California Residents: Your privacy rights under the California Consumer Privacy Act (CCPA)
Effective Date: November 16, 2023
This California Consumer Privacy Act Disclosure explains how Security Benefit Life Insurance Company, Security Benefit Corporation, Security Distributors, LLC, First Security Benefit Life Insurance and Annuity Company of New York, and Security Financial Resources, Inc. (collectively referred to as "Security Benefit", "we", "our", "us" and similar pronouns), collects, uses, and discloses personal information relating to California residents that is subject to the California Consumer Privacy Act of 2018 ("CCPA").
What is personal information?
Under the CCPA, “personal information” is information that identifies, relates to, describes, references, or is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or device. Personal information does not include deidentified or aggregate consumer information (such as demographic-level data or data that can no longer be tied to a single identifiable individual), or information that is publicly available (such as information from public records).
Overview of Your Rights under California's Privacy Law
CCPA gives California residents certain privacy rights with respect to some of the personal information we collect. These rights are:
- The right to notice of the personal information we collect
- The right to know and access the categories, sources and specific pieces of personal information we have collected about you on or after January 1, 2022, including our purpose for collecting the information and the categories of third parties with whom we disclose that personal information, subject to certain exceptions
- The right to limit the use of your sensitive personal information
- The right to correct certain personal information we collect
- The right to delete some or all of the personal information we collect, subject to certain exceptions
This privacy notice describes the steps you must take to exercise these rights, how we will verify your identity, and how we will respond to your requests.
Your rights under the CCPA are limited. In some cases, federal law protects certain classes of personal information that we collect, such as all the information we collect in order to provide you with financial and insurance products and services. Such personal information is excluded from the CCPA. As a result, this disclosure does not apply with respect to information that we collect about you when you request information about, apply for or obtain our financial products and services for personal, family, or household purposes.
Personal Information does not include:
- Publicly available information from government records
- Deidentified data (where personally identifiable information has been removed) or aggregated consumer information (information provided in a summary format)
- Information excluded from the CCPA's scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 and the California Confidentiality of Medical Information Act or clinical trial data; and
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act or California Financial Information Privacy Act, and the Driver's Privacy Protection Act of 1994.
Notice of Collection
We collect personal information about California residents from a variety of sources and use it for purposes related to our business. We may disclose personal information to our service providers in order to manage consumer accounts, provide goods and services to our consumers, market our products, improve our business, including our marketing services, and respond to legal and regulatory requirements. A fuller description of the purposes for which we collect the personal information of our consumers is provided below in the section title "Purposes for which we use your data."
The personal information we collect includes not only clear personal identifiers, but also any information that directly or indirectly can be associated with, or linked to, our consumers or their households. Below are the categories of personal information we collect about our consumers, the sources of that information, the purposes for which we use personal information and the types of third parties with whom we have shared personal information in the past 12 months.
We do not sell your personal information. Please note that personal information we collect from or generate about you in connection with providing you a financial service or product for personal, family, or household purposes may be disclosed to third parties pursuant to the Gramm-Leach-Bliley Act.
We also do not “share” your personal information with third parties for “cross context behavioral advertising,” as those terms are defined under California law.
Personal Information We Collect, Use and Share
| Categories of Personal Information we collected | Sources of Personal Information | Purposes for which We use your data | Disclosed for a Business Purpose in the last 12 months? | Types of third parties with whom we have shared Personal Information in the past 12 months |
|---|---|---|---|---|
Personal Identifiers*: your name, alias, postal address, email address, unique personal identifier, online identifier, account name, Internet Protocol address, social security number, driver’s license number, passport number, or other similar identifiers. We may collect similar information about your spouse, children and beneficiaries. |
| We may use this data for a number of our operational functions, including underwriting and issuing insurance policies; providing services under your insurance contract; meeting our legal and compliance obligations; detecting security incidents; performing data analytics and engaging our customers; improving our technology and systems, and marketing our products to you directly and through our joint marketing partners. | Yes |
|
| Information About You*: Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, your signature, physical characteristics or description, insurance policy number, bank account, credit card and debit card number, or any other financial information, medical information, and health, life, or other insurance information, including your claims history |
| We may use this data for a number of our operational functions, including underwriting and issuing insurance policies; providing services under your insurance contract; meeting our legal and compliance obligations; detecting security incidents; performing data analytics and engaging our customers; improving our technology and systems. | Yes |
|
| Sensitive information protected by federal or state law*: your age, gender, familial status, disability, sex, national origin, marital status, veteran status, medical condition, ancestry, source of income, and genetic information |
| We may use this data for a number of our operational functions, including underwriting and issuing insurance policies; providing services under your insurance contract; meeting our legal and compliance obligations; detecting security incidents; performing data analytics and engaging our customers; improving our technology and systems. | Yes |
|
| Commercial information*: records of your personal property, products or services you have purchased or considered, and other histories or tendencies to purchase or consume particular products and services |
| We may use this data for a number of our operational functions, including underwriting and issuing insurance policies; providing services under your insurance contract; meeting our legal and compliance obligations; detecting security incidents; performing data analytics and engaging our customers; improving our technology and systems, and marketing our products to you directly and through our joint marketing partners. | Yes |
