Skip navigation links
Customer Service
Contact Us
Summit Insurance Services
First time users must register in order to save their Quotes & Applications: Register here
Select a Category
Outfitters and Guides
Martial Arts
Activity and Social Clubs
Welcome to Relation
Insurance Services
E-mail this page  | Print this page
Phone 1-800-955-1991
Fax 1-913-327-0201
Claims 1-800-237-2917
Ask us a Question/E-mail


K&K Business Specific Privacy Notice

K&K Insurance Group, Inc. (“K&K”) is a leading provider of Sports, Leisure and Entertainment insurance products. K&K is
committed to protecting your privacy. This commitment reflects the value we place on earning and keeping the trust of our
customers, business partners, and others who share their personal information with us.

What does this Privacy Notice do?
This Privacy Notice ("Notice") explains K&K’s information processing practices. It applies to any personal information you
provide to us and any personal information we collect from other sources. This Notice is a statement of our practices and of
your rights regarding your personal information.  This is not a contractual document, and it does not create any rights or
obligations on either party, beyond those which already exist under data protection laws. 

This Notice does not apply to your use of a third-party site linked to this website.

If you have a disability and require an alternative format to this privacy notice, please email us at: so that we
may provide you with a more suitable format.

Who is responsible for your information?
Throughout this Notice, K&K refers to K&K Insurance Group, Inc., including its affiliated companies and subsidiaries (also
referred to as "we", "us", or "our").  K&K is responsible for your personal information (and the controller for the purposes of
data protection laws) that we collect from or about you.

When and how do we collect your information?

We may collect personal information in the following ways:



From Our Clients

When we perform services for our clients.

Service Requests

When you request a service from us.


When you register with or use any of our websites or applications


When you submit an application to K&K

Contact Us

If you contact us with a complaint or query.

Social Media

When you engage with us over social media


For specific information on the source for each category of personal information collected, please see the section titled
“Categories of personal information we may collected, disclose, and “sell” (as defined under applicable law” below.

What information do we collect?

In general, we may collect personal information about you that you provide to us, that we receive from third parties or that
we indirectly collect or infer about your activities or usage of our websites, apps or services.  The actual personal information
we collect about you varies depending upon the nature of the services and our interactions for you. 

Information you provide to us
When you request services, we ask that you provide accurate and necessary information that enables us to respond to your
request. When you provide personal information to us, we use it for the purposes for which it was provided to us as stated at
the point of collection or as obvious from the context of collection, for example providing an insurance quote, applying for a
position with us or creating a profile on our website or application. 

More information about the categories of personal information collected for each of our services, together with the purpose and
legal basis for collecting the information is provided below.

We will not knowingly collect any sensitive personal information unless this is required. Sensitive personal information
includes a number of types of data relating to: race or ethnic origin; political opinions; religious or other similar beliefs; trade
union membership; physical or mental health; sexual life.

If you provide us with sensitive personal information, you understand and give your explicit consent that we may collect, use
and disclose this information to appropriate third parties for the purposes described in this Notice. If you provide personal
information about other individuals such as employees or dependents, you must obtain their consent prior to your disclosure
to us.

Information we collect over Aon websites, mobile applications and social media We may ask you for personal information,
such as name and contact information, when you register for events, request services, manage accounts, access various content
and features or directly visit our websites. (For purposes of this Notice, "website" includes our mobile applications.)

In some instances, we automatically collect certain types of information when you visit our websites and through e-mails that
we may exchange. Automated technologies may include the use of web server logs to collect IP addresses, "cookies" and web
beacons. Further information about our use of cookies can be found in our Cookie Notice .

Social media.  You can engage with us through social media websites or through features such as plug-ins or applications on
our websites that integrate with social media sites. You may also choose to link your account with us to third party social media
sites. When you link your account or engage with us on or through third party social media sites, plug-ins, or applications, you
may allow us to have ongoing access to certain information from your social media account (e.g., name, e-mail address, photo,
gender, birthday, the posts or the 'likes' you make).

