Privacy Policy

Last Updated: April 30, 2026

YA Group (“YA Group”, “we”, “us”, “our”) respects the privacy of your personal information.

We are a technical consulting firm specializing in forensic engineering, building assessment, and construction consulting for clients in the insurance, legal, construction, and corporate sectors (“Services”). In the course of providing our Services, we collect, use, disclose, and otherwise process information, including personal information, relating to our clients and, in some cases, their customers, claimants, insureds, employees, representatives, or other individuals whose information is provided to us in connection with an engagement.

This Privacy Policy describes how YA Group and the affiliated companies, divisions, and business units that operate under the YA Group brand (collectively, the “YA Group,” “we,” “us,” or “our”) collect, use, disclose, and otherwise process personal information. YA Group serves as the central public-facing organization through which visitors, prospective customers, customers, and other individuals interact with our business, and it coordinates engagement with the appropriate business units that perform services within YA Group. While some business functions are managed centrally on behalf of the YA Group, personal information is shared internally only as appropriate for those functions and, for client-related data, access is limited to the relevant business units and authorized personnel. Unless we state otherwise at the time we collect personal information, this Privacy Policy applies to YA Group and the business units operating under it.

In addition, when we process personal information on behalf of a client in connection with delivering our Services, we do so subject to the terms of our contract or other written agreement with that client, which acts as the relevant controller, business, or other responsible party under applicable law. In those circumstances, our client determines the purposes and means of processing, and this Policy does not override any separate contractual terms or privacy notices that apply to that client data.

Where required by applicable law, we implement contractual and operational safeguards governing our processing of personal information on behalf of clients and limit our use of such information to providing the Services, complying with law, protecting our rights, and other permitted purposes.

Please read this Policy carefully to understand our practices regarding your personal information and your rights and choices regarding that information. This Policy may change from time to time. We will post any updates here and revise the “Last Updated” date. If we make material changes affecting how we collect, use, or disclose personal information, we will provide additional notice as required by law. Where required by law, we will obtain any required consent before applying those changes.

If you are visiting this Website from Canada or UK/EEA, please see our Canada Addendum or UK/EEA Addendum for additional relevant disclosures.

Categories of Personal Information That We Collect

“Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable individual. For California residents, this term also includes “sensitive personal information,” where relevant, as defined under applicable California law. Personal information does not include deidentified information, aggregate consumer information, or publicly available information, as those terms are defined by applicable law.

The categories of personal information we collect vary depending on how you interact with us and may include the following:

Website Visitors

We may collect the following categories of personal information from visitors to our Website:

  • Identifiers and contact information, such as your IP address, online identifiers, and, if you choose to provide them, your name, email address, telephone number, mailing address, or similar contact information.
  • Communications and inquiry information, such as the contents of forms, messages, requests, subscriptions, survey responses, or other information you submit when you contact us or otherwise interact with us online.
  • Usage or other network activity information, such as information about your interaction with our Websites, including browser type, device type, operating system, cookie and similar technology identifiers, language preferences, time-zone settings, pages viewed, links clicked, referring and exit pages, search queries, session duration, page response times, download errors, and other log and usage data.
  • Approximate geolocation information, such as general location derived from your IP address.

Prospects and Clients

We may collect the following categories of personal information from prospective clients and clients:

  • Identifiers and contact information, such as name, email address, telephone number, mailing address, and loss address;
  • Professional or employment-related information, such as company affiliation and job title;
  • Insurance, claim, and engagement-related information, such as claim number, policy number, carrier information, examiner information, adjuster information, and file number, to the extent such information identifies, relates to, describes, or can reasonably be linked with a particular individual or household;
  • Information about insureds and other claim-related individuals, such as insured name, contact information, and other personal information submitted in connection with an assignment; and
  • Communications and other information submitted to us, such as project notes and other information a client or prospective client chooses to provide, to the extent such content includes personal information.

