PRIVACY POLICY

Diabetic Insurance Solutions

INTRODUCTION AND LEGAL BASIS

This Privacy Policy ("Policy") is a legally binding document that describes how Diabetic Insurance Solutions, LLC and its affiliates, subsidiaries, and authorized representatives ("we," "us," "our," "Company," "Producer," or "Agency") collect, use, maintain, protect, disclose, and process information we receive from users ("you," "your," "client," "prospect") of the diabeticinsurancesolutions.com website and associated domains ("Website"), as well as through all other communication channels and services we provide (collectively, the "Services").

This Policy constitutes a legal agreement between you and Diabetic Insurance Solutions. By accessing or using our Services, you expressly acknowledge that you have read, understood, and consent to all terms of this Policy and to our collection, use, sharing, and storage of your information as described herein. If you do not agree with any part of this Policy, you must immediately discontinue use of our Services.

This Policy is governed by and construed in accordance with applicable federal laws and the laws of the State of Illinois, without regard to conflict of law principles. This Policy implements requirements from insurance regulations, privacy laws, and industry standards applicable to insurance producers.

INFORMATION WE COLLECT

2.1 Categories of Personal Information

We collect the following categories of personal information, consistent with and as permitted by applicable law:

2.1.1 Identifiers and Contact Information
Full legal name and any prior names
Home, billing, and mailing addresses
Email addresses (personal and business)
Telephone numbers (home, mobile, work)
Date and place of birth
Social Security Number or Taxpayer Identification Number
Driver's license number, state identification card, or passport information
IP addresses and online identifiers
Policy numbers and account numbers
Signatures (electronic and physical)

2.1.2 Protected Classification Information
Age
Gender
Marital status
Citizenship status
National origin
Military or veteran status
Disability status

2.1.3 Financial Information
Income sources and amounts
Net worth and assets
Bank account information (for premium payments)
Credit card information (for premium payments)
Credit history and credit scores
Tax information
Financial objectives and goals
Employment status, history, and income

2.1.4 Health and Medical Information
Medical history, conditions, and diagnoses, particularly diabetes-related information
Medications and treatments
Height, weight, and BMI
Lab test results and medical reports
Smoking/tobacco/nicotine usage
Alcohol consumption history
Family medical history
Physician and healthcare provider information
Medical examination results
Detailed diabetes management information, including:
Type of diabetes
Date of diagnosis
Current A1C levels and history
Current diabetes medications and dosages
Diabetes-related complications
Glucose monitoring methods and results

2.1.5 Insurance-Specific Information
Current and prior insurance policies
Premium payment history
Insurance applications and related documents
Claims history and details
Beneficiary information (including name, relationship, contact information, and SSN)
Policy ownership information
Contestability period status

2.1.6 Website and Technical Information
Browsing history, activity, and interactions with our Website
Device information (type, operating system, browser)
Location data
Session duration and timestamps
Website preferences
Marketing and communication preferences
Cookies and similar tracking technologies data

2.1.7 Professional Information
Occupation, job title, and employment history
Business ownership information
Professional licenses and certifications
Business contact information
Employer information

2.1.8 Correspondence Information
Email correspondence
Chat logs
Call recordings
Meeting notes
Customer service interactions
Testimonials or reviews you provide

2.2 Collection Methods

We collect personal information through the following methods:

2.2.1 Direct Collection
Insurance pre-qualification forms and applications
Quote request forms
Registration forms and account creation
Needs analysis questionnaires
Customer service interactions
Emails, letters, telephone calls, or other communications with us
Surveys, contests, or promotions
Cookies and similar technologies when you visit our Website
Mobile applications or other digital platforms we operate

2.2.2 Indirect Collection
From insurance carriers with whom we place your business
From medical information bureaus (such as MIB, Inc.)
From consumer reporting agencies (such as credit bureaus)
From healthcare providers (with your authorization)
From your designated representatives (agents, attorneys, accountants)
From publicly available sources
From third-party vendors or service providers
From marketing and lead generation partners