Content you post. If you post information when you interact with our websites through social media sites, plug-ins or other
applications, depending on your privacy settings, this information may become public on the Internet. You can control what
information you share through privacy settings available on some social media sites. For more information about how you can
customize your privacy settings and how third party social media sites handle your personal information, please refer to their
privacy help guides, privacy notices and terms of use.

Mobile devices.  If you access our websites on your mobile telephone or mobile device, we may also collect your unique
device identifier and mobile device IP address, as well as information about your device's operating system, mobile carrier and
your location information.  We may also ask you to consent to providing your mobile phone number (for example, so that we
can send you push notifications). 

Categories of personal information we may collect, disclose, and “sell” (as defined under applicable law).  
The types and categories of personal information we collect about you depends on the nature of the services we provide to you
and our interactions with you.  Additionally, we may disclose personal information to third parties and services providers for
the purposes identified below. 

In general, we do not disclose or share personal information to third parties in exchange for their monetary payment to us. 
However, certain laws including the California Consumer Privacy Act (“CCPA”) define “sale” broadly to include disclosing or
making available personal information to third parties in exchange for monetary payment or some other thing of value.  For
purposes of the CCPA, we may disclose or make available personal information in order to receive some benefit or value
(i.e., a “sale” under the CCPA). 

The categories of information we may collect, disclose and “sell” are as follows:

Categories of personal information

Specific types of personal information

Category of sources from which this personal information is obtained

Is this personal information collected?

Is this personal information disclosed for business purposes?

Is this personal information sold?

Name, contact and identifiers

Identifiers such as real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

From our Clients, Service Requests, Registration, Application, Social media, contact us page




Customer Records

Paper and electronic customer records containing personal information, such as name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

From our Clients, Service Requests, Registration, Application, Social media, contact us page




Protected Classifications

Characteristics of protected classifications under California or federal law.

From our Clients, Service Requests, Registration, Application, Social media, contact us page




Purchase history and tendencies

Commercial information including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

From our Clients, Service Requests, Registration, Application, Social media, contact us page




Biometric Information

Physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including DNA, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns  or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information





Usage data

Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.





Geolocation Data

Precise geographic location information about a particular individual or device.

From our Clients, Service Requests, Registration, Application, Social media, contact us page




Audio/Visual Data

Audio, electronic, visual, thermal, olfactory, or similar information





Employment History

Professional or employment-related information

From our Clients, Service Requests, Registration, Application, Social media, contact us page




Educational Information

Information about education-related history or background

From our Clients, Service Requests, Registration, Application, Social media, contact us page




Profiles and Inferences

Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes





“Sensitive data”

Information relating to race or ethnic origin; political opinions; religious or other similar beliefs; trade union membership; physical or mental health; sexual life.

From our Clients, Service Requests, Registration, Application, Social media, contact us page




How do we use your personal information?
The following is a summary of the purposes for which we use personal information.  More information about the personal
information collected for each of our services, together with the purpose and legal basis for collecting the information will be
provided to you below.

Performing services for our clients
We process personal information which our clients provide to us in order to perform our professional risk based advisory
services. The precise purposes for which your personal information is processed will be determined by the scope and
specification of our client engagement, and by applicable laws, regulatory guidance and professional standards.  It is the
obligation of our client to ensure that you understand that your personal information will be disclosed to contracted third
parties as necessary for risk analysis (or to service providers contracted with K&K) .

The categories of information we use to perform our services include Name and Contact identifiers, Customer Records,
Protected Classifications, Purchase History and Tendencies, Geolocation Data, Educational information, Employment history,
and Sensitive data.

Administering our client engagements
We process personal information about our clients and the individual representatives of our corporate clients in order to:

  • Perform underwriting and administrative services for our Business partners;
  • Carry out client communication, service, billing and administration;
  • Deal with client complaints;
  • Administer claims.

The categories of information we use to administer our client engagements include Name and Contact identifiers, Customer
Records, Protected Classifications, Purchase History and Tendencies, Geolocation Data, Educational information, Employment
history, and Sensitive data.

Contacting and marketing our clients and prospective clients
We process personal information about our clients and the individual representatives of our corporate clients in order to:

  • contact our clients or prospective clients in relation to current, future and proposed engagements;
  • send our clients or prospective clients newsletters, know-how, promotional material and other marketing communications;
  • invite our clients or prospective clients to events (and arrange and administer those events).

