LEGAL

Privacy Policy

Last updated 6/4/2020

In this Privacy Policy, Simply Business, Inc. (“Simply Business”, “we”, “our” or “us”) (“Privacy Policy”) sets forth its policies regarding the collection, use, sale, and disclosure of the information that we collect about you through our websites (including, www.simplybusiness.com, www.harborwayinsurance.com, and the web-site from which this Privacy Policy was accessed) and Simply Business social media (collectively, our “Sites”), offline through any means (e.g., if you contact customer service), and through your use of our services available through our Sites and offline (collectively our “Services”). This Privacy Policy is incorporated into, and is part of, the Simply Business Terms and Conditions (“Terms”), which governs your use of the Sites and Services. Capitalized terms not defined herein shall have their meaning set forth in the Terms.

We recommend you consult this Privacy Policy often (at least prior to or during each access or use of the Sites or use of the Services). If you have any questions about this privacy policy, please contact: [email protected]

If you are a California resident, please see “Special Notice for California Residents,” within this Privacy Policy, which provides additional information about your privacy rights.

1. Scope

This Privacy Policy applies solely to Simply Business. This Privacy Policy does not apply to: (i) nonaffiliated websites that may be accessible through the Sites; (ii) the privacy practices of Third-Party Insurance Providers and other partners with which we may share your information as part of providing the Services or to which you agree. Simply Business is not responsible for the privacy practices of its Third-Party Insurance Providers.

2. From and about whom do we collect Data?

We collect Data from and about the following:

• You;
• Your business;
• Previous, current, and prospective insurance policyholders;
• Visitors to our Sites;
• Business contacts at our Panel Members or other suppliers;
• People or businesses referred to us; and
• Prospective employees seeking employment opportunities with Simply Business (“Applicants”). If you are an Applicant, please see our special notice for Applicants, available proximate to our online applications.

3. How and What Data Do We Collect About You?

We collect data about you directly from you, from other persons, and automatically as you use our Sites and Services.

Information that We Collect Directly From You: We collect information, including personal information, from you when you take the following actions. The type of personal information that we collect from you varies based on your interaction with our Sites and Services.

• When you apply for or seek information about obtaining a policy (e.g. when you submit a request for a quotation).
• When you renew a policy (or a policy under which you, or the business you represent, are insured is taken out or renewed).
• On a claim under a policy.
• If you respond to a customer survey, questionnaire, or marketing campaign.
• If you enter a promotion or contest.
• If you contact us for any reason and through any channel of communication (e.g. telephone, email, text, web chat, etc.).

The type of information that we collect from you includes:

• Identifying information about you: your name, alias, contact information (mailing address); email address; IP address; device ID; or similar identifiers.
• Payment Information: if you purchase a policy from us, we will collect information to process your premium and any other required payments.
• Usage Information: data collected through your interactions with our Sites, Services, or other information technology resources.
• Profiles: We will also create records of Data about you in the course of providing the Services to you, either directly, through our Panel Members, or through our service providers.
• Sensory Data: we record certain calls for quality assurance and training purposes; if you visit our offices, we have CCTV cameras installed on premises.
• Employment Information: as our Services are provided to businesses, we will obtain information about your employer.

Information We Collect from Other Sources:

• Your Employer: If your employer purchases or inquires about a product from us, it may provide us with your information for billing, customer service, or other purposes.
• Partners: When You are referred to buy a policy through Simply Business by one of our partner entities, such as lead demand generation companies.
• From your friends: your friends may “refer” you to us through our “refer a friend” program.
• List Purchase: We may purchase leads of prospective customers from third parties.
• From advertisers we work with.

Data Collected Automatically as You Use our Site and Services: We collect data from you automatically as you use our Sites and our Services. In particular, we use cookies and other technologies to collect information about you when you visit our Site and use our services. Specifically, we may collect the following information via these technologies:

• Your browser type and operating system
• Web pages you view
• Links you click
• IP address
• Site visited before coming to our Sites
• Whether you submit information in furtherance of obtaining a policy

We use this data predominantly to determine which portions of our Sites are most useful to visitors and to improve our Sites and our Services. We also may share this data in the aggregate to insurers and advertisers for advertising purposes. Where permitted by applicable law, we may combine this data with data submitted along with your inquiry data; we may share this data with insurers to help them improve their products and services. Please also see “Tracking Tools” below for additional information.

