CALIFORNIA CONSUMER PRIVACY ACT DISCLOSURE
Last Updated: September 25, 2025
This California Consumer Privacy Act Notice (“Notice”) is provided pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”).
This Notice applies to personal information collected by Merchants Bonding Company (Mutual) and Merchants National Indemnity Company (collectively, “Merchants,” “we,” “us,” or “our”) about California residents (“consumers,” “you,” or “your”) in connection with providing our products and services, managing employment relationships, or operating our business. It explains what personal information we collect, how we use and disclose it, whether we sell or share it, and the rights California residents have under the CCPA.
1. Categories of Personal Information
Depending on your relationship with Merchants, we may collect the following categories of personal information, as defined under the CCPA:
- Audio, Electronic, or Visual Information: e.g., call or meeting recordings, security video.
- Biometric Information: e.g., fingerprints (employees only).
- Commercial Information: e.g., records of personal property, transaction history, account balances.
- Education Information (Non-Public): e.g., academic transcripts, education records.
- Geolocation Data: e.g., approximate location inferred from IP address.
- Identifiers: e.g., real name, alias, postal address, e-mail address, Social Security number, driver's license number.
- Internet or Network Activity: e.g., browsing data, search history.
- Other Personal Information (as defined in Cal. Civ. Code §1798.80): e.g., signature, financial data, education, medical or insurance details.
- Professional or Employment Information: e.g., work history, compensation, performance, licensing credentials, background screening results.
- Protected Classification Characteristics: e.g., age, gender, marital status.
- Sensitive Personal Information: e.g., government IDs, racial or ethnic origin, union membership, health details, account credentials
Note: Publicly available information is not considered personal information under the CCPA.
2. Sources of Personal Information
We collect personal information from the following sources:
- Directly from you
- Insurance agents and brokers
- Service providers and vendors
- Public records and government agencies
- Consumer reporting agencies and data aggregators
- Employers and professional references
- Your interactions with our websites and social media platforms
- Other insurers or parties involved in claims or litigation
3. Automated Data Collection and Cookies
We and our third-party service providers (e.g., Google Analytics) may collect data automatically when you interact with our websites through cookies and similar technologies. This may include browsing activity, device identifiers, and approximate geolocation.
You can manage your cookie preferences by using the “Manage Cookies” link on our websites or by adjusting your browser settings.
4. Purposes for Collection and Use of Personal Information
We may collect and use personal information for the following business or commercial purposes:
- Providing, underwriting, and servicing insurance products (including bonds).
- Appointing, contracting with, and managing relationships with insurance producers, including verifying licensure and authority, processing commission payments, and fulfilling regulatory reporting obligations.
- Processing applications, claims, and transactions.
- Communicating with you and responding to your inquiries.
- Detecting and preventing fraud or security incidents.
- Performing identity verification and risk assessments.
- Human resources and employment administration.
- Ensuring legal and regulatory compliance.
- Managing and improving business operations, including analytics, research, and service optimization.
- Limited marketing activities, such as customer communications or outreach, subject to your opt-out rights.
- Exercising or defending legal claims.
We do not use personal information for purposes materially different from those disclosed, unless permitted by law or with your consent.
5. Use and Disclosure of Sensitive Personal Information
We use and disclose Sensitive Personal Information only for purposes permitted by the CCPA, such as verifying identities, ensuring security, complying with law, and delivering requested services. We do not use Sensitive Personal Information to infer characteristics about individuals or for automated decision-making or profiling in furtherance of decisions that produce legal or similarly significant effects.
6. Disclosure of Personal Information to Third Parties
In the preceding 12 months, we have disclosed personal information for business purposes to the following categories of third parties:
- Service providers and contractors
- Insurance agents and brokers
- Government agencies, regulators, and courts
- Affiliated entities and subsidiaries
These disclosures may include any of the personal information categories identified in Section 1. These disclosures are made to support our operations, comply with legal obligations, or as otherwise permitted by law. These disclosures are governed by contracts requiring recipients to use personal information only for permitted purposes and to implement appropriate safeguards.
7. Sale or Sharing of Personal Information
We do not exchange personal information for monetary compensation. However, under the CCPA, certain disclosures, such as those involving analytics or targeted advertising, may be considered a “sale” or “sharing” of personal information, even if no money changes hands.
In the past 12 months, we may have sold or shared the following categories of personal information through third-party cookies or similar technologies:
- “Identifiers”
- “Commercial Information”
- “Internet or Network Activity”
- “Geolocation Data”
- “Audio, Electronic, or Visual Information”
We do not knowingly sell or share personal information of individuals under 16 years of age.
You may opt out of the sale or sharing of your personal information by:
- Broadcasting a recognized opt-out preference signal (e.g., Global Privacy Control), or
- Using the “Manage Cookies” link on our website to adjust your tracking preferences.
8. Retention of Personal Information
We retain personal information only as long as necessary for the purposes described in this Notice, including:
- To comply with legal or regulatory obligations.
- For operational or contractual requirements.
- To manage disputes or enforce agreements.
Retention periods may vary depending on the type of data and applicable laws.
9. Your Privacy Rights Under the CCPA
If you are a California resident, you have the following rights:
- Right to Know and Access: Request the categories or specific pieces of personal information we have collected, subject to verification.
- Right to Delete: Request deletion of your personal information, subject to certain legal exceptions.
- Right to Correct: Request correction of your personal information.
- Right to Opt-Out of Sale or Sharing: Direct us not to sell or share your personal information (see Section 10).
- Right to Limit Use of Sensitive Personal Information: We do not use Sensitive Personal Information in a way that triggers this right under California law.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
10. Opt-Out Preference Signals
We recognize Global Privacy Control signals. When we receive a recognized signal, we treat it as a request to opt out of the sale or sharing of personal information for that browser or device.
We honor these signals without friction, which means:
- No fees
- No change in user experience
- No banners, pop-ups, or additional steps are triggered in response to the signal.
For more details, visit www.globalprivacycontrol.org. You may also opt-out manually via the “Manage Cookies” icon on our website.
11. How to Exercise Your Rights
If you are a California resident, you may submit a request by:
We may need to verify your identity before processing a request to protect your information. Authorized agents may submit requests on your behalf by providing valid written authorization or power of attorney documentation. We respond to requests within 45 days, unless additional time is required.
12. Updates to This Notice
We may update this Notice periodically. When we do, we will revise the “Last Updated” date at the top of the page.
13. Contact Us
You may contact us with questions about this Notice or your privacy rights using the information below:
Merchants Bonding Company
Attention: Compliance Officer
P. O. Box 14498
Des Moines, IA 50306-3498
Telephone: 1-800-678-8171
Email: privacy@merchantsbonding.com