Surance Privacy Policy
Last updated: August 11th, 2023
Surance Ltd. values your privacy. This privacy policy (“Policy”) describes how Surance Ltd. and our affiliates (together, “Surance”, “we”, “us”, “our”) processes Personal Data (as defined below) which we receive or collect in relation to your access and use of our website, surance.io (“Website”), our applications, products and services that we provide and offer (together with our Website, our “Services”), as part of our marketing practices and from our business contacts (such as representatives of customers and suppliers) and other third parties who provide us with Personal Data. Any undefined terms in this Policy, shall have the its meaning in our Terms, as provided here Terms of Service.
In the event you are a California resident and the CCPA applies to you, please see our “California Privacy Notice” here; if you are a Canadian resident and the Canadian applicable privacy laws apply to you, please see our “Surance Privacy Statement – Canada” here.
The term, “Personal Data”, as used in this Policy means information relating to an identified or identifiable natural person.
The term, “processing”, as used in this Policy means any action taken in respect of Personal Data.
We may change this Policy from time to time in order to keep you apprised of our data collection and use practices. We encourage you to regularly visit and review this Policy to stay informed of such practices.
Table of Contents
-
The Personal Data we Collect and How we use it
-
When you visit our Website (automatically collected data)
-
When you create an account to use and access our Services in the applications
-
When you interact with our social media accounts
-
When you sign up for our newsletter or to receive updates or other communications from us (including responding to surveys and questionnaires)
-
When you call us or contact us through a phone call or in writing (including for support or for submitting testimonials or other feedback)
-
When you access and use our Security Services
-
When you use our anti-phishing Services
-
When you chat with our sales bot
-
When we receive data from our Business Partners
-
When we receive payment from you
-
-
How (and with whom) we Share Personal Data
-
Cloud and Hosting Services
-
Law Enforcement or other Government Entities
-
With your Consent
-
Disputes
-
Mergers and Acquisitions
-
Affiliates
-
Additional Information on our Service Providers
-
-
How Long we Retain Personal Data
-
Your GDPR Rights
-
Transfers of Personal Data to other Countries Outside the EU or EEA
-
Your California Privacy Rights
-
Disclosure of Direct Marketing Practices (“Shine the Light”)
-
Removal of Public Information of Minors
-
-
California Do Not Track Notice
-
Personal Data of Children
-
Third Party Websites, Services & Data Collection
-
Anonymous Information
-
Our Contact Information
-
The Personal Data We Collect and How We Use It.
We collect and receive Personal Data from outside our company and affiliates, such as from users of our products and services as described in the table below. Certain Personal Data is collected automatically, while other Personal Data is provided by you voluntarily, for example, when you contact us. The description in the table may be supplemented by additional information in other parts of this Policy. For example, you may find for more information on third-parties to whom your information may be transferred in Section 2 below.
When we Collect Data | Type of Personal Data we Collect | Purposes of Processing the Data | Retention Period (How long we store the data)* | Legal Basis under the GDPR | Third Parties with Whom We Share your Personal Data** | Consequences of not Providing the Personal Data |
---|---|---|---|---|---|---|
1.1 When you visit our Website
(automatically collected data) | • Placement of cookies, including third party cookies | • Enable site functionality | Please see our Cookie Policy www.surance.io/cookie-policy | • Your consent
| • Google Analytics | • Depending on the cookie Type you may not be able to access or use the Website. |
• LAN MAC address. | • Analysis of Website activity
| • Legitimate interest (e.g. essential cookies)
| • AppsFlyer | Please see our Cookie Policy www.surance.io/cookie-policy for more information. | ||
• MAC address | • protecting the security of the Site | • GeekSquad | ||||
• IP address
| • Track user activity on the site | |||||
• Site activity (including what you click on, the date and time of your visit). | • Providing the Service | |||||
• Your devices information – TV systems, computers, phones, smart | ||||||
• Other information automatically sent by your browser and contained in HTTP Headers | ||||||
speakers, smart appliances (collectively, the “Devices”) | ||||||
• Referring URL or source (which referred you to our Website) | ||||||
• Information about your web browser and operating system |
1.2 When you create an account to use and access our Services in the applications | • Name | • To prevent fraud, misappropriation, infringements, identity thefts and any other misuse | • Performance of our contract with you or the company you represent. | For the term of our contract with you or the company you represent and 365 days thereafter. | • SalesForce | • You cannot access or use the Services. |
• Email address | of the Services and any security breaches or other potentially prohibited or illegal activities | • Your Consent | • Google Cloud | |||
• Company | • To allow you to register for the Services and to administer and process the registration, | |||||
• Title | to trouble shoot, provide support and contact you in connection with your account. | |||||
• Your Devices | • To create an account and provide our Services.
