Privacy Policy

1. Scope

Our Privacy Policy was last updated on July 16, 2025.

We value your privacy and are committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our websites, use our services, or interact with us online.

This Policy outlines our practices regarding the collection, use, and disclosure of your information when you use our services, and it informs you about your privacy rights and how the law protects you. We use your personal data to provide and improve our services. By using our services, you agree to the collection and use of information in accordance with this Privacy Policy.

This Privacy Policy applies to our interactions with customers, website visitors, and users of our services. It does not apply to personal data collected from job applicants. If you have submitted a job application, please contact our HR department for more information.

2. Definitions

A. "Account" means a unique account created for You to access our Service or parts of our Service.

B. "Business" refers to the Company as the legal entity that collects Consumers' personal information and determines the purposes and means of the processing of Consumers' personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers' personal information, that does business in the State of California.

C. "Company" (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Southlake Insurance and its affiliates as provided in Section 6 of this Privacy Policy. For the purpose of this privacy policy, the Company is the Data Controller.

D. "Country" refers to the United States of America.

E. "Consumer" means a natural person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.

F. "Cookies" are small files that are placed on Your computer, mobile device, or any other device by a website, containing the details of Your browsing history on that website among its many uses.

G. "Data Controller" refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.

H. "Device" means any device that can access the Service, such as a computer, a cell phone, or a digital tablet.

I. "Do Not Track" (DNT) is a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.

J. "Personal Data" is any information that relates to an identified or identifiable individual.

It includes any information relating to You, such as a name, an identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity.
It also includes any information that identifies, relates to, describes, or is capable of being associated with, or could reasonably be linked, directly or indirectly, with You.

K. "Sale" means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer's personal information to another business or a third party for monetary or other valuable consideration.

L. "Service" refers to the Website.

M. "Service Provider" means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service, or to assist the Company in analyzing how the Service is used. Service Providers are considered Data Processors.

N. "Usage Data" refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

O. "Website" refers to the website you are currently visiting, including all associated domains, subdomains, mobile versions, and applications operated by the Company.

P. "You" means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

"You" may also be referred to as the Data Subject or as the User, as you are the individual using the Service.

3. Types of Data Collected

A. Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:

Email address
First name and last name
Phone number
Address, State, Province, ZIP/Postal code, City
Usage Data

B. Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as your device’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

When you access the Service by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers, and other diagnostic data.

We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device.

4. Sources of Personal Information

We obtain the categories of personal information listed above from the following sources:

Directly from you: For example, from the forms you complete on our Service, preferences you express or provide through our Service, or from your purchases.

Indirectly from you: For example, by observing your activity on our Service.

Automatically from you: For example, through cookies set by us or our Service Providers as you navigate the Service.

From Service Providers: For example, third-party vendors that monitor and analyze usage, process payments, or assist with service delivery.

HIPAA and Health-Related Data

While we do not operate as a Covered Entity under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), certain services we provide—such as claims handling or policy administration—may involve the incidental processing of health-related information. We maintain physical, technical, and administrative safeguards in line with industry standards to protect such data. For official HIPAA compliance obligations, please refer to the notices issued by your healthcare provider or insurer.

Biometric and Automated Profiling Information

We do not currently collect biometric identifiers (e.g., fingerprints, facial scans, or voiceprints). If our operations expand to include such data for identity verification, fraud prevention, or customer authentication, we will obtain all required notices and consents as required by laws such as the Illinois Biometric Information Privacy Act (BIPA). We may also use automated systems to analyze user interactions for fraud detection, quoting, or marketing. These systems do not make legally significant decisions unless explicitly stated. Users may request human review where applicable.

5. Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to monitor activity on our Service and store certain information. These may include beacons, tags, and scripts to collect and analyze data to improve our Service.

Technologies we use include:

Cookies or Browser Cookies: A cookie is a small file placed on your device. You can set your browser to refuse cookies or notify you when a cookie is sent. If you decline cookies, some features may be unavailable.

