About Us and Scope

Our privacy policy, found below this brief overview, applies to everyone who uses our websites, mobile applications and various other related platforms. Our goal is to make it clear and easy to read so that you know how we collect, use, and share your information and what rights you have with respect to your information.

Contact Us

For any questions regarding the privacy policy, how to exercise your rights, or to inquire about our collection, use, disclosure, and processing of your Personal Data, you may contact us at the address below, via e-mail at IoT_EventsManagement@hsb.com, or by phone:

The Hartford Steam Boiler Inspection and Insurance Company Attn: Monitoring and Support Center
595 E Swedesford Road
Wayne, PA 19807

Telephone: 1-844-468-1866

Data We Collect and How We Use It

We collect your information in a few ways. Some information you give to us because you want to learn more about our products and services or when you are completing your registration for an IoT program. Some information we get from you because of our use of cookies and similar technologies. No matter what we collect from you, it will be collected, used and shared only in the ways and for the purposes described in our privacy policy.

Use of Cookies

We use cookies. Some cookies stay on your device when you leave our Site(s) and some cookies are deleted when you leave our Site(s). Generally, we use cookies to improve our Site(s) for you and others. You can modify your browser settings in several ways in order to manage cookies to your liking. Depending on your settings, however, some changes may keep you from getting the most out of your use of our Site(s).

Server Log Files

Server Log Files tell us about the traffic to our Site(s) and Services – traffic from people like you browsing our Site(s) and using our Services, but also potential hackers. We may look at these files if we think someone is using our Site(s) or Services fraudulently or illegally.

Web Analytics and Other Technologies

Like cookies, we use web analytics tools to improve our Site(s) and Services for you and others. If you want to manage cookies from these web analytics tools, please click on the link provided in the privacy policy below.

IoT Sensors and Equipment

Data that is collected by the IoT sensors and other equipment is about your premises (for example, the temperature and the humidity where the sensors are installed) and does not include data that can identify you.

Sharing Your Personal Data

The information that we collect from you may be used or shared for the reasons indicated here: to perform a contract or for some other business or commercial purpose; for our legitimate business interests; with your consent; or as may be permitted by law or required to comply with our legal obligation(s).

Transmitting Your Personal Data Externally

Please be aware that data collected through the Site(s) and Services may be transferred to, stored in, or processed in the United States or other countries, where our servers are located and our database is operated, or where our affiliates’ or third-party service providers’ offices, servers, or databases are located. Our service providers are bound by contracts including restrictions on what they can do with the information we provide and security measures that they need to have and maintain to keep your information from use or access by others that are not authorized to use it or access it.

Security

We take the security of your personal data seriously. We have appropriate security safeguards and procedures in place to protect your Personal Data. If you have reason to believe that your information is no longer secure, please contact us immediately.

Retention of Your Personal Data

We only keep your information for as long as it is necessary to complete the purpose(s) for which you gave it to us or to comply with applicable laws and contractual obligations. This time period may vary based on the circumstances.

Your Rights

You may have certain rights under the data privacy laws applicable to you. We have listed these rights in more detail in the privacy policy below. We’ve also provided information about how to opt out of certain communications from us. If you would like to exercise any of your rights, please contact us.

California Residents: Your Privacy Rights

Under the California Consumer Privacy Act of 2018 (“CCPA”), California residents have certain rights with respect to HSB’s collection, use, and sharing of their Personal Data. The privacy policy provides a detailed explanation of those rights and how to contact HSB with any questions you may have.

PRIVACY POLICY
This privacy policy was last revised on October 08, 2021

ABOUT US AND SCOPE

The Hartford Steam Boiler Inspection and Insurance Company and its affiliates and subsidiaries (“HSB”, “we”, “us”, or “our”) are committed to protecting the privacy of your personal data and personal information (collectively in this privacy policy, “Personal Data”). This privacy policy applies to the websites located at *iot.hsb.com and *.meshify*.com, any related mobile applications, websites, and digital portals, and the monitoring (“IoT”) services provided by HSB through the foregoing (individually and collectively, the “Sites and Services”), and explains our policies and practices concerning the collection, use, disclosure, and processing of your Personal Data collected through the Sites and Services and by other related means (for example, through e-mail, phone calls and other communications).

By using the Sites and Services, you accept and consent to this privacy policy without limitation or qualification. Your use of the Sites and Services is subject to the Terms of Use available at *iot.hsb.com and *.meshify*.com and other agreements you may have entered into with HSB regarding your use of the Sites and Services.

