Crawford & Company Global Privacy Notice

This Privacy Notice describes the types of Personal Data that we at Crawford and Company (along with our affiliates and subsidiaries) obtain through the Sites and Services. We explain how we use your information, how we disclose or share it, how long we retain it, and how we keep it safe in collaboration with you. We explain what choices and rights you have with regard to your information and how you may control how your information is used and shared.

Definitions

“Personal Data” means information that can be used to identify you, directly or indirectly, alone or together with other information. This includes things such as your full name, contact information, email address, phone number, device IDs, certain cookie and network identifiers, and other categories described below. Various laws use different terms, such as “personal information,” “personally identifiable information,” and “personal data.” We will use “Personal Data” to include all.

“Process” or “Processing” means anything that is done with Personal Data, including collecting, using, changing, storing, or deleting.

Our “Sites” refer to Crawford’s websites, mobile applications and other software applications made available to you by us.

Our “Services” refer to claims handling or claim management services, loss adjusting, third party claims administration and other claims management and related services.

Key Information

Our primary business is to provide claims management and related services including third party claims administrator services, loss adjusting and associated risk, consulting and other services. Generally, we provide these services to companies such as insurance companies, and other business clients including underwriters, brokers or agents that provide insurance coverage, issue or underwrite the policies, or are responsible for payment of the claims that we handle under their instructions as a vendor. The privacy notice of that company - the insurance company, business client, or other third-party entity - will apply as we process your data on their behalf. Make sure you read their privacy notice and don’t rely on this one.

While our role depends upon the circumstances, Crawford is generally a vendor, data processor, or service provider (the laws use different terms) regarding the Personal Data that we process when we provide our claims handling services. If you are unsure or require further clarification about who controls your Personal Data and their responsibilities, please contact us.

This Privacy Notice does not apply to our HR- or personnel-related data collection practices, when you provide your Personal Data as a job applicant, employee, corporate officer, or independent contractor to Crawford. We will provide the applicable Employee and Applicant Privacy Notice available in connection with an individual’s job application or other HR-related interaction with Crawford.

Please also see here for Cookies and Trackers, plus California and other U.S. states.

Who is covered by this Privacy Notice

For purposes of this Privacy Notice, the term “you” or “your” refers to:

• Business contacts, such as brokers, reinsurers, loss adjusters, experts instructed in relation to claims, service providers, suppliers, professional advisors, conference attendees, visitors to our offices, government officials and authorities;
• Customers, such as insurers, business clients to which we provide our Services, and any other customers in relation to our various service offerings (e.g., employers sponsoring health and benefit plans).
• Users that submit Personal Data through our Sites and/or interact with our Services including, without limitation policyholders or, claimants of our Customers; or
• Other Individuals, who interact with us, our Sites, or our Services, such as visitors who browse our Sites, sign up our newsletter or other marketing communications, attend corporate events, or other business-to-business contacts of our service providers, business partners, and contacts (“Other Individuals”).

Your Personal Data

The information we collect depends upon things such as the nature of our relationship, the method you communicate with us, and the purpose of your interaction with us. We may collect the following information:

• General Identification Information, such as your name, date of birth, age, gender and marital status.
• Contact Information, such as your email addresses, mailing addresses, telephone numbers, professional title and business name.
• Account Information, such as your username, email address, and/or password to login to any online account you may have with us.
• Government-Issued Identifiers, such as your Social Security Number, driver’s license number, passport number, tax identification number, or other identification numbers issued by government bodies or agencies
• Financial Information, such as your bank account numbers and account information, and credit score.
• Professional or Employment-Related Information, such as employment history, current or prior employer, job title, employment benefits, employment status, and professional certifications.
• Policy Information, such as your policy number, policy terms, claims history, and claims data, and details of policy coverage.
• Claim Information, such as the date and particulars of a claim, including causes of death, injury or disability and claim number, photographs, a claimant’s relationship to an insured, and other materials submitted as part of a claim.
• Commercial Information, such as records of your personal property, products or services purchased or other purchasing or consuming histories or tendencies.
• Health or Medical Information, such as current or former physical or mental health conditions, psychological trends, disabilities, behavioral information such as smoking or alcohol consumption, , prescription information, hospital reports, physical characteristics or descriptions, and injury information.
• Other Sensitive Information, in certain circumstances we may also receive information we may receive sensitive information about your trade union membership, religious beliefs, political opinions, family medical history or genetic information. Additionally, we may obtain information about your criminal record or civil litigation history in the process of preventing, detecting, and investigating fraud.
• User-Generated Content, such as any content uploaded to the Services (such as text, images, audio, and video, along with the metadata associated with the information you upload or submit) including, without limitation, the account information by and through the portals or applications we provide to access our services, including your credentials.
• Communications Data, such as information you provide through our online web forms, when you contact us with questions, feedback, surveys, or otherwise choose to provide when you correspond with us online.
• Support Data. We may also maintain records related to customer support and customer service related requests, including the nature of the request, name and contact information of the requestor, associated company name, and information related to the resolution of the request.
• Comments and Content. Some areas of our Sites may allow you to comment, share or post other content. When you submit your comments or content, we keep a record of our content and it may be viewable by other users of the Sites. You may ask us to remove such content as set out below.
• Audio/Video Recordings or Similar Information, such as audio recordings of telephone calls with us for quality assurance and training purposes, details about your visits to our offices (including CCTV), photographs or videos captured during meetings, events or calls with you.
• Device Information, such as information that is automatically assigned to your devices used to access our Sites and/or Services including IP address, unique device identifier (UDID), device type, browser type, location information, and other information about your browser.
• Geolocation Data, such as physical location or movements.
• Usage Data, such as information (including inference based on such information) about how you use the Services and interact with us, including information you provide when you use any interactive features of the Sites or Services, the URL that referred you to our Sites, the areas within our Services that you viewed and your activities there, IP address, domain name, a date/time stamp, Internet service provider (“ISP”), operating system, language, clickstream data and similar device and usage information.
• Social Media Information, such as name, username, email address, or other profile information in connection with your social media account that we may collect if you connect with us through a third-party social network or other websites, such as Facebook, Instagram, Twitter, or LinkedIn.
• Marketing Data, such as your preferences for receiving communications about our activities, events, and publications, and details about how you engage with our communications.
• Other information that you voluntarily share with us to facilitate your use of our Services, which is not specifically listed here. We will use such data in accordance with this Privacy Notice, as otherwise disclosed at the time of collection, in accordance with our agreement, or to the extent necessary for performing the services.

Back to Table of Contents

How and Why we Use your Personal Data

We may use the information we collect and derive for the following purposes:

