privacy-statement

California Privacy Notice

Effective Date: July 25, 2022

This California Privacy Notice (“Notice”) supplements our Privacy Policy https://www.surance.io/privacy-statement . It includes information required under California law, including Title 1.81.5 of the California Civil Code (the “California Consumer Privacy Act” or “CCPA”), and describes the rights available to you if you are a resident of the State of California.

We may update this Notice at any time and such changes will apply from the time we publish or otherwise notify you of the updated Notice.

As used in this Notice, the term “personal information” does not, unless stated otherwise, include information made publicly available from federal, state or local government records, or consumer information that is de-identified or aggregate consumer information. Any undefined but capitalized term in this Notice has the meaning given to it in the Privacy Policy.

Table of Contents

A. Our Data Practices

1. Categories of Information we Collect and Whether it is Shared

2. Sources of Personal Information

3. Purpose of Collection of Information

4. Recipients of Personal Information

5. Purpose of Sale of Personal Information

B. Your California Privacy Rights

1. Your Rights under the CCPA

2. Disclosure of Sharing for Others’ Direct Marketing Purposes (“Shine the Light”)

3. California Do not Track Notice

A. Our Data Practices

Categories of Information we Collect and With Whom it is Shared

In the last 12 months we have collected and shared the following categories of personal information for our business purposes or in a manner which may be deemed a “sale” under the CCPA:

CCPA Category of Personal Information	Description	Categories of third parties with whom personal information was shared (for our business purposes)	Categories of third parties with whom we have shared personal information in a manner which may constitute a “Sale” under the CCPA
A. Identifiers	We collect identifiers such as a real name, alias, postal address, online identifiers, unique personal identifiers	• Internet service providers, such as Wix;	• Data analytics providers, such as Google Analytics and Appsflyer which may use information they collect and analyze on our behalf for their own purposes;
	(such as case device identifiers, MAC address, LAN MAC address, IP address, cookies),	• Data analytics providers;	• Security breach and device information providers, such as Fing and Macvendors which may store the MAC addresses we query with them
	email, address, account name, telephone numbers, insurance policy ID, zip code or other similar identifiers.	• Security breach and device information providers, such as Cofense and CBIZ (Cobra).	(these cannot on their own be used to identify you).
		• IT and computer security service providers (such as GeekSquad who assist in resolving IT and security problems for our customers).

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	Personal information which can be related or associated with any particular person such as a name, description, address, telephone number, insurance	• Internet service providers;	• Payment processors, who may use such information in a manner which may constitute a “sale”
	policy number, bank account number, credit card number, debit card number, or any other related financial information that you provide, other than	• Payment processors;	under the CCPA, such as to identify fraud or for transactional purposes.
	information that is lawfully made available to the general public from federal, state, or local government records.	• IT and computer security service providers.
		• Communication service procider, such as WhatsApp.

C. Commercial information.	Commercial information including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	• IT and computer security service providers.	None
	This includes products and services you have purchased from us, from your insurer or other service providers, and information about your router, and the devices of devices connected to your network (i.e., which have been scanned).	• Internet service providers;
		• Security breach and device information providers;
		• Network security providers;

D. Internet or other similar network activity.	Internet or other similar network activity, including browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.	A. Information collected on our website:	A. information collected on our website:
	We collect such information in two ways: (A) when you visit and use our website, and (B) when we preform our services, which involves scanning your networks and devices. When we perform such scans we may receive such data, though we do not specifically search for it.	• Internet service providers;	• Data analytics providers, such as Google Analytics and Appsflyer which may use information they collect and analyze for their own purposes;
		• Data analytics providers;	B. Information collected when we perform scans: None.
		B. Information collected when we provide services:
		• Internet service providers;

E. Geolocation data.	Physical location or movements, including approximate location derived from IP address, postal address, and physical location of a network.	• Internet service providers;	• Data analytics providers, such as Google Analytics and AppsFlyer may use information they collect and analyze for their own purposes;
		• Data analytics providers;
		• IT and computer security service providers.

2. Sources of Personal Information

The categories of sources from which we collect the personal information described above are:

Third-Party insurance and cybersecurity solution providers and resellers of our services.
From our users when they access and use our website or submit information or permit us to access their networks or devices or access;
Network security service providers we or you engage and provide us information

3. Purpose of Collection of Information

Our business or commercial purposes for collecting personal information are:

To provide our products and service to you or perform our agreement with you.
For the reason you provided the information. For example, if you contact us with an inquiry and share your name and contact information, we will use that personal information to respond to your inquiry.
To provide, support, personalize, develop and improve our website, products and services.
To communicate with you about our products, services and related issues.
To allow you to register for the Services and to administer and process the registration, to trouble shoot, provide support and contact you in connection with your account.
To prevent fraud, misappropriation, infringements, identity thefts and any other misuse of the Services and any security breaches or other potentially prohibited or illegal activities.
To evaluate the quality of our products and Services, and to enhance your experience on our site/application.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.
To charge you any fees and provide you with a receipt or resolve billing issues associated with your account.