PERSONAL DATA WE COLLECT AND HOW WE USE IT

We collect data, including Personal Data, when you visit or use the Sites and Services. We collect certain data automatically in addition to the data that you voluntarily provide to us.

Personal Data Collected Automatically

When you access the Sites and Services, we use automatic data collection technologies to collect your IP address, browser information (such as type, version, location and carrier), operating systems information, referral URL information, network information, your location, login dates and times, language preferences, and information about how and when you use the Sites and Services (such as page visits and views, link clicks, etc.). We collect this data through cookies, server logs, and other technologies, such as web analytics tools, and IoT sensors and other equipment.

Use of cookies

While you are online, your computer saves “cookies.” A “cookie” is a small file, typically made up of letters and numbers, that is saved to your device or your browser’s memory. Cookies contain information about your visit to the Sites and Services and serve to make our Sites and Services more user-friendly, effective, and secure.

Some of the cookies that we use are “session cookies,” which are automatically deleted as soon as you leave the Sites and Services. Other cookies, such as “persistent cookies”, remain on your device until you delete them, which allows us to recognize your browser the next time you visit. Cookies that remain on your device may also allow your browser to load previously viewed pages faster.

Cookies allow us to improve the usefulness of our Sites and Services and help us provide the best possible experience. These cookies do not reveal your specific identity (e.g., your name), but may include information related to your device or location (e.g., your IP address). We perform statistical analyses of the use of the Sites and Services (e.g., tracking the number of times users visit the Sites and Services, tracking the number of visitors to our Sites and Services, analyzing users’ interactions with our Sites and Services), and do not identify you personally in such analyses.

You can change your browser settings so that you are notified when cookies are being used. You can also change your browser settings to allow cookies only once, refuse them completely or refuse them just in certain cases. You may also activate the automatic deletion of cookies when you close your browser. Deactivating cookies may restrict the Sites and Services functionality and impact or impair your experience on the Sites and Services.

Server Log Files

Log data that your browser and/or mobile application sends to us is collected automatically and saved in server logs, verbose logging files or log tables (“Log Files”). The Log Files contain:

o Browser type, version, location and carrier
o Operating system and/or platform information
o Referrer URL (the URL that the user comes from)
o Host name (network name) of the accessing computer and network type o User ID and/or email address
o Mobile device ID and model (if applicable)
o Dates and time when the Sites and Services are accessed
o Pages visited and viewed visited and viewed
o Geolocation information (if location services are turned on)

Web analytics tools and other technologies

We use web analytics tools and applications, such as Pendo, Google Analytics (the Universal Analytics library), and/or Adobe Analytics, to collect data so that we may better understand our traffic and make the Sites and Services more user-friendly, efficient, and secure. Data collected automatically includes, IP addresses, user group and preference information, browser types, carrier and location, referring pages, pagesvisitedandviewed,linkclicks,logindateandtimespentonaparticularSitesandServices. Pendo, Google Analytics, and/or Adobe Analytics may place and use cookies to collect and report data on your visit and use of the Sites and Services. For information about Pendo, please see the Pendo Data Privacy page here: https://www.pendo.io/data-privacy-security/; For more information about Adobe Analytics and how to opt-out from specific Adobe Analytics cookies, please visit: https://www.adobe.com/privacy/opt-out.html. More information about Google Analytics and how to opt-out from specific Google Analytics cookies is available here: https://support.google.com/analytics/answer/6004245?hl=en .

Data collected by IoT sensors

The Sites and Services interoperate with IoT sensors or other equipment installed at your premises that collect data about the environment or equipment located at your premises. Generally, this data is not Personal Data as it is about your premises (for example, the temperature and the humidity where the sensors are installed) and is not identifiable to an individual. To the extent any such IoT sensor or other equipment data is Personal Data, we will process such Personal Data in accordance with this privacy policy and applicable law.

