AM Best

Privacy Notice

Your privacy is very important to us. We are committed to protecting and safeguarding your data privacy rights.

1. Introduction

This Privacy Notice (this "Notice") explains how A.M. Best Company, Inc., as well as any of our subsidiaries, affiliates and related entities (collectively, "AM Best," "we," or "us") uses the personal information of business partners (i.e., customers, suppliers, and/or sub-suppliers) and visitors of AM Best's premises and websites.

We have drafted this Notice in an easy and comprehensible way in order to help you understand: who we are, what personal information we collect about you, why, for how long, and what we do with it. Please keep in mind that "personal information" under this Notice may also be referred to as: “data,” “personal data” or “personally identifiable information.”

This Notice does not intend to replace or modify terms in any existing license agreement or service agreement between AM Best and you, if any. Yet, in the event of an inconsistency between this Notice and an existing agreement – as it pertains to any privacy and data protection related matters – such existing agreement shall control. In the event of a conflict between this Notice and any applicable local laws and/or regulations, and only to the extent such local laws and/or regulations require a higher level of protection for your personal information, such applicable local laws and/or regulations shall prevail.

AM Best websites (the "Website") often contain links to other sites. Please be aware that AM Best is not responsible for the privacy practices or the content of third party websites. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use the Website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. When you leave the Website, please read the privacy notices of each and every other website that collects personally identifiable information.

Though we make every effort to preserve your privacy, we may need to disclose personal information to third parties under certain circumstances discussed below (Sections 8 and 9) or when required by law.

Please note that if we decide to change our Notice, we will post these changes on the Website and in any other place we deem appropriate. Please check this Notice periodically for updates.

2. When does this Privacy Notice apply?

This Notice is applicable to the processing of individuals' personal information by AM Best. As described in Section 1 above, the term "individuals" under this Notice covers customers, suppliers, sub-suppliers and visitors of AM Best's premises and the Website.

Please be aware that whenever the local legislation requires a higher level of protection for personal data, it will take precedence over this Notice – and, thus, apply in the respective situation.

The Website is intended for users who are 18 years of age or older. No one under age 18 may provide any personal information to or on the Website. We do not knowingly collect personal information from children under 18. If you are under 18, do not (i) use or provide any information on the Website or on or through any of its features, (ii) register on the Website, (iii) make any purchases through the Website, (iv) use any of the interactive or public comment features of the Website, or (v) provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will take appropriate steps to delete that information. If you believe we might have any information from or about a child under 18, please contact us by visiting Section 14 of this Notice.

California residents under 16 years of age may have additional rights regarding the collection of their personal information. Please see Section 12 below for more information.

3. Who is AM Best?

AM Best is the world's first credit rating agency. Our Company's purpose is to strengthen the overall financial condition and operating performance of the insurance industry through our work in credit ratings and information services.

For further information regarding our contact details, please visit Section 14 below.

If you wish to obtain more information about the contact details of AM Best's affiliate companies, please visit the Offices page on the Website.

4. What is personal data?

Personal data means any information – or set of information – relating to an identified or identifiable natural person. An "identifiable natural person" is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as:

  • a name;
  • an identification number;
  • location data;
  • an online identifier; or
  • by reference to one or more factors specific to: the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal data excludes anonymous or de-identified data that is not associated with a particular individual.

5. What types of personal data we may process about you?

Depending on who you are (i.e., a customer, supplier, sub-supplier, and/or visitor of the Website) and how you interact with us (e.g., online, offline, over the phone, via emails, and/or through our systems, tools, platforms, etc.), we may process the following personal data about you:

Categories of data

Examples

Personal identification data

Name, surname, alias, signature, title, date of birth, Social Security number, driver's license or state identification card number, passport number, or other similar identifiers

Contact details

Email address, telephone number, shipping address

Account log-in data

Information from AM Best tools, systems and applications, where you hold a profile, such as: usernames, passwords and/or other security codes

Demographic / Profile Information*

Information from AM Best user accounts

Financial data

Credit card number, bank account number, debit card number, or any other financial information

Your preferences

Preferred ways to be contacted by us through our My Account and/or initial email communication with you

On premise information relating to you

Information about you, collected through our closed-circuit television (CCTV) recordings and physical access control

Interaction data with AM Best (and its affiliates)

Questions, complaints, correspondence with us

Screening data

Information from screening/background checks via our screening tools and/or public records

Cookies

Information obtained from our use of cookies. For more information about the use of our cookies, please read our Cookie Notice.