Job Applicants and Candidates

We may collect the following categories of personal information from job applicants and candidates in connection with recruiting and the application process:

  • Identifiers and contact information, such as name, postal address, email address, telephone number, and other similar contact details.
  • Professional, educational, and background information, such as resume or CV information, employment history, qualifications, licenses, certifications, education history, references, and other information relating to candidacy.
  • Recruiting and application information, such as application materials, interview notes, assessment results, communications regarding the application process, offer details, and work authorization information.
  • Protected classification and demographic information, where collected in accordance with applicable law.
  • Sensitive personal information, where reasonably necessary and permitted by law, such as Social Security number or other government-issued identification information, citizenship or immigration information, and health, medical, disability, or accommodation information in connection with the application process.

We use this information for recruiting, evaluating candidates, communicating regarding opportunities, processing applications, verifying eligibility to work, conducting background checks or pre-employment screenings, where permitted by law, administering accommodations, complying with legal obligations, and related business and security purposes.

How We Collect Your Personal and Other Information

We collect personal information from the following categories of sources, depending on how you interact with us:

  • directly from you;
  • automatically from your device or browser when you use our Website;
  • from service providers and business partners that support our Website;
  • from publicly available sources;
  • from social media platforms, when you interact with our content, submit information through those services, or otherwise choose to make your information available to us through them; and
  • from intermediaries, advisors, referral sources, and other parties involved in onboarding, diligence, or servicing processes, where applicable

Cookies and Similar Technologies

What Are Cookies and Similar Technologies?

Cookies are small text files placed on your browser or device when you visit a website. Similar technologies include pixels, tags, embedded scripts, local storage technologies, and tools used to analyze website performance and interactions.

These technologies help websites function, remember preferences, measure traffic and engagement, support analytics, improve performance, maintain security, and, in some cases, support business development, campaign measurement, and limited advertising activities.

Categories of Cookies and Similar Technologies We Use

We and our service providers may use the following categories of cookies and similar technologies on the Website.

A. Strictly Necessary Technologies

These technologies are used to operate the Website and support core technical and business functions, such as hosting, content delivery, security, fraud prevention, consent-preference management, accessibility, and form submission functionality.

Because these technologies are necessary for the Website to function, they generally cannot be disabled through cookie preference tools, although your browser may allow you to block or delete them. If you do so, parts of the Website may not function properly.

B. Functional Technologies

These technologies help the Website remember choices and preferences, such as language settings, region, consent selections, and other settings that improve usability and Website performance.

C. Analytics and Performance Technologies

These technologies help us understand how visitors use the Website, including which pages are visited, how users navigate the Website, whether technical issues occur, and how Website content and forms perform.

We use these technologies to operate, maintain, troubleshoot, and improve the Website, better understand engagement with our content, and evaluate the effectiveness of our communications and business development activities.

D. Business Development and Advertising Technologies

We may use certain cookies and similar technologies to support measured business development activities, including understanding engagement with our Website, evaluating the effectiveness of outreach and campaigns, supporting remarketing, and delivering or measuring advertising directed to relevant professional audiences.

These activities are intended to support our professional services business and outreach to prospective clients and business contacts. They are not intended for children or for broad consumer-oriented profiling.

In some circumstances, these technologies may support targeted advertising or cross-context behavioral advertising as those terms are defined under applicable law.

Categories of Personal Information Collected Through Cookies and Similar Technologies

Depending on the technology and configuration, cookies and similar technologies on the Website may collect or receive the following categories of personal information:

  • identifiers, such as cookie identifiers, online identifiers, device identifiers, IP address, or similar identifiers;
  • internet or other electronic network activity information, such as pages viewed, links clicked, referring pages, time spent on pages, navigation paths, session activity, and interaction with Website content or forms;
  • device and browser information, such as browser type, operating system, device type, language settings, and similar technical information;
  • approximate geolocation information derived from IP address;
  • information relating to preferences, selections, and consent choices; and
  • form interaction data, such as whether a form was started, submitted, or abandoned.

Where permitted by law, information collected through cookies and similar technologies may be associated with information you provide directly through Website forms or other interactions with us.

Categories of Third Parties Involved

Depending on the circumstances, cookies and similar technologies on the Website may involve the following categories of third parties:

  • providers of hosting, content delivery, and other Website infrastructure services;
  • providers of consent management, security, and fraud prevention services;
  • analytics, performance-monitoring, and measurement providers;
  • providers of customer relationship management, intake, lead management, and communications support;
  • providers of marketing, campaign management, and business development support services; and
  • other service providers or contractors that help us operate, improve, secure, and measure the Website and related business activities.