4. How Do We Use The Information That We Collect About You?

We may use your information for one or more of the following business purposes:

• To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request an insurance quote or ask a question about an insurance product on one of the Sites, we will use that information to fulfill Your quote or respond to your inquiry, which may include sharing Your information with our Panel Members. If You provide your commercial information to purchase a product or service, we will use that information to process your payment and facilitate delivery.
• To understand how you access and use our Sites and Services to ensure technical functionality of the Sites and Services, develop new products and services (including insurance products and services), improve the Sites, and analyze Your use of the Sites and Services including Your interaction with applications, advertising, products, and services that are made available, linked to, or offered through the Sites.
• To create, maintain, customize, and secure your account with us.
• To process your requests, purchases, transactions, and payments and to identify and prevent transactional fraud.
• To provide you with support and to respond to Your inquiries, including investigating and addressing your concerns and monitoring and improving our responses.
• If you purchase insurance services through the Site, to communicate with you with respect to the provision, renewal, or cancellation of or collection of payment for, such insurance services.
• To communicate with you, as permitted by applicable law or with your consent, either directly or through one of our partners, services providers, or Panel Members for:
  • marketing
  • research
  • participation in contests, surveys and sweepstakes
  • promotional purposes, including to offer products and services of our Panel Members via emails, notifications, or other messages, consistent with any permissions You may have communicated to Us.
• To personalize your experience on our Sites and to deliver content and product and service offerings relevant to Your interests, including targeted offers and ads through our Sites, third-party sites, mobile applications, and via email or text message (with your consent, where required by law), and to evaluate the success of our advertising campaigns (including our online advertising and offline promotional campaigns.
• To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
• To comply with legal obligations, as part of our general business operations, and for other business administration purposes.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• As described to you on the Sites or through the Services when collecting Your Data.
• For analytics purposes: we evaluate overall usage of our Sites. For example, we tally the number of visitors to our Sites, number of users submitting quotes, number of persons obtaining a person, and similar usage data about our Sites. We may combine this data with demographic information that we obtain from other sources. We may share this aggregated information with insurers for our own and their own product improvement.

We may also use de-identified, anonymized or aggregated Data, including customer information, to provide potential insurers with a general profile of people using our Sites, and to analyze the effectiveness of our Services to customers.

5. How do we share the Data we collect?

Simply Business may disclose Your Data, including personal information, to another entity for a business purpose, or sell Your Data, including personal information, subject to Your right to opt-out of the sale of Your personal information if You are a California Resident (see Your California Privacy Rights).

• Service providers: we share your information with entities that assist us in providing our services, which include entities that host our website, provide marketing services on our behalf, and otherwise assist us in providing our services to you. This also may include entities that assist us in online analytics.
• Insurance providers: we provide a portion of your information to a select group of insurers to obtain quotes on your behalf. Once you select a provider, we will share your information with the provider once we have underwritten your policy. If none of our select group of insurers are able to underwrite your policy, then, with your consent, we will ask your permission to share your information with providers outside of our network. We also share aggregated data with the insurance providers for the purpose of assisting the providers in building and improving their products and services.
• To comply with Legal and Regulatory Obligations: we may share your information with law enforcement, regulatory bodies, and other persons where we are legally required to do so, e.g., in response to a subpoena.
• To protect our rights and interests and the rights and interests of other persons: we will share your information with other persons, which may include law enforcement, government entities, and other persons, when we believe it appropriate to protect our rights, property, and interests, and the rights, property, and interests of other persons. We also may share information to protect the health and safety of persons.
• Due to a Corporate Transaction: we may share your information in furtherance of a sale of a part or all of our assets, involuntary or voluntary dissolution, or other corporate transaction.

6. Tracking Technology

We, and certain service providers who analyze the activity of visitors to our Sites on our behalf (“Analytics Vendors”) and advertising providers, may use ‘IP Addresses’, ‘cookies,’ ‘web beacons’, ‘pixel tags,’ and other tracking technologies (described in more detail below) in the Sites and Services, or in our communications with You (“Tracking Technologies”). These Tracking Technologies allows us and the Analytics Vendors and advertising providers to have access to some Data and analysis about You which helps to:

• Enhance the functionality and features of the Sites and Services;
• Verify Your viewing and/or receipt of communications;
• Keep (and sometimes track) information about You;
• Make Your transactions and other activities more convenient and efficient;
• Diagnose problems with our server;
• Administer the Sites and Services; and
• Assist us in determining, facilitating, serving, and measuring our online advertising.

IP Address and Clickstream Data

Our servers may collect Data about the computer or other device you use to access or use the Sites or Services. This Data may include the Internet address of the computer or other device you use when you access or use the Sites or Services. Your computer’s Internet Protocol address, or IP Address, is a number that is automatically assigned to your computer by your Internet Service Provider (“ISP”) whenever you connect your computer to the Internet. When you operate your device to request and receive webpages or other content from our Sites or Services, our servers may log your IP Address. We may also log your domain name, which is a textual identifier for your computer that also may have been assigned by your ISP. We use your IP Address and domain name to help identify you and to gather demographic information about our customers as a whole. We may also record the referring webpage that linked you to us (e.g., of another website or a search engine); the webpages or other content you view on the Sites; the website or webpage you visit after the Sites; the ads you see on the Sites and/or click on; other Data about the type of web browser, computer, platform, related software and settings you are using when accessing and/or using the Sites or the Services; any search terms you have entered on any Site or a referral site; and other web usage activity and data logged by our web servers. We use this Data for internal system administration, to help diagnose problems with our server, and to administer the Sites and the Services. Such information may also be used to gather demographic information, such as country of origin and ISP. We do not typically associate this information with you.