Other information that you have voluntarily shared with AM Best (and its affiliates)

Feedback, reviews, comments, and/or any other information provided by you to help us perform our due diligence assessment

5.1 Special categories of personal data

AM Best will only process special categories of data ("sensitive data") for specified purposes, and, where you have given your explicit consent, it is necessary, required in accordance with applicable legislation or you have deliberately made it public.

The following constitute sensitive data:

  • Personal data revealing racial or ethnic origin;
  • Personal data revealing political opinions;
  • Personal data revealing religious, philosophical or moral beliefs;
  • Personal data revealing trade union membership;
  • Genetic data;
  • Biometric data;
  • Data concerning health;
  • Data concerning a person's sex life; and
  • Data concerning a person's sexual orientation.

In the exceptional cases where AM Best will process this type of personally identifiable information, our Company will provide you with notice and obtain your prior express consent to lawfully process the sensitive data involved, except as otherwise permitted or required by applicable law or regulation.

Stringent safeguards also apply to the processing of personal data relating to criminal convictions and offenses. AM Best will only process this type of information in exceptional circumstances (if any) and after respecting all appropriate safeguards and applicable legal requirements. If you have any further questions in this regard, please contact us by visiting Section 14 of this Notice.

6. What are our purposes for processing your personal data?

AM Best processes your personal information for the purposes outlined below:

  • To fulfill the purpose for which you provided the information;
  • To create, maintain, customize, and secure your account with us;
  • Verifying your identity (e.g., upon receiving a data subject request from you);
  • Offering support to you (e.g., through the handling of your general or customer service inquiries and/or complaints);
  • Providing you with any products and services you have requested;
  • Concluding, executing, and/or performing agreements and contracts with you;
  • Billing purposes, filling-in customer orders, account management;
  • Performing (re-) screening to our (potential) business partners (i.e., customers, suppliers, and/or sub-suppliers);
  • Developing and improving our products, services and the Website (e.g., by evaluating any information you provide us with via feedback, voluntary surveys, etc.);
  • Protecting the health, safety, security and integrity of AM Best's (potential) business partners and (web-) visitors, as well as AM Best's employees, interests and assets, such as AM Best's premises, IT systems, tools, facilities, etc.;
  • Performing our marketing activities*;
  • Archiving and evidential purposes;
  • Complying with our legal obligations in the different jurisdictions where AM Best operates;
  • Enforcing AM Best's legal and/or contractual rights;
  • Establishing, exercising or defending AM Best from legal claims (to which our Company is or may be subject);
  • As described to you when collecting your personal information;
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about the Website users is among the assets transferred; and
  • Complying with a current judicial proceeding, a court order or any other pertinent legal process.

Secondary use of personal data: We will only process your personal data for the purposes we originally collected it or for compatible secondary purposes where it is lawful to do so. This means that we may process your personal information for a further use or purpose – but only as long as the secondary purpose is compatible with the original purpose and where data was collected on the basis of a legitimate interest, a contract or vital interest. A compatibility assessment will be performed by our Privacy team in this regard, otherwise your consent will be requested. An example of a secondary purpose is the further processing of your personal data for statistical analysis.

* Marketing Activities: We may periodically send you information that we think you may find interesting. In particular, we may use your personal information for sending you promotional communications about our products, services, events, special offers (or deals) – as well as communications for our market surveys and/or any AM Best updates.

Such communications may be sent to you via different channels (e.g., via postal mail, email, or over the phone) and in accordance with your preferences and the applicable data protection legislation.

In line with our Notice, you have the option not to receive these types of communications. Please see Section 12 below for more information concerning your rights (and, in particular, your "right to object" and/or "opt-out" from this kind of processing).

When required by applicable law, we will ask your consent before starting the above-mentioned activities. You always have the right to withdraw your consent from a processing at any time and without detriment (e.g., extra charges or severe negative consequences inflicted upon you due to your withdrawal). Please visit Section 12 below for further information about your rights.

Please note that even if you choose not to receive marketing communications, you might still receive administrative, service and transaction communications from us (e.g., technical and/or security updates, order confirmations, and other important notices).

California residents may have additional personal information rights and choices. Please see Section 12 below for more information.

