Privacy and Ethics

BCS Financial Corporate Privacy and Ethics

About BCS Privacy Policy

This document describes the privacy policy of BCS Financial Corporation (“BCSF”), as well as common aspects of the privacy policies of our insurance businesses. As each of our businesses manages their own individual privacy policies, you may also look on their website pages for additional information. While we share a commitment to privacy, the laws applicable to each type of business varies somewhat and, as a result, our businesses may have different policies and procedures in place.

This policy does not apply to any non-BCSF Corporation affiliates. It also does not apply to the practices of our licensees or business partners, such as vendors and advertisers.

Requests and Submissions on this Website

When you are on this website, you may take certain types of actions, such as asking a question about an insurance issue or product. While BCSF owns insurance companies, BCSF is not itself in the business of insurance. Your request and information will be shared with the responsible BCSF business or agent so that may respond to your question or request.

Categories of Information Collected by Our Companies

Our companies collect and maintain a wide range of personal information, including nonpublic personal information (“NPI”), protected health information (“PHI”), and personally identifiable information (“PII”) about prospective, current, and former insureds and others. Here are some examples of the types of information that our insurance businesses may collect:

  • Contact: We might collect your name, and home and business address. We might also collect your email address and telephone numbers.
  • Financial: We might collect your payment card number or other payment information and payment history.
  • Insurance: We might collect information about your insurance claims, including health or medical information. We might also collect your social security number and driver’s license number.
  • Demographic: We might collect information about your marital status or your family members.
  • Other: We might collect information about the type of browser you use. We might also look at what part of our sites you visit. We might also collect information about the links you select on our sites that take you to third party websites.

How Information About You is Collected

Our companies are engaged in a variety of insurance businesses and may collect information about you a variety of different ways. Here are some examples:

  • We may collect information directly from you. For example, we may collect information when you make an insurance request, decide to make a purchase, or submit an email or form to us.
  • We may collect information from you passively. For example, we use tracking tools like cookies, web beacons, and pixel tags.
  • We may get information from third parties. For example, our businesses might get information about you from a credit reporting agency and other authorized providers of personal information.

How Your Personal Information is Used

Our companies may use your personal information a variety of different ways. Here are some examples:

  • To process your requests. For example, our businesses will use your information to generate a rate quote or respond to your inquires.
  • As described when your information was collected.
  • For marketing purposes. For example, as permitted, our businesses may use your information to tell you about themselves or about products or services they think you will like.
  • To customize your experience with us. For example, to tailor your website visit to fit your interests.
  • For our other legitimate business purposes. For example, we may combine information that we get about you from third parties with information we already have.
  • As otherwise permitted by law.

We do not currently sell any personal information we collect to any third parties. We also do not engage in “targeted advertising” as the term is defined in applicable state laws. If we were to do so in the future, we will update this policy, and provide you with the opportunity to opt-out of any targeted advertising or the sale of their personal information. We also do not engage in profiling in furtherance of decisions that produce legal or similar significant effects.

How We Share Information

  • With vendors and others who provide services for us. For example, our insurance businesses might share your information with insurance agents or insurance brokers. We might also share your information with companies that maintain databases used by the insurance industry.
  • With a successor to all or part of our business. For example, if any part of our BCSF companies or business was sold we might sell the customer list as an asset in the transaction.
  • For legal reasons or to investigate fraud. Our businesses will disclose information to compliance assessors. These include insurance regulators and auditors. We may also disclose information in response to a court order or subpoena. We will also share information if we believe it is necessary to cooperate with law enforcement. We might also share information in response to a government request. We will also share information as otherwise permitted by law.
  • As part of our insurance business. For example, our businesses may share information with insurance rating organizations. We might also share information with credit reporting agencies, guaranty funds, and compliance assessors.
  • With our affiliates as permitted by law. For example, we will not share your personal information with other BCSF companies for marketing purposes except as allowed by applicable law or permitted by you.
  • We will also share information for other valid business purposes as permitted by law.

Your Individual Rights

Some jurisdictions (state and federal), provide individuals with certain rights regarding their personal information. Examples of these laws, without limitation, include: California Consumer Privacy Act (“CCPA”), California Privacy Rights Act (“CPRA”), and the Colorado Consumer Privacy Act (“CPA”). See the State Specific Privacy Notices below for more information.

