ISC Services Privacy Policy 

This Privacy Policy describes the personal data handling policies of ISC Holdings, LLC dba ISC Services (“ISC”) in connection with its website located at https://www.iscservices.com/ (the “Website”), and the provision of its software services (together with the Website, the “Services”) to its customers, who are life insurance agents and brokers, financial advisors, life settlement brokers, life settlement providers, life settlement servicers and other types of professional investors  (“Insurance Professionals”).  “User” means the personnel and representatives of the Insurance Professionals.

This Privacy Policy does not address the privacy practices of the Insurance Professionals and the personal data collected by Insurance Professionals from their individual insureds (hereinafter referred to as “Insureds”) or the personal health information collected by medical providers who may transfer personal information to us at the direction of Insurance Professionals pursuant to the Services. If you are an Insured whose Insurance Professional utilizes our Services, please understand that ISC and the Insurance Professional(s) are independent parties, and ISC has no control over the Insurance Professional’s (or any medical provider’s) privacy and data handling practices.  Please review the privacy policy of such Insurance Professional to understand the Insurance Professional’s practices and direct any questions or concerns to the Insurance Professional contact.  ISC will, however, cooperate with the Insurance Professional regarding queries from Insureds.

This Privacy Policy describes the following:

• What personal data we collect;
• How we use the data;
• With whom we may share the personal data;
• Legal basis for processing the data;
• Storage and security of your data;
• Your Privacy Rights, Choices and Disclosures, including those for Europe and California;
• Users outside the United States; and
• Third Party Sites, Privacy Policy updates and Contact Information.

1. Personal Data We Collect or Process

1. We collect information that Users provide directly to us, including when the User registers on and utilizes the Website.  We may collect your name, title, company name, address, email address, phone number, and username and password.
2. The Website captures some information about Users automatically utilizing background local storage and session storage technologies (“Cookies”) in order to improve the user experience. Cookies are small files or other pieces of data which are downloaded or stored on your computer or other device, that can be tied to information about your use of the Services. Examples of information of this type are your IP address, the browser you are using, the operating system you are using, the pages on the website that you visit and details of your activity, such as the date and time for each transaction.  When we use Cookies, we may use “session” Cookies that last until you close your browser or “persistent” cookies that last until you or your browser delete them. You may change your browser setting to decline the use of Cookies.  
3. In connection with the provision of our Services to Insurance Professionals (our customers), we collect and process personal information of Insureds who are the subject of the Services being offered to Insurance Professionals. ISC does not collect any of this information directly from the Insureds themselves.

1. Insurance Professionals may upload into our systems personal information of insureds, which information includes date of birth, date of death, gender, social security number, address, email and phone number.
2. Insurance Professionals may upload into our systems or ISC may, on behalf of the Insurance Professionals, collect medical records regarding Insureds, which information includes medical records, lab and test results, medical provider notes, claims history, and other information from all known and/or recorded healthcare providers.
3. ISC may collect additional non-medical information about an Insured on behalf of an Insurance Professional, such as a driving record.

4. We do not knowingly collect, directly, information from individuals under the age of 18 and/or their internet usage, and such persons are not authorized to use the Services. 

2. How We Use the Data

If you are a website visitor or User, we use the information you provide to communicate with you about our Services, respond to your inquiries, administer and enhance the Website, perform our contractual obligations, provide updates and other important information related to your activity on and with the Services, inform you of news concerning our Services, fulfill legal obligations we have to governmental authorities or other third parties, and for other legitimate business purposes. You may opt out of any electronic marketing communications you may receive from us by contacting us at info@iscservices.com or clicking the unsubscribe link at the bottom of the communication.

If you are an Insured, we use the personal data that Insurance Professionals provide to us or that we collect on behalf of Insurance Professionals to fulfill our contractual obligations to the Insurance Professionals as our customers, fulfill legal obligations we have to governmental authorities or other third parties, and for other legitimate business purposes. 

3. With Whom We Share Personal Data

ISC may share information with internal personnel and our affiliated companies. We may also share your personal data with third parties who perform services on our behalf, including without limitation our Website hosting providers, payment processors, technology service providers, contract vendors or service providers and professional advisors. 

ISC shall remain liable under the DPF (see Section 6.b) Principles if any third party acting as ISC’s agent processes such personal information in a manner inconsistent with the DPF Principles.

We may disclose information if we have a good faith belief that disclosure is necessary by law or the legal process, to protect and defend our or others’ interests or property, or to enforce agreements you enter into with us. 

Your information may be transferred to another entity in connection with a merger or in the event that our business is acquired in whole or part by another entity.

We may share aggregated and de-identified information with third parties for analytical, research or other similar purposes.

