We collect nonpublic personal information about you from the following sources:

• Information we receive on applications or other forms;
• Information we receive from consumer reporting agencies;
• Information we receive from our employees, agents, and third-party affiliates; and
• Information is collected by needs analysis, telephone calls, service requests, and other correspondence.
• Information we receive from physicians, which may include your medical history, current health, and treatments and medications you may be taking; and
• Information we receive from your motor vehicle reports or demographic information.

Please Note: We do not share nonpublic personal health information about you for marketing purposes. That health information is used only for underwriting products you purchase, administering a claim, or other insurance functions by us or on your behalf unless you or the law authorizes distribution of greater breadth.

We may disclose all of the information, as described in Section I above and subject to the noted limitations, that we collect about our potential, current and former customers.

We may disclose all of the information we collect to (i) individuals, companies, or other entities that market our services; (ii) individuals, companies, or other entities that provide products and/or services to Risk Appraisal Forum; (iii) individuals, companies or other entities that assist in the administration and servicing of your policies; or (iv) individuals, companies or other entities with whom we have joint marketing agreements.

We restrict access to nonpublic personal information about you to those employees or service providers who need to know the information to provide products or services to you. The policies and procedures used by Risk Appraisal Forum are designed to (i) ensure the security and confidentiality of customer information, (ii) protect against any anticipated threats and or hazards to the security and integrity of customer records and information; and (iii) protect against unauthorized access to, and use of customer records or information that could result in substantial harm or inconvenience to any customer.

In addition to the specific categories listed above, Risk Appraisal Forum has implemented physical, electronic, and procedural safeguards to protect non-public personal information about customers. These safety mechanisms are regularly tested to assure continued efficacy. The condition and status, as well as any breaches or violations, of this Privacy Policy, are reported to the Risk Appraisal Forum Board, through the Internal Audit Committee, on an annual basis. The goal of Risk Appraisal Forum Privacy Policy is to protect non-public personal information about customers in a manner that enables customers to continue to receive the highest level of service while at the same time feeling confident that non-public personal information about them is treated with the care and security it deserves.

1. Physical Records
   1. Physical safeguards are in place that comply with federal regulations to guard non-public personal information about you that is maintained in hard copy.
2. Information Systems
   1. Electronic files operate under a “lockout” system whereby three failed attempts to log-on result in shutdown; the system will only be re-enabled after verification of the user by security personnel;
   1. Logon identifications are issued only with specific access authorizations;
   1. Passwords must be changed every ninety days;
   1. Internal systems are regulated to ensure that only authorized Risk Appraisal Forum associates can access the information contained in the system;
   1. Website servers used to gather and transmit personal data are stored in a secure and environmentally controlled location;
   1. The Risk Appraisal Forum website (domain and additional content-related websites), and certain other electronic files are encrypted;
   1. Monitoring systems and procedures are in place to provide warnings of possible attacks or intrusions into information systems; and
   1. Systems are equipped with response mechanisms that take appropriate action when unauthorized access to protected information is suspected or detected.
3. Employees
   1. Control procedures are in place together with the segregation of duties for employees with access to, or responsibility for, non-public personal information;
   1. Employees receive training, as part of the orientation process, with respect to Risk Appraisal Forum Privacy Policy and the issuance of the privacy notice; and
   1. Employees are required to execute an acknowledgment form following a review of Risk Appraisal Forum Privacy Policy.
4. Agents
   1. Individuals, companies, and other entities that access products and services from Risk Appraisal Forum must agree to safeguard nonpublic personal information about customers pursuant to Risk Appraisal Forum Privacy Policy.
5. Third-Party Service Providers
   1. Third-party service providers must agree to safeguard nonpublic personal information about customers pursuant to Risk Appraisal Forum Privacy Policy.

In addition to the specific categories listed above, Risk Appraisal Forum has implemented physical, electronic, and procedural safeguards to protect non-public personal information about customers. These safety mechanisms are regularly tested to assure continued efficacy. The condition and status, as well as any breaches or violations, of this Privacy Policy, are reported to the Risk Appraisal Forum Board, through the Internal Audit Committee, on an annual basis. The goal of Risk Appraisal Forum Privacy Policy is to protect non-public personal information about customers in a manner that enables customers to continue to receive the highest level of service while at the same time feeling confident that non-public personal information about them is treated with the care and security it deserves.