Skip to Content
Close Icon

Privacy Policy

VGM GROUP, INC.

CONSUMER DATA PRIVACY POLICY

This Consumer Data Privacy Policy applies to VGM Group, Inc. consumers whose data is subject to Data Privacy Laws as defined below. It applies whenever you visit our websites, including www.vgm.com, www.vgmgroup.com, www.vgmhomelink.com, www.vgminsurance.com, www.tworiversmarketing.com, or any other website of one of VGM’s divisions or subsidiaries (“Sites”), or use any of our products or services that link to or otherwise reference this policy. The following policy describes what information VGM Group, Inc. (“VGM” or “We” or “Us”) collects that is subject to Data Privacy Laws, your rights under Data Privacy Laws, and how you can enforce your rights under Data Privacy Laws.

Definitions

Consumer: A consumer is a natural person who is a resident of a state with a Data Privacy Law, living in a state with a Data Privacy Law for other than a temporary or transitory purpose, or an individual domiciled in a state with a Data Privacy Law.

Data Privacy Laws: All applicable federal, state, and foreign laws, rules, regulations, and guidance (and any implementing legislation or regulations thereunder as amended) pertaining to consumer data privacy.

Personal Information (“PI”): Information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Information does not include:

  • Publicly available information lawfully made available from government records.
  • Deidentified or aggregated consumer information that cannot be reasonably linked to an individual.
  • Information excluded from Data Privacy Laws, like:
    • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health (HITECH) Act, health or medical information covered by applicable state privacy and/or confidential laws or regulations, or clinical trial data; and
    • Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (“FCRA”), and the Gramm-Leach-Bliley Act (“GLBA”) or applicable state financial confidentiality laws and regulations.

Note: If certain types of information are excluded from Data Privacy Laws this policy will not apply to such excluded data.

Sensitive Personal Information (“SPI”): is a subset of PI which includes, but may not be limited to:

  • Government identification numbers, such as social security numbers, driver’s license numbers, state identification, numbers, or passport numbers;
  • Account log-in information;
  • Financial account, credit or debit card numbers, combined with a password, PIN, or other required security or access codes;
  • Precise geolocation;
  • Racial or ethnic origin, religious or philosophical beliefs, or union membership;
  • Content of postal mail, email, or text messages, unless VGM is the intended recipient of those communications;
  • Biometric data that uniquely identifies an individual or information concerning an individual’s health, sex life, or sexual orientation; and
  • Genetic data

Information We Collect

VGM has collected the following categories of PI, including Sensitive PI, from its consumers within the last twelve (12) months:

CategoryExamplesCollected?
A. Identifiers.A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver's license number, passport number, mobile device information (e.g., device model, operating system version, device date and time, unique device identifiers, mobile network information, etc.), or other similar identifiers.YES
B. Personal Information categories listed in Data Privacy Laws.Information that is protected against security breaches such as: name, signature, social security number, physical characteristics or description, address, telephone or mobile device number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some PI included in this category may overlap with other categories and may not be subject to all the rights under Data Privacy Laws
YES
C. Protected classification characteristics under state or federal law.Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, and genetic information (including familial genetic information).YES
D. Commercial information.Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Media information (e.g., advertising engagement in social, digital, and broadcast media, etc.).
YES
E. Biometric information.Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.NO
F. Internet or other similar network activity.Use of a Site, including browsing history, search terms and history, and information on a consumer's interaction with a Site (i.e., pages visited), application, or advertisement.YES
G. Geolocation data.Physical location or movements.YES
H. Sensory data.Audio, electronic, visual, thermal, olfactory, or similar information.NO
I. Professional or employment-related information.Current or past job history or performance evaluations.YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.NO
K. Inferences drawn from other PI.Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.NO
L. Sensitive PIAs defined above.YES

We generally do not collect additional categories of PI or use the PI we collected for significantly different or meaningfully unrelated purposes without providing you notice.

Where We Obtain Personal Information

We obtain the categories of PI listed above from the following categories of sources:

  • Directly from you or your devices. For example, from forms or surveys you complete on one of our Sites or one of our service provider’s Sites.
  • Indirectly from you. For example, from observing your actions on one of our Sites (i.e., cookies).
  • Automated sources, such as analytics.
  • Third-party sources (including social media).
  • Embedded content from other websites and links to third-party websites.
  • Other users of our services.
  • VGM divisions and business units.
  • Internet service providers and other online sources.
  • State and federal governmental entities.
  • Operating systems and platforms.
  • Business partners (i.e., service providers). For example, insurance companies or providers.
  • Publicly accessible sources.