Web Beacons: These are small electronic files in emails or web pages (also called clear gifs, pixel tags, or single-pixel gifs) used to track usage or confirm email opens, etc.

Cookies can be either "Persistent" (stay on your device when offline) or "Session" (deleted after closing your browser).

We use both types for the following purposes:

Necessary / Essential Cookies

Type: Session Cookies

Administered by: Us

Purpose: Enable you to use our features securely and efficiently. They authenticate users and prevent fraud. Without them, some services will not function properly.
Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: Identify whether users have consented to the use of cookies.
Functionality Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: Remember choices you make (e.g., login details, language preferences) to enhance your experience.
Tracking and Performance Cookies

Type: Persistent Cookies

Administered by: Third Parties

Purpose: Track traffic and user behavior on the Website. Data collected may indirectly identify you and is typically linked to a pseudonymous identifier. These cookies also support testing new features and analyzing user engagement.

For more information on our cookie practices and your choices, please refer to our Cookies Policy or the relevant section of this Privacy Policy.

6. Use of Your Personal Data

The Company may use Personal Data for the following purposes:

Improve, develop, and analyze our Sites, services, and products. We use your personal information and other information to:
1. analyze, improve, develop, or deliver our Sites, products and services and develop new services, products or features using algorithms, analytics software, and other similar methods,
2. conduct actuarial or research studies to maintain, protect and develop our networks, services, and products and protect our customers, and
3. analyze how visitors use our Sites to improve the Sites and to enhance and personalize your experience.
4. We collect information used for these purposes using analytics software, cookies, and other tracking technologies. For more information about the collection and use of this information.

Communicate with you about your service or product. We may communicate with you about your product, service, account, policy, or membership, provide you transaction confirmations, payment alerts or other service or product related messages via mail, email, or other available methods such as push notifications.

Provide marketing communications. We may use your personal information to send you communications about products, services, features, and options we believe may interest you. We may send communications via e-mail, regular mail or send push notifications via a mobile device. We may also use your information to serve you ads or customized content online

Manage Your requests: including customer service, feedback, or support interactions.

Update or correct our records. We may receive personal information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine that personal information with other personal information we have about you to update our records. For example, we may obtain change of address information from public sources and use that personal information to update or correct your address

For business transfers. To evaluate or complete business transitions such as mergers or asset sales where user data may be part of the transferred assets.

Comply with legal requirements and protect the safety and security of our business. We may use your personal information to comply with laws, regulations, or other legal obligations, to assist in an investigation, or to enforce terms and conditions. We may use your personal information to protect and defend our rights, network, Sites and other property and the rights of third parties including affiliates and customers. We may also use your personal information to prevent suspected fraud, threats to our network or other illegal activities, prevent misuse or for any other reason permitted by law.

We may share Your personal information in the following situations:

With Service Providers: Personal information may be shared with service providers who perform services on our behalf for a business purpose including service providers that:
- provide services that support our online activities including providing technologies, web hosting and analytics.

For business transfers: Personal information may be disclosed to third parties in connection with a corporate transaction, such as a merger, sale of any or all of our company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by an affiliate or third party, or in the event of a bankruptcy or similar proceedings.

With Affiliates: Who will follow this Privacy Policy. These entities include Southlake Specialty Insurance Company, Westlake Specialty Insurance Company, and Nevada General Insurance Company.

Authorized agents or brokers: We operate through agents and brokers who sell our services and products on our behalf. We may share your personal information with those agents or brokers to provide you with the services you’ve requested. They may use your personal information in the manner described in this Privacy Statement.

With other users: If you interact publicly on the Service, others may view and share your data.

Law enforcement, regulators, and other parties for legal reasons: Personal information may be disclosed to third parties, as required by law or subpoena, or if we reasonably believe such action is necessary to:
- comply with the law and the reasonable requests of regulators, law enforcement, or other public authorities,
- protect our or others safety, rights, or property, and
- investigate fraud or to protect the security or integrity of our Sites or any product or services.

With Your consent: For any other purpose that you explicitly approve.

7. Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. This means that your data may be transferred to — and maintained on — computers located outside of Your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of Your jurisdiction.

Your consent to this Privacy Policy, followed by Your submission of such information, represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy, and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

8. Security of Your Personal Data

The security of Your Personal Data is important to us. We implement encryption, firewalls, intrusion detection systems, and regular security audits to protect Your Personal Data. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee its absolute security.

If we become aware of a security incident that compromises your personal data, we will notify affected individuals consistent with applicable U.S. data breach notification laws.

9. Third-Party Service Providers and Processing Activities

The Service Providers We use may have access to Your Personal Data. These third-party vendors collect, store, use, process, and transfer information about Your activity on Our Service in accordance with their Privacy Policies.

We require all third-party service providers, vendors, and contractors who process personal data on our behalf to enter into legally binding agreements that include data processing obligations, confidentiality provisions, and appropriate technical and organizational safeguards. These agreements ensure that data shared with vendors—whether for analytics, communication, claims, marketing, or infrastructure—remains protected, limited to intended uses, and not retained longer than necessary.

A. Analytics

We may use third-party Service providers to monitor and analyze the use of our Service including but not limited to:

B. Email Marketing

We may use your Personal Data to contact you with newsletters, marketing, or promotional materials, and other information that may be of interest to you. You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us.

C. Payments

We may provide paid products and/or services within the Service. In that case, we may use third-party services for payment processing (e.g. payment processors).

We will not store or collect Your payment card details. That information is provided directly to Our third-party payment processors whose use of Your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of payment information. These are, but may not be limited to:

10. Use of Personal Information for Business Purposes or Commercial Purposes

We may use or disclose personal information We collect for "business purposes" or "commercial purposes" (as defined under the pertinent state and federal laws), which may include the following examples:

To operate our Service and provide You with our Service.

To provide You with support and to respond to Your inquiries, including to investigate and address Your concerns and monitor and improve our Service.

To fulfill or meet the reason You provided the information. For example, if You share Your contact information to ask a question about our Service, We will use that personal information to respond to Your inquiry. If You provide Your personal information to purchase a product or service, We will use that information to process Your payment and facilitate delivery.

To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

As described to You when collecting Your personal information or as otherwise set forth under the pertinent state and federal laws.

For internal administrative and auditing purposes.

To detect security incidents and protect against malicious, deceptive, fraudulent or illegal activity, including, when necessary, to prosecute those responsible for such activities.

Please note that the examples provided above are illustrative and not intended to be exhaustive. For more details on how we use this information, please refer to the "Use of Your Personal Data" section.

If We decide to collect additional categories of personal information or use the personal information We collected for materially different, unrelated, or incompatible purposes, We will update this Privacy Policy.

11. Disclosure of Personal Information for Business Purposes or Commercial Purposes

We may use or disclose, and may have used or disclosed in the last twelve (12) months, the following categories of personal information for business or commercial purposes:

Category A: Identifiers
Category B: Personal information categories (which includes those listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)))
Category D: Commercial information
Category F: Internet or other similar network activity

The above categorization does not mean that all examples of that category of personal information were in fact disclosed, but reflects our good faith belief, to the best of our knowledge, that some of that information from the applicable category may be and may have been disclosed.

When We disclose personal information for a business purpose or a commercial purpose, We enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

12. Sale of Personal Information

"Sell" and "sale" mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to a third party for valuable consideration. This means that We may have received some benefit in return for sharing personal information, but not necessarily a monetary benefit. We do not engage in automated decision-making or profiling using your Personal Data, unless explicitly consented to and permitted by applicable law.

Please note that the aforementioned categorization listed below does not mean that all examples of that category of personal information were sold, but reflects our good faith belief, to the best of our knowledge, that some of that information from the applicable category may be and may have been shared for value in return.

