CCC ONE® Total Repair Platform Data Policy

Last Updated: 2022

CCC ONE® Total Repair Platform (“CCC ONE”) is a CCC Intelligent Solutions Inc. (“CCC”) hosted solution. CCC’s hosting of the product helps reduce costs in: (i) minimizing or eliminating the expenses and hassle of backups and server issues associated with non-hosted applications; (ii) providing software and data updates without end-user involvement; and (iii) facilitating the communication of real time claim information between repair facilities and insurance companies. As a hosted product, CCC ONE stores data, including repair management, estimate and appraisal data (the “data”).

CCC uses the data in the ordinary course of its business (for example, transmitting the data to insurance companies for processing claims). In that context, CCC may provide the data to third parties in de-identified, aggregated fashion. For example, CCC may aggregate various data points for industry reporting and analysis but will de-identify the data so that repair facilities and their customers cannot be identified.

Regardless of whether a repair facility consents, certain types of data related to business cost and profitability will not be shared with third parties that are consumers of repair facility services, including but not limited to insurance carriers, third party administrators and fleet operators. These types of data consist of:

(i)      projected or actual gross margin of repair;

(ii)     labor cost including employee wages, hours assigned, actual hours worked and projected or actual labor gross margin;

(iii)    actual material cost including paint/shop material units, paint/shop material cost and paint/shop material gross margin;

(iv)    repair facility internal notes;

(v)     repair facility internal events (file history); and

(vi)    images and attachments that are tagged for internal use only.

Additionally (except as it appears in the printed estimate) parts, diagnostic scan or sublet invoice information (including quantity purchased, unit cost, invoice amount, vendor discount percentage and projected or actual parts gross margin) will not be shared with consumers of repair facility services.

To protect the data from loss, misuse, or unauthorized access, disclosure, alteration, or destruction, CCC uses commercially reasonable safeguards. It is important to note that no data storage and backup process is 100% fault-free and that CCC ONE is subject to risks of third party intrusion, loss of connectivity, and data loss or corruption. CCC has taken many steps to ensure the security and availability of the data, including:

(i)     encryption of data during transmission;

(ii)    redundancy for the equipment running its hosted applications;

(iii)   physical security measures, including but not limited to use of security personnel, equipment access limitations, and background checks of employees with access to its systems;

(iv)   multiple redundant firewalls, security patches and other tools intended to protect the data from intruders; and

(v)   a network operations center that monitors the hosted environment for server issues and addresses hardware or application failures as well as any potential security threats.

Further, CCC performs the following data backup procedures:

(i)  periodic backups; and

(ii) commercially reasonable disaster recovery measures.