2.2.3 Automatic Data Collection Technologies

Our Website employs various automatic data collection technologies, including:
Cookies (session, persistent, first-party, and third-party)
Web beacons and pixel tags
Flash cookies or locally shared objects
Server logs
JavaScript tracking code
Analytics tools (including Google Analytics)

These technologies collect information such as:
Pages visited and content viewed
Clickstream data (the sequence of clicks through our Website)
Time spent on particular pages
Referral sources and entry/exit pages
Technical information about your device and internet connection
Location data

You can manage certain aspects of automatic data collection through your browser settings, but disabling these technologies may limit functionality of our Website.

LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION

We process your personal information pursuant to the following legal bases:

3.1 Contractual Necessity
To perform our contractual obligations to you
To take steps at your request prior to entering into a contract
To process and complete insurance transactions
To provide requested insurance services and customer support

3.2 Legitimate Interests
To operate, maintain, and improve our business and Services
To protect against fraud, financial loss, unauthorized transactions, or other liability
To enhance the security and functionality of our Website
To better understand how visitors use our Website
To develop new products, services, or features
To conduct business analysis and research
To enforce our legal rights and comply with contractual obligations

3.3 Legal Compliance
To comply with insurance laws and regulations
To comply with privacy laws and regulations
To comply with money laundering, fraud prevention, and other financial crime laws
To respond to legal process (subpoenas, court orders, regulatory requests)
To maintain records required by law
To fulfill tax and accounting obligations

3.4 Consent
To contact you with marketing and promotional communications (where required by law)
To collect and process special categories of data, including health information
To share your information with third parties where consent is required by law
To use certain tracking technologies on our Website
For other purposes where consent is required by law

You may withdraw consent at any time by contacting us using the information in Section 11, but this will not affect the lawfulness of processing based on consent before its withdrawal.

HOW WE USE YOUR INFORMATION

We use your personal information for the following purposes:

4.1 Core Business Functions
To provide insurance quotes and illustrations
To determine eligibility for specific insurance products
To process and submit insurance applications
To facilitate underwriting decisions by insurance carriers
To assist with policy issuance, maintenance, and servicing
To process premium payments and refunds
To assist with claims processing when applicable
To communicate with you about your insurance policies
To verify your identity
To detect and prevent fraud
To address your inquiries, complaints, and requests

4.2 Operational and Administrative Functions
To maintain accurate records
To generate internal reports and analytics
To improve our business operations
To train our staff
To ensure quality control
To conduct audits and investigations
To enforce our Terms of Service and other agreements
To fulfill our legal and regulatory obligations
To protect our rights, property, and safety

4.3 Marketing and Communications
To send relevant marketing communications (subject to your preferences)
To inform you about insurance products, services, or features that may interest you
To provide newsletters or updates about the insurance industry
To administer surveys, contests, or promotions
To analyze the effectiveness of our marketing efforts
To tailor our marketing based on your profile and preferences

4.4 Website and Technology Operations
To operate, maintain, and improve our Website
To diagnose and fix technical issues
To analyze Website usage patterns
To personalize your Website experience
To ensure the security of our systems and Website
To monitor and prevent malicious activity

4.5 Business Development and Improvement
To develop new products and services
To enhance existing products and services
To identify customer trends and preferences
To evaluate and improve our customer service
To conduct market research and analysis
To assess the effectiveness of our business strategies

DISCLOSURE AND SHARING OF YOUR INFORMATION

5.1 Categories of Recipients

We may disclose your personal information to the following categories of recipients:

5.1.1 Insurance Carriers and Industry Partners
Life insurance companies with whom we place business
Reinsurance companies
Premium finance companies
Medical Information Bureau (MIB)
Insurance support organizations
Other insurance agencies (in case of referrals or joint marketing arrangements)

5.1.2 Service Providers and Vendors
Customer relationship management (CRM) system providers
Information technology and software providers
Data storage and cloud service providers
Payment processors
Marketing and advertising partners
Email and communication service providers
Professional service providers (attorneys, accountants, consultants)
Website hosting and development providers
Analytics providers
Customer service providers