ISC may obtain your written consent from time to time in electronic form by using online agreements or other acknowledgements on the Website, including for any other contemplated uses of your personal data not addressed in this Privacy Policy. Please read all online agreements carefully before accepting them. 

4. Grounds for Using Your Personal Data

We rely on the following legal grounds to process your personal information:

Consent. Some uses of your personal data as described in this Privacy Policy are subject to your consent, such as marketing email communications.  You may unsubscribe from any marketing communications.

Performance of a contract. We need to collect and use a User’s personal information to enter into a contract with an Insurance Professional and to perform services requested by or on behalf of the Insurance Professional.  We may need to collect and use an Insured’s personal information to perform Services for Insurance Professionals as our customers.

Legitimate Interests. We may use your personal information for our legitimate interests to provide and improve our Website and Services.  We may use technical information as described in this Privacy Policy and use personal information for our marketing purposes consistent with our legitimate interests and any choices that we offer or consents that may be required under applicable law. 

Compliance with Legal Obligations. We may use your personal information as necessary to comply with our legal obligations.

5. Storage and Protection of Your Personal Data

We retain the personal data we collect for so long as reasonably necessary to fulfill the purposes for which the data was collected and to perform our contractual and legal obligations. Notwithstanding the generality of the foregoing, we store email addresses of Users until the User requests to be unsubscribed.   

We take reasonable administrative, physical and technical precautions to protect your personal data and communications between us.  This includes, when required or as we deem appropriate and feasible under the circumstances, encryption and written commitments and certifications from third parties that may have access to your data that they will protect the data with reasonable safeguards. 

As for payment cards for the purchase of Services, ISC does not retain payment card numbers.  Rather ISC retains non-sensitive payment data, such as customer contact information, details of the Services purchased, and sufficient records of authorized credit transactions to verify payment.

No Internet or e-mail transmission is ever fully secure or error free, however.  We therefore cannot guarantee absolute security of your data, and we are not responsible for processes and networks that we do not control.  Users assume the risk of security breaches and the consequences resulting from them.  Please be careful in deciding what information you send to us via email or over the Internet.

6. Your Rights, Choices and Disclosures

1. General. This section is subject to specific disclosures on privacy rights set forth below. We are committed to facilitate the exercise of data subject rights granted by the laws of your jurisdiction, which may include the right to request the correction, modification or deletion of personal information and the right to opt out of the sale of personal information (as applicable). We will do our best to honor your requests subject to any legal and contractual obligations.  If you would like to make a data subject request, contact us at info@iscservices.com.You may opt out of receiving electronic marketing communications from us by clicking on the “unsubscribe” link in the communication or contacting us at info@iscservices.com. Some non-marketing communications may not be subject to a general opt-out, such as communications about transactions, disclosures to comply with legal requirements, software updates and other support-related information. Subject to local law, you may have additional rights under the laws of your jurisdiction regarding your personal data, such as the right to complain to your local data protection authority. 

2. Your European Privacy Rights and Choices.  ISC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. ISC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/. Privacy rights under the European data protection laws include:

• Transparency and the right to information. Through this policy we explain how we use and share your information. However, if you have questions or need additional information you can contact us any time.
• Right of access, restriction of processing, erasure. You may contact us to request information about the personal data we have collected from you and to request the correction, modification or deletion of such personal information, which requests we will do our best to honor subject to any legal and contractual obligations. 
• Right to withdraw your consent at any time. When we process your personal data based on your consent, you have the right to withdraw it at any time.
• Right to object at any time. You have the right to object at any time to receiving marketing or promotional materials from us by either following the opt-out instructions in commercial e-mails or by contacting us, as well as the right to object to any processing of your personal data based on your specific situation. In the latter case, we will assess your request and provide a reply in a timely manner according to our legal and contractual obligations, or if you are an Insured, forward your request the Insurance Professional as the controller.  Some non-marketing communications are not subject to a general opt-out, such as communications about transactions and disclosures to comply with legal and contractual requirements. 
• Right to data portability. You have the right to data portability of your own personal data by contacting us, if you are a User, or the Insurance Professional as controller if you are an Insured.
• Right not to be subject to an automated decision, including profiling. We do not make automated decisions as a controller using Users’ personal data.  Automated decision-making may be part of the Services we offer as a processor to the Insurance Professionals, who are the controllers.
• Right to lodge a complaint with a supervisory authority. If you consider that the processing of your personal data infringes your privacy rights according to the European Privacy regulation, you have the right to lodge a complaint with a supervisory authority, in the member state of your habitual residence, place of work, or place of the alleged infringement.  Please note that if you are an Insured, the controller of your personal information is the Insurance Professional.
• Right to resolve a complaint with an independent alternative resolution dispute provider. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, ISC commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
• Right to invoke binding arbitration.  Under certain terms and conditions you may invoke binding arbitration in order to resolve a dispute regarding DPF compliance not resolved by JAMS as set forth in Annex I of the DPF Principles (ANNEX-I-introduction).

