Stratus Risk Management Associates, Inc. Privacy Notice

What We Collect and How We Use the Personal Information | How We Share the Information
How We Store Your Information | Your Data Protection Rights
California Consumers: Data Subject Rights under the California Consumer Privacy Act

How to Submit a Data Subject Rights Request | How We Will Respond to Your Data Subject Rights Request | Cookies | How to Contact Us


Stratus Risk Management Associates, Inc. (“Stratus”) operates and may operate other websites. It is Stratus’ policy to respect your privacy regarding any information we may collect. This Privacy Policy sets out the principles governing Stratus’s use and protection of personal data.

This policy is effective as of January 1, 2022.

Privacy Notice Changes

This privacy policy will be reviewed and updated, if required at a minimum of every 12 months.
Stratus encourages visitors to frequently check this page for any changes to its Privacy Notice. If we make changes, we will revise the “Effective” date at the top of this statement, and we may provide additional notice such as on the Stratus website homepage, or via the email address we have on file for you.

What We Collect and How We Use the Personal Information

Stratus may collect Personal Data in the course of our normal business activities,
as detailed below.

Stratus collects, uses, stores and process Personal Data, which is data that identifies, relates to, describes, or can reasonably be associated with a particular person. For all data subjects, this can include:

  • Identifiers: Identifying information including name, postal or e-mail address, and phone or fax number, social security numbers, driver’s license numbers, biometric information.
  • Personal Information: Names, signatures, Social Security Numbers, addresses, government identification documents, financial information such as bank account, credit or debit card information, health insurance information, education information.
  • Business contact information such as job title, department and name of organization, business address, e-mail address, mobile telephone number.
  • Usernames and passwords used to access internal Stratus network resources such as our Partner Logon on web page or internal training Learning Management System.
  • Website visitor activity including IP address, the identity of the Internet service provider, the name and version of the operating system, the name and version of the browser, the date and time of the visit, the pages visited. This data may be aggregated such that the individual identities have been removed.
  • Biometric information: Genetic, physiological, behavioral, biological characteristics, activity patterns, fingerprints, eye scans, health or exercise data.
  • Geolocation information: Physical location, movements, and mobile device unique identifier.
  • Financial information including as financial account information used for payment purposes and/or information that may be contained in a consumer report, bank account information.
  • Contact information for referrals.
  • Employment information: employment history, employee number, performance appraisals, salary and benefits, healthcare information, emergency contact information.
  • Protected class information: Age, race, color, national origin, citizenship, religion or creed, marital status, disability information, sex, genetic information, military or veteran status.


Stratus’ services are not directed to persons under 13 years of age. We do not knowingly collect personal information from children under 13. If a parent or guardian becomes aware that their child has provided us with personal information without the parent’s consent, they should contact us at If we become aware that a child under 13 has provided us with personal information, we will take steps to delete the information from our records.

How We Collect Information

  • When you visit our website, we may collect information about your visit.
  • Directly from clients, contractors, sub-contractors, vendors, employees, and job applicants.
  • From third parties including contractors, sub-contractors, government agencies.

Why We Collect It

We collect personal information to conduct our business activities. Stratus collects only the minimum amount of personal data required to fulfill these activities. These activities include:

  • Executing business activities, including completing our services.
  • Conducting marketing and promotional activities, including responding to inquiries about Stratus products or services, providing offers and information (as permitted by law) about products, services, or events offered by Stratus.
  • Improving the functionality, security, and usability of Stratus’ website.
  • Security, including monitoring log-in portals for access, validating identity, and preventing fraud.
  • Fulfilling a legal or contractual obligation.
  • Managing employee relationships, including the administration of benefits.
  • Processing job applications, including background investigations.
  • Validating identity for security to allow access to Stratus premises and job sites.
  • Complying with applicable laws or regulations.

Stratus will not use the personal data it collects for purposes other than those described above without notifying data subjects identified by the data.

How we share the information

We use the information you have given us in order to conduct business activities.

Information Sharing

Stratus may share this information with:

  • Other entities controlled by or under common control with Stratus, including all affiliated entities using the STRATUS® mark
  • Vendors
  • Service providers
  • Contractors or sub-contractors
  • Federal, state, and local governments

For the purposes of:

  • Fulfilling Stratus’ commercial, contractual, legal, and regulatory obligations.
  • Responding to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements.
  • Investigating illegal activities, suspected fraud, or as otherwise required by law or regulation. Centralizing Stratus’ administrative, IT maintenance, and IT security practices.
  • Providing information about Stratus products, services, or events.
  • Any third-party that receives personal information from Stratus may only process the information in accordance with applicable data processing agreements or contracts terms which require the third-party to protect the data and process it in a manner consistent with applicable privacy laws, regulations and Stratus’ policies and practices.