Nevada residents who wish to exercise their sale opt-out rights under Nevada Revised Statutes Chapter 603A may submit a request to us by visiting Section 12.1 of this Notice. However, please know we do not currently sell data triggering that statute's opt-out requirements.

7. On what legal basis do we process your personal data?

We may rely on the following legal bases – namely, justified reasons – for processing your personal information:

  • Your consent (when required by law or legally permitted);
  • The necessity to perform a contract with you – or take specific steps at your request before entering into a contract with us;
  • The necessity to comply with our legal obligations;
  • The necessity to fulfill our legitimate interests (e.g., fraud prevention, network and information systems security, internal administration and business cooperation, direct marketing (subject to particular criteria and/or legal requirements; for further information about direct marketing, please read Section 6 above) etc.);
  • The necessity to protect your vital interests; or
  • Any other legal basis permitted by the applicable local legislation, where AM Best operates.

8. When do we share your personal data?

We do not share your personal data except in the limited cases described in this Section.

To be more specific, if it is necessary for the fulfillment of our Purposes (in line with Section 6 above), we may disclose your personal information to the following entities/parties:

  • AM Best affiliates: Due to our global nature, your personal data may be shared with certain AM Best individual entities/affiliates. Such access will only be granted on a need-to-know basis and subject to legal requirements.
  • Third parties such as cloud-based storage providers, IT service providers, shipping providers, payment providers, training providers, CRM providers, etc.;
  • Professional advisors, where appropriate, such as lawyers, banks, insurance companies, auditors, etc.;
  • Public or governmental authorities and regulators (when required by law, or as necessary to protect our rights and always in accordance with the safeguards that the applicable legislation provides for); or
  • Another third party upon your request, in the case of a data portability request.

We may also disclose your personal data for the following additional purposes where permitted or required by applicable law:

  • To protect the rights and property of AM Best;
  • During emergency situations or where necessary to protect the safety of persons;
  • Where the personal data is publicly available;
  • If a business transfer or change in ownership occurs and the disclosure is necessary to complete the transaction. In these circumstances, we will limit data sharing to what is absolutely necessary, and we will anonymize the data where possible; or
  • For additional purposes with your consent where such consent is required by law.

Please be aware that AM Best does not sell your personal data to anyone.

9. How do we transfer your personal data internationally?

AM Best is a global company. In order to provide you with the best service and carry out the purposes described in this Notice (Section 6 above), we may transfer your data internationally to our AM Best entities and/or our third parties that are located in the United States, the European Economic Area ("EEA"), or other countries.

In the event that EEA data is transferred outside the EEA, we are required to ensure that such transfers will take place using certain legal mechanisms (or "transfer tools"). We will therefore, only transfer EEA data outside the EEA if:

  • An adequate level of data protection has been afforded by the European Commission to the country where the data is transferred (namely, an "Adequacy Decision" has been adopted);
  • A legal mechanism exists that covers the requirements for the data transfer at issue, such as:
    • EU Standard Contractual Clauses;
    • Codes of conduct; or
    • Certification mechanisms.
  • The transfer is necessary for the conclusion or performance of a contract between ourselves and a third party, and, the contract is in your interests; or
  • You have explicitly consented to the data transfer outside the EEA.

If you are a customer, supplier, sub-supplier, and/or Website visitor of A.M. Best América Latina, S.A. de C.V., by using the Website or by sharing personal data with us, you consent to the international transfer of information to countries outside of your residence, including international transfers to all of AM Best’s affiliate companies and/or our third parties that are located in the United States, the EEA, and/or other countries to carry out the purposes described in this Notice (Section 6 above).

10. How long do we keep your personal data?

Except as otherwise permitted or required by applicable law or regulation, AM Best retains your information only for as long as necessary to serve the purposes described in Section 6 above.

As soon as the pertinent retention period lapses, your personal data will be securely deleted or anonymized. Under some circumstances we may anonymize your personal data so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.

The criteria used by us to determine our retention periods include:

  • The length of time the data is necessary to provide you with our products and services;
  • The length of time the data is necessary to operate our business;
  • Having an account with AM Best (under this case your data will be held until your account is inactive – or for the period needed to provide a requested service to you);
  • Any applicable legal requirement imposing us a particular timeframe to keep the relevant data (e.g., a mandatory data retention law in the applicable jurisdiction); and
  • The length of time the data is necessary for AM Best to establish or defend itself from legal claims.