How We Use Cookies and Similar Technologies

We use cookies and similar technologies for the following purposes:

  • to operate, maintain, secure, and improve the Website;
  • to enable Website features and functionality;
  • to remember preferences and consent choices;
  • to support contact forms, intake forms, recruiting forms, and related Website workflows;
  • to analyze Website traffic, engagement, performance, and trends;
  • to troubleshoot, test, and improve Website content, usability, and technical performance;
  • to detect and help prevent fraud, misuse, unauthorized activity, and security incidents;
  • to evaluate the effectiveness of communications, content, and business development efforts; and
  • where applicable, to support limited advertising, remarketing, targeted advertising, and related measurement activities.

Business Development Advertising, Targeted Advertising, and Sale / Sharing

We may use cookies and similar technologies, and may permit certain third parties to collect personal information from or through the Website, to support business development, advertising performance measurement, remarketing, and related outreach activities.

Depending on applicable law, some of these practices may constitute:

  • a sale or sharing of personal information; and/or
  • the use of personal information for targeted advertising.

Where required by applicable law, we provide you with the ability to opt out of these activities through our Your Privacy Choices link, as applicable, or through the other methods described in our Privacy Policy.

Where required by law, we also honor opt-out preference signals.

Website Interaction Analytics

We may use tools that help us understand how users interact with the Website, such as navigation patterns, page engagement, technical errors, and form performance. We use this information to improve Website functionality, diagnose issues, and better understand how visitors engage with our content and contact pathways.

Where required by applicable law, these technologies will be used in accordance with the consent choices you make.

Forms, File Uploads, and Related Website Functions

The Website may include contact forms, intake forms, recruiting forms, or other submission tools. Cookies and similar technologies may be used in connection with these functions for security, functionality, analytics, submission management, and related operational purposes.

Information submitted through Website forms may be routed to internal teams, intake workflows, customer relationship management systems, or service providers based on the nature of the request, service line, or location.

File uploads submitted through Website forms are handled in accordance with our internal security practices and may be subject to additional controls based on the sensitivity of the information involved. Cookies and similar technologies generally do not store the contents of uploaded files themselves, but they may collect metadata or interaction data relating to submissions, errors, or completion status.

Your Cookie and Similar Technology Choices

Depending on your location and applicable law, you may have one or more of the following choices regarding cookies and similar technologies.

  1. Cookie Preference Center: You may manage certain cookies and similar technologies through our Your Privacy Choices tool available on the Website.
  2. B. Opt-Out of Sale / Sharing / Targeted Advertising: Where applicable, you may opt out of the sale or sharing of your personal information and/or the use of your personal information for targeted advertising by using our Your Privacy Choices link.
  3. Browser Controls: Most browsers allow you to manage cookie settings, including blocking or deleting cookies. Blocking certain cookies may affect the functionality of the Website.
  4. Opt-Out Preference Signals: Where required by applicable law, we process opt-out preference signals in accordance with applicable law.

Retention

Some cookies operate only during your browser session, while others remain on your device for a longer period unless deleted earlier. The retention period depends on the purpose of the technology, operational requirements, legal obligations, and the settings established by us or the relevant third party.

For more information about our general retention practices, please see the How Long We Retain Your Personal Information section of this Policy.

How We Use Personal Information

We may use personal information for the following purposes:

  • To provide, operate, maintain, and improve our Website and Services, including administering assignments, coordinating inspections, evaluations, consultations, and related service activities;
  • To respond to requests and communicate with you, including responding to inquiries, assignment submissions, requests for proposals, and other communications submitted through our Website, by email, by phone, or otherwise;
  • To provide and manage our client relationships and Services, including onboarding clients, preparing for and performing engagements, maintaining records, facilitating communications, and providing reports, deliverables, and related support;
  • To process and evaluate assignment-related information, including information relating to claims, projects, properties, losses, insureds, adjusters, examiners, and other individuals provided in connection with an engagement;
  • To operate, maintain, secure, and improve our Website, systems, and business, including troubleshooting, analytics, testing, research, quality assurance, auditing, and evaluating usage trends and service effectiveness;
  • To personalize and improve user experience, including remembering preferences and improving Website functionality, navigation, and usability;
  • To protect our rights, personnel, property, systems, and business, including detecting, investigating, and helping prevent fraud, unauthorized access, misuse, security incidents, and other unlawful or harmful activity;
  • To comply with legal, regulatory, tax, accounting, contractual, and recordkeeping obligations, including responding to lawful requests and establishing, exercising, or defending legal claims;
  • To manage recruiting and employment-related activities, including receiving and reviewing applications, communicating with candidates, administering the hiring process, managing the working relationship, and complying with employment-related legal obligations;
  • To carry out any other purpose disclosed at the time the information is collected; and
  • To use personal information in accordance with your consent or direction, where required or permitted by law.

