1. Overview
The Michigan Municipal Risk Management Authority (“MMRMA”) is committed to safeguarding the personal information of our website users, portal registrants, and social media participants. This Privacy Policy (“Policy”) explains how we collect, use, share, and protect your personal data across all MMRMA-managed digital platforms (collectively, the “Site”), including the website, member portal, online applications, and affiliated social media channels.
This Policy also applies to affiliated entities using MMRMA’s Site, such as Greenstone Insurance Company.
Please also review our Terms of Use Policy (https://mmrma.org/terms-of-use/), which governs your access to and use of MMRMA’s digital platforms. The Terms of Use and this Privacy Policy outline your rights and responsibilities when interacting with MMRMA’s online services.
2. What We Collect
We collect two categories of data:
Personal Information Information that identifies you individually, which may include:
- Full name
- Residential or business address
- Email address
- Telephone number
- IP address and device identifiers
- Geolocation (from mobile or browser)
Technical and Usage Data
- Browser type, operating system
- Referring URLs
- Site activity and session data
- Cookies and tracking pixels
- Analytics metadata
3. How We Use Your Information
We use collected data for the following purposes:
- To provide secure access to member-only services
- To facilitate training, claims, grant applications, and communication
- To improve site functionality and user experience
- For auditing, analytics, and cybersecurity monitoring
- To comply with legal obligations and detect malicious activity
We follow data minimization principles consistent with NIST SP 800-53 Rev. 5 and CIS Control 3: Data Protection.
4. Cybersecurity and Data Security Measures
MMRMA employs a layered security approach aligned with the NIST Cybersecurity Framework v2.0 and CIS Controls v8:
- Encryption: AES-256 for data at rest and TLS 1.3 for data in transit
- Multi-Factor Authentication (MFA): Required for portal access
- Access Controls: Role-based and least privilege model
- Monitoring: Continuous anomaly detection and endpoint protection
- Vendor Risk Management: Due diligence and contractual data handling safeguards
5. Cookies and Tracking Technologies
MMRMA uses cookies to enhance website functionality. These cookies:
- Are never used to deliver malware
- May store session preferences or analytics identifiers
- Are disclosed in accordance with Google Analytics Terms of Use
You may manage cookies via your browser settings or opt-out via the Network Advertising Initiative.
6. Third-Party Services
We use services like Google Analytics and Search Console. While we restrict their use of data to site analytics and ad performance, such third parties are governed by their own privacy policies. We do not permit these providers to use your data for independent profiling or tracking across sites.
7. Social Media
Interactions via LinkedIn or other social media platforms may transmit your public profile data (e.g., name, email, profile photo). We treat this information per this Policy but recommend reviewing each platform’s privacy settings and terms.
8. Children’s Privacy
Our Site is not intended for users under 18. We do not knowingly collect data from minors without verified parental consent and will delete such data upon notice. See the Children’s Online Privacy Protection Act (COPPA) for more information.
9. Your Rights
You may request access to, correction of, or deletion of your personal information by contacting us via:
- Email: [email protected]
- Mail: 14001 Merriman Road, Livonia, MI 48154
- Phone: 734.513.0300
We strive to respond to all legitimate requests within 30 days.
10. Indemnification and Limitation of Liability
To the maximum extent allowed by law:
- MMRMA disclaims liability for third-party breaches or data compromise resulting from user negligence.
- You agree to indemnify MMRMA, its employees, and affiliates against any claims arising from your misuse of the Site or unauthorized sharing of login credentials.
- MMRMA is not responsible for damages arising from zero-day attacks, nation-state threats, or service interruptions outside our control.
11. Do Not Track and Browser Controls
We do not track users across third-party websites. Our Site does not respond to “Do Not Track” browser signals, which is in alignment with current industry practice.
12. Policy Updates
We may revise this Policy to reflect changes in practices or legal obligations. Updates will be posted with a revised “Effective Date.” Continued use of the Site constitutes acceptance of the updated terms.
13. Contact
For privacy concerns or corrections:
- Email: [email protected]
- Mail: 14001 Merriman Road, Livonia, MI 48154
- Phone: 734.513.0300
14. Related Policies
For additional information about your responsibilities and the conditions of use governing this Site, please review our Terms of Use Policy (https://mmrma.org/terms-of-use/).
Effective Date: April 4, 2025