Data collected through your registration for an IoT program

In order to participate in an IoT program, you may be required to register through the Sites and Services. During your participation in an IoT program, we may send you alerts or notifications when the IoT sensors or other equipment located at your premises sense certain conditions. For all such alerts or notifications, we may contact you by e-mail, manual or automated phone calls or SMS messages (including short code SMS messages), messages displayed on or through the Sites or Services (e.g. push notifications), or other methods to provide you information in connection with the Sites and Services. TO THE EXTENT THE PERSONAL DATA THAT YOU PROVIDE TO US INCLUDES ONE OR MORE MEANS OF COMMUNICATION SUCH AS WIRELESS PHONE LINES OR DEVICES, RESIDENTIAL LAND LINES, OR EMAIL ADDRESS(ES), YOUR PROVISION OF SUCH PERSONAL DATA AND ACCEPTANCE OF THIS PRIVACY POLICY REPRESENTS YOUR CONSENT AND PERMISSION THAT WE MAY CONTACT YOU BY SUCH AFOREMENTIONED MEANS. YOU MAY REVOKE THIS CONSENT AT ANY TIME BY USING THE CONTACT INFORMATION SET FORTH BELOW IN THE SECTION ENTITLED: “OUR CONTACT INFORMATION” OR, IN THE CASE OF SMS MESSAGES (INCLUDING SHORT CODE SMS MESSAGES), USING THE KEYWORD “STOP”. YOU MAY ALSO REQUEST ASSISTANCE BY USING THE CONTACT INFORMATION SET FORTH BELOW IN THE SECTION ENTITLED: “OUR CONTACT INFORMATION” OR, IN THE CASE OF SMS MESSAGES (INCLUDING SHORT CODE SMS MESSAGES), USING THE KEYWORD “HELP”. PLEASE NOTE: MESSAGE AND DATA RATES MAY APPLY. Your wireless provider may charge you in connection with receipt of incoming SMS messages and calls or data usage in connection with your participation in the IoT program and your use of the Sites and Services.

Personal Data That You Provide Voluntarily

Our relationship with you (including the Site(s) and Services that you use and any other products and/or services you request) will dictate the types of Personal Data that we collect from you and our uses of such Personal Data. For example, we collect and use different Personal Data according to whether you are an insured policyholder, a claimant, a customer to whom we provide inspection or other services (including, but not limited to IoT services), a passive visitor of our Site(s), or otherwise.

Where you provide Personal Data to us about other individuals (for example, where you are a customer to whom we provide services and you provide us with Personal Data about your employees or your own customers), we will also collect, use, and disclose their Personal Data (if any) as set out in this privacy policy. You must be authorized by such individual(s) to provide us with their Personal Data and it is your responsibility to refer such individuals to this privacy policy before providing us with Personal Data on their behalf.

Personal Data that you provide us

Personal Data that you may provide to us may include the following:

  • –  Contact information, such as: first and last name, title, company name, e-mail address, phone number, location and postal address.
  • –  Authentication and access information, such as: username, password and related security information.
  • –  Policy and claim information (including materials submitted as part of a claim).
  • –  Feedback, inquiries and/or other communications about the Sites and Services and our products and services.
  • –  Your preferences, such as: language, date format, notification method, postal code, and time zone. Collecting, Using, and Processing Your Personal Data We process your Personal Data (including Personal Data collected automatically) in accordance with this privacy policy and applicable laws for the following purposes:
  • –  To enter into or perform our contracts or for other business or commercial purposes: For example, we use your Personal Data to provide quotes; investigate claims; fulfill orders for products and/or services; communicate with you; respond to customer service requests; facilitate use of the Sites and Services, etc.; sending of alerts and notifications to you when the IoT sensors or other equipment sense certain conditions at your premises; and to provide the Sites and Services and other products and services to you.
  • –  To send you marketing or promotional material with your consent: You may withdraw your consent in these circumstances by opting out of such communications; provided, however, that it will not affect data processed prior to such withdrawal.
  • –  To support our legitimate business interests: For example, we use your Personal Data to improve our Sites and Services, our internal operations, our security efforts, and our products and services or for testing, research, analysis or product development.
  • –  As otherwise permitted or required by law or where required to comply with one or more of our legal obligations: For example, we may process your personal data for the establishment, exercise or defense of legal claims. You may provide your consent to the processing of your Personal Data either orally, electronically or in writing. The form of consent we seek, including whether it is express or implied, will largely depend on the sensitivity of the Personal Data and the reasonable expectations you have in the circumstances. Personal Data does not include information that has been aggregated or anonymized so that individuals cannot be re-identified by a third party (“Anonymized Data”). We may use Anonymized Data for the non- exhaustive purposes of improving our business operations, products, Sites, or Services or for any other purpose we deem reasonable or appropriate. We reserve the right to provide Anonymized Data to third

parties for any purpose, including but not limited to, the purpose of evaluating and improving the Sites and Services.

SHARING YOUR PERSONAL DATA

We will keep your Personal Data confidential and only share it with others in furtherance of one or more of the purposes above.