How We Disclose Personal Information

We may create, use, and disclose aggregated or de-identified information for any lawful purpose, provided that it does not identify an individual and we maintain measures designed to help prevent re-identification. We do not attempt to re-identify such information and require recipients to do the same where required by law.

We may disclose personal information to the following categories of recipients:

  • Service providers and contractors, such as vendors and other third parties that perform services on our behalf and help us operate our Websites, systems, business, and Services, including providers of hosting, cloud infrastructure, communications, recruiting, IT support, cybersecurity, data storage, analytics, and other business support services.
  • Professional advisers, such as lawyers, auditors, accountants, consultants, insurers, and similar advisers for legal, compliance, audit, accounting, risk management, and related business purposes.
  • Clients and other parties involved in an engagement, where reasonably necessary to provide our Services, manage assignments, communicate regarding projects, or deliver reports, analyses, or other work product.
  • Business transaction participants, including buyers, sellers, lenders, counterparties, and other participants in actual or proposed mergers, acquisitions, financings, restructurings, reorganizations, sales of assets, or similar corporate transactions, as well as their advisers and representatives.
  • Legal, regulatory, and compliance recipients, such as courts, regulators, law enforcement, tax authorities, and other governmental or supervisory authorities, or other third parties, where disclosure is required or appropriate to comply with applicable law, legal process, or regulatory obligations, or to establish, exercise, or defend legal claims.
  • Security and protection recipients, where we believe disclosure is necessary to detect, prevent, investigate, or respond to fraud, security incidents, unauthorized activity, violations of our terms or policies, or to protect the rights, property, safety, and security of the company, our personnel, our clients, or others.
  • Third parties at your direction or with your authorization, including where you request or authorize us to disclose your personal information in connection with our Services or your interactions with us.

We do not disclose personal information to other affiliated companies for their own independent marketing or business purposes. In limited circumstances, authorized personnel within affiliated entities may access personal information as necessary to provide centralized legal, compliance, administrative, or other internal support services on behalf of YA Group, subject to appropriate confidentiality and access restrictions.

We may disclose sensitive personal information only as permitted by applicable law, including where reasonably necessary and proportionate to provide our Services, administer our business, maintain security, prevent fraud, manage recruiting and employment matters, and comply with legal obligations.

Your State Privacy Rights

Depending on your state of residence and subject to applicable exceptions and limitations, you may have certain rights regarding your personal information, which may include the right to:

  • Know / Access and Confirmation. Confirm whether we process your personal information and request access to the personal information we maintain about you. For California residents, this may also include the right to request additional information about the categories of personal information we have collected, the categories of sources from which it was collected, the business or commercial purposes for collecting, using, disclosing, selling, or sharing it, and the categories of third parties to whom it is disclosed, sold, or shared.
  • Data Portability. Request a copy of certain personal information in a portable and, to the extent technically feasible, readily usable format.
  • Correction. Request that we correct inaccurate personal information we maintain about you, taking into account the nature of the personal information and the purposes of the processing.
  • Deletion. Request that we delete personal information we collected from you or maintain about you, subject to applicable legal exceptions.
  • Opt-Out of Sale / Sharing and Targeted Advertising. Request that we not sell or share your personal information, or use it for targeted advertising, where such rights are provided under applicable law.
  • Limit Use and Disclosure of Sensitive Personal Information. Request that we limit the use and disclosure of sensitive personal information, where required and available under applicable law.
  • Non-Discrimination / Non-Retaliation. Exercise your privacy rights without receiving discriminatory treatment or unlawful retaliation. We will not deny goods or services, charge different prices or rates, provide a different level or quality of services, or suggest that you may receive a different price, rate, level, or quality of goods or services because you exercised your privacy rights, except as permitted by law.