5.1.3 Regulatory and Legal Entities
Insurance regulatory authorities
Government agencies and law enforcement
Courts and other legal bodies
External auditors and compliance consultants
Fraud prevention agencies

5.1.4 Corporate Entities
Our parent company, subsidiaries, and affiliates
Potential or actual acquirers in the event of a merger, acquisition, or corporate reorganization

5.2 Disclosure Limitations and Safeguards

All disclosures of your information are subject to the following safeguards:

We share only the minimum information necessary for the intended purpose
We require all third parties to respect the security of your personal information
We require all third parties to use your information only for specified purposes
We require all third parties to process your information in accordance with applicable laws
We use contracts and data processing agreements to protect information shared with service providers
We conduct due diligence on third parties before sharing your information

5.3 International Transfers

Your personal information may be transferred to, stored, and processed in countries other than the one in which you reside. When we transfer your information internationally, we implement appropriate safeguards in accordance with applicable data protection laws, including:

Execution of Standard Contractual Clauses approved by relevant authorities
Ensuring the receiving country has adequate data protection laws as determined by relevant authorities
Obtaining your explicit consent for specific transfers where required by law
Implementing supplementary security measures as necessary

HEALTH INFORMATION PROTECTION AND HIPAA COMPLIANCE

6.1 Protected Health Information

We recognize that health information, particularly information related to diabetes and other medical conditions, is highly sensitive. We treat all protected health information (PHI) in accordance with applicable laws, including HIPAA when applicable.

6.2 Authorization for Collection and Use of Health Information

We collect and use health information only with your explicit authorization. Prior to collecting any health information, we will obtain your authorization through:

Insurance application forms with appropriate HIPAA and medical release language
Standalone HIPAA authorization forms
Medical information release forms for insurance underwriting purposes

Each authorization specifies:
The purpose of the collection and disclosure
The types of information to be collected and disclosed
The recipients of the information
The expiration of the authorization
Your right to revoke the authorization

6.3 Safeguards for Health Information

We implement the following specific safeguards for health information:

Enhanced encryption for health data storage and transmission
Role-based access controls limiting access to authorized personnel only
Specific staff training on handling health information
Audit logs of all access to health information
Physical safeguards for paper documents containing health information
Secure disposal methods for health information
Business Associate Agreements with all vendors who may access health information

6.4 HIPAA Rights

When HIPAA applies to our activities, you have specific rights regarding your PHI, including:

The right to access your PHI
The right to request restrictions on certain uses and disclosures
The right to request confidential communications
The right to amend your PHI
The right to receive an accounting of certain disclosures
The right to receive a copy of our Notice of Privacy Practices

To exercise these rights, please contact our HIPAA Privacy Officer at the contact information in Section 11.

DATA SECURITY MEASURES

We implement and maintain reasonable security measures to protect your personal information, including:

7.1 Technical Safeguards
Industry-standard encryption for data in transit (TLS/SSL) and at rest (AES-256)
Firewalls, intrusion detection, and prevention systems
Secure user authentication systems
Regular security patches and updates
Malware protection
Regular vulnerability scans and penetration testing
Data loss prevention controls
Access controls and user privileges based on need-to-know principle
Secure data backup systems
System monitoring and alerting for suspicious activities

7.2 Organizational Safeguards
Comprehensive information security policies and procedures
Regular staff training on data security and privacy
Background checks for employees with access to sensitive data
Confidentiality agreements with employees and contractors
Secure document management procedures
Clean desk policy and secure workspace requirements
Incident response plan for potential data breaches
Vendor security assessment process
Regular internal security audits

7.3 Physical Safeguards
Secure access to facilities
Locked file cabinets for physical documents
Secure disposal of physical documents (shredding)
Surveillance systems where appropriate
Environmental safeguards (fire protection, power continuity)

7.4 Data Breach Procedures

In the event of a data breach involving your personal information, we will:
Promptly investigate the incident
Take measures to contain and mitigate the breach
Notify affected individuals in accordance with applicable laws
Notify relevant regulatory authorities as required by law
Provide appropriate assistance and information to affected individuals
Implement corrective actions to prevent similar incidents

While we implement reasonable security measures, no security system is impenetrable, and we cannot guarantee the absolute security of your information. Transmission of information via the internet carries inherent risks, and any transmission is at your own risk.

