Gallagher Bassett We Guide. We Guard. We Go Beyond.

This disclosure discusses certain GB policies and procedures and the manner in which GB provides services that enable us to provide the added value upon which you have come to rely. If you have specific questions regarding any of GB’s policies, procedures, or any other information contained in this disclosure, please contact your account manager or visit www.gallagherbassett.com.

Data Security and Privacy

GB takes care to protect the data entrusted to us and has made a commitment to safeguard the privacy of the assets and information of our clients. This means that we collect, use and safeguard client information as we would our very own. We strive to never share client information with a third party or employee that does not have authorization and a business need to know such information. A copy of GB’s privacy policy can be found at https://www.gallagherbassett.com/privacy/.

GB employs industry standard data protection practices to aid in the prevention of theft, misappropriation and unauthorized access to electronically stored data. These measures may include, without limitation, password protections, restrictions on access, physical and electronic barriers and/or other steps as we deem necessary. We limit access to authorized users who may only obtain access through the use of a unique identifier and password. At times, GB may be required to transfer personal data to selected external third parties or business partners engaged to perform certain services. Such selected third parties will have access to personal data solely for the purposes of performing the services specified in the applicable service contract. These third parties may process personal data at the direction of GB or in the course of delivering the services for which they were retained. In either instance, GB will engage only reliable vendors who undertake, to GB’s satisfaction, to: (1) take reasonable and appropriate security measures to ensure data protection; and (2) comply with GB’s standards or an even greater level of data protection.

Document Retention

GB has adopted a records and electronic information management policy to ensure that GB does not store outdated and nonessential records, support efficient operational functioning and assure compliance with applicable business, legal, regulatory, and operational requirements. It is our policy to maintain complete, accurate, and high-quality records. Records are retained for a defined period based on their category unless longer retention is required for historical reference, contractual, legal, or regulatory requirements, or for other purposes set forth in our policy. Records that are no longer required to be retained, or which have satisfied their required period of retention, are destroyed or returned at the client’s request as described in our policy. As a general matter, GB will retain claim files for a period of ten (10) years following the date of closure of a claim, unless your agreement indicates differently, or as otherwise required by law.

Business Arrangements

As part of our comprehensive and integrated claims administration services model, GB may partner or enter into other business arrangements with selected vendors and service providers. GB generally purchases these services wholesale or at a negotiated discounted rate. We similarly expect our vendors and service providers to adhere to our high standards, including, more specifically, our Global Standards of Business Conduct, which can be found at http://www.ajg.com/about-us/global-standards/. We carefully vet these providers and utilize only those that we believe are best in class. In certain situations, GB may receive compensation from these arrangements corresponding to the services provided by GB for procurement of discounted and/or wholesale rates and for integration and management of the relationships with service providers. The prices charged to clients by GB reflect fair value for the ultimate services received by each client.

Anti-Corruption

We take a firm stance against corruption. Corruption or bribery, in any form, runs counter to GB’s values. GB is subject to, and has policies, procedures and training in place to comply with, domestic and international anti-corruption laws, including the U.S. Foreign Corrupt Practices Act, the UK Bribery Act, OFAC and the laws of other countries in which we conduct business. Among other things, these laws prohibit any GB employee from offering, giving or receiving anything of value to improperly influence such person’s judgment or otherwise assist GB in obtaining business. We expect our business partners – such as consultants, contractors, agents or other third parties working on our behalf – to abide by the same laws.

Fraud

As our reputation depends on the integrity of our actions and dealings, we are committed to the prevention and detection of fraud. GB has created controls intended to prevent, detect and mitigate the risk of fraud. Any concerns regarding fraud or financial irregularities that you notice should immediately be brought to our attention.

Questions or Suggestions

Should you have any questions regarding any of the policies listed in this Disclosure, or any other policy affecting your relationship with GB, please ask your account manager. We appreciate your continued business, and look forward to bringing increased value to your business for years to come.