Notice of Right to Opt-Out of Sale, Sharing and Targeted Advertising. We may use cookies and similar technologies and permit certain third parties, such as analytics, advertising, and social media partners, to collect personal information from or through our Website and online services for analytics, marketing, and advertising purposes. Under certain state laws, certain of these practices may constitute a “sale” or “sharing” of personal information, as well as targeted advertising. We will honor opt-out requests and opt-out preference signals where required by applicable law.

The availability of certain rights depends on your state of residence, the nature of your relationship with us, and how we process your personal information.

Exercising Your Rights

To exercise any privacy rights available to you under applicable U.S. state privacy law, you may submit a request by emailing us or writing to us using the information in the How to Contact Us section. Please indicate the right you wish to exercise and, if known, the state law under which you are submitting the request.

We may need to verify your identity before processing your request. To do so, we may request information sufficient to confirm your identity based on the information we already maintain. If necessary, we may request additional information for verification, security, or fraud-prevention purposes. Any additional information requested for verification will be used only for that purpose, except as otherwise permitted by law.

You may designate an authorized agent to submit certain requests on your behalf where permitted by law. If you use an authorized agent, we may require proof of the agent’s authority to act on your behalf, and we may also require you to verify your identity directly with us or confirm directly with us that you authorized the agent to submit the request, as permitted by law.

We will respond to verifiable requests within the time required by applicable law. In many states, including California, we generally respond within 45 days of receipt of the request, subject to extensions permitted by law where reasonably necessary. If we need additional time, we will notify you within the period required by law and explain the reason for the extension.

If we decline to take action on your request, we will explain the basis for our decision as required by applicable law. Depending on your state of residence, you may also have the right to appeal our decision. If an appeal right applies, our notice of denial will explain how to submit an appeal and any applicable deadlines.

If we deny your appeal, and your state law provides a further right to complain to a regulator or attorney general, we will provide information about how you may do so, as required by applicable law.

Notice at Collection

Where we collect personal information directly from you, we provide or make available a notice at or before the point of collection that describes the categories of personal information collected, the purposes for which the categories of personal information are collected or used, whether the information is sold or shared, and the applicable retention period or retention criteria.

For online forms, that notice may be provided through a conspicuous link near the relevant fields or submit button. For offline collection, notice may be provided on paper forms, through signage directing individuals to where the notice can be found online, or orally when collecting information by phone or in person.

How We Protect Your Personal Information

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, acquisition, use, disclosure, alteration, destruction, and loss. These safeguards are appropriate to the nature of the personal information we process and the risks presented by our business and may include, as applicable, role-based access controls and least-privilege practices, encryption in transit, network and application security measures, vulnerability management, logging and monitoring, workforce training, incident response procedures, vendor and contractor security requirements, and data minimization and retention controls.

No method of transmitting or storing information over the internet is completely secure, and we cannot guarantee absolute security. If you communicate with us by email, text message, or other non-secure channels, you should not send highly sensitive information unless we specifically direct you to do so through an approved secure method. Please contact us if you need a secure option for transmitting sensitive information.

You also play an important role in protecting your information. If you maintain an account with us, please keep your credentials confidential, use strong passwords, and notify us promptly if you suspect unauthorized access to your account or personal information.

How Long We Retain Your Personal Information

We retain personal information only for as long as reasonably necessary and proportionate to achieve the purposes described in this Policy, or for other compatible purposes permitted by law, unless a longer period is required or permitted by applicable law. In determining retention periods, we consider the nature and sensitivity of the information, the purposes for which it was collected and used, legal and regulatory requirements, applicable limitation periods, security and fraud-prevention needs, and our business and recordkeeping obligations. When retention is no longer necessary based on the criteria described above, we delete, deidentify, aggregate, or otherwise securely dispose of the information, subject to applicable legal, operational, backup, archival, and recordkeeping requirements.