To exercise any rights your jurisdiction may provide, contact us by using the information at the end of this policy. Your rights will depend on the location in which you reside when your personal information is collected or otherwise processed. The following illustrates some of the rights that may be afforded under your jurisdiction collectively:

  • Being informed about how we obtain and process your personal information;
  • Viewing and obtaining a copy of the personal information we maintain about you;
  • Amending or revising personal information we maintain about you;
  • Having personal information we maintain about you erased or forgotten;
  • Objecting to the use of your personal information for direct marketing;
  • Restricting our use of the personal information we maintain about you;
  • Transferring the personal information we maintain about you to another entity who will provide substantially similar services;
  • Objecting to our use of personal information we maintain about you;
  • Objecting to automated decision making based on your personal information;
  • Objecting to automated profiling based on your personal information;
  • Knowing from where we obtained your personal information;
  • To receive the same services (to the extent possible) at the same price regardless of whether you exercise your individual rights under this statement;
  • Withdraw your previously provided consent (this right may only be available on a prospective basis); or
  • Filing a complaint with us or the appropriate governmental entity.

Some states require specific information regarding our practices and your rights be provided to you in the form of a privacy notice. These notices are provided in the State Specific Privacy Notices section below.

Your Choices

You can choose not to provide us with some or all requested information. If you do not provide it, though, we may not be able to fulfill your request. You can also set your browser up to reject cookies. If you do this, some of the features of our website will not work.

To exercise any of your rights or choices, contact us using the contact information provided at the end of this policy. We may require that you verify your identity before acting on your request to exercise any of your rights. You must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or that the requestor is the authorized representative of the data subject. A verifiable request must also include sufficient detail that allows us to properly understand, evaluate, and respond to it.

In most circumstances, individual rights are not absolute and where applicable law permits or requires, we may choose to limit or deny a request. If we limit or deny a request, we will provide an explanation in writing.

We will respond to your verifiable request within the timeframes permitted for responding to such requests to exercise your applicable rights.

How We Secure Information

BCSF takes steps to protect personal information that we receive consistent with applicable laws and our internal policies and procedures. These steps vary depending on the nature of information and include physical, administrative, and technical safeguards, including secured files and buildings.

The Internet is public, and we cannot promise that your information will remain secure. We encourage you to use caution when disclosing information online. Do not share your passwords with other people and select passwords that are secure.

We retain your information for as long as necessary to carry out the purposes described here. We will also store information for retention periods required by law. Our information storage practices are not affected by the termination of any customer relationship.

International Visitors

Our sites are operated in the United States. Our businesses only sell insurance in the United States. If you are located outside of the United States, please be aware that information you provide to us may be sent to the United States. By using our sites and giving us your information, you agree to such transfer. You also understand that the U.S. may not provide the same level of protections as the laws of the country in which you are located.

Our sites might include links to third-party sites. If you click on one of those links, you will be taken to websites we do not control. This policy does not apply to the information practices of those sites. Your information will be subject to the third-parties’ privacy policies, practices, and statements. We are not responsible for the actions or omissions of any third-party websites, the accessibility of any third-party website, or the policies or procedures of any third-party website.

Children

We do not direct our sites to children under the age of 13 and do not knowingly collect personally identifiable information from children under the age of 13. If you are a parent of a child under 13, and you believe that your child has provided us with information about him or herself, please contact us using the contact information at the end of this policy. To learn more about how to protect your child online, visit the Federal Trade Commission’s (“FTC”) website.

State Specific Privacy Notices

Notice to California Residents

BCSF is committed to maintaining and protecting the confidentiality of your personal information. The California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”) provides consumers who reside in California certain rights regarding their personal information. This policy explains how we obtain, use, and disclose personal information, and your rights relating to your personal information under the CCPA and CPRA.

Right to Opt-Out:  If a business sells consumer personal information, they must provide the consumer the right to “opt-out” of their information being sold. Please note that BCSF does not sell consumer personal information.

BCSF may use or disclose your sensitive personal information as defined under the CCPA. You have a right to opt-out of such use or disclosure or request that we limit such use or disclosure of your sensitive personal information, other than to complete the transaction for which we collected the sensitive personal information or otherwise provide a good or service that you requested.