Cookies

A “cookie” is a small data file that a website may send to your browser and that your browser may then store on your computer or other device. Cookies may be used to track where You travel on the Sites and Services and what You look at and transact with. We may use cookies to deliver specific messages to you, for example, to announce a new feature that was added since the last time you visited a Site or used a Service. We may use session cookies, for example, to simulate a continuous connection, as cookies help us “remember” information about your preferences and allow You to move within the Sites without reintroducing yourself. A cookie may enable us to relate Your use of the Sites to other information about you, including your personal information.

Most web browsers automatically accept cookies. You can usually refuse cookies, or selectively accept cookies, by adjusting the preferences in Your web browser. Please know, if you refuse or delete cookies (or configure Your web browser to refuse or delete cookies), there may be some features of the Sites or Services that will not be available to You and some webpages, areas of the Sites, Services, or features may not display or function properly.

For the avoidance of doubt, some service providers (including Analytics Vendors) may place cookies on your computer or mobile device. If you would like to disable these "third party" cookies, you may be able to turn them off by going to the third party's website.

Web Bugs

We may use web bugs (aka “web beacons” or “pixel tags”) or similar technologies in the Sites, Services, and/or in communications with You to enable us to evaluate the Sites and Services usage information about users, upgrade user information, and know whether You have visited a webpage or received a message. A “web bug” is typically a one-by-one pixel, transparent image (although it can be a visible image as well), located on a webpage or in an e-mail or other type of message, which is retrieved from a remote site on the Internet enabling the verification of an individual’s viewing or receipt of a webpage or e-mail message. A web bug may enable us to relate your viewing or receipt of a webpage or other message to other information about You, including your personal information.

“Do Not Track”

Some third parties have ways (e.g. Browser do-not-track signals) for users to control how online services collect their information. We do not take any action based on these signals.

Ad Networks

Ad Networks

We use network advertisers to serve advertisements on our Sites, Services, and on non-affiliated websites or other media (e.g., social networking platforms). This enables us and these network advertisers to target advertisements to you for products and services in which you might be interested. Ad network providers, advertisers, sponsors and/or traffic measurement services may use cookies, JavaScript, web bugs, Flash LSOs and other tracking technologies to measure the effectiveness of their ads and to personalize advertising content to you. These cookies and other technologies are governed by each entity's specific privacy policy, not this one. We may provide these advertisers with information, including personal information, about you.

We may disclose certain information (such as your email address) to Facebook Custom Audiences (for more information on Facebook Custom Audience go here or to opt-out, go to the Facebook ad preferences page)—so that we can better target ads and content to you and others with similar interests on third parties’ websites or media (“Custom Audiences”). We may also work with other ad networks and marketing platforms that enable us and other participants to target ads to Custom Audiences submitted by us and others. You may also control how Facebook and other third parties display certain ads to you, as explained further in their respective privacy policies or by using the opt-outs described below.

Users may opt out of many ad networks. For example, you may go to the Digital Advertising Alliance ("DAA") Consumer Choice Page for information about opting out of interest-based advertising and their choices regarding having information used by DAA companies. You may also go to the Network Advertising Initiative ("NAI") Consumer Opt-Out Page for information about opting out of interest-based advertising and their choices regarding having information used by NAI members.

Opting out from one or more companies listed on the DAA Consumer Choice Page or the NAI Consumer Opt-Out Page will opt you out from those companies' delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through our Site, Services, or on other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., contextually based ads). Also, if your browsers are configured to reject cookies when you opt out on the DAA or NAI websites, your opt out may not be effective. Additional information is available on the DAA's website at www.aboutads.info or the NAI's website at www.networkadvertising.org.

7. Third party content and sites

The Sites and Services may contain content that is supplied by a third party, and those third parties may collect information when pages from the Sites and Services are served to you. They may collect information about your online activities across third party websites. In addition, when you are on the Site you may be directed to other sites that are operated and controlled by parties that we do not control. We are not responsible for the data collection and privacy practices employed by any of these parties or their sites. We encourage you to note when you leave our Sites and to review the privacy policies of the different websites you visit.

