Effective Date: 04/11/2017
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.- based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Information Collection and Use
Certain products offered by Quotit require registration to access. Each time you access Quotit’s site, you need to enter a username and password to access your account information. In your account pages, we collect your contact information such as your name, email, phone number, postal address, sensitive information like (Tax Identification Number, Social Security Number, and Protected Health Information) and business information such as company name and address that you choose to provide to us. We also provide you the functionality to enter your clients’ information on our site & generate proposals and quotes through our system. This third party personally identifiable information includes your clients’ name, phone number, address, age, along with sensitive information such as their medical information. This information is not shared by Quotit with any third parties for their promotional purposes and is only disclosed to a service provider when you the broker select to request a quote on our site from one of our service providers.
Quotit may receive and store information about your potential customers and their dependents (if applicable) such as name, address, gender, Social Security Number, age and answers to medical questions (if applicable) whenever this information is provided through the Website.
Cookies and Tracking Technologies
Analytics / Log Files
As is true of most web sites, we gather certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.
We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you, to improve marketing, analytics, or site functionality.
We partner with a third party to either display advertising on our website or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here.
The Site contains links to other web sites. Quotit is not responsible for the privacy practices or the content of these other web sites. Customers and visitors will need to check the policy statement of these others web sites to understand their policies. Customers and visitors who access a linked site may be disclosing their private information. It is the responsibility of the user to keep such information private and confidential.
Social Media Widgets
Our Website includes Social Media Features, such as the Facebook Like button, and Widgets, such as the Share this button or interactive mini-programs that run on our website. These Features may collect your Internet protocol address, which page you are visiting on our website, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our website. Your interactions with these Features are governed by the privacy statement of the company providing it.
We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
If you choose to use our referral service to tell an agent or broker about our site, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting him or her to visit the site and register for a free trial account. Quotit stores this information for the sole purpose of sending this one-time email and tracking the success of our referral program. Your friend may contact us at email@example.com to request that we remove this information from our database.
Collection and Use of 3rd Party PII
You may also provide personal information about other people, such as their name, date of birth and gender. This information is only used for the sole purpose of completing your request or for whatever reason it may have been provided, including the provision of quotations for health insurance coverage. We may share information with your health plan carriers during the underwriting process, as well as affiliated businesses, when necessary to provide services through those companies.
In the event your client seeks to enroll in a health insurance product, we may share information with applicable health plan carriers during the underwriting process, as well as affiliated businesses, when necessary to provide services through those companies.
In certain situations, Quotit may be required to disclose personal data in response to lawful requests by public authorities. We reserve the right to disclose your personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on our Web site.
In the event Quotit involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personally identifiable information, as well as any choices you may have regarding your personally identifiable information.
We use a third party service provider to send out newsletters from our site. We use a third party to process credit card information when you “fund your account” on our site. Neither of these third parties is authorized to use your information for their promotional purposes. None of the personally identifiable or third party personally identifiable information you enter on our site is shared with this service for promotional purposes without your explicit consent. We work with third parties (Insurance carriers) to service quote or enrollment requests on our site. When you enter the personally identifiable information of your clients into our system requesting a quote, [third party PII] these third parties are not authorized to use your personally identifiable information for any other purposes, promotional or otherwise, beyond servicing your request.
Occasionally, we survey our Users to provide us more insight into the nature of their usage, to obtain a demographic profile of our Users, or to request feedback on existing or future features and services. Participation in these surveys is completely voluntary, and the User therefore has a choice whether or not to disclose this information. User’s personally identifiable information is not shared with third parties unless we give prior notice and choice.
Use of Geo-Location information
We collect information about your location when you use or access our mobile applications. The degree of precision of the location data varies depending on the source of such information. Those sources include:
Information from electronic sources that communicate with your device:
- Wi-Fi access points (by location and triangulation)
- Cell towers
- Bluetooth-enabled devices, beacons and sensor data
Data from your device through settings you activate:
- GPS location
Other location sources:
- IP address
- Information in content you provide
- Trusted partners, including marketing and data security partners
We collect and use this location-related data in order to:
- Provide you with services you have purchased or requested
- Deliver marketing or ad content that is relevant to you based on your location
- Protect against abuse or misuse of services or of your account
- Improve our site and services
You may disable the collection and use of your location data through browser-, operating system- or device-level settings. Consent concerning location data may be withdrawn at any time for following these steps.