In general, we apply the following retention criteria by category:

  • Identifiers, contact information, and communications information are retained for as long as necessary to manage our relationship with you, respond to inquiries, provide Services where applicable, maintain appropriate business records, and comply with legal obligations.
  • Internet or other electronic network activity information and approximate geolocation information are retained for as long as necessary for website functionality, security, fraud prevention, analytics, troubleshooting, and related operational purposes, after which they may be deleted, aggregated, or deidentified unless a longer retention period is required for legal, compliance, or security reasons.
  • Professional, employment-related, educational, recruiting, and application information are retained for as long as necessary to evaluate candidacy, manage the recruiting process, administer the working relationship where applicable, maintain personnel and business records, and comply with legal obligations.
  • Claim, policy, engagement-related, and other client-service information are retained for as long as necessary to provide Services, manage assignments and client relationships, maintain business records, resolve disputes, protect our rights, and comply with legal, regulatory, contractual, and recordkeeping obligations.
  • Protected classification, demographic, and sensitive personal information, to the extent collected, are retained only for as long as reasonably necessary and proportionate for the permitted purposes for which the information was collected and used, including legal compliance, recruiting, employment administration, benefits, accommodations, security, fraud prevention, and recordkeeping obligations.

Where personal information is maintained in backup systems or archived media, we retain it in accordance with applicable backup, archival, legal hold, recordkeeping, and business continuity processes. Information maintained in such systems may be retained for extended periods where reasonably necessary for legal, compliance, security, dispute-resolution, audit, recordkeeping, or operational purposes. We apply appropriate access controls and safeguards to such information and limit its use to purposes that are compatible with the reason for retention or otherwise permitted by law. Information maintained only in backup or disaster-recovery systems is generally not subject to active processing and is deleted or overwritten in accordance with applicable system cycles, unless preservation is required or permitted by law.

Where we deidentify or aggregate information, we may retain and use that information in deidentified or aggregated form in accordance with applicable law. We do not attempt to reidentify deidentified information and require recipients to do the same where required by law.

We also retain records of consumer privacy requests and our responses for at least 24 months, as required by applicable law.

Children’s and Minors’ Data

Our Services are not intended for, and we do not knowingly collect any personal information from, children under the age of 18. If we learn we have collected or received personal information from a child under 18 years old without verification of parental consent, we will delete that information.

How to Contact Us

To exercise your rights or ask questions or comment about this privacy policy or our privacy practices, contact us via email at or via the Contact Us form on our Website.

Addendum for Individuals in Canada

This Canada Addendum supplements the Privacy Policy and applies to personal information of individuals in Canada to the extent applicable Canadian privacy law applies, including the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) and substantially similar provincial private-sector privacy laws, including in Alberta, British Columbia, and Quebec, where applicable.

Unless otherwise stated in this Addendum, the sections of the Privacy Policy titled:

apply to our processing of personal information in Canada.

  1. Scope and Role

Depending on the context, YA Group may process personal information in Canada as an organization acting on its own behalf, or on behalf of a client or other counterparty subject to contractual restrictions and applicable law. Where YA Group receives personal information indirectly from a client, insurer, adjuster, law firm, employer, or other representative, that party may have separate notice obligations under applicable law.

  1. Consent and Authority for Processing

Where required by applicable Canadian law, we will obtain consent for the collection, use, or disclosure of personal information, except where law permits or requires processing without consent. Depending on the circumstances and applicable law, consent may be express or implied. By providing personal information to us, or directing another person or organization to do so, you understand that we will process that information as described in the Privacy Policy and this Addendum, unless a different notice is provided.

  1. Cross-Border Processing

Personal information may be stored, processed, or accessed outside your province or territory of residence, including in the United States and other jurisdictions where YA Group, its affiliates, clients, or service providers operate. When personal information is transferred across borders, it may be subject to the laws of the destination jurisdiction and may be accessible to courts, regulators, or law enforcement in that jurisdiction. YA Group uses contractual, technical, and organizational measures designed to provide an appropriate level of protection for personal information in its custody or control.

  1. Your Rights and Choices

Subject to applicable law, you may have the right to request access to personal information, request correction of inaccurate personal information, and withdraw consent to certain processing, subject to legal or contractual restrictions and reasonable notice. You may also have the right to ask questions about our privacy practices, including cross-border processing, and to file a complaint with the Office of the Privacy Commissioner of Canada or the applicable provincial privacy regulator.