| |||||
• Yours and your network's users' IP address | ||||||
• Yours and your network's users' network name | ||||||
• Your Networks configuration | ||||||
• Your location | ||||||
• Your network's location | ||||||
• Open services on the network | ||||||
• Device Identifiers, types and configuration. | ||||||
• MAC address | ||||||
• LAN MAC address. | ||||||
• Insurance Policy ID |
1.3 When you interact with our social media accounts | • Data provided to us by the applicable third-party platform (i.e., Facebook, Twitter, etc.),
| • Develop marketing strategies. | • Your consent | • LinkedIn | • We would not be able to review or respond to your messages or posts. | |
such as your name, country |
• Improve our Services; | • Legitimate interest (e.g. essential cookies) | • Facebook | |||
• The content that you message us or post on our account, handle or page. | • Respond to any inquiries or requests regarding our Services; | • Google Analytics |
1.4 When you sign up for our newsletter or to receive updates or other communications | • Name | • Send you our surveys and questionnaires to improve our Services. | • Your consent | CBIZ (Cobra) | • We will not be able to send you communications;
| |
from us (including responding to surveys and questionnaires) | • Email address | • Send you our newsletter and other marketing communications. | • We won't be able to utilize our Services through client's answers | |||
• Company | ||||||
• The content of your survey or questionnaires
|
1.5 When you contact us through a phone call or in writing | • Full name | • Improve our customer support and communication practices. | • The performance of our contract with you (if you are a customer). | CBIZ (Cobra) | • We may not be able to provide you support or respond to your request. | |
(including for support or for submitting testimonials or other feedback) | • Email address | • Display and contact you with information that is relevant to you in the future, and to assist you with further requests for support; | • Our legitimate interest. | |||
• Phone number | • Present this information to you as part of your account history. | • Your Consent | ||||
• Information about your request or inquiry, and any other information you provide. | • Verify your identity, process your request and respond to or contact you regarding your request or inquiry;
|
1.6 When you access and use our Security Services | • Name | • Detect vulnerabilities including outdated system | • Legitimate Interest. | • Whatsapp | • You cannot access or use the Security Services. | |
• Home address (including zip code) | and software versions data which would assist keeping you cyber hygiene. | • Your Consent | • SalesForce | |||
• Telephone number | • Evaluate the security of your network, devices, and the general cyber security posture and risks of your | • Performance of our contract with you or the company you represent. | • CBIZ (Cobra) | |||
• Online accounts | network and devices in connection with your use of the products or services or insurance services provided by third parties. | • Fing | ||||
• Email | • Suggest improvements to the configuration of your network and devices to improve your cyber security posture and to reduce risk. | • Macvendors | ||||
• Cyber insurance coverage and claims. | • Suggest cyber insurance and other insurance products to you. | • Google Cloud | ||||
• MAC address | • Evaluate whether your devices, networks, or online accounts have been the subject of a cyber incident. | • Wix | ||||
• LAN MAC address. | • Assist you in responding to cyber incidents, including restoring your data. | |||||
• Insurance Policy ID. | • Assist you and your Insurance Provider in processing insurance claims. | |||||
• Your devise information (device identifiers, type and configuration) | • Monitoring the usage of our products and services to support their proper functioning and further improvement. | |||||
• IP address, network name and configuration | • To prevent fraud, misappropriation, infringements, identity thefts and any other misuse of the Services and any security breaches or other potentially prohibited or illegal activities. | |||||
• Mobile phone's network router and devices connected to the local user's network. | • Provide the Security Services; | |||||
• Your information that was subject to a cyber incident or ransomware attack. | • Analyze use of the Security Services and improve and develop the Services and other products and services. | |||||
• All activity on the Security Services’ platform. | ||||||
• Cyber incidents to which you have been subject |
1.7 When you use our anti-phishing Services | • Email input
| • Provide the Services; | • Your Consent | • Google Cloud | • You cannot access or use the Services. | |
• Email address | • Analyze use of the Services and improve and develop the Services and other products and services. | • Performance of our contract with you or the company you represent. | • CBIZ (Cobra) | |||