Right to Request Personal Information: As a consumer, you have the right to know and the right to request that we disclose to you what personal information we collect, use, and disclose. You have the right to request the categories of personal information we have collected and store about you, in accordance with the categories of information listed in the CCPA and set forth in the table below. In addition, you have the right to request categories of sources of personal information we collected about you, the business or commercial purpose for collecting, the categories of third parties with whom we share that personal information, and the specific pieces of personal information we have collected about you. Categories of personal information that we disclosed about you for a business purpose may also be requested, with the appropriate lists provided under the CCPA.

Upon receipt of a verifiable consumer request, we will promptly take steps to disclose and deliver, free of charge to you, the personal information required by this section and within the timeframes permitted for responding to the exercise of this or other applicable rights. The information may be delivered by mail or electronically. We may provide personal information to you at any time following a verified request. We are not required to provide personal information to you more than twice in a 12-month period.

Right to Delete Personal Information: You have the right to request we delete personal information we, or our service providers, store about you, subject to certain limitations. The CCPA recognizes that there are certain business purposes that allow us to retain your information.

Identity Verification: Prior to accessing or disclosing any information pursuant to a data request, we may ask you for additional information to allow us to verify your identity. A verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or that the requestor is the authorized representative of the data subject. A verifiable request must also include sufficient detail that allows us to properly understand, evaluate, and respond to it.

If you are making a request on behalf of another individual, we may ask you to provide us with information regarding your legal authority to act on behalf of such individual. You may also make a verifiable consumer request on behalf of your minor child. Please indicate in your request if either of these apply, as additional verification may apply.

In general, our verification process includes reviewing the information submitted in the request, comparing it to the right(s) requested; the number of verification points/methods required by the CCPA; and the type, sensitivity, and risk of information requested, including to the consumer, from unauthorized disclosure or deletion. An account is not required with us to make a request. We will use personal information provided in a verifiable consumer request to verify the requestor’s identity and authority to make the request, or otherwise as permitted by the CCPA. We will respond to a verifiable consumer request within 45 days of its receipt. If additional time is required to respond to the request (up to 90 total days), we will inform you of the reason for the extension in writing. A response to a consumer request will be provided as required by the CCPA, such as through an account (if one exists), or otherwise by mail or electronically.

Access Request Responses: There may be certain instances in which we will deny your request to access, receive, or delete personal information. For example, we may deny requests where any such access or disclosure would interfere with our regulatory or legal obligations, where we cannot verify your identity, and where exemptions or exceptions are permitted by the CCPA, including frequency limitations. We also have the ability under the CCPA to deny requests if it would result in disproportionate cost or effort. If we will not substantively complete a request made under the CCPA, we will provide you with an explanation within a reasonable time period and as required by law.

Categories of Personal Information: Personal information is collected and may be used to provide the services to you, to perform obligations under agreements, to provide information and notifications to you or an authorized representative, to protect the rights and safety of you and/or others, to comply with court and other legal requirements, for business purposes and as otherwise set forth in the CCPA, to conduct organizational and operational needs, and as otherwise described when collecting personal information or within this policy.

A request for personal information collected and/or deletion, noted above, may involve categories and/or specific pieces of information. However, certain exemptions and exceptions may apply in responding to a request.

The CCPA applies to several categories of personal information. The table below provides descriptions of each category of personal information and identifies whether BCSF collects such information and collected such information from consumers within the past 12 months:

Category/ExamplesCollected by BCSF
Identifiers
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.		Yes
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.		Yes
Protected classification characteristics under California or federal law
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).		Yes
Commercial information
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.		No
Biometric information
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.		No
Internet or other similar network activity
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.		No
Geolocation data
Physical location or movements.		No
Sensory data
Audio, electronic, visual, thermal, olfactory, or similar information.		No
Professional or employment-related information
Current or past job history or performance evaluations.		No
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.		No
Inferences drawn from other personal information
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.		No

Personal information may also be collected from a consumer in the context of current or former job applicant, employee, director, officer, or contractor. Additional information collected may include emergency contact and information to administer benefits, including the provision of benefits to another person.

Personal information does not include information that is lawfully made available from federal, state, or local government records or consumer information that is deidentified or aggregated. The CCPA does not apply to health or medical information subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), information covered by the California Confidentiality of Medical Information Act (CMIA) or clinical trial data, and personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

Business purposes may include auditing, legal and regulatory compliance, security, debugging, the performance of services (including claims analysis and payment), internal research, and testing/improvement.

Categories of sources from which personal information was directly and indirectly collected in the past 12 months include from you and/or authorized agents; interaction with our platforms and services; and third parties. This could include information obtained on websites and services from third parties that interact with us in connection with the services we perform.