We may sell and may have sold in the last twelve (12) months the following categories of personal information:

Category A: Identifiers
Category B: Personal information (which includes the categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)))
Category D: Commercial information
Category F: Internet or other similar network activity

Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other Legal Requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

Comply with a legal obligation
Protect and defend the rights or property of the Company
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of Users of the Service or the public
Protect against legal liability

We may share Your personal information identified in the above categories with the following categories of third parties:

Service Providers
Payment processors
Our affiliates
Our business partners
Third party vendors to whom You or Your agents authorize Us to disclose Your personal information in connection with products or services We provide to You

Phone numbers collected with explicit SMS consent will never be sold, rented, or shared with third parties or affiliates for marketing purposes under any circumstances.

14. Sale of Personal Information of Minors Under 18 Years of Age

We do not knowingly collect personal information from minors under the age of 18 through our Service; however, certain third-party websites that we link to may collect such information. These third-party websites have their own terms of use and privacy policies, and we encourage parents and legal guardians to monitor their children's Internet usage and instruct their children to never provide information on other websites without their permission.

We do not sell the personal information of Consumers that We actually know are less than 18 years of age, unless We receive affirmative authorization (the "right to opt-in") from either the Consumer who is between 13 and 18 years of age, or the parent or legal guardian of a Consumer less than 13 years of age. Consumers who opt in to the sale of personal information may opt out of future sales at any time. To exercise the right to opt-out, You (or Your authorized representative, parent, or legal guardian) may submit a request to Us by contacting Us.

If You have reason to believe that a child under the age of 18 has provided Us with personal information, please contact Us with sufficient detail to enable Us to locate and delete that information.

15. Do Not Sell My Personal Information

You have the right to opt-out of the sale of Your personal information. Once We receive and confirm a verifiable consumer request from You, we will stop selling Your personal information. To exercise Your right to opt-out, please contact Us.

The Service Providers we partner with (for example, our analytics or advertising partners) may use technology on the Service that sells personal information. If you wish to opt out of the use of Your personal information for interest-based advertising purposes and these potential sales, you may do so by following the instructions below.

Please note that any opt out is specific to the browser You use. You may need to opt out on every browser that You use.

A. Website

Our website does not use third-party advertising networks or service providers that deliver interest-based or behaviorally targeted ads. As such, we do not rely on external opt-out platforms.

Any preferences for personalized content or advertising are instead managed by your browser. You can configure your browser settings to limit or block cookies, manage privacy controls, or send a "Do Not Track" (DNT) or Global Privacy Control (GPC) signal. Please note that these signals are honored based on your browser's capabilities and configuration.

Because we do not participate in third-party ad personalization services, no opt-out cookies are set by us, and you will not need to manage separate opt-out processes across browsers.

B. Mobile Devices

Your mobile device may give You the ability to opt out of the use of information about the apps You use in order to serve You ads that are targeted to Your interests:

"Opt out of Interest-Based Ads" or "Opt out of Ads Personalization" on Android devices

"Limit Ad Tracking" on iOS devices

You can also stop the collection of location information from Your mobile device by changing the preferences on Your mobile device.

Our Service does not respond to Do Not Track signals.

However, some third-party websites do keep track of Your browsing activities. If You are visiting such websites, You can set Your preferences in Your web browser to inform websites that You do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of Your web browser.

16. Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers. We are in full compliance with the Children's Online Privacy Protection Act (COPPA) and do not knowingly collect personal data from children under the age of 13 without verifiable parental consent.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

17. Links to Other Websites

Our Service may contain links to other websites that We do not operate. If You click on a third-party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

18. Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. If material changes are made to this Privacy Policy, we will notify users via email (if on file) and/or a prominent notice on the Website before the changes taking effect.

If you have difficulty accessing this Privacy Policy due to a disability, please contact us and we will provide the information in an alternative format.

19. Contact Us

If you have any questions about this Privacy Policy, You can contact us by sending an email to datasecurity@prismonesvcs.com.

Please be advised that the employees at Southlake Insurance have up to three (3) business days to implement the necessary protocol to secure your contact information and other confidential information.

To make a request to access, delete, or correct your information, please access our Links for Privacy Request Intake Form (opens in new tab) and Privacy Appeal Request Form (opens in new tab)