Privacy Policy

Last Revised: September 22, 2024

Privacy Policy for Orion Financial Services LLC

At Orion Financial Services LLC, we respect your privacy and are committed to protecting your personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website or use our services. By using our site or services, you agree to the terms outlined below.

Information We Collect

We may collect the following types of personal information:

• Personal Identifiers: Name, address, phone number, email, date of birth, Social Security number, EIN, Tax ID.
• Financial Information: Credit card details, bank account information, or other financial data.
• Health Information: If applicable, as part of underwriting or policy issuance, we may collect health-related information protected by the Health Insurance Portability and Accountability Act (HIPAA).
• Usage Data: IP address, browser type, operating system, and browsing behavior.
• Cookies and Tracking Technologies: We use cookies and other technologies to enhance user experience and gather website usage data. You can control cookies via browser settings, but disabling them may limit functionality.

Effects of Non-Disclosure of PII

Providing Personally Identifiable Information (PII) is voluntary.
However, choosing not to disclose certain personal information may impact our ability to provide you with the full range of services and products. Specifically:

• Service Limitations: We may be unable to process your insurance applications, claims, or provide ongoing support if the necessary information is not provided.
• Delayed Transactions: Non-disclosure of required PII may result in delays in processing your policy or fulfilling other requests.
• Restricted Access: Certain features on our website or digital services may not function properly without your personal information, including personalization or tailored recommendations.
• Legal Implications: In some instances, failing to provide specific personal information could prevent us from complying with legal, regulatory, or contractual obligations.

While you have the right to withhold personal information, please note that certain functions—such as underwriting or claims processing—may require your PII.
We will always specify what data is essential to fulfill these services and respect your decision regarding the non-disclosure of non-essential data. 

How We Use Your Information

We use the information collected for:

• Service Fulfillment: To process transactions, fulfill insurance policies, and provide customer support.
• Improving Our Services: To optimize the performance and content of our website.
• Marketing and Communications: To send newsletters, promotions, or updates about our services, provided you consent.
• Legal Compliance: To comply with federal and state legal obligations.
• Fraud Detection and Prevention: To protect our business, clients, and users from fraud and unauthorized activities.

Legal Basis for Processing Under U.S. Privacy Laws

In compliance with U.S. privacy laws, Orion Financial Services LLC adheres to the following state-specific regulations:

Connecticut

• Connecticut Data Privacy Act (CTDPA): Under Connecticut’s Data Privacy Act, we ensure that we protect and safeguard your personal information. Connecticut residents have the right to request access, correction, or deletion of their personal information.

South Carolina

• South Carolina Insurance Data Security Act: We comply with the South Carolina Insurance Data Security Act (SCIDSA), which requires us to safeguard sensitive customer data and to notify individuals in the event of a data breach.

Florida

• Florida Information Protection Act (FIPA): Under the Florida Information Protection Act (FIPA), we are required to take reasonable measures to protect and secure your personal information. If a data breach occurs, we will notify Florida residents within 30 days as mandated by law.

New York

• New York SHIELD Act (Stop Hacks and Improve Electronic Data Security Act): Under the New York SHIELD Act, we are required to implement reasonable administrative, technical, and physical safeguards to protect your private information. In the event of a data breach, we will notify affected individuals in accordance with state regulations, and within 90 days of identifying the breach.
• New York Insurance Law Section 500 (Cybersecurity Regulations): We adhere to the New York Department of Financial Services Cybersecurity Regulations (NYDFS Section 500), which impose cybersecurity requirements on financial institutions and insurance companies. This includes the maintenance of a comprehensive cybersecurity policy, annual risk assessments, and incident reporting to the New York Department of Financial Services (NYDFS).

Addition: Included New York SHIELD Act and New York Cybersecurity Regulations (NYDFS Section 500) as applicable laws for privacy and data protection in New York State.