• Verifying Identity. We use your Personal Data to verify the identity of clients, contacts, policyholders, claimants, partners, and others with whom we do business or who we are considering for consulting or other business relationships and/or to confirm that individuals are authorized to access, use, or share information related to claims or other Services.
  • Legal basis: to provide the contracted Services and to prevent fraud.
• Provide and Improve our Products and Services. We use your Personal Data to provide you with, access to our Sites or to deliver our Services such as handling your claim, servicing your policy, managing complaints or disputes (where applicable), providing various consulting, administration, and claims administration services, perform our contractual obligations to our Clients, and/or to complete the transaction for which we collected the Personal Data. We may also use your Personal Data to evaluate, analyze, improve, and develop our products and services, including our Sites such as performing safety and quality controls of the Services, develop new products and Services and to improve and facilitate your use of our Services.
  • Legal basis: to provide contracted services, respond to communications, and with a legitimate interest to assess and improve current activities, or develop new products / Services. We may also seek your consent for some activities.
• Analytics to Support our Business. We use your Personal Data we collect in analytics models, to facilitate and service our business, including the creation of new products and features associated with our Services. We may also use this information to conduct data analytics, surveys, benchmarking, and risk modeling to understand risk exposures and experience for the purposes of creating Aggregated Data and developing industry and sector-wide reports.
  • Legal basis: in most cases, these activities are based on our legitimate interest to assess, improve, and to develop products and Services. Some activities, like surveys, are based on your consent. Where possible, data is de-identified, pseudonymized, or aggregated to remove any identifiers to identify specific people.
• Marketing and Personalization. We use your Personal Data for direct marketing and promotional purposes, to send you newsletters and information about events and campaigns as well as information we think may interest you. We may do so via ads, email, social media, mail, or other means within the requirements of your local laws. Where required, you will be able to opt in or where permitted, you will be able to opt out. This also includes personalizing your experience with relevant content and offerings.
  • Legal basis: although we have an interest in marketing our Services, you have the right to opt out of marketing activities. There are a few ways to do so, through your own browser settings, opting out of cookies and trackers using the cookie preferences link in the footer of our website, unsubscribing to emails, submitting an opt out to our Privacy Office via the “Contact Me” link, or submitting an individual rights request.
• Service Communication and Customer Care. We use your Personal Data to communicate with you about your use of our Sites and Services, to respond to your comments and inquiries, provide you with the information and documents you request, and for other customer service purposes.
  • Legal basis: to provide contracted Services or upon your request/ consent.
• Legal Requirements. We use your Personal Data to enforce our terms and conditions or protect our business or our Customers, and to comply with our contractual and legal obligations, such as complying with national security or law enforcement requirements, discovery requests, or where otherwise required or permitted by applicable laws, court orders or regulatory authorities; or to establish, exercise, or defend legal claims, whether in court, administrative, or other proceedings, including disputing a claim or recovering a debt.
  • Legal basis: for legal obligations.
• Security and Fraud Prevention. We use your Personal Data to protect, investigate, mitigate, and deter against fraudulent, malicious, unauthorized, infringing, or illegal activity relating to our Services, assets, or products or monitor and ensure the safety and security of our premises, property, employees, and visitors.
  • Legal basis: for legal obligations to safeguard data and protect our assets.
• Corporate Activities. We may use your Personal Data in connection with evaluating, conducting or implementing a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by us is among the assets transferred.
  • Legal basis: we have a legitimate interest in operating our companies but some of this activity may rise to a legal obligation.
• Manage our Business Operations. We may use your Personal Data in connection with our regular business operations, such as maintain accounting records, analyze financial results, comply with internal audit requirements; or obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice.
  • Legal basis: to provide contracted Services.

We may use your Personal Data for other purposes that are consistent with or related to the purposes and uses described in this Privacy Notice, for which your Personal Data was provided to us. We may also combine or aggregate any of the information we collect through our Sites and Services or elsewhere for any of these purposes or for analyzing usage statistics and trends.

Occasionally, we may need to process your Personal Data for reasons such as your vital interests or the public interest. Please be aware that the legal bases listed specifically align the requirements of the General Data Protection Regulation in Europe. We may have other legal reasons to process your Personal Data under other privacy / data protection laws, such as those in the U.S., Canada, Australia, Asia, etc. If you have a question about a particular type of data and our reasons for processing it, please contact us.

Back to Table of Contents

Sharing your Personal Data

When permitted by applicable law, including in cases that require your consent, we may disclose your Personal Data to our affiliates, business partners, service providers, and others, as follows:

• Service Providers: We may share your Personal Data with service providers who perform functions on our behalf such as customer service, handling claims, healthcare providers who provide independent medical examinations, medical equipment companies, information technology, cloud service, web hosting, document management providers, debt collection agencies, recruitment companies, background check and credit reference agencies, credit reporting, and marketing and advertising, among other service relating to our products and Services, and perform billing and payment functions.
• Business Partners: We may make Personal Data available to third parties such as customers, reinsurance companies, brokers, employers, or other insurance intermediaries, and others who may play a role in insurance transactions or the Services provided by us, such as independent claims handlers, appointed representatives, authorised vendors repair shops, and other claims related companies. We will obtain consent prior to disclosing such information if required by applicable law.
• Corporate Affiliates: We may share your Personal Data with our subsidiaries or affiliates within the Crawford group, so that they may provide and improve Services, send you information about products or services that may be of interest to you based on your activity on our website and other information that you have given us. The current list of our locations may be found at https://www.crawco.com/about/our-locations/.
• Acquisition and Similar Transactions: If we sell, transfer or otherwise share some or all of our assets in connection with a merger, reorganization, liquidation, dissolution, bankruptcy, or sale of assets, we may transfer your Personal Data as a part of the assets transferred as a result of the transaction without your consent.
• In Response to Legal Process or Defending Legal Claims: We may disclose Personal Data as required by law, court orders, subpoena, or other legal process or if we reasonably believe such action is necessary to comply with the law and the reasonable requests of regulators, law enforcement, or other public authorities or quasi-government authorities, including fraud detection agencies. We may also disclose the information to establish, protect, or exercise our rights; to defend against a legal claim; to detect, investigate, prevent, or take action against illegal activities or potential threats to the rights, property, or safety of any other person; or as otherwise required by law.
• Professional Advisors: We may share your Personal Data with our insurers, underwriters, actuaries, claims handlers and investigators, surveyors, loss adjustors/assessors, accident investigators, specialist risk advisors, pension providers or trustees, banks and other lenders (including premium finance providers), health professionals, health service providers, and other professional advisors, including attorneys, accountants, auditors, tax advisors, investment advisors, financial institution, and other fiduciaries and consultants that need access to your information to provide operational or other support on our behalf.
• With Your Consent or at Your Direction: We may ask, from time to time, if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this Privacy Notice. We may disclose your information in this context with your permission. For example, where you submit a request for a referral related to a project, repair or other request, or ask us to refer you to or match you a contractor, expert or other professional (such as through Contractor Connection network), we will share the information that you provide us, with network contractors, experts or other professionals who may be able to assist with your project.

Back to Table of Contents

Keeping your Personal Data

We retain and use your Personal Data for an appropriate period of time as is necessary to fulfill the purposes for which it was collected, to comply with our business requirements, client contractual requirements and legal obligations and other business or commercial purposes to the extent provided in this Privacy Notice.

We take reasonable steps to delete the Personal Data we collect when (1) we have a legal obligation to do so, (2) we no longer have a purpose for retaining the information, or (3) if you ask us to delete your Personal Data, unless we determine that doing so would violate our existing, legitimate legal, regulatory, dispute resolution, contractual, or similar obligations. We may also decide to delete your Personal Data if we believe it is incomplete, inaccurate, or that our continued storage of your Personal Data is contrary to our legal obligations or business objectives. When we delete your Personal Data, it will be removed from our active servers and databases; but it may remain in our archives when it is not practical or possible to delete it.

Back to Table of Contents

Protecting your Personal Data

We recognize the importance of safeguarding your Personal Data and we endeavor to maintain reasonable and appropriate physical, technical, and organizational safeguards designed to protect your Personal Data against accidental loss and unauthorized access, use, alteration, or disclosure and to ensure, as far as reasonably possible, the confidentiality, integrity and availability of your information at all times. From time to time, we review our security procedures to consider appropriate new technologies and methods. If you have a security-related concern, please contact us.

Back to Table of Contents

Your Choices & Rights

You may adjust the settings of your devices accessing the Sites or Services, or your account, or use the “Contact Us” details at the end of this Privacy Notice to exercise certain rights and choices under this Privacy Notice, to the extent provided by applicable data privacy laws. If you would like to manage, change, limit, or delete your Personal Data, you may contact us with those requests as well.