Categories of third parties with whom the business shared personal information in the past 12 months include authorized agents, affiliates, service providers (such as those described previously), contractors, and authorized third parties.

Non-Discrimination: We will not discriminate or retaliate against you for exercising any rights provided to you under the CCPA. However, if you refuse to provide your personal information to us or ask us to delete your personal information, and that personal information is necessary for us to provide you with goods or services, we may not be able to complete that transaction.

Notice to Colorado Residents

Under Colorado’s Consumer Privacy Act (CPA), which went into effect July 1, 2023, Colorado residents have certain rights around BCSF’s collection, use, and sharing of their Personal Information.

We collect various categories of personal information depending on how you choose to engage with us as described in this policy. The section, How We Share Information, above describes how and under what circumstances personal information may be shared with third parties.

If you are a resident of Colorado, starting July 1, 2023, you have the right to (1) request to know what personal information has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal information; (3) request deletion of your personal information (exceptions under the CPA and other laws may allow us to retain and use your personal information notwithstanding your deletion request); and (4) obtain a copy of your personal information.

If you have any questions or comments, or would like to exercise any of your rights, please contact us using the contact information at the end of this policy.

Notice to Connecticut Residents

Under the Connecticut Data Privacy Act (CTDPA), which went into effect July 1, 2023, Connecticut residents have certain rights around BCSF’s collection, use, and sharing of their personal information.

If you are a resident of Connecticut, starting July 1, 2023, you have the right to (1) request to know what personal information has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal information; (3) request deletion of your personal information (exceptions under CTDPA and other laws may allow us to retain and use certain personal information notwithstanding your deletion request); and (4) obtain a copy of your personal information.

If you have any questions or comments, or would like to exercise any of your rights, please contact us using the contact information at the end of this policy.

Notice to Nevada Residents

Nevada law (SB 220) requires website operators to provide a way for Nevada consumers to opt-out of the sale of certain information that the website operators may collect about them.

Notice to Utah Residents

Under Utah’s Consumer Privacy Act (UCPA), which goes into effect December 31, 2023, Utah residents have certain rights around BCSF’s collection, use, and sharing of their personal information.

If you are a resident of Utah, starting December 31, 2023, you have the right to (1) request to know what personal information has been collected about you, and to access that information; (2) request deletion of your personal information (exceptions under UCPA and other laws may allow us to retain and use certain personal information notwithstanding your deletion request); and (3) obtain a copy of your personal information.

If you have any questions or comments, or would like to exercise any of your rights, please contact us using the contact information at the end of this policy.

Notice to Virginia Residents

Under Virginia’s Consumer Data Protection Act (CDPA) Virginia residents have certain rights around BCSF’s collection, use, and sharing of their Personal Information.

We collect various categories of personal information, including sensitive personal information as defined under the CDPA, depending on how you choose to engage with us as described in this policy. The section, How We Share Information, above describes how and under what circumstances personal information may be shared with third parties.

If you are a resident of Virginia you have the right to (1) request to know what personal information has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal information; (3) request deletion of your personal information (exceptions under CDPA and other laws may allow us to retain and use certain personal information notwithstanding your deletion request); and (4) obtain a copy of your personal information.

If you have any questions or comments, or would like to exercise any of your rights, please contact us using the contact information at the end of this policy.

Substance Use Disorder (SUD) Records Privacy Notice

Applicability and Background

We are committed to protecting the confidentiality of Substance Use Disorder (SUD) records in accordance with the requirements of 42 CFR Part 2 (“Part 2”) and the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). This section applies to all SUD records created by a Part 2 program that we may receive or maintain in connection with the provision of insurance products or services.

Uses and Disclosures of SUD Records

We may use and disclose SUD records subject to Part 2 for treatment, payment, and health care operations purposes (“TPO”) only when we have received a valid patient consent that authorizes such uses and disclosures. A patient may provide a single consent for all future uses and disclosures of their SUD records for TPO purposes. A patient may revoke such consent at any time, and revocation will be effective upon receipt by us, except to the extent that BCSF has already taken action in reliance on the consent.

Where we receive SUD records pursuant to a valid TPO consent, we may redisclose such records in accordance with HIPAA regulations, subject to the restrictions described in this notice.