  1. Contact

Questions, requests, and complaints regarding this Canada Addendum may be directed to us using the contact details set out in the How to Contact Us section of the Privacy Policy.

Addendum for UK and EEA Individuals

This UK / EEA Addendum supplements the Privacy Policy and applies only to the extent YA Group is subject to the UK GDPR, the EU GDPR, the Swiss Federal Act on Data Protection, or other applicable data protection law with respect to personal data of individuals in the United Kingdom, European Economic Area, or Switzerland.

Unless otherwise stated in this Addendum, the sections of the Privacy Policy titled:

apply to our processing of personal data covered by this Addendum.

YA Group is a United States entity. To the extent YA Group processes personal data of individuals in the United Kingdom or European Economic Area in connection with offering goods or services to such individuals, monitoring their behavior, operating Websites, managing business relationships, recruiting, or otherwise conducting activities subject to applicable data protection law, this Addendum applies to that processing.

  1. Controller / Processor Role

Depending on the context, YA Group may act as a controller or processor with respect to personal data covered by this Addendum. For example, YA Group may act as a controller when operating its Websites, managing recruiting, administering internal business functions, communicating with individuals, providing or marketing services or managing direct business relationships. YA Group may act as a processor or similar service provider when processing personal data on behalf of a client, insurer, law firm, employer, or other counterparty. In those cases, the relevant client or counterparty may be the controller and may provide separate privacy information.

  1. Sources of Personal Data

We may collect personal data directly from you and from the other sources described in the sections of the Privacy Policy titled Categories of Personal Information That We Collect and How We Collect Your Personal and Other Information, including from employers, clients, insurers, legal representatives, adjusters, examiners, service providers, public sources, and other counterparties, where permitted by law.

  1. Purposes and Lawful Bases

We process personal data for the purposes described in the section of the Privacy Policy titled How We Use Personal Information. Depending on the circumstances, our lawful bases may include:

  • performance of a contract or taking steps at your request before entering into a contract;
  • compliance with legal obligations;
  • our legitimate interests or those of a third party, provided those interests are not overridden by your interests or fundamental rights and freedoms;
  • consent, where required or appropriate; and
  • protection of vital interests or performance of a task carried out in the public interest, where applicable.

Where we rely on legitimate interests, those interests may include operating and improving our business, Websites, and services; communicating with you; managing client, vendor, insurer, legal, employment, recruiting, and other business relationships; maintaining business records; preventing fraud; protecting the security and integrity of our systems; establishing, exercising, or defending legal claims; and complying with internal governance, audit, and compliance requirements.

Where we rely on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

  1. Special Category Data

Where YA Group processes special category data, it does so only where a valid Article 9 condition is available and, for UK processing where applicable, a relevant condition under the Data Protection Act 2018 also applies. Depending on the circumstances, this may include explicit consent, employment and social protection obligations, establishment, exercise or defense of legal claims, medical or occupational health purposes where applicable, substantial public interest, or other conditions permitted by law.

  1. International Transfers

Personal data may be transferred to and processed in countries outside the UK, EEA, or Switzerland, including the United States. Where required, YA Group uses an approved transfer mechanism, such as an adequacy decision, the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Agreement Addendum, or another lawful transfer tool, together with supplementary measures where appropriate.

  1. Your Rights

Subject to applicable law, you may have the right to request access to your personal data, rectification, erasure, restriction of processing, objection to processing, and data portability.

Where processing is based on consent, you may withdraw consent at any time. You may also have the right to object to processing based on legitimate interests and to object to direct marketing.

You may also lodge a complaint with the UK Information Commissioner’s Office, an EEA supervisory authority, or another competent regulator, as applicable.

  1. Indirect Collection Notice

Where YA Group receives personal data indirectly from a client or another source rather than directly from you, YA Group may provide additional privacy information where required by applicable law, unless an exemption applies. Where appropriate, YA Group may rely on contractual arrangements requiring the relevant client or source to provide privacy information to affected individuals.

  1. Contact Details

Questions or requests regarding this UK/EEA Addendum or our processing of personal data can be directed to us using the contact details set out in the How to Contact Us section of the Privacy Policy.