Use of Personal Information

We may use or disclose the PI we collect for one or more of the following business purposes:

  • Fulfilling or meeting the reason you provided the information for a business purpose.
  • Providing you with information, products, or services that you request from VGM, including responses to your inquiries and to notify winners of any promotions.
  • Contracting with service providers to perform services on our behalf, including but not limited to maintaining or servicing accounts, providing customer service, processing, or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on our behalf.
  • Otherwise enabling or effecting, directly or indirectly, a business or commercial transaction.
  • To improve our Sites.
  • To monitor and analyze trends, usage, and activities in connection with our Sites.
  • To personalize our Sites and show you content that’s relevant to you.
  • Survey, test, research, analyze, and product and service development.
  • Providing you with email alerts, event registrations and other notices concerning VGM’s services, or news that may be of interest to you.
  • Sending you text messages or push notifications.
  • Facilitating the connection of third-party services or applications, such as social media.
  • Marketing purposes, such as developing and providing promotional and advertising materials that may be useful, relevant, valuable, or otherwise of interest to you.
  • Facilitating transactions and payments.
  • De-identifying and aggregating information collected through our services and using it for any lawful purpose.
  • Responding to trust and safety issues that may arise as necessary or appropriate to protect the rights, property, or safety of VGM, our employees, our customers, or others.
  • For automated decision making, including email segmentation and message personalization.
  • Carrying out our obligations and enforcing our rights arising from any contracts or other terms entered into between you and VGM, including billing, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.
  • Auditing related to a current interaction with you and concurrent transactions, and auditing compliance with this specification and other standards.
  • Undertaking activities to verify or maintain the quality or safety of our services, and to improve, upgrade, or enhance our services.
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • Debugging to identify and repair errors that impair existing intended functionality.
  • Short-term, transient use.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • For other purposes with your consent for which we provide specific notice at the time the information is collected.
  • As described to you when collecting your PI or as otherwise set forth in Data Privacy Laws.

VGM Job Applicants and Employees

As to job applicants, employees, owners, directors, officers, or contractors of VGM who reside in states with Data Privacy Laws and from whom we collect PI as a business under applicable law, we collect, use and disclose your PI in accordance with the specific business purposes below:

  • Recruitment: To receive, evaluate, and process job applications, verify your information, and conduct background checks, as permitted by law, communicate with you about the recruitment process and your application, schedule interviews, and improve the recruitment process.
  • HR Operations: To fulfill your employment agreement, manage employee onboarding, promotions, transfers, and reassignments, manage HR-related claims and litigation, provide trainings, employee surveys, performance reviews, and evaluations, manage business and travel expenses, and create reports for workforce planning, such as headcount and employee turnover.
  • Payroll and Benefits: To administer pay and benefits, process business and travel expense reimbursements, calculate tax and social security withholdings, comply with wage garnishment orders, and process leaves.
  • To Identify Wellness Opportunities: To identify and target benefit and wellness programs which may benefit our employees. We will never share your PI with third parties without your consent.
  • IT and Security: To provide IT and security support, manage IT resources and provisions of new IT applications, manage log-in credentials, monitor IT systems and networks for suspicious activity, detect intrusions, and monitor and control access to facilities to protect us, our personnel, and property.
  • Legal and Compliance: To comply with legal obligations regarding HR analytics, including requests from government statistics services, process conflict of interest reporting, process employee work-related claims such as workers’ compensation or insurance claims, ensure compliance with our employee policies and security requirements, gather evidence for and to support any internal investigations, litigation, disciplinary action, termination, or related activities, protect, enforce, and defend the legal rights, privacy, safety, or property of us and our employees, agents, and contractors, protect against fraud, waste, and abuse and manage risk, and comply with applicable state and federal laws, regulations, legal processes, or enforceable governmental requests.
  • Acquisition or Merger: To manage acquisitions, mergers, and reorganizations or sale of some or all of a company.
  • Other Business Purposes: For other purposes that you would reasonably expect, or for which we provide specific notice at the time the information is collected.

If you have any questions, comments, or concerns about our processing activities, please contact Human Capital.