The categories of information we use to contact and market to our clients and prospective clients include Name and
Contact identifiers.

Conducting data analytics
We are an innovative business, which relies on developing sophisticated products and services by drawing on our experience
from prior engagements.  We are not concerned with an analysis of identifiable individuals, and we take steps to ensure that
your rights and the legitimacy of our activities are ensured through the use of aggregated or otherwise de-identified data.  

The categories of information we use to conduct data analytics include Name and Contact identifiers, Customer Records,
Protected Classifications, Geolocation Data, Educational information, Employment history.

If we wish to use your personal information for a purpose which is not compatible with the purpose for which it was collected
for, we will request your consent. In all cases, we balance our legal use of your personal information with your interests, rights,
and freedoms in accordance with applicable laws and regulations to make sure that your personal information is not subject to
unnecessary risk.

Legal basis
All processing (i.e. use) of your personal information is justified by a "lawful basis" for processing.    In the majority of cases,
processing will be justified on the basis that:

  • the processing is necessary for the performance of a contract to which you are a party, or to take steps (at your request) to
    enter into a contract (e.g. where we help an employer to fulfil an obligation to you under an employment contract in
    relation to the delivery of employee benefits);
  • the processing is necessary for us to comply with a relevant legal obligation (e.g. where we are required to collect certain
    information about our clients for tax or accounting purposes, or where we are required to make disclosures to courts or
    regulators); or
  • the processing is in our legitimate commercial interests, subject to your interests and fundamental rights (e.g. where we
    use personal information provided to us by our clients to deliver our services, and that processing is not necessary in relation to a contract to which you are a party).

In limited circumstances, we will use your consent as the basis for processing your personal information, for example, where we
are required to obtain your prior consent in order to send you marketing communications.

Before collecting and/or using any personal information, or criminal record data, we will establish a lawful basis which will
allow us to use that information.  This basis will typically be:

  • your explicit consent;
  • the establishment, exercise or defense by us or third parties of legal claims; or
  • a context specific exemption provided for under local laws of EU Member States and other countries implementing the
    GDPR, such as in relation to the processing of personal data for insurance purposes, or for determining benefits under an
    occupational pension scheme.

Do we collect information from children?

We do not directly provide services to children, and we do not knowingly collect personal information from children.

How long do we retain your personal information?
How long we retain your personal information depends on the purpose for which it was obtained and its nature. We will keep
your personal information for no more than the time required to fulfil the purposes described in this privacy notice unless a
longer retention period is permitted by law. We have implemented appropriate measures to ensure your personal information is
securely destroyed in a timely and consistent manner when no longer required. 

In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record
of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of
litigation relating to your personal information or dealings.

Do we disclose your personal information?

Within Aon

We may share your personal information with other Aon entities, brands, divisions, and subsidiaries to serve you, including for
the activities listed above. 

We do not rent, sell or otherwise disclose personal information with unaffiliated third parties for their own marketing use. We
do not share your personal information with third parties except in the following circumstances discussed below. 

Business Partners

We may disclose personal information to business partners who provide certain specialized services to us, or who co-operate
with us on projects.  These business partners operate as separate controllers, and are responsible for their own compliance with
data protection laws.  You should refer to their privacy notices for more information about their practices. 
Examples include:

  • Banking and finance products - credit and fraud reporting agencies, debt collection agencies, insurers, reinsurers, and
    managed fund organizations for financial planning, investment products and trustee or custodial services in which you invest
  • Insurance broking and insurance products - insurers, reinsurers, other insurance intermediaries, insurance reference
    bureaus, medical service providers, fraud detection agencies, our advisers such as loss adjusters, lawyers and accountants
    and others involved in the claims handling process

The categories of information shared with our business partners include Name and Contact identifiers, Customer Records,
Protected Classifications, Purchase History and Tendencies, Geolocation Data, Educational information, Employment history,
and Sensitive data.