- Go to Settings > Privacy > Location Services.
- Make sure that Location Services is on.
- Scroll down to find the app.
- Tap the app and select an option:
- Never: Prevents access to Location Services information.
- While Using the App: Allows access to Location Services only when the app or one of its features is visible on screen. If an app is set to While Using the App, you might see your status bar turn blue with a message that an app is actively using your location.
- Always: Allows access to your location even when the app is in the background.
- Go to “Settings.”
- Click on “General” and then “Apps.”
- Click on “Configure apps” or “App settings.”
- Click on “App permissions.”
- You’ll see your phone features. Click on “Your location.” Here, you can then click on the apps for which you want to disable location-tracking permissions.
With respect to security: When we transfer and receive certain types of sensitive information such as financial or health information, we redirect visitors to a secure server and will notify visitors through a pop-up screen on our site.
Our Site has security measures in place to help protect against the loss, misuse, and alteration of the personally identifiable information and Data under our control. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. Quotit hosts the Site in a secure server environment that uses a firewall and other industry-standard technology to help prevent interference or access from outside intruders. Quotit also requires that unique user names and passwords must be entered each time a customer logs on to the Site. We use SSL encryption to ensure that users’ sensitive information is protected and encrypted when processing credit card transactions.
Correcting & Updating Your Information
Quotit Corporation will provide you or your clients with information about whether we hold any of your personal information. To access your personally identifiable information and the third party information of your clients hosted in your account on our site, sign into your account & you have access to all the information you have entered into our site & from here you can update, delete/remove your information or change your preferences. In the event that you no longer require the services of our site & select to delete your account, please contact us at the email provided below & we shall service this request on your behalf. We will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services contact us at firstname.lastname@example.org. We will respond to your request to access within a reasonable timeframe. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Information Related to Data Collected through the Quotit Platform
Quotit collects information under the direction of its Clients, and has no direct relationship with the individuals whose personal data it processes. If you are a customer of one of our Clients and would no longer like to be contacted by one of our Clients that use our service, please contact the Client that you interact with directly. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Clients.
Quotit Corporation acknowledges that you have the right to access your personal information. Quotit has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to Quotit’s Client (the data controller). If requested to remove data we will respond within a reasonable timeframe.
We will retain personal data we process on behalf of our Clients for as long as needed to provide services to our Client. Quotit will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Notification of Changes
If you have any questions about this Policy, please contact us at:
3333 Michelson Dr
Irvine, CA 92612
We can be reached via e-mail at email@example.com or you can reach us by telephone at 1-866-4-QUOTIT
If you feel that this site is not following its stated information policy, you may contact us at the address or phone number above, or The DMA’s Committee on Ethical Business Practices at firstname.lastname@example.org.
Opt Out/ Choice
If you do not want to receive e-mail newsletters from us in the future, please let us know by sending us e-mail at the address in the questions section of the privacy statement. You can opt out of receiving newsletters directly in the email you’ve received by selecting the “Unsubscribe” function present in each email.
If you supply us with your postal address on-line you will only receive the information for which you provided us your address.
Persons who supply us with their telephone numbers on-line may receive telephone contact from us with information regarding new products and services or upcoming events. If you do not wish to receive such telephone calls, please let us know by sending us e-mail at the address below, or calling us at the telephone number provided. Please provide us with your name and phone number when you call to unsubscribe and we will be sure your name is removed from the list we share with other organizations.
If our information practices undergo a material change at some time in the future we will contact you by email and a prominent notice on our site prior to the change becoming effective, before we use your data for these new purposes to notify you of the policy change and to provide you with the ability to opt out of these new uses.
