Notice updated 5/1/2020

We work hard to build and maintain a relationship of trust with our Members and prospective members, and we understand the importance of handling information we receive in a manner that lives up to that trust.  We have developed the following policy to make sure our prospective, current, and past Members (collectively, “Members”) understand how we collect information about them; what information we collect; how we use that information; how we protect that information; how and when we share that information; how our prospective, current, and past Members can modify the way we collect, use, and share that information; and how disputes regarding information will be handled.

How We Collect Information:

The Ohio Plan collects a limited amount of information about our Members as required to deliver services to our Members and to administer our joint self-insurance pool.  We collect this information from the following sources:

Information Members provide on applications, schedules, appraisals, MVR reports, and related forms and information

• Information from Member transactions and experiences with us (e.g. payments, underwriting, and claims)
• Information collected from the Ohio Plan mobile sites and applications, social media sites, websites and applications and other electronic interactions
• Information we get from other companies, including Ohio Plan agents
• Information obtained by common tracking (e.g. Google analytics, browser cookies, device IDs or other technologies) used to customize our website, mobile applications, and social media applications

What Information We Collect:

The Ohio Plan collects the following general types of information regarding our Members:

• Contact Information
• Unique Identifiers (e.g. employee driver’s license number, mobile device IDs)
• Government-issued identification numbers
• Financial information (e.g. budgets, appraisals)
• Information regarding Member property (real and personal)
• Employee information including MVRs
• Demographic information (Member and employee information) which related to claims
• Claims history
• Online and technical information (internet or other electronic network activity information). This information may include information about the device you use to access our site or services, such as user-agent, time stamp, hardware type, language and time zone settings, IP address, MAC address, SSIDs, web server logs, Google analytics, browser cookies, device IDs or other technologies, operating system type and version, and installed fonts
• Audio-visual information (e.g. photographs, video images, voicemails)

How We Use That Information:

The Ohio Plan uses the information we receive from Members for:

• Performing Member services
• Underwriting analysis
• Claims review, investigations, and processing
• Responding to Member inquiries
• Security and fraud protection
• Billing administration
• Risk management reviews
• Enhancing Member experiences
• Designing and developing additional programs, services, products, and vendor relationships which are beneficial to Members
• Quality control, training, and analytics
• System administration and technology management, including optimizing our website and applications
• Legal, auditing, regulatory and business purposes
• Reinsurance placement, auditing, and renewals
• Accounting and actuarial analysis and research
• Performing other activities as required or permitted by law

How We Protect That Information:

We restrict access to information about our Members to those employees, agents, and third-parties who need to know that information in order to provide products and services to our Members or to assist the Ohio Plan in providing those products and services.  We maintain physical, electronic, and procedural safeguards to guard Member information. 

It is our policy not to share the nonpublic personal information of Members outside of the Ohio Plan for any purpose other than underwriting, administration of a Member’s account or claims, marketing additional Ohio Plan entity products and services to Members, reinsurance placement, renewals, and audits, and accounting and actuarial analysis, unless the disclosure has been authorized by the Member or is permitted or required by law.

How and When We Share That Information:

We share limited and relevant Member information:

• When we have consent to do so from the relevant Member
• With legal representatives retained to defend claims against Members or filed by Members
• With other companies or individuals we hire to help us run our business or who provide services to our Members (e.g. agents and brokers)
• With our affiliated entities, the Ohio Plan, Inc., Ohio Plan Risk Management, Inc. and Ohio Plan Management Resources, Inc. for purposes of providing Members services and products
• With contractors and vendors performing claims-related services
• With our reinsurers and prospective reinsurers during placement, renewals, and audits
• With our auditors and actuaries for analytical and research purposes
• With our attorneys for legal matters and Member claims issues
• With persons necessary to help us protect our rights or property (e.g. fraud prevention and information security)
• In connection with any transfer of assets should the Ohio Plan dissolve, sell its assets to another entity, or merge with another entity
• When required by law or governmental authorities
• With agencies and governmental authorities responsible for assessing our compliance with law and industry standards

When we share information with non-affiliated third-parties to provide support services to either the Ohio Plan or directly to the Member, we also require the third-party to protect our Members’ information.  The Ohio Plan does not share any nonpublic personal information with anyone for any reason not listed in 16 CFR ⸹⸹313.14 and 313.15.  

How Members Can Modify the Way the Ohio Plan Shares Their Information

Members who prefer to limit sharing of nonpublic personal information may contact Brian Cromly, Director of Operations, Hylant administrative Services, brian.cromly@Hylant.com.     Please note that Member preferences regarding information sharing cannot limit the Ohio Plan from sharing:

• Certain information about Member transactions or experiences with Ohio Plan employees, agents, and contractors for our everyday business purposes or for public policy purposes
• Information required for legal or auditing purposes
• Information required for reinsurance placement, renewal, or audits
• Member information in the event of a transfer of assets or dissolution of the Ohio Plan

The notice and opt-out requirements of the Gramm-Leach-Bliley Act Privacy Rule do not apply to the Ohio Plan as it does not share any nonpublic personal information with anyone for any reason not listed in 16 CFR ⸹⸹313.14 and 313.15.

How Members Can Review and Correct the Nonpublic Personal Information the Ohio Plan Maintains:

A Member who has questions about what nonpublic personal information the Ohio Plan maintains about the Member can make a request in writing for a description of such information.  When the Ohio Plan receives the written request, we will respond within thirty (30) business days with a description of the nonpublic personal information we maintain and with whom we have shared that information in the last two (2) years.  Members may also receive a copy of the information we have, except for certain documents about claims and lawsuits.  If a Member believes that our information is incorrect, the Member should let us know of the error(s) in writing. Such letters should be sent to Brian Cromly, Director of Operations, Hylant administrative Services, brian.cromly@Hylant.com.  We will review the matter, and, if we agree, we will make the appropriate correction and notify you and anyone who has received the original information of the correct information.  If we do not agree, Members are permitted to file a letter listing what information they believe to be incorrect and explaining the issue they have with the accuracy of the information. 

How Disputes Regarding Information Collection, Use, and Sharing are Handled:

Any controversy or claim arising out of our privacy policy, or the breach thereof, shall be settled by arbitration in accordance with the rules of the American Arbitration Association, and judgment upon the award rendered by the arbitrator(s) may be entered in the court having jurisdiction thereof.