3. California Disclosures

California “Shine the Light” Information-Sharing Disclosure: California residents may request a list of all third parties with respect to which we have disclosed any information about you for direct marketing purposes and the categories of information disclosed.  If you are a California resident and want such a list, please send us a written request by email to info@iscservices.com with “California Shine the Light Rights” in the subject line. 

California Do Not Track Disclosure: The Website does not recognize Do Not Track browser signals.

California Consumer Privacy Act Disclosures. Under California Consumer Privacy Act, California residents have the right to request:

• The categories of personal information we have collected about you;
• The categories of sources from which the personal information is collected;
• The business or commercial purpose of collecting or selling personal information;
• The categories of third parties with whom we share or sell personal information;
• The categories of personal information about you that we have sold; and
• The specific pieces of personal information we have collected about you.

Additionally, you have the right to request deletion of your personal information, the right to opt out of the sale of your information (if applicable) and the right not to be discriminated against for exercising any of your CCPA rights.

In the twelve (12) months preceding the Effective Date of this Privacy Policy, ISC may have collected or received in connection with providing our Services, information about California consumers as set forth below:

Personal Information	Source of Personal Information	Purpose of Collecting Personal Information	To Whom We Disclose Personal Information
Identifiers such as a name, address, unique personal identifier, email, phone number.	Information you provide to us; Information we collect automatically, Information provided by or collected from third parties.	See Sections 1(a), 1(b), 1(c) and 2 above.	See Section 3 above.
Protected Classifications under California and federal law, including gender, age and citizenship.	Information provided by or collected from third parties.	See Sections 1(c) and 2 above.	See Section 3 above.
Commercial information such as records of products or services purchased, obtained, or considered.	Information you provide to us; Information we collect automatically; Information provided by or collected from third parties.	See Sections 1(a), 1(b), 1(c) and 2 above.	See Section 3 above.
Internet or other electronic network activity information, including browsing history and search history.	Information you provide to us; Information we collect automatically; Information provided by or collected from third parties.	See Sections 1(a), 1(b). 1(c) and 2 above.	See Section 3 above.
Geolocation data that is sufficient to identify a precise physical location.	We do not collect this information.	n/a	n/a
Sensory data, such as audio, electronic, visual, or other similar information.	Information provided by or collected from third parties.	See Section 1(c) and 2 above.	See Section 3 above.
Professional or employment-related information.	Information you provide to us; Information provided by or collected from third parties.	See Section 1(a), 1(c) and 2 above.	See Section 3 above.
Education information.	We do not collect this information.	n/a	n/a
Inferences about preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	Information you provide to us; Information we collect automatically; Information collected from third parties.	See Sections 1(a), 1(b), 1(c) and 2 above.	See Section 3 above.

We do not sell personal information for monetary consideration under CCPA. The provision of personal data to our customers is in the capacity as a service provider or under Section 1798.140(t)(2)(A) of the CCPA.

Our contact information is listed at the bottom of this policy. If you are a User, we will ask for your name, company name, email address and state of residence. If you are an Insured, we will ask for your name and social security number. If the information we initially request is insufficient to verify your identity and assess your privacy request, we may need to ask for additional information.  You may also designate an authorized agent to make a CCPA privacy request.

7. Third Party Sites

Our Website may contain links to other websites (“Linked Sites”) for your convenience or information.  Linked Sites are operated by companies or organizations unaffiliated with ISC, and we are not responsible for the content or privacy practices of those sites.  Linked Sites may have their own terms of use and privacy policies, and we encourage you to review those policies whenever you visit the websites. 

8. Privacy Policy Changes

We may update this Privacy Policy from time to time and without prior notice to you to reflect changes in our information practices, and any such amendments shall apply to information already collected and to be collected. Your continued use of the Website and Services after any changes to our Privacy Policy indicates your agreement with the terms of the revised Privacy Policy.  Please review this Privacy Policy periodically and especially before you provide personal data to us.  If we make material changes to this Privacy Policy, we will notify you on this page, by email or by means of a notice on our home page.  The date of the last update of the Privacy Policy is indicated at the top of this Privacy Policy.

9. Governmental Oversight

ISC is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

10. Contact Information

Please contact us if you have any questions about our Privacy Policy. You may contact us by sending correspondence to the address below or by emailing us at info@iscservices.com.

ISC Holdings, LLC

Attn: Privacy Compliance Officer

5 Concourse Parkway, Suite 3000

Atlanta, GA 30328

NOTE: ISC adheres to the EU-U.S. DPF Principles with regard to personal data transferred from the
European Union and the United Kingdom.