DATA RETENTION AND DISPOSAL

8.1 Retention Periods

We retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including:

For the duration of our business relationship
For as long as necessary to provide our Services
For periods required by applicable insurance laws and regulations
For periods required by tax, accounting, and other legal requirements
For the establishment, exercise, or defense of legal claims

Specific retention periods include:
Insurance policy information: Duration of the policy plus 7 years
Insurance application information (if no policy issued): 3 years
Health information: Duration of authorization plus 7 years
Website usage data: 2 years
Marketing data: Until opt-out or 3 years of inactivity
Contact information: Duration of relationship plus 5 years

8.2 Retention Criteria

In determining appropriate retention periods, we consider:
Legal and regulatory requirements
Statute of limitations for potential claims
Industry best practices
The nature and sensitivity of the information
The potential risk of harm from unauthorized use or disclosure
The purposes for which we process the information
Whether we can achieve those purposes through other means

8.3 Data Disposal

When personal information is no longer necessary, we securely dispose of it through:
Secure deletion of electronic records using industry-standard methods
Physical destruction of storage media when appropriate
Shredding or pulverizing of physical documents
Anonymization or de-identification techniques where appropriate

If complete disposal is not possible (such as in backup systems), we isolate and secure such information and ensure it is not further processed until deletion is possible.

YOUR PRIVACY RIGHTS AND CHOICES

Depending on your jurisdiction, you may have the following rights regarding your personal information:

9.1 Access Rights
The right to confirm whether we process your personal information
The right to access your personal information
The right to obtain a copy of your personal information in a portable format

9.2 Rectification Rights
The right to correct inaccurate personal information
The right to complete incomplete personal information

9.3 Deletion and Restriction Rights
The right to request deletion of your personal information
The right to restrict processing of your personal information

9.4 Objection and Choice Rights
The right to object to processing based on legitimate interests
The right to object to direct marketing
The right to withdraw consent
The right to opt-out of sales of personal information (where applicable)
The right to opt-out of automated decision-making (where applicable)

9.5 Additional Rights
The right to non-discrimination for exercising your rights
The right to lodge a complaint with a supervisory authority
The right to be informed about all aspects of our data processing

9.6 Exercising Your Rights

To exercise any of these rights, please submit a verifiable request by:
Emailing us at

info at diabeticinsurancesolutions dot com

Writing to us at the address in Section 11

We will respond to verifiable requests within 45 days, with a possible extension of an additional 45 days when reasonably necessary, with notice of the extension.

For your protection, we may need to verify your identity before implementing your request. We will only use personal information provided in a request to verify the requestor's identity or authority to make the request.

9.7 State-Specific Privacy Rights

California Residents
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have specific rights, including:
The right to know what personal information is collected, used, shared, or sold
The right to delete personal information
The right to opt-out of the sale of personal information
The right to non-discrimination for exercising rights
The right to correct inaccurate personal information
The right to limit use and disclosure of sensitive personal information

Virginia Residents
Under the Virginia Consumer Data Protection Act (VCDPA), Virginia residents have specific rights, including:
The right to confirm whether we process your personal data
The right to access your personal data
The right to correct inaccuracies in your personal data
The right to delete personal data
The right to obtain a copy of your personal data in a portable format
The right to opt-out of certain processing activities

Other States
Residents of Colorado, Connecticut, Utah, and other states may have similar rights under their state laws. Please contact us for information specific to your state of residence.