Authorized Service Providers

We may disclose your information to service providers we have retained (as processors) to perform services on our behalf
(either in relation to services performed for our clients, or information which we use for its own purposes, such as marketing).
These service providers are contractually restricted from using or disclosing the information except as necessary to perform
services on our behalf or to comply with legal requirements. These activities could include any of the processing activities that
we carry out as described in the above section, ‘How we use your personal information.’

Examples include:

  • IT service providers who manage our IT and back office systems and telecommunications networks;
  • marketing automation providers;
  • contact center providers.

These third parties appropriately safeguard your data, and their activities are limited to the purposes for which your data was provided.

The categories of information shared with our authorized service providers include Name and Contact identifiers, Customer Records,
Educational information, Employment history, and Sensitive data.

                                                                  Legal Requirements and Business Transfers

We may disclose personal information (i) if we are required to do so by law, legal process, statute, rule, regulation,
or professional standard, or to respond to a subpoena, search warrant, or other legal request. (ii) in response to law enforcement
authority or other government official requests, (iii) when we believe disclosure is necessary or appropriate to prevent physical
harm or financial loss, (iv) in connection with an investigation of suspected or actual illegal activity or (v) in the event that we
are subject to a merger or acquisition to the new owner of the business, or in the event of the dissolution of our business.
Disclosure may also be required for company audits or to investigate a complaint or security threat.


Do we transfer your personal information across geographies?

We are a global organization and may transfer certain personal information across geographical borders to our, authorized
service providers or business partners in other countries working on our behalf in accordance with applicable law. Our affiliates
and third parties may be based locally or they may be overseas some of which have not been determined by the European
Commission to have an adequate level of data protection.

When we do, we use a variety of legal mechanisms to help ensure your rights and protections travel with your data:

  • we ensure transfers within are covered by agreements based on the EU Commission's standard contractual clauses,
    which contractually oblige each member to ensure that personal information receives an adequate and consistent level of
    protection wherever it resides within;
  • where we transfer your personal information outside of us or to third parties who help provide our products and services,
    we obtain contractual commitments from them to protect your personal information. Some of these assurances are well
    recognized certification schemes like the EU - US Privacy Shield for the protection of personal information transferred
    from within the EU to the United States, or the standard contractual clauses; or
  • where we receive requests for information from law enforcement or regulators, we carefully validate these requests
    before any personal information are disclosed.

Examples of countries we may transfer personal information to include, but are not limited to, the United States of America,
the United Kingdom, Ireland, Singapore, India, Canada, and the Philippines.

If you would like further information about whether your information will be disclosed to overseas recipients, please contact us
as noted below. You also have a right to contact us for more information about the safeguards we have put in place (including a
copy of relevant contractual commitments, which may be redacted for reasons of commercial confidentiality) to ensure the
adequate protection of your personal information when this is transferred as mentioned above.

Do we have security measures in place to protect your information?

The security of your personal information is important to us and we have implemented reasonable physical, technical and
administrative security standards to protect personal information from loss, misuse, alteration or destruction. We protect your
personal information against unauthorized access, use or disclosure, using security technologies and procedures, such as
encryption and limited access. Only authorized individuals access your personal information, and they receive training about
the importance of protecting personal information.

Our service providers and agents are contractually bound to maintain the confidentiality of personal information and may not use the
information for any unauthorized purpose.

What choices do you have about your personal information?
We communicate with our customers to provide direct services and updates regarding our products. If we intend to use the
contact information you provide us for marketing purposes, we will provide you with the option of whether you wish to receive
promotional email, postal mail or telephone calls.

You may choose not to receive marketing communications from us by clicking on the unsubscribe link or other instructions
contained in our marketing emails, or by completing this opt-out form.

In addition, you may have the right to “opt-out” of any sale of your personal information by us, as explained in the “Other
” section below.

How can you update your communication preferences?

We take reasonable steps to provide you with communication about your information. You can update your communication
preferences in the following ways.


If you have created a profile or account on one of our websites, you can update your contact information after you log
into your account.


If you request electronic communications, such as an e-newsletter, you will be able to unsubscribe at any time by following
the instructions included in the communication.