Sharing or Sale of Personal Information (PI)

VGM may disclose your PI to a third party for a business purpose. When we disclose PI for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that PI confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, VGM has disclosed the following categories of PI for a business purpose:

Category A: Identifiers

Category B: Customer records

Category C: Protected classification characteristics under state or federal law

Category D: Commercial information

Category F: Internet history

Category G: Geolocation data

Category I: Professional or employment-related information

Category L: Sensitive personal information

In the preceding twelve (12) months, VGM has not disclosed PI for a commercial purpose that constitutes “selling” or “sharing” under the applicable Data Privacy Laws.

Pursuant to VGM’s Consumer Privacy Policy, we share your information with the following categories of third parties for a business purpose:

  • Advertising Providers: Advertising technology companies, such as advertising networks.
  • ISPs: Internet service providers.
  • Analytics Vendors.
  • Government: State or federal governmental entities.
  • OS/Platform Provider: Operating systems and platforms.
  • Social Media.
  • Vendors: Service providers.
  • Integrated Third Parties: Third parties integrated into our services.
  • Third Parties as Legally Required: Third parties as required by applicable state and federal law and regulation and similar disclosures.
  • Third Parties in Merger/Acquisition: Third parties in connection with a merger, sale, or asset transfer.
  • Third Parties with Consent: Other third parties for whom we have obtained your permission to disclose your PI.

Your Privacy Rights and Choices

Data Privacy Laws provide Consumers with specific rights regarding their PI. This section describes your rights and explains how to exercise those rights.

table

"Verifiable Consumer Request"

To exercise your rights to access or delete your PI under applicable Data Privacy Laws, you must submit a "verifiable consumer request". Only you, or a person authorized by you to act on your behalf, may make a verifiable consumer request related to your PI. You may also make a verifiable consumer request on behalf of your minor child.

A verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected PI or an authorized representative of such a person.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

If we cannot verify your identity or authority to make the request, we will not be able to fulfill your request. The information provided for verification will only be used for that purpose.

Authorizing an Agent

To authorize an agent to make a request to know or delete on your behalf, please write to the contact address below. To authorize an agent to make an opt-out request on your behalf, please send a written authorization signed by you and the authorized agent to us via the Contact Information section below.

Processing Fees

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Personal Information Sales Opt-Out and Opt-In Rights

In some circumstances, you may opt out of the sale of your PI.

  • We will not sell or share the PI of consumers if we have actual knowledge that the consumer is less than 16 years of age, unless the consumer, in the case of a consumer at least 13 years of age and less than 16 years of age, or the consumer’s parent or guardian, in the case of consumers who are less than 13 years of age, have affirmatively authorized the sale or sharing of the consumer’s PI.
  • To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by writing using the Contact Information below or by visiting the Data Request tab.
  • Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize the sale of your PI.
  • However, you may change your mind and opt back into PI sales at any time by visiting our Site and sending us a message. We will only use PI provided in an opt-out request to review and comply with the request.

Retention of Personal Information (PI)

Your PI may be retained for a minimum of ten (10) years in accordance with applicable federal law.

Non-Discrimination

We will not discriminate against you for exercising any of your Data Privacy Law rights. Unless permitted by applicable Data Privacy Laws, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

You also have the right not to receive discriminatory treatment by VGM for the exercise of privacy rights conferred by any applicable Data Privacy Laws, including an employee’s, applicant’s, or independent contractor’s right not to be retaliated against for the exercise of applicable Data Privacy Laws.

We may offer you certain financial incentives such as discounted prices, rates, or quality levels. Any permitted financial incentive we offer will reasonably relate to your PI’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

Changes to Our Consumer Data Privacy Policy

We reserve the right to amend this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we will post the updated policy on the Sites and update the policy’s effective date. Your continued use of our Sites and/or services following the posting of changes constitutes your acceptance of such changes.

Availability of Our Consumer Data Privacy Policy

You may request a paper copy of this Consumer Data Privacy Policy, free of charge, via the Contact Information section below. Upon request you may also receive a paper or electronic copy of this Consumer Data Privacy in alternative formats or in languages in the ordinary course of business in the states with applicable Data Privacy Laws.

You have the right to receive a copy of this Consumer Data Privacy Policy, free of charge, and to discuss its contents with the VGM Privacy Officer by making a request via the Contact Information below.

Contact Information

You can contact VGM with your questions, comments, consumer rights requests, and other applicable Data Privacy Law inquiries by:

Mail:
Attn: VGM Privacy Officer
1111 Van Miller Way
Waterloo, IA 50701

Phone: 1-877-474-3227

Email: [email protected]

If you believe your PI was accessed without permission, please contact VGM by any means listed above.

Consumer Data Privacy Policy Effective Date

June 1, 2023