AMERISAFE, Inc. (“AMERISAFE”, “we” or any other personal pronouns reflecting same) respects your privacy and is committed to protecting it through our compliance with this policy (“Privacy Policy”). This Privacy Policy applies to information we collect at the Online Services at services.amerisafe.com (“Online Services”).

In addition to AMERISAFE, Inc., this Privacy Policy includes the following companies on whose behalf this notice is given: American Interstate Insurance Company; Silver Oak Casualty, Inc.; American Interstate Insurance Company of Texas; Amerisafe Risk Services, Inc.; and Amerisafe General Agency, Inc.

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is to not use Online Services. By accessing or using Online Services, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of Online Services after we make changes to the Privacy Policy is deemed to be acceptance of those changes, so please check the Privacy Policy periodically for updates.

For payments through Online Services, we receive bank account information from our policyholders. For first reports of injury (FROI) that are submitted through Online Services, we receive federal employer identification numbers, names, mailing addresses, phone numbers, social security numbers, birthdates, injury information and wage information. From those registering for access through Online Services, we receive names, phone numbers, email addresses, account numbers, policy numbers, and usernames and passwords that the registrants create. We receive written feedback. We receive this information directly from you when you provide it to us.

We use browser cookies for the sole purpose of making Online Services efficient for you to use. Cookies are small files sent from a website and stored on the user’s computer; they are designed to remember information. We encrypt all information collected through cookies. At login, cookies collect information on the user’s role (e.g. producer), user name and ID, account number assigned by the company, and the user’s email address. In the online payments portion of Online Services, cookies detect the subject policy and reporting month, confirmation of payment, and any feedback submitted by the user. Again, we encrypt all information collected through cookies. The FROI portion of Online Services does not use cookies.

You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of Online Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to Online Services.

We use information that you provide to carry out our obligations and to enforce our rights from any contracts entered into between you and us.

AMERISAFE does not share information for marketing purposes.

We may disclose information that you provide us as follows:

• To contractors, service providers and other third parties we use to support our business and who are contractually bound to keep such information confidential and to use it only for the purposes for which we disclose to them; and/or
• To fulfill the purpose for which you provide the information; and/or
• With your consent; and/or
• To comply with any court order, law or legal process, including to respond to any government or regulatory request; and/or
• If we believe disclosure is necessary or appropriate to protect the rights, property or safety of us or others.

If you prefer that we do not disclose your information to non-affiliated third parties, you may request to opt out of such disclosures and request that we not make such disclosures, other than those permitted by law.

Subject to applicable law, you may have the right to see your information. To request it, please email us at Legal@AMERISAFE.com. You must state your full name, address, the insurance company, policy number (if relevant) and the information you want. We will tell you what information we have. If you think any information is wrong, you must write us. We will let you know what actions we take.

We have implemented measures designed to secure your information from accidental loss and from unauthorized access, use, alteration, and disclosure. All communication through the portal uses Hypertext Transfer Protocol over Secure Sockets Layer (HTTP over SSL = HTTPS). All data sent and received is encrypted.

The safety and security of your information also depends on you. Where we have given you or where you have chosen a password for access, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to Online Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on Online Services.

Our website may contain links to other Internet sites (“third party sites”) that are not owned or maintained by AMERISAFE. We are not responsible for the privacy practices or content of any other website that may be linked to Online Services. Any links to third party sites are included for your convenience. If you link to one of these websites, you are transferred to another website beyond the control of AMERISAFE. Your privacy at such sites will be governed by the privacy policy at that website and not by this Privacy Policy. We encourage you to read the privacy statement of any linked site as its privacy policy may differ from ours.

Our services are not directed to or intended for children. We do not knowingly collect or post information from children under the age of 16.

We maintain Online Services in the United States, and Online Services are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Those who choose to access Online Services do so on their own initiative and at their own risk. Regardless of where you are located, by using Online Services you consent to the transfer and processing of your information to and in the United States, which may not provide the same level of protection for your personal information as your home country. You are responsible for complying with all local laws, rules and regulations when you use our services.

This Supplemental Privacy Notice for California Residents applies solely to visitors, users and others who reside in the State of California (“consumers” or “you”). This supplemental notice is provided to you in order for us to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws.

Pursuant to the CCPA, below is a summary of the categories of personal information that we collect, the reason we collect your personal information, where we obtain the personal information, and the third parties with which we share your personal information. Personal information does not include publicly available information from government records, de-identified or aggregated information, or information excluded from the CCPA’s scope, such as personal information covered by certain sector-specific privacy laws including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act and the California Financial Information Privacy Act.

We may collect the following categories of personal information about you from the sources noted in the sections above about the information you provide to us and the information we collect:

• Identifiers such as your name, postal address, unique personal identifier, online identifier, internet protocol address, email address, and social security number;
• Phone number, bank account number, and medical information
• Geolocation data; and
• Professional or employment-related information.

We may use your personal information for performance of our services, and for other purposes as permitted by law. Some examples include gathering first reports of injury on claimants, and allowing policyholders to make their premium payments.

We may share the categories of personal information listed above with third parties in connection with performance of our services and business operations, as permitted or required by applicable law. For example, we may work with third parties that provide services to us and we may partner with third parties to develop, operate, deliver, maintain, improve, and protect our services and in connection with other AMERISAFE offerings and operations. Those parties can include but are not limited to:

• Contractors, service providers, and other third parties who require such information to support our business;
• Reinsurance companies or claims administrators; and
• Insurance regulators or law enforcement officials.

The CCPA creates a number of consumer privacy rights for certain California residents to the extent their personal information is covered by the CCPA. AMERISAFE may deny a request based on applicable exceptions under the law. For instance, we cannot disclose specific pieces of personal information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the personal information, to your account with us or to the security of our network systems.

• Right to Know. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you: (i) the categories of personal information we have collected about you, (ii) the categories of sources from which personal information is collected, (iii) the business or commercial purpose for the information collection, (iv) the categories of third parties with which we have shared personal information, and (v) the specific pieces of personal information we hold about an individual.
• Data Portability. You have the right to request a copy of the specific personal information we collected about you during the 12 months before your request.
• Subject to certain exceptions, you have the right to request that we delete any personal information we have collected from you or maintain about you.
• Opt-out of Sales. You have the right to opt out of having your personal information sold. We do not sell your personal information.
• Non-discrimination. You have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your right to know, your right to request to delete or to opt out of sales.

To assert your right to know or your right to request to delete your personal information, please contact us at Legal@AMERISAFE.com, or call us at (800)256-9052 and ask for the Legal Department. To verify your identity, we may ask you to verify personal information we already have on file for you. If we cannot verify your identity from the information we have on file, we may request additional information from you, which we will use only to verify your identity, and for security or fraud-prevention purposes. Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your personal information.

With the exception of a parent or guardian of a minor, or authorized agents with power of attorney pursuant to California Probate Code sections 4000 to 4465, you will be required to verify your identity directly with AMERISAFE, and provide written permission for an authorized agent to act on your behalf.

The verifiable consumer request must: (1) provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information (or the person’s authorized representative) and (2) describe your request with sufficient detail to allow us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or your authority to make the request, and if we cannot confirm that the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will use personal information provided in a verifiable consumer request only to verify the requestor’s identity or authority to make the request.

We will notify you, at services.amerisafe.com, if we make any material changes to this Privacy Policy. The date this Privacy Policy was last revised is at the top of this page. You are responsible for periodically visiting services.amerisafe.com to check for any changes to this Privacy Policy.

To ask questions or to comment about this Privacy Policy, contact Legal@AMERISAFE.com.