Third-Party Links

Stratus’ websites may provide links to other third-party websites that are outside of Stratus’ control and not covered by this Privacy Policy. Stratus is not responsible for the availability, content, or accuracy of third-party policies, nor is it responsible for the privacy practices of other websites, products, services, or goods that may be linked to Stratus’ websites. Stratus encourages all users of its websites to review the privacy policies posted on these (and all) sites.

How We Store Your Information

Stratus takes the responsibility of keeping your information secure.


The security measures Stratus uses vary based on the sensitivity of the personal information we collect, process, and store, and the current state of technology. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security measures.


Stratus retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law.

If you have consented to the processing of your Personal Data (“opt-in”), Stratus will retain and process your Personal Data until you withdraw your consent (“opt-out”), unless the Personal Data must be kept for administrative, legal, or regulatory purposes, as for the management of the right to object.

If Stratus has not received your opt-in, Stratus will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed.


Data is securely destroyed or disposed once it is no longer necessary to retain the data.


Stratus has in place security policies that are intended to ensure the security and integrity of all Personal Data. Stratus has appropriate technical and organizational measures in place to protect against unauthorized or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Stratus. If Stratus forwards Personal Data to any third party, Stratus requires that those third parties have appropriate technical and organizational measures in place to comply with this Privacy Policy and applicable laws.

Your data protection rights

You have certain rights for the collection, use, or dissemination of your personal data.

Your Individual Data Subject Rights

Right to request access to data
You have the right to ask for copies of your Personal Data.

Right to correction
You have the right to request correction of your Personal Data.

Right to deletion
You have the right to request that we delete your Personal Data.

Right to opt-out of communications
You have the right to opt-out from marketing communications. We provide an unsubscribe link in certain marketing communications. You may also request to opt-out of marketing communications via the data subject rights request process.

California Consumers: Data Subject Rights under the California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act of 2018 provides California consumers (California residents) with specific rights regarding their personal information. If you are a California resident, you have the rights under data protection law which are explained here.

How to Submit a Data Subject Rights Request:

You may exercise your data subject rights using any of the following methods:


Calling our toll-free number at 877-206-0405

We will verify your identity prior to completing these requests. Please provide sufficient information in your request for us to be able to reasonably locate our records about you and what actions you are requesting we take with regards to your data.

How we will respond to your data subject rights request.

Stratus will respond as described below.

Stratus will deliver the required information within 30 days of a verifiable request, and you will receive notification if Stratus will need an additional 30 days to respond.

Stratus will provide response to requests for access to data in a written, readily usable format for data portability and free of charge to the consumer after Stratus receives a valid request.

You will receive your requested information either by your account, electronically, or via mail.

Stratus will not provide you with specific pieces of personal information if the disclosure would create a substantial, articulable, and reasonable risk to the security of the personal information, your account with the business, or the security of Stratus’s systems or networks.

Stratus will notify you when data has been deleted.

There may be circumstances where Stratus must deny your verified request because of a conflict with state law, federal law, or an exception to applicable privacy laws. If Stratus must deny a request accordingly, you will be informed and given the basis for the denial. If the request is denied only in part, Stratus will disclose the other information sought by you.


We use cookies to ensure that we give you the best experience on our website. By interacting with our website, you agree to our use of cookies as described in our Privacy Policy.

A “cookie” is a text-only string of data Stratus sends to the cookie file of the browser on a website visitor’s computer hard disk using Stratus’ web server. Cookies allow us to identify your device as you navigate through our publicly accessible website. We also use them to recognize return visitors to the Stratus website. This helps to make navigating and interacting with the Stratus website more efficient, easy, and meaningful.

Stratus uses both session and persistent cookies. Session cookies are cookies that disappear from your computer or browser when you turn off your computer. Persistent cookies stay on your computers even after you have turned it off. You can turn off your web browser’s ability to accept cookies. But if you do that, certain parts of the Stratus website may not work as well for you.

The majority of web browsers accept cookies and similar files, but a visitor can usually change the browser settings to prevent this. However, by doing so, some functionality of the website may be lost. Please visit to learn more about cookies and how to control them. We rely on your consent, to the extent required by law, to use non-required cookies that may contain your Personal Data. If you do not want to have cookies placed on your device, you should set your browser to refuse cookies before accessing our website. Please review your browser’s Help menu for instructions, or visit for more information on disabling and deleting cookies. Please note that, if you turn cookies off, some features of our website may not function properly.

How to contact us

If you have any concerns or questions about anything in this Privacy Notice, please get in touch with us.

This website is owned and operated by Stratus Risk Management Associates. We are registered in the State of New York

Chief Privacy Officer contact information:

You can also contact us:

By telephone toll-free, at 877-206-0405

CCPA Compliant