• Device ID
| • Legitimate Interest. | • SalesForce | ||||
• Screenshot of your Email
| • Wix | |||||
• Cofense |
1.8 when you chat with our sales bot | • Full name | • Analyze use of the Services and improve and develop the Services and other products and services. | • Performance of our contract with you or the company you represent. | • Google Cloud | • We would not be able to provide these Services. | |
• Phone number | • Provide the Services and support your use of the service; | • Legitimate Interest. | • Pepper pay | |||
• Email | • Monitor and maintain the security of the Services; | • WhatsApp
| ||||
• The full content of the WhatsApp conversation
|
1.9 When we receive data from our Business Partners | • Full name | • To contact you in connection with our Services; | • Your Consent; | • Bituach Haklai Central Cooperative Society Ltd. | • We would be unable to contact you and provide you with the Services | |
• Email address | • To provide you with our Services. | • Legitimate Interest. | • AIG | |||
• Phone number | • Ayalon | |||||
• Country | ||||||
• Policy number | ||||||
• Other information you provide about your insurance policy. |
1.9 When we receive data from our Business Partners | • Full name | • To contact you in connection with our Services; | • Your Consent; | • Bituach Haklai Central Cooperative Society Ltd. | • We would be unable to contact you and provide you with the Services | |
• Email address | • To provide you with our Services. | • Legitimate Interest. | • AIG | |||
• Phone number | • Ayalon | |||||
• Country | ||||||
• Policy number | ||||||
• Other information you provide about your insurance policy. |
*Please see Section 3 for more information on how long we retain data we collect.
**Please see Section 2 below for more information about our use of service providers. Section 2.7 provides for more information about third parties listed above.
2. How (and with whom) we Share Personal Data
In addition to any methods or third parties with whom we may share your Personal Data described above, we share Personal Data in the following manner:
2.1. Cloud and Hosting Services. We use cloud storage providers to host the Services and store all information we collect. We currently engage Google, LLC (or one of its affiliates), for such services and in addition to the third parties listed in Section 1 above, copies of all data we collect are stored on their servers.
2.2. Law Enforcement or Other Government Entities. Where required by law or government or court order, we will disclose Personal Data relating to you to the extent we believe we are required by law.
2.3. With your Consent. In the event that you have requested or have consented to the transfer of Personal Data relating to you to a third party (such as by checking a box to signify your agreement) we will transfer Personal Data to the relevant third party.
2.4. Disputes and Legal Advice. In case of any dispute or request with, by or concerning you, we may disclose Personal Data relating to you with our legal counsel, professional advisors and service providers, the relevant court or other tribunal and other third parties as needed in order to resolve the dispute, defend ourselves against any claims, or enforce our rights.
2.5. Mergers and Acquisitions. In the event that we, or a part of our business, are sold to a third party, or if we are merged with another entity, or in the event of bankruptcy or a similar event, we will transfer information about the relevant portions of our business as well as relevant customers and users and other personal data, to the purchaser or the entity with which we are merged. We may also transfer personal data to a potential acquirer, their legal counsel or service providers as part of an evaluation or due diligence review of our company in anticipation of an investment, acquisition or merger, though such transfers do not typically include personal data and are subject to obligations of confidentiality.
2.6. Affiliates and Business Partners. We share personal data with our affiliates, who assist us in processing personal data and providing our Services or with insurance companies and agencies (“Business Partners”) to provide you with our support and security Services.
2.7. Additional information on our Service Providers (listed in Section 1).
To help you understand where data about you is transferred, here is more information about the service providers listed above whom we engage to process Personal Data that we collect. Where such service providers have made available information about their data security or processing practices which we think is relevant to you, we have provided links to such information. We take no responsibility for information found on their websites, including, without limitation, whether it is accurate or up-to-date.
