CORNERSTONE UNITED

PRIVACY POLICY

LAST UPDATED (APRIL 24^th, 2020)

OUR COMMITMENT
CornerStone United is committed to respecting the privacy of individuals and recognizes a need for the appropriate management and protection of any personal information that you agree to provide to us.

PERSONAL INFORMATION AND HOW WE MAY COLLECT IT
We may collect information provided by our customer (or provided to us on our customer’s behalf), on application; when our customer (or someone on our customer’s behalf) enrolls, requests a service, or files a claim; and other forms that are submitted to us.

This information may include, but is not limited to:
Personal Information – full name, physical mailing address, phone number, e-mail address, service contract number, loan #, insurance coverage, social security #, date of birth, and claim or service request information. We may also collect name, address, telephone number, insurance coverage, transaction history, and claims history from our customer’s transactions with us or other nonaffiliated parties (such as their chosen repair shop or service provider).

Technological information – when you visit one of our sites, we may collect information through the use of "cookies" and other data which comes from your web browser. A "cookie" is a small amount of data that is sent to your browser from a web server and stored on your computer's hard drive. In most instances, cookies can be refused by turning them off in your computer's browser. At our discretion we may log information about your visits to this website for use in troubleshooting issues that arise or to help us improve our site in general.

The type of information we collect is dependent on the type of product the individual requires from us. We will limit the personal information we collect to that which is necessary for us to carry out the terms of the product purchased and evaluation of CornerStone products.

HOW WE USE PERSONAL INFORMATION
We use personal information to establish our customer’s identity and determine their eligibility for products and services, and to set up, manage, administer, and maintain those products and services. We also use personal information to perform everyday business and operations, including record keeping and internal reporting, to communicate with our customers, and to investigate and pay claims.

We may use personal data to the extent the law allows to respond to law enforcement requests and other legally and regulatory required inquiries and obligations. We will process your personal data as necessary for our legitimate business interests as required by applicable law.

CornerStone does not sell personal information: therefore, we do not offer an “opt out” option for a consumer to choose that they do not want their information to be sold.

CONSENT
In some states and provinces privacy laws stipulate that an individual’s consent, implied or express, is required prior to or at the time we collect his or her personal information. Consent is also required prior to disclosing any personal information to a third party, except in certain situations identified in the legislation.

Consent is implied when an individual provides personal information to inquire about or purchase a CornerStone product through one of its vendors. Consent is also implied upon request to fulfill obligations of a CornerStone product, either directly from the consumer or on their behalf, or when a customer continues to use our products or services without objection.

Consent to the collection, use, or disclosure may be refused or withdrawn at any time upon giving us reasonable notice. However, if an individual refuses or withdraws consent to the collection, use, or disclosure of his or her personal information then CornerStone may be unable to provide the product or service requested.

PROTECTION OF PERSONAL INFORMATION
CornerStone will take all necessary and reasonable precautions to protect the information provided to us by our customers. CornerStone uses several manual and electronic controls to protect personal information that has been entrusted to us. These controls include restricted access to our premises, user authentication, encryption, firewall technology, and the use of detection software. CornerStone only allows access to an individual’s personal information to those employees who require it in their work. Employees who have access to personal information have been trained in this area and are made aware of the responsibility they have for protecting that information. Employees are required to make proper use of the manual and electronic controls available to them. Our employees are subject to disciplinary procedures for the unauthorized use or disclosure of an individual’s personal information.

DISCLOSURE OF PERSONAL INFORMATION
From time to time in the normal course of business, it is necessary for CornerStone to provide an individual’s personal information because of a business requirement or contractual obligation to a third party such as, but not limited to, a repair facility, inspector, insurer, reinsurer, legal counsel, regulator, adjustor, repairer or administrator. CornerStone advises each third party to whom it provides personal information that CornerStone expects the party to comply with applicable privacy laws and to also take steps to protect that information. Information on third parties is available from the Compliance and Risk Management Coordinator upon written request. In situations where CornerStone is legally required to disclose an individual’s personal information, we may do so without additional consent.

RETENTION OF PERSONAL INFORMATION
CornerStone will retain an individual’s personal information for as long as is necessary to fulfill the purposes for which it was collected, or as required by law. Disposal of any personal information will be done in a safe and complete manner.

PRIVACY BREACH
In the unlikely event that CornerStone experiences an incident involving the loss of or unauthorized access to or disclosure of personal information where a reasonable person would consider that there exists a real risk of significant harm as a result, CornerStone will comply in all respects with the applicable provisions of federal, state, or provincial privacy laws with regard to privacy breach notification, and will take all necessary steps to reduce the risk of harm as a result of the breach.

ACCESSING YOUR PERSONAL INFORMATION
In some states or provinces an individual may have the right to be allowed access to his or her personal information. Such access will be provided in accordance with applicable law. A request to access your personal information must be submitted in writing. The written request must provide us with enough detail to understand what information is being requested. We will require an individual to verify their identity before we provide access to their information. If there are any reasons why access is denied, the individual requesting access will be advised in writing. Should an individual demonstrate that any information held is inaccurate or incomplete, CornerStone will make the appropriate changes to such information.

CCPA Notice (last updated April 24^th, 2020)
The California Consumer Privacy Act of 2018 (the “CCPA”) requires certain disclosures that are covered in our Privacy Policy. This section provides an overview of the required CCPA rights for you.

1. Ability to submit a request to access your personal information. Visit our public site contact page where you can provide details pertaining to your request. We may require further identification verification details to provide us with sufficient information required to complete your request. Additionally, you can call 877-667-1762 to submit your request. We will attempt to provide you with requested information within forty-five (45) days of receipt.
2. Ability to submit a request to delete your personal information. Visit our public site contact page where you can provide details pertaining to your request. We may require further identification verification details to provide us with sufficient information required to complete your request. Additionally, you can call 877-667-1762 to submit your request. Because of the nature of our contractual obligations, state, and federal laws; we are not always able to comply with a request to delete personal information we collect.
3. We do not sell any personal information in exchange for money or anything else of value.
4. We do not use your personal information outside the scope of the requirements needed in administering the product you purchased.

CONTACT INFORMATION
Requests for further information, access to personal information or complaints about CornerStone’s handling of personal information should be directed to CornerStone’s Compliance and Risk Management Coordinator, as follows:

In Canada:
Compliance and Risk Management Coordinator
201-931 Commissioners Rd E
London, ON
N5Z 3H9


In the United States:
Compliance and Risk Management Coordinator
1020 Main Ave NW
Hickory, NC 28601