Quotit HIPAA Policy
This document sets forth Quotit Corporation’s policy implementing the Health Insurance Portability and Accountability Act (HIPAA), and applies to the following products and services offered and owned by Quotit Corporation (“we,” “us,” “Quotit”), a subsidiary of National General Holdings Corp: quotit.com and www.quotit.net (“Website”), AgentCubed Product Suite,” which includes the selected application services and application services software for insurance agents to manage customer relationships and lead distribution. API Web Service and supporting services including Quotit ActWS, Quotit ProgramsWS, Quotit AppsWS, Quotit OES, Quotit iPro, Quotit ePro, Quotit mPro and Quotit OCS. Such integral programs function as the Quoting System for Online Insurance Rate and Proposal Generation, Contact Management, and Online Application Enrollment (the “Quoting System”).
Quotit is committed to protecting the confidentiality, integrity, and availability of the information with which we are entrusted by the agents and businesses who rely on our products. As a trusted solution provider to the health insurance industry, we hold ourselves to the same high standards of privacy and security as other healthcare and insurance professionals.
Given Quotit is a wholly owned subsidiary of National General Holdings Corp., many of the provisions set forth herein are also administered through National General’s Privacy Office.
2 HIPAA Policy Details
2.1 Designated Record Set
Quotit does not have any direct relationship with health insurance customers. Individuals whose insurance agents have used Quotit may request access or amendment to their Protected Health Information (“PHI”). The Designated Record Set for these requests includes the following records:
- All personally identifiable information (PII) relating to the individual within Quotit’s records systems. This may include information collected from an agent using our product or from other sources in connection to that agent’s inquiry.
The Designated Record Set excludes the following records:
- Administrative data, such as audit trails, appointment schedules and practice guidelines that do not imbed PHI.
- Incident reports, quality assurance data, and vital certificate worksheets, even if those records contain PHI.
- Derived data such as accreditation reports, anonymous customer data for research purposes, public health records and statistical reports.
- Information or records collected by other National General affiliates or associates or any other entity and not collected, used, stored, or transmitted by Quotit.
Quotit does not request, collect, or use psychotherapy notes.
Information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding is not part of the Designated Record Set.
The Designated Record Set is to be retained according to state and federal regulations and following National General retention procedures.
2.2 Minimum Necessary Uses and Disclosures of Protected Health Information
Quotit staff do not access customer information directly except when required for a particular job-related purpose. Quotit systems keep information secure during collection, storage, and transmission. Access to protected information is limited to only people who need it for their jobs. We review and update our access restrictions at least yearly and any time job duties change. For people who need access to PHI, we decide in advance which categories of PHI they need and whether there should be any restrictions or limitations, such as read-only.
All disclosures of PHI must be tracked as routine or non-routine. Any non-routine requests for disclosure of PHI are submitted to Legal and the National General Privacy Office for review prior to disclosure, including subpoenas and any time-sensitive requests. Individuals or their representatives can request to see an accounting of disclosures of their PHI.
The minimum necessary standard does not apply to certain situations, like giving an individual a copy of their own records or complying with a court order. Any questions about HIPAA or other privacy protections for sensitive information should be directed to Privacy@nhic.com.
2.3 Notice of Privacy Practices
Quotit maintains a Notice of Privacy Practices on our websites for accessibility and for the convenience of our business associates. This Notice reflects this policy and the National General policies with respect to privacy. We will update it any time our privacy policies or practices change.
2.4 Safeguarding and Storing Protected Health Information
Quotit staff are expected to be vigilant in protecting the security and privacy of the information we collect. We have adopted protocols, practices, and systems to prevent intentional and unintentional use of PHI that would violate HIPAA or other applicable privacy regulations.
These protocols provide structure, accountability, and consistency, but they are not a substitute for integrity, common sense, and reasonable judgment on the part of staff and managers. Employees are assigned access based on their job duties, and they are responsible for using that access appropriately. Misuse and unnecessary access or disclosure of protected information will result in disciplinary action, up to and including termination and reporting to law enforcement authorities for prosecution when appropriate. The NGIC Privacy Office will be consulted on any disciplinary matters that involve a privacy or security breach.
2.5 Reporting Incidents
Every Quotit employee has the responsibility to report security and privacy breaches, including any known, possible, or suspected loss, theft, or other unauthorized disclosure of protected information, whether intentional or accidental.
Incidents must be reported within one business day to the NGIC Service Desk (888-222-4911), National General Privacy Office (Privacy@nhic.com) and the reporting employee’s supervisor using the National General HIPAA Incident Reporting Form.
