and any preferences) by logging-in to the specific service and making the desired changes to your registration information. In most cases you may also withdraw your registration by sending us an email at [email protected]. If you withdraw a registration with the Website your PII may not be deleted from our records and we may use that data for internal purposes.
What Security Procedures We Use to Protect Your Information
Access to data and technology relating to user information is Password protected and limited to authorized personnel. In addition, CRICO uses industry standard technology to keep users’ information secure while residing on CRICO’s Servers.
Listed below are some of the security procedures that CRICO uses to protect your privacy:
- Requires both a personal username and a password for users to access their Personally Identifiable Information.
- Uses firewalls to protect information held in our servers.
- Utilizes Secure Socket Layer (SSL) encryption in transmitting PII to our servers. To take advantage of encryption technology, you must have an Internet browser which supports 128-bit encryption.
- Closely monitors the limited number of CRICO employees who have access to your PII.
- Backs up our systems to protect the integrity of your PII.
How the Interactive Areas of the Website Operate
As a service to our users, the Website may feature message boards, chat rooms, and/or other public forums where users with similar interests can share information and support one another or where users can post questions for others to answer. We may also offer online discussions moderated by topical experts.
In addition, you may choose to use certain interactive content, tools, and services that ask you to voluntarily provide information about yourself. Some of these tools (like certain quizzes or calculators) do not retain information, while others may store information in accordance with the authorization you provide at the time you use the service or tool. Please be aware of this fact.
Any chat room, message board, or similar interactive service is by design open to the public and is not a private, secure service, and CRICO is not responsible for the privacy of information voluntarily provided by a user in interactive areas. You should think carefully before disclosing any Personally Identifiable Information in any public forum because what you have written may be seen, disclosed to, or collected by third parties and may be used by others in ways we are unable to control or predict, including to contact you for purposes unauthorized by you.
How we Comply with the Children’s Online Privacy Protection Act
Our Website is not intended for children under 13 years of age. We are a general audience website, and do not direct any of our content or knowingly market our products or services to children under the age of 13. Additionally, we do not knowingly collect Personally Identifiable Information from children under 13. If you are under 13, do not use or provide any information on this Website on or through any of its features. If we learn we have collected or received Personally Identifiable Information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at [email protected].