If we have your Personal Data through a client, such as in processing a claim, we may have to send your request to our client to respond. If so, we will let you know.

Different privacy / data protection laws provide a range of rights for individuals related to their data. You may or may not have these rights, but please contact us if you have questions. In particular, you have rights in the European Economic Area, United Kingdom, Switzerland, Canada, several states in the U.S. (please see more here), Australia, New Zealand, some countries in Asia and S. America, as well as various other countries. These rights generally include:

• Right of Access. In most privacy laws, you have the right to know or obtain a copy of the Personal Data we process about you.
• Right of Rectification. Please contact us if you believe your information is not accurate or if it changes.
• Right to Erasure. In certain circumstances, you have a right to request that we delete your Personal Data.
• Right to Restrict Processing. You have the right to restrict the processing of your Personal Data when (1) the accuracy of the Personal Data is contested, for a period enabling the controller to verify the accuracy of the Personal Data; (2) the processing is unlawful and you oppose erasure and request a restriction instead; (3) we no longer need the Personal Data, but you need us to keep it for the establishment, exercise, or defense of legal claims; or (4) you have objected to us processing the Personal Data, pending resolution of the objection.
• Right to Portability: You have right to request that we provide your data in a portable form – generally a commonly-used, machine-readable format.
• Right to Object. In certain circumstances, you have the right to object to the processing of your Personal Data where the processing is necessary for performance of a task carried out in the public interest, for our Legitimate Interests, or for the Legitimate Interests of others. You also have the right to object where Personal Data is processed for direct marketing purposes or for scientific or historical research purposes or statistical purposes.
• Right to Withdraw Consent. If you have provided your consent to the collection, processing, and transfer of your Personal Data, you may have the right to fully or partially withdraw your consent, which would then apply from that point forward.

Please also be aware that depending on the laws that apply, there may be exceptions or limits to your rights. If we do not honor your request, we will explain our reasons.

Back to Table of Contents

Communication Preferences

If you no longer wish to receive communications from us via email, you may opt-out of certain types of communications (as described below) by clicking the “unsubscribe” link at the bottom of our emails or by contacting us and providing your name and email address so that we may identify you in the opt-out process. Once we receive your instruction, we will promptly take action.

• Marketing Communications. We will send you email notifications and free newsletters from time to time with offers, suggestions and other information. You may “opt-out” from receiving marketing emails from us by following the “Unsubscribe” instructions provided in any such email we send you.
• Legal or Security Communications. We also send out notices that are required for legal or security purposes. For example, certain notifications are sent for your own protection. In other cases, these notifications involve changes to various legal agreements, such as this Privacy Notice or the Terms of Service. Generally, you may not opt out of such emails.
• Account Communications. If you subscribe to our Services, we may send you communications regarding such Services. We may also send communications providing customer support or responses to questions regarding the operation of the Services. Generally, you may not opt out of such emails.

Back to Table of Contents

Complaints

If you believe that your rights relating to your Personal Data have been violated, you may lodge a complaint with us by contacting us.

Depending on the laws in your country, you may also submit a complaint to your legal authorities. Please see here for a list: (provided for convenience, we do not monitor it).

https://globalprivacyassembly.org/participation-in-the-assembly/members-online/

Back to Table of Contents

Cookies and Similar Technologies

We do use cookies and trackers on our Sites. Please refer to our Cookie Page for more information. Also, you may click Cookie Preferences in the footer of the pages to set or change your options. You may also use browser settings, such as Global Privacy Control, to set your preferences on your own browser. Please click the "Cookie Preferences" link at the bottom of this web page. Please be aware that if you set your preferences to not retain cookies and trackers, then your selections on certain websites may not be retained because your settings reject those cookies.

Video trackers. We have various videos on our website. You can share these to your social media or to others and if so, you will be directed to that outside resource, for example, logging into a social media account. We do not capture your log-in information or content. We only track your device information, such as IP address, to know when someone is sharing and if you have not opted out, we may use that information to show you ads related to us based on your sharing the videos.