Please note that the listing of these service providers in this Policy is not a guarantee or undertaking that only these service providers will be used. We may change service providers or add news ones. We make commercial reasonable efforts to update this Policy to reflect these changes.
-
Facebook, Inc., provides us with analytics tools known as the Facebook Pixel, which collects information about your use of our Website. Facebook also receives this information. You can find out more about how Facebook uses Personal data at https://www.facebook.com/full_data_use_policy.
-
LinkedIn: provides us with analytics tools, which collects information about your use of our Website. You can find out more about how LinkedIn uses Personal data at https://www.linkedin.com/legal/privacy-policy
-
AppsFlyer is a provider of a mobile marketing analytics and attribution platform which we use to determine the track user interaction and analyze user behavior on our Services. For more information on how Appsflyer handles end user data, please see its Services Privacy Policy: https://www.appsflyer.com/legal/privacy-policy/ and https://www.appsflyer.com/legal/services-privacy-policy/.
-
Google LLC and its affiliates provide us with services such as Google Analytics. You can read more about Google’s policies in connection with data received from its customers at: https://privacy.google.com/businesses/compliance/.
-
Pepper Pay is a payment service platform. We provide our chat bot and sales services through Pepper Pay. You can read more about Pepper's privacy here (Hebrew): https://www.pepper.co.il/wp-content/uploads/2020/12/%D7%9E%D7%93%D7%99%D7%A0%D7%99%D7%95%D7%AA-%D7%A4%D7%A8%D7%98%D7%99%D7%95%D7%AA.pdf.
-
SalesForce is a CRM platform which supports our marketing, sales and commerce services. You can read more about SalesForce's legal policy in connection with the data received from its customers in https://www.salesforce.com/eu/company/privacy/.
-
Whatsapp is a freeware, cross-platform centralized instant messaging (IM) which provides us with communication services with our clients. You can read more about Whatsapp's policies in connection with data received from its customers at: https://www.whatsapp.com/legal/privacy-policy.
-
Wix is a provider of websites building platform. Wix provides us with chat services. You can read more about Wix's policies in connection with data received from its customers at: https://www.wix.com/about/privacy.
-
Cofense is an end-to-end email security solution we use in connection with our anti-phishing services provided to our clients. You can read more about Cofense's privacy policy in: https://cofense.com/privacy-policy/.
-
CBIZ (Cobra) is an administration tool provides us with a retiree email notification service. You can read more about CBIZ's privacy policy in: https://www.cbiz.com/privacy-policy.
-
GeekSquad provides us IT support services. GeekSquad is owned by BestBuy. You can read more about BestBuy's Privacy Policy in: https://www.bestbuy.com/site/help-topics/privacy-policy/pcmcat204400050062.c?id=pcmcat204400050062.
-
Fing provides us with network and IP scanner for WiFi security. You can read more about Fing's privacy Policy in: https://www.fing.com/fing-privacy-policy.
-
Macvendors provides us with MAC Vendors. You can read more about Macvendors's privacy Policy in: https://macvendors.com/privacy-policy.
-
Haklai Central Cooperative Society Ltd., ("BTH") is an insurance provider. We offer our services to BTH’s clients. You can read more about BTH's privacy policy in this link (Hebrew): https://www.bth.co.il/internal-product-page-%D7%9E%D7%93%D7%99%D7%A0%D7%99%D7%95%D7%AA-%D7%94%D7%A4%D7%A8%D7%98%D7%99%D7%95%D7%AA/.
-
Ayalon Insurance Company Ltd. is an insurance provider. We offer our services to Ayalon’s clients. You can read more about Ayalon's privacy policy in this link (Hebrew): https://www.ayalon-ins.co.il/about-us/privacy-and-security/.
-
American International Group, Inc. ("AIG") an insurance provider. We offer our services to AIG’s clients. You can read more about AIG's privacy policy in this link: https://www.aig.com/privacy-policy.
3. How Long We Retain Personal Data
We may store Personal Data for longer periods of time than stated in Section 1 above: (i) where we believe we are required to do so to comply with laws or in connection with legal proceedings; (ii) to resolve disputes; (iii) to enforce agreements between us and others; (iv) when the information is related to a potential or actual legal dispute.