|
| Internet or other electronic network activity information*: browsing history, search history, and information about your interaction with a website, online application and advertisements |
| We may use this data for a number of our operational functions, including underwriting and issuing insurance policies; providing services under your insurance contract; meeting our legal and compliance obligations; detecting security incidents; performing data analytics and engaging our customers; improving our technology and systems, and marketing our products to you directly and through our joint marketing partners. | Yes |
|
| Geolocation data* |
| We may use this data for a number of our operational functions, including underwriting and issuing insurance policies; providing services under your insurance contract; meeting our legal and compliance obligations; detecting security incidents; performing data analytics and engaging our customers; improving our technology and systems. | Yes |
|
| Sensory information: audio, electronic, visual, thermal, olfactory or similar information, including voice signatures and recorded calls |
| We may use this data for a number of our operational functions, including underwriting and issuing insurance policies; providing services under your insurance contract; meeting our legal and compliance obligations; detecting security incidents; performing data analytics and engaging our customers; improving our technology and systems. | Yes |
|
| Professional or employment-related information*: such as your job title, job history, income |
| We may use this data for a number of our operational functions, including underwriting and issuing insurance policies; providing services under your insurance contract; meeting our legal and compliance obligations; detecting security incidents; performing data analytics and engaging our customers; improving our technology and systems, and marketing our products to you directly and through our joint marketing partners. | Yes |
|
| Educational information not publicly available*: your level of education, schools attended, your degrees |
| We may use this data for a number of our operational functions, including underwriting and issuing insurance policies; providing services under your insurance contract; meeting our legal and compliance obligations; detecting security incidents; performing data analytics and engaging our customers; improving our technology and systems. | Yes |
|
| Inferences drawn from any of the above categories of information to create a profile about you*: Information about your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
| We may use this data for a number of our operational functions, including underwriting and issuing insurance policies; providing services under your insurance contract; meeting our legal and compliance obligations; detecting security incidents; performing data analytics and engaging our customers; improving our technology and systems, and marketing our products to you directly and through our joint marketing partners. | Yes |
|
We also collect the below categories of sensitive personal information as defined under California law (even though as with personal information more broadly, the California Consumer Privacy Act may not apply at all times). We generally use sensitive personal information only for the necessary purposes below or as otherwise permitted by law.
| Categories of Personal Information we collected | Sources of Personal Information | Purposes for which We use your data | Disclosed for a Business Purpose in the last 12 months? | Types of third parties with whom we have shared Personal Information in the past 12 months |
|---|---|---|---|---|
| Social security, driver’s license, state identification card, or passport number. |
| We may use this data for a number of our operational functions, including underwriting and issuing insurance policies; providing services under your insurance contract; and meeting our legal and compliance obligations. | Yes |
|
| Account log-in or financial account number in combination with any required security or access code, password, or credentials allowing access to an account. |
| We may use this data for a number of our operational functions, including underwriting and issuing insurance policies; providing services under your insurance contract; and meeting our legal and compliance obligations. | Yes |
|
| Health Information |
| We may use this data for a number of our operational functions, including underwriting and issuing insurance policies; providing services under your insurance contract; meeting our legal and compliance obligations; and performing data analytics and engaging our customers. | Yes |
|
| Biometric information: physiological, biological, or behavioral characteristics that can be used to identify you, such as fingerprints, retina scans, photos used for facial recognition and genetic information |
| We may use this data for a number of our operational functions, including underwriting and issuing insurance policies; providing services under your insurance contract; meeting our legal and compliance obligations; performing data analytics and engaging our customers; improving our technology and systems. | No |
Purposes for which we use your data
We may use your data for the following business purposes:
- To consider your application for insurance, assess and evaluate institutional risk and provide you with an insurance product and services, where applicable;
- To administer your insurance product and maintain your account, including processing premium payment, processing claims, administering benefits and paying out withdrawals, surrenders and claims settlements, and encouraging customer engagement;
- To provide account statements and other required documents;
- To respond to court orders and legal investigations or as otherwise required or permitted by federal and state law;
- To comply with legal requirements;
- To report to consumer reporting agencies;
- To authorize, settle and clear the collection of amounts charged, debited, or otherwise used to pay premium or receive payments and the audit of such information;
- To prevent and detect security incidents, fraud, money laundering, unauthorized access, data destruction and other crimes;
- To obtain reinsurance, or stop loss or excess loss insurance on our operations;
- To improve our products and technology, carry out market research, perform data analytics, risk modeling and statistical analysis and for mergers and reorganizations;
- For marketing and analytic purposes.
Children Under the Age of 16
Our website does not target consumers under 16 years of age. We do not knowingly collect, sell or disclose the personal information of consumers under 16 years of age.
Retention of Personal Information
We store personal information about you on computer systems operated by us or our service providers. Due to being a highly regulated company, we keep various records that contain personal information in accordance with applicable state and federal regulations, or pursuant to contractual obligations. In general, we aim to keep personal information only for as long as necessary and only for the reason(s) we collected it. It may be necessary to keep personal information longer than our official retention periods for legal or regulatory reasons, including litigation. To support us in managing how long we hold personal information and our record management, we maintain a data retention policy which includes clear guidelines on retention and deletion.