11. How do we protect your personal data?

The security and confidentiality of your personal information is important to us. AM Best has implemented appropriate (and reasonable) physical, technical and organizational security measures to protect your personal information.

Some of the safeguards we use include data encryption of any information of sensitive nature you submit (such as a credit card number) and physical access controls to our data centers.

Moreover, we limit access to your data on a business need-to-know basis and we have data processing agreements in place, as well as policies and procedures to deal with any (potential) data breaches, data subject requests, etc. As discussed in Section 9 above, appropriate legal mechanisms (i.e., transfer tools) are used in the case of data transfers too.

12. What about your rights and choices?

The General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act (“CCPA”), the Federal Law on Protection of Personal Data Held by Private Parties (“FLPPDPP”) and other data protection legislations give you specific rights that help you be in control of your personal data. In particular, your rights under data protection laws include:

GDPR

  • The right to be informed about the processing of your personal information (e.g., purposes of processing, types of data involved, recipients to whom the data may be disclosed, storage periods, etc.);
  • The right to access the personal information we hold about you;
  • The right to request rectification of your personal information – for instance, if this is incomplete or incorrect;
  • The right to request erasure/deletion of your personal information;
  • The right to restrict the processing of your personal information by us (under certain circumstances and in accordance with the applicable law);
  • The right to data portability, namely, the right to receive a copy of your personal information (which you have provided to us) in a structured, commonly used and machine-readable format. You may also have the right to request that we transmit such personal information to another party (to the extent the processing is based on consent or a contract);
  • The right to object to our processing of your personal information (under certain circumstances and in accordance with the applicable law) – (e.g., "opting-out" from receiving marketing communications by us at any time);
  • The right to challenge automated decisions including profiling; and
  • The right to withdraw your consent to a processing at any time and without detriment – (e.g., unsubscribing from our newsletter and promotional communications easily and without charges).

CCPA

  • Right to know/disclosure: the right to request that we disclose to you the categories and specific pieces of personal information we have collected about you;
  • Right to deletion: the right to request that we delete any personal information about you, which we have collected from you;
  • Right to Opt-out: the right to object to a processing activity (under certain circumstances and in accordance with the applicable law); and
  • Right to Nondiscrimination: the right not to be discriminated by us because you exercised any of these rights.

California's "Shine the Light" law (Civil Code Section § 1798.83) also permits users of the Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us by visiting Section 14 of this Notice.

Under certain cases, a minimum set of personal data will still be retained by us. In particular, we might need to keep some data longer due to legal requirements – or, for instance, in the case of your "right to object" and/or "opt-out', we will need to keep track of who opted-out from the relevant processing operation.

FLPPDPP (ARCO Rights)

  • The right to access the personal information we hold about you;
  • The right to request rectification of your personal information – for instance, if this data is incomplete or incorrect;
  • The right to cancel any of your personal information, which we have collected from you; and
  • The right to object to our processing of your personal information (under certain circumstances and in accordance with the applicable law) – (e.g., "opting-out" from receiving marketing communications by us at any time).

 

12.1 To Exercise Your Rights Regarding Your Personal Data

To exercise your rights regarding your personal data under this Section 12, please fill out this form to submit your request

For other queries, you can contact our Privacy Office (for contact information, please visit Section 14 below). We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal data that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal data that we hold about you, or we may have destroyed, erased, or made your personal data anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal data, we will inform you of the reasons why, subject to any legal or regulatory restrictions. In the event you are not satisfied with the reply received, you also have the right to lodge a complaint with the competent supervisory authority in your jurisdiction.

If the GDPR, CCPA or FLPPDPP is not applicable to your situation, you can consult our Privacy Office for additional guidance. Please check whether the data subject right you wish to exercise can actually be invoked in the legal order you belong to – or ask us for further clarification in this regard.

Please note that the scope, applicability and exemptions for each and every data subject right may significantly vary from jurisdiction to jurisdiction (and, thus, the legal consequences thereof).

13. How do we use cookies?

For more information on our use of cookies, please read our Cookie Notice.

14. How to contact us?

If you have any questions and/or concerns about this Notice or the way AM Best uses your data, please contact our Privacy Office at Privacy@ambest.com – or write to us at the following address:

AM Best
Attn: Privacy Office
Ambest Road
Oldwick, NJ 08858
United States

For more information about the contact details of AM Best's affiliate companies please visit the following AM Best Offices page.

Last Reviewed December 7, 2021