Internal Sharing

We share your Personal Data, on a confidential basis, with those departments and personnel who are responsible for the applicable use and/or processing activity and who certify that they will comply with corporate policies implemented and maintained to keep your Personal Data confidential.

Sharing With Third Parties

We may share your Personal Data with: (a) our parent, Munich Re (and its subsidiaries), for the same purposes and on the same bases set out in this privacy policy; and, (b) third party service providers to perform the functions they carry out on our behalf and who are bound by contractual agreements that include appropriate privacy standards. A list of the categories of third-party service providers to whom your data may be transferred is provided below:

  • –  any agent or representative acting for you;
  • –  our and/or your insurers or reinsurers;
  • –  third parties in the insurance distribution chain who we rely on to administer insurance, such as brokers, insurers, and other intermediaries;
  • –  actuaries;
  • –  auditors;
  • –  law firms and other advisors;
  • –  credit referencing, debt collection and fraud and prevention agencies;
  • –  marketing service providers;
  • –  IoT equipment or service providers;
  • –  IT service providers, IT maintenance providers, and cloud service and hosting providers;
  • –  regulators and other applicable governmental bodies;
  • –  selected third parties in connection with any sale, transfer, or disposal of our business; or
  • –  any other person where necessary to perform a contract with you, to protect ourselves from risk, or to anyone to who we are otherwise required or permitted by law to disclose your Personal Data. Where required or permitted by applicable law, we will report or disclose Personal Data to authorities (such as law enforcement) where we reasonably believe that the Sites and Services or our other internet presence is being used fraudulently or illegally (for example, a hacking attack on our network). TRANSMITTING YOUR PERSONAL DATA INTERNATIONALLY Please be aware that the Personal Data that we collect may be transferred to, stored in, or processed in the United States and other countries, where our servers are located and our database is operated, or where our third-party service providers servers and/or databases are located. If you are visiting the Sites

and Services from outside of the United States, please be advised that the data protection laws of the United States may not be as comprehensive as those in your country of residence and that your Personal Data is subject to the laws of the United States or of the other country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of the United States or such other country, pursuant to the laws of the United States or such other country.

You may also request more information regarding our data transfers, including transfers to service providers outside of your country, and the steps we take to safeguard your Personal Data by contacting us using the contact information set forth below.

SALE

We do not and will not sell any of the Personal Data that we collect.

THIRD PARTY SITES

For your convenience, our website may contain links (embedded or otherwise) to websites, online services, or mobile applications that are operated by third-parties (“Third Party Sites”). These Third Party Sites are operated independently from our Sites and Services. We are not responsible for the content, security or privacy policies of any such Third Party Sites. You should review the specific privacy policies of those Third Party Sites to determine how they collect, protect, store, use, and process your Personal Data.

SECURITY

We take the security of your Personal Data seriously. We have implemented appropriate physical, organizational, contractual and technological security measures and procedures appropriate to the sensitivity of the Personal Data and which are designed to protect against loss, misuse, unauthorized access, alteration, and disclosure of your Personal Data. The only employees who are granted access to your Personal Data are those with a business ‘need-to-know’ or whose duties reasonably require such Personal Data. We ensure that all affiliates and other third parties that are engaged to perform services on our behalf and are provided with Personal Data are contractually required to observe the intent of this privacy policy and our privacy practices. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us using the contact information set forth below.

RETENTION OF YOUR PERSONAL DATA

We will keep your Personal Data for as long as reasonably necessary to fulfill the purposes for which it was collected, in accordance with this privacy policy, and to comply with our legal and regulatory obligations. We have a detailed retention policy in place that governs how long we will retain your Personal Data. The exact time period of retention will depend on your relationship with us and the type of Personal Data collected, as well as applicable laws. If you would like more information regarding the periods for which your Personal Data will be stored, please contact us using the contact information set forth below.

