Please review this information carefully.
Important information for your use of our website.
Personal information we collect
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”
We collect Device Information using the following technologies:
“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier.
“Log files” track actions occurring on the Site and collect data including your IP address, browser type, Internet service provider, referring/exit pages and date/time stamps.
“Web beacons,” “tags” and “pixels” are electronic files used to record information about how you browse the Site.
In addition, if you pay your bill or make another form of financial transaction with the Site, we collect certain information from you, including your name, billing address, payment information (including credit card numbers), email address and phone number. We refer to this information as “Purchase Information.”
How we use your personal information
We use your Personal Information to communicate with you, process financial transactions and provide you with information and/or advertising relating to our products or services.
In particular, we use Device Information that we collect to help us improve and optimize our Site (for example, by generating analytics about how visitors browse and interact with the Site and to assess the success of our marketing and advertising campaigns).
Sharing your personal information
We share your Personal Information with third parties to help us provide a better experience. For example, we use Google Analytics to help us understand how our visitors use the Site. You can read more about how Google uses your Personal Information here:
You can also opt-out of Google Analytics here:
We may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive or to otherwise protect our rights.
As described above, we may use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. You may opt out of targeted advertising by visiting:
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal here:
Do not track
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
If you are a European resident, you have the right to access Personal Information we hold about you and to ask that your Personal Information be corrected, updated or deleted. If you would like to exercise this right, please contact us.
Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example, if you request information through the Site) or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
When you interact with the Site, we will maintain your Personal Information for our records unless and until you ask us to delete this information.
The purpose of this policy is to define the types of sensitive information stored by us or available to Insert Company Name (“Company,” “we,” “our,” or “us”) users, and to set forth guidelines for handling Company Sensitive Information and Personally Identifiable Information (“PII”) while in transmission, storage (at rest), or in use/creation.
This policy applies to all employees, administrative consultants, contractors, temporary personnel, third parties, and the like who receive, create, store, handle and transmit Company Sensitive Information or PII in hard copy or electronically. Additional controls are further addressed by the Insert Company Policy Name(s), and other access controls.
This policy establishes the guidelines for safeguarding PII and Company Sensitive Information during transmission or while in storage (at rest), or when being initially received, developed, or processed. This policy also covers the hard copy of this information from initial collection or printout.
- Labeling and Identification
- Public information does not require any special labeling.
- Company Sensitive Information may or may not require labeling. The author, project manager, or supervisor should provide specific guidance on appropriate labeling. If in doubt, label the information “Confidential” until instructed otherwise.
- PII should not be labeled so as to bring attention to it. A cover sheet can be placed on it and marked as “Confidential.”
- Labels should be used both on printed/hard copies and electronic formats.
- Safeguarding During Transmission
- All transmittal of Company Sensitive Information and PII on public networks or wireless systems will be done using encryption technology. For instance, email encryption, PGP, VPN, secure file transfer, WPA2, and SSL can be used.
- When faxing Company Sensitive Information or PII, the sender should ensure that the recipient is available to receive the fax and validate the number of pages received or that the receiving fax requires a PIN or other form of identification (i.e., RFID card) to receive the information.
- If transmittal is via mail, some form of certified mail or a service which provides a chain of custody (i.e., UPS or FedEx, or certified mail with delivery confirmation) should be used.
- Safeguarding During Storage (at Rest)
- When Company Sensitive Information and PII is stored on company information computing assets, it should be protected appropriately using available user authentication and file privileges, such as encryption when required.
- Encryption meeting our standards will be used when storing Company Sensitive Information or PII on laptops and PCs.
- Encryption meeting our standards will be used when technically possible on mobile computing devices storing Company Sensitive Information or PII.
- Storage of personal information should be avoided on unencrypted USBs, jump drives, CDs, or DVDs.
- The retention period of each class of information should be determined according to the Company retention policy.
- Safeguarding During Creation/Development/Processing
- When initially receiving Company Sensitive Information and PII, the information may be handwritten, perhaps on a form. If this is the case, the same care must be taken to protect this initial piece of paper as you would the formal hardcopy or printout of this information. At a minimum, this information should be secured in a locked office or desk.
- Company Sensitive Information or PII placed in a document or spreadsheet should be labeled “Confidential” prior to saving.
- A file or folder containing Company Sensitive Information or PII should not be shared with anyone who is not authorized to access this information.
- Disposal of Company Sensitive Information and PII
- Written notes or hardcopy/printout and faxes when no longer needed must be disposed of in an appropriate shred/burn bin or shredded using a cross-cut shredder.
- Whenever possible, ensure that your screen is not visible to others.
- Discarded computer equipment (including printer/fax machines) must be decommissioned and the hard drive destroyed using a program that permanently eliminates any PII or Company Sensitive Information.
- Any computer equipment being sold or transferred to other organizations must be properly sanitized (securely cleared of all information) by the Information Technology Department (“Information Technology”).
- Access and Sharing of Sensitive Information
- We take the security and safeguarding of our information and employee information seriously. Employee access to our information computing resources is not provided until a background check is completed. If an individual does not pass the background check, including drug testing, the offer to hire is not made or rescinded, and the applicant notified.
- Prior to being provided access to Company Sensitive Information or PII, users must acknowledge the safeguarding requirements outlined in the Information Security Program.
- The release of Company Sensitive Information or PII, whether written, oral, or electronic, to persons outside Company is prohibited unless authorized by Information Technology and the General Counsel.
- In such cases, a signed nondisclosure agreement should be entered into between the recipient of Company Sensitive Information or PII and Company.
- Company Sensitive Information may be released to the U.S. government if the material is exempt from disclosure under the Freedom of Information Act, and it is marked in accordance with this policy.
- Information may be disclosed if it is required by legal process or court order as determined by the General Counsel.
- Individuals having access to Company Sensitive Information or PII who are terminating their employment/relationship with us will have their user ID disabled, access control ID card revoked, and will be advised as to their responsibilities with respect to Company Sensitive Information and PII.
- The terminating employee will be alerted to the legal consequences of using, retaining, or disclosing Company Sensitive Information or PII for any purpose not expressly authorized by us in writing.
- Accountability: All users, past and present, are responsible for using the guidance provided by this policy. Any person having knowledge of any unauthorized disclosure or removal of Company Sensitive Information or PII shall report this information to their supervisor, the Human Resources Department or Information Security.
- Non-Compliance: Violations of this policy may lead to the suspension or revocation of system privileges and/or disciplinary action up to and including termination of employment. We reserve the right to advise appropriate authorities of any violation of law.
- Exceptions: Any exception to this policy must be approved by the General Counsel.
- Compliance Measurement: Internal Audit will verify compliance to this policy through various methods, including, for example, business tool reports and audits.
For more information about our privacy practices, if you have questions or if you would like to make a complaint, please contact us by email at Office@ErwinIns.com or by mail using the details provided below:
6260 Dupont Station Court, Suite B, Jacksonville, FL 32217