Privacy Policy

Our Commitment to Your Privacy

At KP Insurance Solutions Inc., we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website, engage with our services, or interact with us in any way. We comply with all applicable federal, state, and international privacy laws, including but not limited to the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the California Consumer Privacy Act (CCPA), the Florida Information Protection Act (FIPA), and the General Data Protection Regulation (GDPR) for EU residents.

Information We Collect

We may collect the following types of information:

  • Personal Information: This includes your name, email address, phone number, mailing address, date of birth, Social Security number (if required for insurance purposes), and any other details you provide when contacting us, requesting a quote, or applying for insurance.
  • Protected Health Information (PHI): If you provide health-related information for insurance purposes, such as medical history or claims data, this is considered PHI under HIPAA.
  • Nonpublic Personal Information (NPI): This includes financial information, such as payment details or credit history, as defined under the GLBA.
  • Non-Personal Information: We may collect data such as your IP address, browser type, device information, and website usage patterns to improve our services.
  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to enhance your experience on our website. This may include tracking your browsing behavior to analyze trends and personalize content.

How We Use Your Information

Your information is used to:

  • Respond to your inquiries and provide personalized insurance solutions, including quotes and policy recommendations.
  • Process insurance applications, claims, and payments.
  • Improve our website and services based on user feedback and analytics.
  • Communicate with you about your policy, updates, or promotional offers (with your consent where required).
  • Comply with legal obligations, such as reporting to regulatory authorities or responding to legal requests.
  • Protect our rights, property, or safety, and that of our clients and the public.

Sharing Your Information

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We may share your information with:

  • Insurance Carriers and Partners: To provide you with quotes, policies, or claims processing, we share your information with trusted insurance carriers and service providers.
  • Third-Party Service Providers: We work with vendors such as cloud hosting providers, payment processors, and IT support services. These providers are contractually obligated to comply with applicable privacy laws, including HIPAA, GLBA, and GDPR, and to use your information solely for the purposes we specify.
  • Legal Authorities: We may disclose your information if required by law, court order, or to comply with regulatory requirements, such as audits by the Department of Insurance.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, with appropriate safeguards in place.

HIPAA Compliance

As an insurance agent handling health-related information, KP Insurance Solutions complies with the Health Insurance Portability and Accountability Act (HIPAA). We protect your Protected Health Information (PHI) by:

  • Implementing administrative, physical, and technical safeguards to prevent unauthorized access to PHI.
  • Training our staff on HIPAA compliance and the importance of maintaining the confidentiality of your health information.
  • Entering into Business Associate Agreements (BAAs) with third-party vendors who handle PHI on our behalf, ensuring they also comply with HIPAA.
  • Only using or disclosing PHI as permitted by HIPAA, such as for treatment, payment, or healthcare operations, or with your explicit authorization.

If you believe your HIPAA rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights.

Gramm-Leach-Bliley Act (GLBA) Compliance

Under the Gramm-Leach-Bliley Act (GLBA), we are required to protect your nonpublic personal information (NPI), such as financial data. We comply by:

  • Providing you with our privacy notice at the start of our relationship and annually thereafter.
  • Limiting the sharing of your NPI to what is necessary for providing our services, as permitted by law.
  • Implementing security measures to safeguard your financial information from unauthorized access or use.
  • Allowing you to opt-out of certain types of information sharing, as required by GLBA.

California Consumer Privacy Act (CCPA) Compliance

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you specific rights regarding your personal information. These include:

  • Right to Know: You may request details about the categories of personal information we collect, the purposes for which it is used, and the third parties with whom it is shared.
  • Right to Delete: You may request the deletion of your personal information, subject to certain exceptions (e.g., if we need to retain it for legal compliance).
  • Right to Opt-Out: You may opt-out of the sale of your personal information. Note that we do not sell your information, but you may contact us to confirm.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, please contact us using the information provided below. We will respond within 45 days, as required by law.

Florida Information Protection Act (FIPA) Compliance

As a Florida-based business, we comply with the Florida Information Protection Act (FIPA), which requires us to protect your personal information and notify you in the event of a data breach. Our compliance includes:

  • Maintaining reasonable security measures to protect your data.
  • Notifying you within 30 days if a data breach occurs that compromises your personal information, as required by FIPA.
  • Reporting breaches to the Florida Department of Legal Affairs if they affect 500 or more individuals in the state.