COOKIES AND TRACKING TECHNOLOGIES

10.1 Types of Cookies and Similar Technologies We Use

We use the following types of cookies and similar technologies:
Essential cookies: Required for Website functionality
Preference cookies: Remember your settings and preferences
Analytics cookies: Help us understand how visitors interact with our Website
Marketing cookies: Track your browsing habits to display relevant advertising
Session cookies: Temporary cookies that expire when you close your browser
Persistent cookies: Remain on your device for a set period or until deleted
First-party cookies: Set by our Website domain
Third-party cookies: Set by third-party domains

10.2 Specific Cookies We Use

10.2.1 Essential Cookies
Session management
Load balancing
Security features
Form completion

10.2.2 Preference Cookies
Language preferences
Region/location settings
Accessibility settings

10.2.3 Analytics Cookies
Google Analytics
Other analytics platforms we use

10.2.4 Marketing Cookies
Social media integration
Targeted advertising
Conversion tracking

10.3 Cookie Management

You can manage cookies through your browser settings, including:
Blocking all or certain cookies
Deleting cookies after each browsing session
Accepting or declining cookies when prompted

Please note that blocking or deleting cookies may impact the functionality of our Website.

10.4 Do Not Track

Some browsers have a "Do Not Track" feature that signals websites not to track your online activities. Our Website does not currently respond to "Do Not Track" signals. However, you can use your browser cookie settings to limit tracking.

CONTACT INFORMATION

11.1 General Inquiries

For questions or comments about this Privacy Policy, please contact:

Diabetic Insurance Solutions
Email:

info at diabeticinsurancesolutions dot com

11.2 HIPAA Matters

For HIPAA-related inquiries or to exercise HIPAA rights, please contact:

info at diabeticinsurancesolutions dot com

CHILDREN'S PRIVACY

Our Services are not directed to or intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn we have collected personal information from a child under 18, we will delete that information promptly.

If you believe we might have information from or about a child under 18, please contact us immediately at the information provided in Section 11.

CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. When we make material changes, we will:
Post the updated Privacy Policy on our Website
Update the "Last Updated" date
Provide notice through the Website, via email, or other appropriate means

Your continued use of our Services after the effective date of any revised Privacy Policy constitutes your acceptance of the revised Policy.

CALIFORNIA PRIVACY NOTICE SUPPLEMENT

In compliance with California law, this section provides additional information for California residents.

14.1 Categories of Personal Information Collected and Disclosed

In the preceding 12 months, we have collected and disclosed the categories of personal information described in Section 2 to the categories of recipients described in Section 5.

14.2 Sources of Personal Information

We collect personal information from the sources described in Section 2.2.

14.3 Purposes for Collection

We collect personal information for the purposes described in Section 4.

14.4 Sale of Personal Information

California law defines "sale" broadly. We do not sell your personal information for monetary consideration. However, certain data-sharing activities might be considered "sales" under California law. You have the right to opt-out of such sharing by contacting us using the information in Section 11.

14.5 Your California Privacy Rights

California residents have the rights described in Section 9.7, which can be exercised as described in Section 9.6.

14.6 Shine the Light Law

California's "Shine the Light" law permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us using the information in Section 11.

ADDITIONAL LEGAL TERMS

15.1 Severability

If any provision of this Privacy Policy is held to be unlawful, void, or unenforceable, that provision shall be deemed severable and shall not affect the validity and enforceability of any remaining provisions.

15.2 Interpretation

The section headings are included for convenience and do not constitute part of this Privacy Policy. In the event of any conflict between the terms of this Privacy Policy and any other agreement between you and us, the terms of this Privacy Policy shall control with respect to the subject matter herein.

15.3 No Waiver

Our failure to enforce any right or provision of this Privacy Policy shall not be considered a waiver of such right or provision. No waiver of any provision shall be valid unless in writing and signed by an authorized representative.

15.4 Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the State of Illinois, without regard to its conflict of law principles. Any dispute arising from this Policy shall be subject to the exclusive jurisdiction of the courts located in Cook County, Illinois.

Last Updated: May 7, 2025