Please note that if we receive Personal Data relating to you in multiple contexts, such as if you have separately provided information or we have another basis to use it, then we may keep such information for the longer of the periods listed in this Policy. For example, you are a customer or are a representative of a customer who has subscribe to receive our newsletter but late unsubscribes, then we will retain such information for the period listed in connection with customer or business contact information as described in this Policy, even if we remove you from the applicable email list.
4. Your GDPR Rights.
Subject to certain exceptions and exclusions, the following rights apply to individuals who are located in an EU member state or otherwise protected by the EU General Data Protection Regulation (“GDPR”), as further described below. If you are such a person, then:
-
Right of Access. You may request that we confirm to you whether or not we store Personal Data about you and to receive a copy of the Personal Data we maintain about you and information about: (a) the purposes of the processing of the Personal Data; (b) the categories of Personal Data being processed; (c) the names of the recipients or the categories of recipients to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations; (d) if possible, the period we believe we will store the Personal Data, or the criteria we use to determine that period; (e) the sources of the Personal Data, if not collected from you; and (f) whether we use automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
-
Right to Rectify. You may request that we correct any Personal Data about you that we maintain that is incorrect. Depending on the purpose for which the data is used, you may also request to complete incomplete Personal Data we maintain.
-
Right to Erasure (“Right to be Forgotten”). You may request that we erase or suppress Personal Data that relates to you in the following cases: the data is no longer needed by us; the data was collected and is used on the basis of your consent and you withdraw that consent; when you have a right to object to our use of the data (as described below under, “Right to Object”); we are not lawfully processing the data; or we are otherwise required by law to delete the data. However, there may be circumstances in which we may retain your data or we may refuse your request, for example, when we review the data to defend ourselves or make legal claims or exercise are own rights. In addition, this right may not apply to the display or access of your Personal Data outside of the European Union.
-
Right to Restrict Processing. You may request that we restrict our use or processing of your Personal Data if: you claim the Personal Data is inaccurate, during the time we investigate your claim; our processing of the Personal Data was unlawful; we no longer require the Personal Data; we processed the Personal Data for our legitimate interests and you object to this use (as you are permitted to do under Article 21(1) of the GDPR), during the time that we investigate whether our legitimate interests override your request. However, there may be circumstances in which we are legally entitled to refuse your request.
-
Right to Data Portability. You may request that we provide you with your Personal Data that we process based on your consent or to fulfill a contract with you or that we process using automated means, in a structured, commonly used and machine-readable format, and to transfer your Personal Data to another entity or have us transfer it directly to such entity.
-
Right to Object. You may, based on reasons specifically relating to you, object to our processing of your Personal Data, when: (i) the data is used for our legitimate interests and our interests in processing the data does not override your interests, rights and freedoms and we do not require use of the data for the establishment, exercise or defense of our legal claims or rights; and (ii) we use the data for direct marketing purposes or profiling for direct marketing purposes.
-
Right to Object to Automated Decision Making. You may request that you not to be subject to a decision based solely on automated processing, including profiling, when the decision produces legal effects concerning you or significantly affects you.
-
Right to Withdraw Consent. Where we process Personal Data relating to you based on your consent (such as by clicking a check box adjacent to a statement of consent), you may withdraw your consent and request that we cease using your Personal Data for the purpose for which you have your consent, or altogether, depending on the situation.
-
Right to Make a Complaint. You may file a complaint regarding our practices with the data protection authority in your place of habitual residence, place or work, or the place of the alleged infringement. For a list of data protection authorities in the European Economic Area, please see here: https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
You can exercise your rights that apply to us by contacting us by email at Privacy@surance.io. We may be permitted by law (including the GDPR and local national laws) to refuse or limit the extent to which we comply with your request. We may also require additional information in order to comply with your request, including information needed to locate the information requested or to verify your identity or the legality of your request. To the extent permitted by applicable law, we may charge an appropriate fee to comply with your request.