If the incident involves the loss or theft of a device such as a phone, laptop, or flash drive, or any possible breach of National General data security (e.g., suspicious emails, viruses, Trojan horses, compromised login credentials, etc.), the incident must be reported to the National General Service Desk immediately on detection.
3 Uses and Disclosures
3.1 Uses and Disclosures of Protected Health Information
Disclosure of PHI, including any part of an individual’s Designated Health Record, is only allowed with an unexpired and properly completed and signed authorization except:
- When required or allowed by law;
- As set out in the Notice of Privacy Practices:
- To another covered entity for continuing care or treatment purposes;
- For billing, payment, and collection purposes; or
- For health care operations, including but not limited to the general management and administration of Quotit Corporation or any of its programs, products, or services.
4 Rights of Customers
4.1 Amendment of Protected Health Information
Individuals may request to amend any PHI maintained by Quotit. Upon receiving an inquiry from an individual regarding the right to amend their PHI, the Quotit employee receiving the request will provide the individual with a copy of the Amendment of Protected Health Information (“Amendment of PHI”) form. A request for amendment will not be evaluated until the request form is completed and signed by the individual or personal representative and submitted to NGICprivacy@ngic.com.
We at Quotit, as part of the National General family, adhere to a system of tools and processes to ensure the privacy of Protected Health Information (“PHI”) as well as to ensure that such information is used and disclosed in accordance with all applicable laws and regulations. Any concerned individual has the right to file a formal complaint concerning privacy issues without fear of reprisal. Any communications directly with individuals regarding decisions made relating to their PHI or implicating any rights under HIPAA must include a copy of the National General Complaint Form with relevant instructions for submission.
An individual may also file a complaint with the U.S. Department of Health and Human Services (“HHS”) via mail, e-mail, or the OCR Complaint Portal. For more information on how to file a complaint with HHS, please visit https://www.hhs.gov/hipaa/filing-a-complaint/complaint-process/index.html.
Centralized Case Management Operations
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Room 509F HHH Bldg.
Washington, D.C. 20201
5 Other Requirements
5.1 Business Associates
We contract with other companies and organizations to provide our services to our clients. It may be necessary to share PHI with our partners and business associates, or for us to receive PHI that they have collected. We have agreements in place with these companies, that we will all follow the law and protect confidential information.
5.2 De-Identification of Protected Health Information
Quotit does not share PHI for research, marketing, or fundraising purposes. Any PHI that is shared without a valid authorization must be confirmed as de-identified by the National General Privacy Office.
5.3 Responding to a Court Order or Subpoena
Quotit complies with valid court and administrative orders to produce records, including PHI and ePHI, as well as subpoenas and other legal process. When any such order or subpoena is received, it is immediately forwarded to legal counsel and the Privacy Office for review and to facilitate response.
5.4 Verification of Identity and Authority of Individuals Requesting PHI
Quotit employees verify the identity and the authority of a person requesting PHI in all circumstances. Checking identity (that the person is who they say they are) and authority (that the person is legally allowed to access the information) are essential steps in every transaction involving PHI.
In general, employees may rely on ID and other documents and statements that are valid on their face and reliance is reasonable under the circumstances. If there are concerns, the employee or their manager should contact legal counsel or the Privacy Office.
Verification requirements are met if an employee, in good faith, makes a disclosure of PHI:
- To prevent or lessen a serious and imminent threat to the health or safety of a person or the public, or
- To law enforcement authorities to identify or apprehend an individual.
6 Retention & Destruction of Records
The National General general records retention policy applies to all records and information containing PHI/PII. As a practical matter, no original (or properly digitized) records will be eligible for destruction before they are at least ten (10) years old. Affiliates and offices needing to destroy hard copies of original records for space-saving or cost efficiency purposes must ensure the records are digitized and accessible prior to destruction.
Non-original copies of records for which the original still exists (in paper or electronic form) may be destroyed as soon as the copy is no longer needed.
Destruction of records or copies containing PHI/PII must meet federal requirements for the medium (paper, digital, AV, etc.), and must be stored and maintained as PHI/PII until destruction is complete.