Mobile Devices

If you previously chose to receive push notifications on your mobile device from us but no longer wish to receive them,
you can manage your preferences either through your device or the application settings. If you no longer wish to have any
information collected by the mobile application, you may uninstall the application by using the uninstall process available on
your mobile device.


Contact us by e-mail or postal address as noted below. Please include your current contact information, the information you are
interested in accessing and your requested changes.

If we do not provide you with access, we will provide you with the reason for refusal and inform you of any exceptions relied upon.

Other rights regarding your data
Data protection laws vary among countries, with some providing more protection than others. Subject to certain exemptions,
and in some cases, particularly if you reside in a jurisdiction with applicable privacy laws, dependent upon the processing
activity we are undertaking, you have certain rights in relation to your personal information.  

Right to Access

You have right to access personal information, and the categories thereof, which we hold about you.  If you have created a profile,
you can access that information by visiting your account or making a request online or by phone (as provided below).

Right to Rectification

You have a right to request us to correct your personal information where it is inaccurate or out of date.
Right to be Forgotten (Right to Erasure)

You have the right to request under certain circumstances to have your personal information erased. Your information can only
be erased if your data is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the data.

Right to Restrict Processing

You have the right to restrict the processing of your personal information, but only where:

  • its accuracy is contested, to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend
    legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

Right to Data Portability

You have the right to data portability, which requires us to provide personal information to you or another controller in a
commonly used, machine readable format, but only where the processing of that information is based on (i) consent; or (ii) the
performance of a contract to which you are a party.

Right to Object to Processing

You have the right to object the processing of your personal information at any time, but only where that processing has our
legitimate interests as its legal basis. If you raise an objection, we have an opportunity to demonstrate that we have compelling
legitimate interests which override your rights and freedoms.


Do-Not-Sell: You have the right to opt-out of our sale of your Personal Information. Our sale of your information is limited to
third-party cookies used to track activity and deliver targeted ads. To exercise this right, you can turn off cookies as described
in our Cookie Notice.

International Transfers

As noted above, you can ask to obtain a copy of, or reference to, the safeguards under which your personal information is
transferred outside of the European Union.

If applicable, how do you exercise these rights?

You can exercise your rights by contacting us at or by calling 1-877-384-4276. Subject to legal and other
permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require
further information in order to fulfill your request.  

To verify your identity, please be prepared to offer the following information: you name, zip code, Policy Number or Claim
Number, and any other information you have previously provided to K&K.  We may ask you for additional information to
confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the
right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.  

You may also be able to designate an authorized agent to make a request regarding these rights on your behalf.  If you would
like to do so, please have your authorized agent use the contact email or number above and state within their request they are
your authorized agent.  If needed, K&K will inform the authorized agent of any additional verification data needed to process
such request at that time.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to
others, or if we are legally entitled to deal with the request in a different way.

Discrimination: If consumers exercise their rights under CCPA, businesses may not discriminate against them, such as by
denying or providing a different level or quality of goods or services or charging or suggesting that a business will charge
different prices or rates or impose penalties (unless doing so is reasonably related to the value received from the consumer
personal information).

Disclosure of Incentives: If businesses offer any financial incentives for the collection, sale or deletion of their personal
information, consumers have the rights to be notified of any financial incentives offers and their material terms, as well as the
to not be opted into such offers without prior informed opt-in consent and to be able to opt-out of such offers at any time.
Businesses may not offer unjust, unreasonable, coercive or usurious financial incentives. We do not offer any incentives at this time.

Contact Us

If you have any questions, would like further information about our privacy and information handling practices, would like to
discuss opt-outs or withdrawing consent, or would like to make a complaint about a breach of the law or this Privacy Notice,
please contact the Privacy Officer: Alternatively, you have the right to contact your local Data Protection Authority.

If you have any questions relating to this Notice, please contact us at the Aon Global Privacy Office, Aon plc, 200 E. Randolph,
Chicago, Illinois 60601 or

Changes to this Notice

We may update this Notice from time to time. When we do, we will post the current version on this site, and we will revise the
version date located at the bottom of this page.

We encourage you to periodically review this Notice so that you will be aware of our privacy practices.

This Notice was last updated on April 1, 2022.