5. Transfers of Personal Data to other Countries outside the EU or EEA
We transfer Personal Data we receive in or from the European Union (and other locations) to the following countries outside the EU and European Economic Area. If Personal Data from the EU is transferred outside the EU to our affiliates or to third-party service providers, to countries which the European Commission has not determined to adequately protect Personal Data, we take steps to ensure that such Personal Data receives the same level of protection as if it remained within the EU. This includes entering into data transfer agreements and using the European Commission approved Standard Contractual Clauses.
-
Israel, where we and our Business Partners, Wix, Pepper Pay are located. As of the date of this Policy, the European Commission has determined that the State of Israel adequately protects Personal Data. (A list of countries which the European Commission has determined to adequately protect Personal Date can be found, as of the date of this Policy, here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en).
-
The United States, where Facebook, LinkedIn, Salesforce, AppsFlyer, Cofense, CBIZ, Wix, Macvendors and Whatsapp stores information it receives from us.
-
Canada, where Macvendors stores information they receive from us.
If you are an individual protected by the GDPR, you may contact us in order to obtain additional information regarding the basis for the transfer of Personal Data relating to you to countries outside the European Economic Area. Please note that information or copies of documents we may provide to you in connection with such requests may be limited or redacted in order to protect the rights of third parties or to comply with contractual obligations we may have (such as obligations of confidentiality).
6. Your California Privacy Rights
If you are a California resident you have the right under California law to make certain requests in connection with our use of Personal Data relating to you, as described below. To make such a request, please contact us by email at Privacy@surance.io. Please note that certain exceptions may apply.
6.1. Disclosure of Direct Marketing Practices (“Shine the Light”). Under California Civil Code Section 1798.83, one time per year you may request the following information regarding our disclosure of your Personal Data to third parties for their direct marketing purposes: a list of the categories of the personal information disclosed to such parties during the preceding calendar year, the names and addresses of such third parties, and if the nature of the parties’ businesses is not clear from their names, examples of the products or services marketed by such third parties. This right only applies if our relationship is primarily for your personal, family or household purposes and related to the purchase of our products and services.
6.2. Removal of Public Information of Minors. If you are under the age of 18 and have an account with us, under California Business and Professions Code Section 22581, you may request the removal of content or information you have publicly posted on our services that is identified with you or your account. Please be aware that certain exceptions may apply and we may not be able to completely remove all such information.
7. California Do Not Track Notice.
We do not track individuals’ online activities over time and across third-party web sites or online services (though we do receive information about the webpage you visited prior to access our websites, products and services such as our Website, social media accounts, and advertisement landing pages) We do permit third-parties to track individuals’ online activities on our Site and App, including Google and Facebook which provide us with the analytics and tracking services described above. We do not respond to Web browser “do not track” signals or similar mechanisms. You can find out more information about do not track signals at: http://www.allaboutdnt.com/.
8. Third Party Websites, Services & Data Collection
Our Services may contain links to other websites, products or services offered by third parties and Business Partners (“”). This Policy does not apply to data collected by or on behalf of such third parties, whose privacy practices may differ from ours and who are not under our control. We are not responsible for the actions of such third parties or their data practices. Please review the privacy policies of any such third parties before you interact with them or provide them with Personal Data.
Furthermore, we are not responsible for the accuracy of information contained on Third Party Services linked to in this Policy or from our Services. We refer to such websites for your convenience only.
9. Personal Data of Children
Our Services are not intended for, and we do not knowingly collect Personal Data from persons under the age of eighteen (18). If you believe that a person under the age of eighteen (18) has provided us with Personal Data, or if we have received the Personal Data of such person, please contact us at Privacy@surance.io.
10. Anonymous Information
We do not treat information we collect or receive which is not or cannot reasonably be connected to any particular person or which is anonymized or aggregated such that it can no longer be connected to or used to identify any particular person as “Personal Data”, even if it was originally linked to or stored with Personal Data. Such anonymous information is not subject to this Policy and we may use it for a variety of purposes, may share it with third parties or even publish it for any reason.
11. Our Contact Information
For inquiries regarding this Policy, you may contact us as follows:
Address: Deborah Hanevia
Ramat Hasharon 47430
Israel
Email: Privacy@surance.io
Date | Revisioned By | Role | Approved By | Role |
---|---|---|---|---|
August 11th, 2023 | Raz | Saar | CEO | |
July 25th, 2022 | Saar | CEO | Saar | CEO |