Effective Date: August 1, 2019
Who we are
Scope of this policy
Crawford & Company is the responsible party (e.g., “data controller”) for your personal information collected and processed under this Policy. Where the processing of personal information is also undertaken by other Crawford Group companies with whom you engage, they are joint controllers with Crawford & Company for your personal information. See the “Contact Us” section below for a list of relevant Crawford Group members (“joint controllers”) and their locations, as well as details on how to contact Crawford or exercise your rights with respect to your personal information.
GDPR and Crawford’s EU Privacy Notice (“EU Privacy Notice”): Our EU Privacy Notice available here contains additional information about how we process personal information that is subject to the EU General Data Protection Regulation and associated European Union/European Economic Area (“EEA”) national laws (together, the “GDPR”). Crawford’s EU Privacy Notice applies to our processing of personal information from EU users of the Sites, as well as other personal information that is subject to the GDPR.
Information we collect
We may collect personal information directly from you, such as when you register for news and information, contact us online or submit forms through the Sites. We may also collect personal information from third parties and automatically through your use of the Sites. In this Policy, “personal information” means any information that identifies or could be used to identify an individual person, and includes other similar terms like personal data or personally identifiable information.
Information collected directly. We collect information that you provide to us or share on the Sites, such as:
- Registration Information and Requests. Many of our Sites and other information available on our Sites can be accessed without registering. However, we may require you to submit your name, company name and contact information to access certain products or information, such as reports and whitepapers or e-learning content. We may also require registration or the completion of an online form to submit certain inquiries, jobs or other requests. The information that we collect will vary depending upon the context of your request, but will generally include your name, company name, contact details, a description of your request and other relevant information. We will tell you what information is mandatory and what is optional.
- Communications. When you email us, call us or contact us, we maintain records about our interactions and communications with you.
- Customer Service and Support. We also maintain records related to customer support and customer service related requests, including the nature of the request, name and contact information of the requestor, associated company name, and information related to the resolution of the request.
- Comments and Content. Some areas of the Sites may allow you to comment, share or post other content. When you view this content, we keep a record of our content and it may be viewable by other users of the Sites. You may ask us to remove such content as set out below.
- Recruiting and Job Applicants. If you apply for an employment position with us online, we will collect information such as your name, contact information, CV/resume, professional qualifications, job history and other information relevant to your application or that you otherwise submit to us.
- Professionals, Experts, Contractors. We work with external professionals, experts, consultants and others in order to deliver our client services and otherwise make our products and services available. We may collect information through the Sites of these third parties, in order to consider them, review their qualifications or assign specific tasks or jobs to them.
For more information, see the “Cookies and similar devices” section below.
- Access-restricted Areas and Submission Forms. We may make available access-restricted portals and certain submission forms, to allow clients and other third parties (e.g., claimants) to provide us with information or review information related to our client services. You must be authorized to use or access these areas, and if you register online to access them or otherwise submit information through them, we may take steps to verify your authorization and identity, including by requesting additional information from you or third parties (such as the clients for whom we are acting). While these forms and portals may be available or linked to from the Sites, they are subject to additional policies and terms.
- Client-services and Claims-related information. We handle personal information as a result of providing our claims handling and related services to our clients (the “client services”). This information may include claims-related information, transactional details, health, disability and medical information, identification information and other information; our handling of this personal information is subject to our client agreements (and their respective policies)–not this Policy–since we are acting on behalf of and under the instruction of our clients (i.e., as a data processor).
Client Claims Data
Our primary business is to provide claims management and related services globally – including third party claims administrator (or “TPA”) services, loss adjusting and associated risk, consulting and other services. Generally, we provide these services to entities that provide coverage, issue or underwrite the policies, or are otherwise responsible for payment of the claims that we handle. We refer to these entities as “insurers” which broadly includes insurance companies, brokers, agents, underwriters, self-insured entities, and others entities that issue or underwrite policies, provide coverage for, or otherwise make decisions regarding the claims we handle.
As a part of our claims management services, we process claims and handle administrative functions for insurers, such as receiving notices of claims, administering forms and documentation requests and providing customer support-related services to claimants. We also help insurers assess and establish their liability for particular claims and make recommendations related to the settlement of claims, including payments, repairs and replacements. We process personal information during the course of providing our claims management activities to insurers.
Use of personal information
In the course of conducting our business, we use personal information to provide and improve our services, to process employment inquiries, to provide information about our products and services, to respond to requests and to otherwise communicate with you and others.
- Providing Support and Services: To provide and operate our services and the Sites, communicate with you about your use of the Sites, respond to your inquiries, provide troubleshooting, fulfill your orders and requests, process your payments, and complaints and inquiries, provide technical support and for other customer service and support purposes.
- Personalization: To tailor content we send or display on the Sites in order to offer location customization and personalized help and instructions and to otherwise personalize your experiences.
- Marketing and Promotions: For direct marketing and promotional purposes. To send you newsletters, special offers or promotions and contact you about our products or services or information we think may interest you. If you are located in a jurisdiction that requires opt-in consent to receive electronic marketing messages, we will only send you such messages if you opt-in to receive them. We do not use the information we collect from third parties in providing the client services or handling specific claims for marketing and promotional purposes.
- Analytics and Improvement: To better understand how users access and use the Sites and other products and offerings and for other research and analytical purposes, such as to evaluate and improve our services and business operations and to develop additional products, services and features.
- Comply with Legal Obligations: To comply with the law or legal proceedings. For example, we may disclose information in response to subpoenas, court order, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.
- General Business Operations: Where necessary to the administration of our general business, accounting, record keeping and legal functions.