We consider the following criteria when determining how long a particular record will be retained, including any personal information contained in that record:
- How long the record is needed to provide you with the products and services you request.
- How long the record is needed to support and enhance our operational processes.
- How long the record is needed to protect our rights and legal interests.
- How long the record must be retained to comply with applicable laws and regulations.
The same personal information about you may be included in more than one record and used for more than one purpose, each of which may be subject to different retention periods based on the factors listed above.
Exercising Your Rights under California’s Privacy Law
Right to know and access
You have a right to ask us to disclose certain personal information that we have collected about you. You, or your authorized agent, may ask us to disclose, subject to certain exceptions:
(i) the categories of personal information we have collected;
(ii) the categories of sources for the personal information we collected about you;
(iii) the purposes for which we collected the personal information;
(iv) the categories of third parties with whom we have shared the personal information; and
(v) the specific pieces of personal information that we have collected.
Before we respond to your request to know and access, we must verify the identity of the requestor. Our process for verifying the identity of the requestor is described below.
Right to correct
You have the right to correct certain personal information. There are many types of correction requests and our service areas are ready to assist you with your request.
Before we respond to your request to know and access, we must verify the identity of the requestor. Our process for verifying the identity of the requestor is described below.
Right to delete
You have the right to ask us to delete some or all of the personal information we have collected or maintained about you, subject to certain exceptions.
Before we respond to your request to know and access, we must verify the identity of the requestor. Our process for verifying the identity of the requestor is described below.
Right to non-discrimination if you exercise your consumer rights
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by law, we will not do any of the following to you if you exercise your CCPA rights:
- Deny you goods or services
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties
- Provide you a different level or quality of goods or services
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services
How to submit a request to exercise your rights
Authorized Agent
You may designate an authorized agent to submit a request to know and access, a request to correct, or a request to delete on your behalf.
If that agent is not already authorized to access your account in your profile, please submit a notarized special power of attorney in writing that provides the authorized agent with permission to make a request to know and access, a request to correct, or a request to delete on your behalf. We may also ask you to verify your identity directly with us.
We will deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf.
Request to know and access: You or your authorized agent may submit a request to know and access by completing the privacy rights webform or by calling this toll-free number – 800.888.2461 – to speak to a customer service representative.
If we deny your request in whole or in part, we will provide you with an explanation or direct you to our general business practices for collecting personal data. Under no circumstances will we provide the requestor with a consumer’s Social Security number, driver’s license number or other government-issued identification number, financial account numbers, any health insurance or medical identification numbers, any account passwords, or any security questions and answers. If you maintain a password-protected account with us, we may comply with your request to know and access by using a secure self-service portal for you to use to access, view and receive a portable copy of your personal information. We will use reasonable security measures when transmitting information to a consumer.
Request to correct: You or your authorized agent may submit a request to correct any mistakes in your personal information by completing the privacy rights webform or by calling this toll-free number – 800.888.2461 – to speak to a customer service representative. We may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect; data solely retained for data backup purposes is generally excluded.
Request to delete: You or your authorized agent may submit a request to delete all or some of your personal information by completing the privacy rights webform or by calling this toll-free number – 800.888.2461 – to speak to a customer service representative.
Submitting a request to delete is a two-step process. After you submit a request to delete, we will ask you separately to confirm that you want all or some of your personal information deleted.
Once we receive your verified request to delete and confirm your identity, we will delete (and direct our service providers to delete) your personal information from our records, unless the information is subject to other laws or we need the information to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided.
How we will verify your identity
Only you, or an authorized agent, may submit a request to know or to delete your personal information. You may also make a request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will use the personal information you provide to us when submitting a consumer request only to verify the requestor's identity or authority to make the request.
We will require the following information to verify your identity:
- For requests to know categories of personal information: We will require you to correctly match at least two data points we have previously collected about you.
- For requests to know specific pieces of personal information we have collected in the past 12 months: We will require you to correctly match at least three data points we have previously collected about you. We may also require you to sign a declaration under penalty of perjury that the requestor is the consumer whose personal information is being requested.
- For requests to delete: We will require you to correctly match at least two or three data points we have previously collected about you, depending on the sensitivity of the personal information you are requesting. We may also require you to sign a declaration under penalty of perjury that the requestor is the consumer whose personal information is being requested.
Data we may request to verify your identity: When we request additional information from you to verify your identity, we may request other account information, answers to security questions, your name, government identification number, date of birth, contact information, or other personal identifying information.
How we will respond to your request
We intend to confirm receipt of your request within 10 days and to respond to a verified request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding our receipt of a verified request from you. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For requests to know the specific pieces of information we have collected, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
For more information, contact:
Chief Compliance Officer
Security Benefit
One Security Benefit Place
Topeka, Kansas 66636-0001
Changes to This California Consumer Privacy Act Disclosure
We may change or update this Disclosure from time to time. When we do, we will post the revised Disclosure on this page with a new "Last Updated" date.