General Data Protection Regulation (GDPR) Compliance

If you are a resident of the European Union, the General Data Protection Regulation (GDPR) applies to your personal data. We comply by:

  • Obtaining your explicit consent before processing your personal data, where required.
  • Providing you with the right to access, rectify, delete, or restrict the processing of your data.
  • Allowing you to withdraw consent at any time and to request data portability.
  • Ensuring that any international data transfers comply with GDPR requirements, such as using Standard Contractual Clauses.

To exercise your GDPR rights, please contact us using the information below.

Compliance with Insurance Industry Standards

We adhere to standards set by the National Association of Insurance Commissioners (NAIC) and the National Association of Health Underwriters (NAHU). This includes following best practices for data protection, ethical handling of client information, and compliance with state insurance regulations.

Children’s Online Privacy Protection Act (COPPA) Compliance

Our services are not directed to children under the age of 13, and we do not knowingly collect personal information from children. If we learn that we have collected such information without parental consent, we will delete it promptly in accordance with the Children’s Online Privacy Protection Act (COPPA).

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on our website. These may include:

  • Essential Cookies: Necessary for the website to function properly.
  • Analytics Cookies: Used to collect information about how you use our website, such as pages visited and time spent.
  • Marketing Cookies: Used to deliver personalized advertisements (with your consent).

You can manage your cookie preferences through your browser settings or by contacting us. For EU residents, we obtain your consent for non-essential cookies in compliance with GDPR. California residents may opt-out of the sale of personal information collected via cookies, though we do not sell such data.

Data Security

We implement industry-standard security measures to protect your data from unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption of sensitive data, such as PHI and financial information, during transmission and storage.
  • Access controls to ensure only authorized personnel can access your information.
  • Regular security audits and vulnerability assessments to identify and address risks.
  • Secure disposal of physical and digital records containing personal information.

Despite these measures, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security. In the event of a data breach, we will follow the procedures outlined below.

Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

  • Notify affected individuals within 30 days, as required by FIPA, or sooner if mandated by other applicable laws (e.g., HIPAA or GDPR).
  • Provide details about the breach, including the type of information affected and steps you can take to protect yourself.
  • Report the breach to relevant authorities, such as the Florida Department of Legal Affairs, the U.S. Department of Health and Human Services (for HIPAA breaches), or the appropriate EU Data Protection Authority (for GDPR breaches).
  • Take immediate steps to contain the breach, mitigate harm, and prevent future incidents.

Data Retention and Deletion

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, or resolve disputes. For example:

  • Client records are retained for a minimum of 7 years to comply with insurance regulations and tax laws.
  • Health-related information is retained in accordance with HIPAA requirements.
  • Non-essential data, such as website analytics, is retained for up to 2 years.

When your information is no longer needed, we securely delete or anonymize it using industry-standard methods. You may also request deletion of your data, subject to legal retention requirements.

Your Rights

You have the following rights regarding your personal information:

  • Right to Access: Request access to the personal information we hold about you.
  • Right to Rectification: Request corrections to inaccurate or incomplete data.
  • Right to Deletion: Request deletion of your personal information, subject to legal obligations (e.g., insurance recordkeeping requirements).
  • Right to Restrict Processing: Request that we limit the use of your data under certain circumstances.
  • Right to Data Portability: Request a copy of your data in a structured, commonly used, and machine-readable format (applies to GDPR).
  • Right to Opt-Out: Opt-out of marketing communications or certain types of information sharing, as permitted by GLBA and CCPA.
  • Right to Withdraw Consent: Withdraw your consent for data processing at any time, where applicable (e.g., under GDPR).

To exercise these rights, please contact us using the information below. We will respond to your request within 30 days (or 45 days for CCPA requests, with a possible 45-day extension if needed).

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, industry standards, or our practices. Any updates will be posted on this page with an updated effective date. For significant changes, we will notify you via email (if we have your email address) or through a prominent notice on our website at least 30 days before the changes take effect.

Contact Us

If you have any questions about this Privacy Policy, your rights, or how we handle your information, please contact us at:

[email protected]

863-802-1234

5304 S Florida Avenue, Suite 404-E, Lakeland, FL 33813

Effective Date: March 19, 2025