YOUR RIGHTS

To the extent provided by law, you may have the right to:

  • –  request access to your Personal Data;
  • –  request updates or corrections to your Personal Data or challenge the accuracy or completeness of your Personal Data;
  • –  request that we delete your Personal Data;
  • –  request a disclosure of the Personal Data that we have collected from you;
  • –  request that we transfer your Personal Data;
  • –  request that we restrict access to your Personal Data;
  • –  object to our processing of your Personal Data; or
  • –  lodge a complaint with your local data privacy regulator. The rights listed above may not apply in every circumstance or to every user. You can exercise your rights or request more information about your rights by contacting us using the contact information below. If we require further information from you to process your request or verify your identity, one of our staff will contact you. Verification of your identity may be through various means, including but not limited to verification against our own records, through use of a password protected account that you maintain with us, or by other means we deem appropriate given the nature of the request and the Personal Data involved. In any case, we will attempt to respond to each of your requests not later than thirty (30) days after receipt of such requests or in such other timeframe as may be specified by applicable law. We will advise you in writing if we cannot meet your requests within this time limit. Please note that there may be certain circumstances where we cannot comply with your request; such as where complying with it would mean that we couldn’t comply with our own legal or regulatory requirements or an exemption under applicable law applies to the specific circumstances. In these instances, we will let you know why we cannot comply with your request. In some circumstances, complying with your request may result in your insurance policy or inspection or other related services contract (e.g., the Sites and Services, including IoT services) being cancelled or your claim being discontinued where we can no longer provide you with the relevant service. We will inform you of this at the time you make such a request. How to ‘opt out’ from marketing You have control over the extent to which we market to you and can request that we stop sending you marketing messages at any time. You can do this by either clicking on the “unsubscribe” button in any marketing email that we send to you or by contacting us using the contact information set forth below. Please note that even if you opt out from receiving marketing communications, we may still send you service-related and administrative communications from which you cannot opt out without choosing to discontinue your use of the Sites and Services. California Residents: Your Privacy Rights Under the California Consumer Privacy Act of 2018 (“CCPA”), California residents have certain rights with respect to HSB’s collection, use, and sharing of their Personal Data. HSB collects various categories of Personal Data when you use the Site(s). A detailed description of the data HSB collects and how we use it is provided above (Section entitled – “Data we collect and how we use it”). You will find that the Section entitled “Sharing your Personal Data” describes the categories of

third parties with whom we share your Personal Data and what information may be shared under different circumstances.

We will not discriminate against you for exercising your rights under the CCPA. We will not: (i) deny goods or services to you, (ii) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, (iii) provide you a different level or quality of goods or services, or (iv) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. We do not offer financial incentives associated with our collection, use, or disclosure of your personal information.

Separate from the CCPA, California’s Shine the Light law gives California residents the right to ask companies what Personal Data they share with third parties for those third parties’ direct marketing purposes. We do not disclose your personal information to third parties for the purpose of directly marketing their goods or services to you unless you request such disclosure.

If you have any questions regarding this privacy policy or wish to submit a rights request through HSB’s Customer Solutions Center, you may contact us using the contact information provided below.

CHILDREN’S USE OF THE SITE(S)

The Sites and Services are not directed to or intended for children. We do not seek or knowingly collect Personal Data from individuals under the age of 18. If you are under the age of 18, we request that you do not access or use the Sites and Services. For more information, please visit the Federal Trade Commission’s website to learn more about the Children’s Online Privacy Protection Act (“COPPA”).

DO NOT TRACK DISCLOSURE

“Do Not Track” is a preference that you may be able to set on your browser (if supported) to opt out from online behavioral tracking. The Sites and Services do not collect personally identifiable data about you as you move across different third party websites over time in order to provide targeted advertising and, therefore, do not respond to “Do Not Track” signals.

OUR CONTACT INFORMATION

For any questions regarding this privacy policy, how to exercise your rights, make a complaint, or to inquire about our collection, use, disclosure, and processing of your Personal Data, you may contact us at the address below, via e-mail at IoT_EventsManagement@hsb.com, or by phone.

The Hartford Steam Boiler Inspection and Insurance Company
Attn: Monitoring and Support Center
595 E Swedesford Road

Wayne, PA 19807 Telephone: 1-844-468-1866

Your authorized agent may also make requests on your behalf. Please have your authorized agent contact us using the information above and to include the proper documentary evidence that demonstrates their authority to make such a request on your behalf. Such documentary evidence includes a signed permission

by you or a properly executed power of attorney. Where you have provided signed permission to the authorized agent, we may take steps to verify your identity or directly confirm with you that you have authorized the agent to make a request on your behalf.

CHANGES TO THIS PRIVACY POLICY

From time to time, we may need to make changes to this privacy policy (for example, as the result of changes to law, technologies, Site content or other developments). We will provide notice of such changes by posting them on the Sites and Services and/or contacting you. This privacy policy is current as of the “last revised” date which appears at the top of this page. You can also access this page https://hsbprod.carbon.meshify.com/api/files/public//docs/privacypolicy.pdf periodically to view the most recent version.