Verisk Analytics Privacy Notice

We collect personal information directly from you (e.g. when you report a concern) or contact us regarding the concern you have reported.

The categories of information that we may collect directly from you include, but are not limited to, the following:

• personal details (e.g. name, relationship to Verisk);
• contact details (e.g. phone number, email address);
• details regarding the concern you are reporting (e.g. a description of your concern, including where and when did the concern occur)

We may use your personal information for the following purposes:

• Identification: To the extent you choose to report a concern in a manner that is not anonymous, we will use the provided information to identify and contact you regarding the concern you have reported;
• Operating the Services: We process your personal information to respond to the concerns that have been reported;
• Communicating with you: We may use your personal information when we communicate with you, for example if we are providing information about the concern you have reported or if you contact us with questions regarding the concern you have reported;
• Exercising our rights: we may use your personal information to exercise our legal rights where it is necessary to do so, for example to detect, prevent and respond to fraud claims, intellectual property infringement claims or violations of law;
• Complying with our obligations: we may process your personal information to comply with legal or regulatory requirements, where this is explicitly required by law.

We may also anonymize your personal information in such a way that you may not reasonably be re-identified by us or any other organization and may use this anonymized information for other purposes.

We may share your personal information with third parties under the following circumstances which include but are not limited to:

• Service providers and business partners: we may share your personal information with our service providers that perform marketing services and other business operations for us for the purposes set forth above.
• Where required by law: we may share your personal information with law enforcement agencies, courts, other government authorities or other third parties where we believe necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.

Verisk complies with all consumer and data subject rights granted under applicable law.

If you are located in the European Economic Area ("EEA"), the United Kingdom ("UK"), or Switzerland, and in accordance with the GDPR, you may have the following rights in relation to personal data that we hold about you:

• To request confirmation of whether we process personal data relating to you, and if so, to request a copy of that personal data;
• To request that we rectify or update your personal data that is inaccurate, incomplete, or outdated.
• To request that we erase your personal data in certain circumstances, such as where we collected personal data on the basis of your consent and you withdraw your consent;
• To request that we restrict the use of your personal data in certain circumstances, such as while we consider another request that you have submitted, for example a request that we update your personal data;
• Where you have given us consent to process your personal data, to withdraw your consent; and
• To request that we stop processing your personal data for any reason unless we demonstrate compelling legitimate grounds overriding your interests; and
• To request that we provide a copy of your personal data to you in a structured, commonly used and machine-readable format in certain circumstances.

You may contact us as described in the "How to Contact Us" section below to exercise your rights described above.

You also have the right to lodge a complaint with the data protection supervisory authority in your country. You can find the contact information of the data protection supervisory authority in your country here.For the United Kingdom ("UK") you can find the contact information of the data protection supervisory authority here.

Verisk takes reasonable and appropriate measures to protect information collected on this website from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. In the event there is unauthorized use, access, or disclosure that requires notice based on law or regulation, Verisk will provide such notice by email at the last email address you provided us, via post at the last physical addressed you provided us or by posting such a notice on our website or by other means, consistent with applicable law.

We may transfer the personal data that we collect about you to recipients in countries other than the country in which the personal data originally was collected. Those countries may not have the same data protection laws as the country in which you initially provided the personal data. When we transfer your personal data to recipients in other countries (such as the U.S.), we will protect that personal data as described in this Notice.

If you are located in the European Economic Area ("EEA"), we will comply with applicable legal requirements providing adequate protection for the transfer of personal data to recipients in countries outside of the EEA and Switzerland. In all such cases, we will only transfer your personal data if:

• The country to which the personal data will be transferred has been granted a European Commission adequacy decision;
• We have put in place appropriate safeguards in respect of the transfer, for example the EU Model Contracts.

You may request a copy of the safeguards that we have put in place in respect of transfers of personal data by contacting us as described in the How To Contact Us section below.

If you have any questions or comments about this Notice or any issue relating to how we collect, use, or disclose personal data, or if you would like us to update information we have about you or your preferences, you may contact us:

By e-mail at: privacy@verisk.com

In writing at:
Insurance Services Office, Inc.
Attention: Chief Privacy Officer
545 Washington Boulevard
Jersey City, NJ 07310-1686
USA

If you are located in the European Union (“EU”) and have any questions or comments about this Notice, any issue relating to your personal data, or if you would like us to update your preferences, you may contact our EU representative.

Please include your name and the name of the business (Insurance Services Office, Inc.) to which your request refers.

By e-mail at: privacy@verisk.com
Verisk – Insurance Solutions
Level 1, Unit 1A
3 Custom House Plaza
Harbour Master Place
I.F.S.C.
Dublin 1 Ireland

If you are located in the United Kingdom (“UK”) and have any questions or comments about this Notice, any issue relating to your personal data, or if you would like us to update your preferences, you may contact our UK representative.

Please include your name and the name of the business (Insurance Services Office, Inc.) to which your request refers.

By email at: privacy@verisk.com

In writing at:
Verisk Limited
Attention: Privacy Inquiries
2nd Floor, Linea House
Harvest Crescent
Fleet, Hampshire
GU51 2UZ
United Kingdom

We may update this Notice periodically and without prior notice to you to reflect changes in our personal data practices or relevant laws. We will post the updated version and indicate at the top of the notice when it was most recently updated.