8. Changing information and communication preferences

You are responsible for maintaining the accuracy of the information you submit to us. The Sites may allow you to review, correct or update Data you have provided through the Site’s forms or otherwise, and you also may provide changes by contacting us. If so, we will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable (but we may retain prior information as business records). Please note that it is not always possible to completely remove or delete your Data from our databases and that we may maintain recorded Data on backup media or for other reasons. When you edit your Data or change your preferences on the Sites, information that you remove may persist internally for Simply Business’s administrative purposes.

At the point of submitting your personal details, we collect Your email address to enable insurance organizations to contact you. Additionally, this allows Simply Business’s customer service team to get in touch if any more information is needed. You may opt-out of future marketing communications by contacting us at [email protected] or using the opt-out details set out in one of our marketing emails.

9. Children and COPPA

The Sites and Services are not geared towards children, and use of all of the Sites and all of the Services is limited to legally-competent adults aged 18 and older. Simply Business does not knowingly solicit, collect or maintain any information from children under the age of 13. If you believe that your child under 13 has gained access to the Sites or Services without your authorization and without our permission, please contact us at [email protected]

10. Security

We use commercially reasonable safeguards to help protect and secure your personal information. However, no data transmission over the Internet, mobile networks, wireless transmission or electronic storage of information can guarantee to be 100% secure. Please note that we cannot ensure the security of any information you transmit to us, and you use our Sites and provide us with your information at your own risk.

11. Changes to this Privacy Policy

We may revise this Privacy Policy from time to time and will post any changes on our Sites and Services. We encourage You to check this page periodically for any changes. Your continued use of the Sites or Services following the posting of non-significant changes to this Privacy Policy constitutes Your acceptance of those changes.

12. Contacting Simply Business

If You have any questions about the Privacy Policy or practices described in it, You should contact us at [email protected] or at our mailing address:

Simply Business, Inc. 1 Beacon Street 15th Floor Boston, MA 02108

13. Additional Information for California Residents

Simply Business provides insurance to business customers. We primarily use the information that we collect from and about you for the purpose of providing our insurance services to you; therefore, with the exception of the do not sell and nondiscrimination rights, to the extent that we use your information the course of providing services to you, the rights below do not apply. Nonetheless, we set forth the rights that may apply if we use business contact information outside of the relationship (e.g., if we obtain a list of prospective customers and before we have a relationship with you). If you are a California resident, the California Consumer Protection Act (CCPA) may provide you with additional rights, under certain circumstances, regarding our use of your personal information. This section describes these rights and how to exercise them.

Right to Obtain a Copy of Your Personal Information

California residents have the right to request that Simply Business disclose the specific pieces of information that we collected about you during the past twelve months. You also have the right to information about the following information from the past twelve months.

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• If we sold or disclosed your personal information for a business purpose.

Deletion Request Rights

California residents have the right to request that Simply Business delete any of your personal information that we collected from You and retained, subject to certain exceptions. Once we receive and confirm Your verifiable consumer request, we will delete or deidentify or aggregate (and direct our service providers to do the same) Your personal information from our records, unless an exception applies.

Exercising Your Rights

To exercise the access, data portability, and deletion rights described above, California residents may submit a verifiable consumer request to us by:

• Calling us at (855) 769-6958.
• Emailing us at [email protected]

Only you or an authorized agent may make a verifiable consumer request related to your personal information. If you are an agent, you must submit a notarized statement from the resident authorizing you to act as that resident’s agent. We may contact the resident to verify the agency relationship.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative of such a person.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information that we collected if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell You why we made that decision and provide you with a cost estimate before completing your request.

Personal Information Sales Opt-Out and Opt-In Rights

You have the right to opt out of the sale of your personal information. As described above, we only share your information upon your request or in connection with targeted advertising, which may be deemed a sale given the breadth of the definition of “sale” under the CCPA.

To exercise the right to opt-out, you (or Your authorized representative) may submit a request to us by:

• Calling us at (855) 769-6958.
• Emailing us at [email protected]

We allow entities to place cookies on our Sites and Apps to collect information about your interaction with such Sites. This collection of information may be a “sale” under the broad definition of “sale” as defined under the CCPA; to opt out of this sharing please visit: www.optout.aboutads.info and www.optout.networkadvertising.org.

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change Your mind and opt back in to personal information sales at any time by:

• Calling us at (855) 769-6958.
• Emailing us at [email protected]

Non-Discrimination

We will not discriminate against You for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny You goods or services.
• Charge You different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide You a different level or quality of goods or services.
• Suggest that You may receive a different price or rate for goods or services or a different level or quality of goods or services.

Following please find a description of the information that we collect about you (which is the same as what is set forth in the primary section of the privacy policy) and whether we disclose or sell that data. When we disclose that data for a business purpose, we typically are disclosing to: Service providers; panel members; and regulatory authorities, auditors, and legal advisors.