HIPAA Disclosure

Certain health information collected during the insurance application or claims process is protected under the Health Insurance Portability and Accountability Act (HIPAA). We maintain the confidentiality of Protected Health Information (PHI) and will only use or disclose such information as required or permitted by HIPAA regulations. Your PHI will only be disclosed to authorized third parties for underwriting, claims processing, or legal compliance, as allowed under HIPAA rules.

You have the right to:

• Request access to your PHI.
• Request corrections or amendments to your PHI.
• Receive an accounting of certain disclosures of your PHI.

For questions regarding your health data, please contact us.

Addition: Included HIPAA Disclosure to address legal obligations regarding Protected Health Information (PHI) for insurance clients, aligning with HIPAA standards.

Data Sharing and Disclosure

We do not sell or share your personal information except in the following cases:

• Service Providers: We may share your information with third-party vendors who assist us in providing services to you (e.g., underwriting, claims processing). These vendors are obligated to protect your data.
• Business Transfers: If our company is involved in a merger, acquisition, or asset sale, your information may be transferred.
• Legal Requirements: We may disclose your information to comply with legal obligations, court orders, or government regulations.
• Fraud and Security Measures: We may share information to prevent fraud, address security issues, or enforce our agreements.

Your Rights Under U.S. Privacy Laws

Depending on the state in which you reside, you may have the following rights regarding your personal data:

Connecticut (CTDPA):

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Rectify: You can request correction of inaccurate or incomplete information.
• Right to Delete: You can request deletion of your personal data, subject to legal retention requirements.
• Right to Opt-Out: You can opt out of certain data uses, including direct marketing.

South Carolina (SCIDSA):

• Right to Data Security: Under SCIDSA, you have the right to be notified in the event of a data breach involving your personal information.

Florida (FIPA):

• Right to Data Protection: Under FIPA, Florida residents are entitled to receive prompt notification in the event of a data breach and may request details of the breach and the steps being taken to address it.

New York (SHIELD Act):

• Right to Data Security and Breach Notification: New York residents are entitled to receive notification of data breaches within 90 days of discovery, and to receive information about the measures taken to secure compromised data.

If you wish to exercise any of these rights, contact us at privacy@orionfinancialservices.com.

Addition: Added specific rights for New York residents under the SHIELD Act and New York Insurance Law.

Data Retention

We retain your personal information as long as necessary to fulfill the purposes outlined in this policy, including for compliance with legal and regulatory requirements. The retention period may also be extended to resolve disputes, enforce agreements, or address legal claims.

Children’s Privacy

Our services are not intended for children under the age of 18, and we do not knowingly collect personal information from minors. If we learn that we have inadvertently collected information from a child under 18, we will delete that information as soon as possible.

Security of Your Information

We take the security of your personal data seriously and employ industry-standard physical, administrative, and technical safeguards to protect your information. However, no method of transmission over the Internet or electronic storage is entirely secure. We strive to protect your data but cannot guarantee absolute security.

Data Breach Notification

In compliance with Connecticut, South Carolina, Florida, and New York data protection laws, if there is a breach of your personal information, we will notify you as required by state law:

• Connecticut: Notification within 90 days of discovering the breach.
• South Carolina: Notification in compliance with SCIDSA guidelines.
• Florida: Notification within 30 days of discovering the breach, per FIPA.
• New York: Notification within 90 days of discovering the breach, in compliance with the SHIELD Act.

Changes to Our Privacy Policy

We reserve the right to update this Privacy Policy at any time. Changes will be posted on this page with the revised effective date. We encourage you to review this policy periodically for updates.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

• Email: Contact Us
• Address:
  Orion Financial Services LLC,

  101 MERRITT 7

  STE 300

  NORWALK, CT 06851-1059

Change to Policy

Orion Financial Services LLC reserves the right to make changes and update this Policy at any time.
Changes to this policy will be made in order to clarify it or to comply with legal obligations. The site will display the “Last Updated” date upon any subsequent change of this policy which is also the effective date of the policy upon any change. If you continue to use our website or other services after we make a change to this policy your continued usage is considered agreement and acceptance of this policy.

If you have questions about this Privacy Notice please contact us.

This Privacy Policy is effective as of 04/01/2018