Back to Table of Contents

Links to Other Sites

This Policy does not apply to any third-party websites or applications.

Our Services may contain links to websites or mobile applications operated and maintained by third parties. These links are to external websites and third parties that have their own privacy policies. If you follow any links that direct you away from the Sites or Services, including links to social media sites or to other websites, this Privacy Notice will not apply to your activity on the other sites you visit.

Any Personal Data provided by you or automatically collected from you by a third party will be governed by that party’s privacy notice and terms of use. If you are unsure whether a website is controlled, affiliated, or managed by us, you should review the privacy notice and practices applicable to each linked website.

Back to Table of Contents

International Data Transfers

We are a global company and the Personal Data that we collect from you may be transferred to, accessed or stored in, and subject to requests from law enforcement in, jurisdictions outside of your home jurisdiction, including without limitation the United States, the Philippines, Australia, Canada, India, the European Union and other jurisdictions, in which we or our service providers and business partners operate. Some of these jurisdictions may not have the same data protection laws as your home jurisdiction.

We will comply with applicable legal requirements when transferring Personal Data to countries other than the country where you are located. If you are located in the European Economic Area (EEA), the UK or any other jurisdiction with data transfer requirements, we will transfer your Personal Data in accordance with adequacy decisions, standard contractual clauses or other data transfer mechanisms compliant with applicable laws. We will protect your Personal Data in accordance with this Privacy Notice or as otherwise disclosed to you. By using our Sites and Services, or requesting services from us, knowing these activities, you are indicating that you understand and consent to the collection, storage, processing, and transfer of your information to our facilities in the United States and those third parties with whom we share it as described in this Privacy Notice. If we are required to acquire explicit consent for certain purposes, we will do so.

You have the right to obtain a copy with details of the mechanism under which your Personal Data is transferred outside of the EEA. You may request such details by following instructions at the “Contact Us” section below.

Back to Table of Contents

Children's Privacy

The U.S. Children’s Online Privacy Protection Act (“COPPA”), as well as other data privacy regulations around the world addressing Personal Data from minors, restrict the collection, use, or disclosure of Personal Data from and about children on the Internet. Our Sites and Services are intended for adults over the age of majority in their place of residence. Consequently, we do not knowingly collect personally identifiable information from any person under the age of 18. If we learn that we have collected Personal Data from a child under age 18 without a parent’s or legal guardian’s consent, we will take steps to stop collecting that information and delete it. If you are a parent or guardian of a child under 18 years of age and you believe your child has provided us with Personal Data, please contact us.

Back to Table of Contents

Updates to this Privacy notice

We review our Privacy Notice regularly and will place any updates on our website and in relevant communications. The effective date listed at the top of this Privacy Notice will also be the most recent date this Notice was updated.

Back to Table of Contents

Contact Us

For more information, or if you have any questions or concerns regarding this Privacy Notice or how we handle your information you may contact us using the information below.

Where: Global
Who: K Royal, PhD, Global Chief Privacy Officer
Email: privacy@us.crawco.com
Address: Global Privacy Office | 5335 Triangle Parkway NW | Peachtree Corners, GA 30092 | USA

Where: EU / EEA / UK / Switzerland
Who: David Parker, Group Data Protection Officer
Email: privacy@global.crawco.com
Address: Global Privacy Office, UK | The Hallmark Building | 106 Fenchurch Street | London EC3M 5JE, United Kingdom

Where: Australia
Who: David Parker, Group Data Protection Officer
Email: privacy@global.crawco.com
Address: Crawford & Company (Australia) Pty Ltd | Level 3, 324 St. Kilda Rd | Southbank, VIC 3006 AU

Where: Canada
Email: privacy@global.crawco.com
Address: Crawford & Company (Canada) Inc. | Riverbend to 200-2300 University Ave E | Waterloo, ON N2K 0A2

Back to Table of Contents