- Anonymous and De-identified Information. We may de-identify information and create anonymous and aggregated data sets and reports in order to assess, improve and develop our business, products and services, prepare benchmarking reports on our industry and for other research and analytics purposes.
- Client Services and Claims Handling. As noted, we may collect certain personal information online that is used to provide our client services (including claims handling services), and we use such personal information on behalf of and under the instructions of our clients and subject to our client agreements.
Disclosure of information
We do not sell your personal information to third parties. In general, we disclose the personal information we collect as follows:
- Crawford Group. As a global company, your personal information may be shared amongst our affiliated and subsidiary companies (listed here), whose handling of personal information is subject to this Policy.
- Service Providers. We may share your information with third-party service providers who use this information to perform services for us, such as payment processors, hosting providers, auditors, advisors, consultants and customer service and support providers.
- Enterprise Users. If you use the Sites on behalf of your company (our client), we may share such information with the relevant client.
- Business Transfers. We may disclose or transfer information, including personal information, as part of any merger, sale, and transfer of our assets, acquisition or restructuring of all or part of our business, bankruptcy or similar event, including related to due diligence conducted prior to such event where permitted by law.
- Legally Required. We may disclose your information if we are required to do so by law (e.g., to law enforcement, courts or others, e.g., in response to a subpoena or court order).
- Protect our Rights. We may disclose information where we believe it necessary to respond to claims asserted against us or, comply with legal process (e.g., subpoenas or warrants), enforce or administer our agreements and terms, for fraud prevention, risk assessment, investigation and protect the rights, property or safety of Crawford, our clients and customers or others.
- Anonymized and Aggregated Data. We may share aggregate or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.
- Referrals. Where you submit a request for a referral related to a project, repair or other request, or ask us to refer you to or match you a contractor, expert or other professional (such as through Contractor Connection network), we will share the information that you provide us, with network contractors, experts or other professionals who may be able to assist with your project.
- Client Services and Claims-related Personal Information. As noted above, we are a service provider to our clients, and a data processor with respect to the personal information we collect in performing our client services (including claims handling services). Any personal information we collect related to handling claims on behalf of our clients, may be disclosed to such clients or others as directed by our clients; such disclosures are subject to our clients’ policies.
Cookies and similar devices
Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Sites, while others are used to enable a faster log-in process or to allow us to track your activities while using our Sites. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.
Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (also referred to as web beacons, web bugs or pixel tags), in connection with our Sites to, among other things, track the activities users of our Sites, help us manage content, and compile statistics about usage of our Sites. We and our third-party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Log files. Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version and internet browser type and version. This information is gathered automatically and stored in log files.
We may send periodic promotional emails to you and where required by law, we will obtain your consent to do so. You may opt-out of such communications by following the opt-out instructions contained in the promotional email. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or any services you have requested or received from us.
We are a global company, and the data that we collect from you may be transferred to, accessed or stored in and subject to requests from law enforcement in jurisdictions outside of your home jurisdiction, including the United States, the Philippines, Australia, Canada, the European Union and other jurisdictions (see group companies listed here) in which we (or our service providers) operate. Some of these jurisdictions, including the United States and the Philippines, may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements.
If you are in the European Economic Area, and we process your personal information in a jurisdiction that the European Commission has deemed to not provide an adequate level of data protection (a “third country”), we will implement measures to adequately protect your personal information, such as putting in place standard contractual clauses approved by the European Commission (the form for these clauses can be found here) or another measure that has been approved by the EU Commission as adducing adequate safeguards for the protection of personal information when transferred to a third country.
We have implemented appropriate safeguards and technical measures to protect the personal information that we have under our control from unauthorized access, use or disclosure (such as where appropriate, access controls and encryptions). However, no data security measures can guarantee 100% security.
As a general rule, we retain your personal information for as long as necessary to fulfil the purposes for which it was collected or as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, as required by clients and to enforce our agreements. We may retain personal data for longer where required by our regulatory obligations, professional indemnity obligations or where we believe it is necessary to establish, defend or protect our legal rights and interests or those of others.
Your choices and rights
We know the importance of accurate data.
Direct Marketing. You may always opt-out of direct marketing emails from us by following the instructions in such emails or emailing firstname.lastname@example.org. Crawford may continue to send you transactional or service-related communications, such as service announcements and administrative messages.
Complaints. We will take steps to try to resolve any complaint you raise regarding our treatment of your personal information. You also have the right to raise a complaint with the privacy regulator in your jurisdiction.
EU Individuals. Additional information for EU individuals about their rights under EU data protection laws is available in our EU Privacy Notice.
Your California privacy rights
California residents have the right to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclose to third parties for their own direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to email@example.com.
Information about children
Our Sites are not directed towards children and we do not encourage children to participate in providing us with any personal information. We do not knowingly collect any personal information from children under the age of 16. If you have reason to believe that a child under the age of 16, without a parent or guardian's consent, has provided personal information to us through the Sites, please contact us at firstname.lastname@example.org.
If you have questions or concerns regarding this Policy, please contact us at:
Crawford Global Privacy Office
Chief Privacy Officer
If you are in the European Union, you may also contact our EU Data Protection Officer as set out in the EU Privacy Notice.
Other Crawford Group members
Crawford & Company
5335 Triangle Parkway NW
Peachtree Corners, GA 30092 USA
Broadspire Services, Inc.
5335 Triangle Parkway NW
Peachtree Corners, GA 30092 USA
Crawford & Company International, Inc.
5335 Triangle Parkway NW
Peachtree Corners, GA 30092 USA
Crawford & Company (Australia) Pty Limited
Level 18, 383 Kent Street
Sydney, NSW 2000 AU
Crawford & Company (Canada) Inc.
Riverbend to 200-2300 University Ave E,
Waterloo, ON N2K 0A2