Prohibition on Use in Legal Proceedings

SUD records subject to Part 2, or testimony relaying the content of such records, may not be used or disclosed by us in any civil, criminal, administrative, or legislative proceeding against the patient without the patient’s specific written consent or a court order that meets the requirements of Part 2. Any consent authorizing use or disclosure of SUD records for such proceedings must be separate from any other consent and cannot be combined with a general TPO consent.

SUD Counseling Notes

BCSF will not use or disclose SUD counseling notes—defined as notes analyzing the conversation in an SUD counseling session that a clinician voluntarily maintains separately from the rest of the patient’s SUD treatment and medical record—without specific written consent from the patient. Such notes require separate consent and cannot be used or disclosed based on a general TPO consent.

Patient Rights Regarding SUD Records

Patients have the following rights with respect to their SUD records maintained by BCSF:

  • Right to Request Restrictions: A patient may request restrictions on the use and disclosure of their SUD records, including when the patient has signed a general consent for TPO uses and disclosures. BCSF will consider such requests in accordance with applicable law.
  • Right to an Accounting of Disclosures: A patient may request an accounting of disclosures of their SUD records made by BCSF, in accordance with the requirements of Part 2 and HIPAA.
  • Right to File a Complaint: A patient may file a complaint directly with the U.S. Department of Health and Human Services, Office for Civil Rights, for an alleged violation of Part 2. A patient may also file a complaint with BCSF or the Part 2 program.

Fundraising Communications

If BCSF intends to use or disclose SUD records subject to Part 2 for fundraising purposes for the benefit of BCSF, the patient has the right to opt out of receiving such fundraising communications prior to the first communication. To exercise this right, please contact our Privacy Officer using the contact information provided at the end of this policy.

Breach Notification

In the event of a breach of unsecured SUD records subject to Part 2, BCSF will comply with the breach notification requirements of the HIPAA Breach Notification Rule, including providing notice to affected individuals, the Secretary of HHS, and, where applicable, the media.

Updates to the Privacy Policy

We continuously seek to update and improve to reflect changes in technology, the law, and our business practices. Accordingly, we may update our policy in the future, and we encourage you to return to this page to check for updates.

Alternate Formats

If you need this policy in an alternate format, please contact our Privacy Officer at [email protected]. You may also submit your request via our online form by clicking here.

Request for Confidential Communication

To request that we send communications containing protected health information to you at a different address or via a different mechanism than the one on file, please fill out our Confidential Confirmation Form (PDF). Once you have completed and signed this form, you may return it to us using one of the following methods:

  • Mail to: Privacy Officer, BCS Financial, 2 Mid America Plaza Suite 200, Oakbrook Terrace, IL 60181
  • Email the form to [email protected]
  • You may also submit a request telephonically by contacting the Privacy Office directly at 1-833-227-4512

PLEASE NOTE: You may use a different form to submit a request for confidential communication, as long as it contains the same information in our Confidential Communication Form. For Washington residents, the Washington State Office of the Insurance Commissioner developed a form that you may use to request confidential communications that can be found here.

Disclaimer

The BCSF website, or the websites of any BCSF businesses or affiliates, does not constitute an offer or contract. Information on the websites may contain inaccuracies or typographical errors. Information may be changed or updates without notice.

Ethics and Compliance

BCS is an organization with strong values of responsibility and integrity. Our Code of Business Conduct contains general guidelines for conducting business with the highest standards of ethics.

In situations where you prefer to place an anonymous report, you may use this Ethics and Compliance Helpline, hosted by a third party helpline provider, EthicsPoint. You are encouraged to submit reports relating to violations, potential violations, or other questionable conduct as outlined in our Code of Business Conduct or other policies.

When reporting via the Ethics and Compliance Helpline, whether via the Web or the phone, you may choose to identify yourself, which often facilitates BCS’s ability to fully address your report. BCS has a policy of confidentiality and will protect your identity to the extent permitted by law and professional standards, as consistent with BCS’s need to conduct a thorough investigation, if warranted, or to take other appropriate action. BCS has a strict policy of non-retaliation for good faith reporting by company personnel, even if sufficient evidence is not found to substantiate the concern.

Other Questions

If you have any questions or concerns regarding BCSF’s Privacy Policy, please contact us at 1-833-227-4512 or send an email to [email protected]. Communications may also be directed to our corporate office at BCS Financial Corporation, 2 Mid America Plaza, Suite 200, Oakbrook Terrace, IL 60181.

Last Updated: February 12, 2026