4. Recipients of Personal Information

In addition to sharing information with the categories of third parties listed in the table above, we may also, share information of any category:

Legal counsel and processional advisors, courts, tribunals, and other entities for the purpose of resolving a dispute, defending against a claim or enforcing our rights;
To an acquirer of our business or the relevant portion of our business, or in case of a merger, to the surviving company.
With law enforcement or government agencies when required to do so by applicable law or in order to prevent harm to you or any third party or the public;
When person to whom the data relates has consented or requested that we do so.

5. Sale of Personal Information

We do not sell personal information for money. However, in some cases, sharing personal information may be deemed a “sale” under the California Consumer Privacy Act. The categories of personal information we share which may be deemed a “sale” under the CCPA are listed in the table above. When we share this personal information we do so in the context of receiving services from the third parties for the purposes listed in Section 3 above. For example:

We use data analytics providers like Google Analytics and Appslfyer to collect information about our users and visitors so we can monitor and improve our website. They may use this information they receive for their own purposes.
When we transfer your credit card information to payment processors, they may use this information for their own purposes such as preventing fraud or pursuant to their agreements with other payment processors or related parties.
When we query your MAC address with third-party service providers, they may keep that MAC address as part of their records. We do not provide other information about you or your device with the MAC address.
When we transfer your email and phone number to service providers so they can provide you with our services (such as anti-phishing and Sales bot services).

You can direct us not to “sell” your personal information as such term is defined in the CCPA by clicking here. Please be aware that if you make such a request, we may not be able to provide certain of our products and services.

B. Your CALIFORNIA PRIVACY Rights

Your Rights under the CCPA

Under the California Consumer Privacy Act, you have the right to:

Request information about the categories and specific pieces of personal information that we have collected in the last 12 months.

Request that we delete personal information that we have collected from you. However, certain exceptions specified in law may apply and in such cases we are not required and may not comply with your request. This includes when we need the information in order to:
- Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall in accordance with federal law, provide a good or service requested by you or reasonably anticipated within the context of a business’ ongoing business relationship with the consumer, or otherwise perform a contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
- Debug to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code;
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the business’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent;
- Enable solely internal uses that are reasonably aligned with expectations based on our relationship with you;
- Comply with a legal obligation; or
- Otherwise use the information, internally, in a lawful manner that is compatible with the context in which you provided the information.

Request disclosure of the categories and specific pieces of personal information we collect about you, the categories of sources from which it is collected, the business or commercial purposes for which we collect personal information, and the categories of third parties with whom we share personal information, all in the last 12 months.

Request disclosure of the categories of personal information we have sold or shared about you and the categories of third parties to whom we have we sold or with whom we have shared such personal information in the last 12 months.

Direct a business that sells personal information about you to third parties not to sell your personal information.

Not be discriminated against for making these requests, such as by being denied goods or services, receiving worst rates or prices, receiving worse quality of goods or services, and we will not engage in any such discrimination.

You may make any of the requests by submitting a request in one of the following ways:

E-mail us at privacy@surance.io;
Call us at 1-877-2-324-324;
Submit your request through our California Privacy Rights Request Form available here.

You will need to provide sufficient information for us to locate Personal Data which relates to you and to verify your identity. This includes: your phone number, e-mail address and your postal code. We may request additional information to verify your identity.

If you do not provide all the requested information or information sufficient for us to verify your identity, we will not be able to fulfill your request.

You may also make such requests through an agent you authorize for such purpose, but such agent must include a written document of your authorization. We may contact you directly to verify this authorization.

2. Disclosure of Sharing for Others’ Direct Marketing Purposes (“Shine the Light”)

In addition to the above, if we have an established relationship with you now or in the past 18 months, and you have shared with us certain personal information which at the time it was disclosed could be used to identify, describe or be associated with you, then once per year you may request a list of certain categories of personal information disclosed by us to third parties for their direct marketing during the preceding calendar year, the names of such third parties, and if the nature of the parties’ businesses is not reasonably clear from their names, examples of the products or services marketed by such third parties.

The types of categories which must be disclosed according to such a request are listed in California Civil Code Section 1798.83 and include name, address, age, email address, race, religion, certain physical or health information, certain financial information, and other information listed in the statute.

You may request this information by e-mailing us at: privacy@surance.io.

This right only applies if our relationship is primarily for your personal, family or household purposes and related to the purchase of our products and services.

3. Limitations on Rights

With respect to all requests made as described above, we will fulfill and disclose information to the extent required by applicable law. In addition to the limitations on your right to request the deletion of data as described above, other exceptions and limitations in California and federal law may apply.

Furthermore, if you do not provide us with the information requested or sufficient information to fulfil your request, your request may not be fulfilled.

C. California Do Not Track Notice

We do not track individuals’ online activities over time and across third-party websites or online services (though we do receive information about the webpage you visited prior to accessing our websites, online services products and advertisement landing pages). We do not permit third-parties to track individuals’ online activities on our website and online services, unless it is part of a service provided to us. For example, we use data analytics providers to provide analytics services and collect data about the use and access of our website. We do not respond to Web browser “do not track” signals or similar mechanisms.