Last updated 6/30/2023
We collect Data from and about the following:
We collect Data about You directly from (i) You and/or individuals You authorize to submit Data to us on Your behalf; (ii) from other sources; and (iii) automatically as You use our Sites and Services.
Information that We Collect Directly from You:
We collect information, including personal information, from You when You take the following actions listed below. The type of personal information that we collect from You varies based on Your interaction with our Sites and Services:
The type of information that we collect from You includes:
Information We Collect from Other Sources:
Data Collected Automatically as You Use our Sites and Services:
We use this data predominantly to determine which portions of our Sites are most useful to visitors and to improve our Sites and our Services. We also may share this data to insurers and advertisers for advertising purposes. We typically do not combine the above-listed automatically collected data with other information that we maintain about You. We may share this data with insurers and lead generation partners to help them improve their products and services.
We also track reader response to our emails. In some circumstances, we may associate whether You read a particular email with other information that we have about You. We do this to help determine more relevant communications with You. Please also see Section 6 “Tracking & Technology” below for additional information.
We may use Your information for one or more of the following business purposes:
We may also use de-identiﬁed, anonymized or aggregated Data, including customer information, to provide potential insurers with a general proﬁle of people using our Sites, and to analyze the eﬀectiveness of our Services to customers.
Simply Business provides services exclusively to business customers. Our goal is to help You ﬁnd the appropriate insurance for Your company’s particular needs, and, to do so, we do need to disclose certain information with our Panel Members and other entities. Simply Business may disclose Your Data, including personal information, to another entity for a business purpose, or sell or share Your Data, including personal information, subject to Your right to opt-out of the sharing or sale of Your personal information if You are a California Resident. We may disclose Your Data to:
We also may disclose Your data in the following circumstances; typically, in doing so, we are disclosing Your data to law enforcement, legal advisors, other persons to assist us in protecting our rights and interests and the rights and interests of other persons:
We, and certain service providers who analyze the activity of visitors to our Sites on our behalf (“Analytics Providers”) and advertising providers, may use ‘IP Addresses’, ‘cookies,’ ‘web beacons’, ‘pixel tags,’ and other tracking technologies (described in more detail below) in the Sites and Services, or in our communications with You (“Tracking Technologies”). These Tracking Technologies allows us and the Analytics Providers and advertising providers to have access to some Data and analysis about You which helps to:
IP Address and Clickstream Data
Our servers may collect Data about the computer or other device You use to access or use the Sites or Services. This Data may include the Internet address of the computer or other device You use when You access or use the Sites or Services. Your computer’s Internet Protocol address, or IP Address, is a number that is automatically assigned to Your computer by Your Internet Service Provider (“ISP”) whenever You connect Your computer to the Internet. When You operate Your device to request and receive web pages or other content from our Sites or Services, our servers may log Your IP Address. We may also log Your domain name, which is a textual identiﬁer for Your computer that also may have been assigned by Your ISP. As stated above, we do not typically associate Your browsing information with Your account. We may, however, use Your IP Address and domain name to help identify You (or the corporate entity) and to gather demographic information about our customers as a whole. We may also record the referring webpage that linked You to us (e.g., of another website or a search engine); the webpages or other content You view on the Sites; the website or webpage You visit after the Sites; the ads You see on the Sites and/or click on; other Data about the type of web browser, computer, platform, related software and settings You are using when accessing and/or using the Sites or the Services; any search terms You have entered on any Site or a referral site; and other web usage activity and data logged by our web servers. We use this Data for internal system administration, to help diagnose problems with our server, and to administer the Sites and the Services. Such information may also be used to gather demographic information, such as country of origin and ISP. We do not typically associate this information with You.
For the avoidance of doubt, some service providers (including Analytics Providers) may place cookies on Your computer or mobile device. If You would like to disable these "third party" cookies, You may be able to turn them oﬀ by going to the third party's website.
We may use web bugs (aka “web beacons” or “pixel tags”) or similar technologies in the Sites, Services, and/or in communications with You to enable us to evaluate the Sites and Services usage information about users, upgrade user information, and know whether You have visited a webpage or received a message. A “web bug” is typically a one-by-one pixel, transparent image (although it can be a visible image as well), located on a webpage or in an e-mail or other type of message, which is retrieved from a remote site on the Internet enabling the veriﬁcation of an individual’s viewing or receipt of a webpage or e-mail message. A web bug may enable us to relate Your viewing or receipt of a webpage or other message to other information about You, including Your personal information.
“Do Not Track”
Some third parties have ways (e.g. Browser do-not-track signals) for users to control how online services collect their information. We do not take any action based on these signals.
We may disclose certain information (such as Your email address) to Facebook Custom Audiences, Google Custom Audiences or similar advertising platforms so that we can better target ads and content to You and others with similar interests on third parties’ websites or media (“Custom Audiences”). We may also work with other ad networks and marketing platforms that enable us and other participants to target ads to Custom Audiences submitted by us and others. You may also control how these third parties display certain ads to You, as explained further in their respective privacy policies or by using the opt-outs described below.
Users may opt out of many ad networks. For example, you may go to the Digital Advertising Alliance ("DAA") Consumer Choice Page for information about opting out of interest-based advertising and their choices regarding having information used by DAA companies. You may also go to the Network Advertising Initiative ("NAI") Consumer Opt-Out Page for information about opting out of interest-based advertising and their choices regarding having information used by NAI members.
Opting out from one or more companies listed on the DAA Consumer Choice Page or the NAI Consumer Opt-Out Page will opt You out from those companies' delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through our Site, Services, or on other websites. You may continue to receive advertisements, for example, based on the particular website that You are viewing (i.e., contextually based ads). Also, if Your browsers are configured to reject cookies when You opt out on the DAA or NAI websites, Your opt out may not be effective. Additional information is available on the DAA's website at www.aboutads.info or the NAI's website at www.networkadvertising.org.
When You are on the Site You may be directed to other sites that are operated and controlled by parties that we do not control. We are not responsible for the data collection and privacy practices employed by any of these parties or their sites. We encourage You to note when You leave our Sites and to review the privacy policies of the diﬀerent websites You visit.
At the point of submitting Your personal details, we collect Your email address to enable Simply Business and insurance organizations to contact You. Additionally, this allows Simply Business’s customer service team to get in touch if any more information is needed. You may opt-out of future marketing communications by contacting us at [email protected] or using the opt-out details set out in one of our marketing emails.
The Sites and Services are not geared towards children, and use of all of the Sites and all of the Services is limited to legally-competent adults aged 18 and older. Simply Business does not knowingly solicit, collect or maintain any information from children under the age of 13. If You believe that Your child under 13 has gained access to the Sites or Services without Your authorization and without our permission, please contact us at [email protected].
We use commercially reasonable safeguards to help protect and secure Your personal information. However, no data transmission over the Internet, mobile networks, wireless transmission or electronic storage of information can guarantee to be 100% secure. Please note that we cannot ensure the security of any information You transmit to us, and You use our Sites and provide us with Your information at Your own risk.
We may sell or share, as those terms are defined in the CCPA, the categories of personal information listed in Section B of this CA Notice titled “Personal Information Collected” with certain third parties for business purposes. Specifically:
a. In the preceding twelve (12) months, Simply Business has shared the following categories of personal information of California residents with marketing and advertising providers for purposes of cross-context behavioral advertising:
b. In the preceding twelve (12) months, Simply Business has sold the following categories of personal information of California residents to analytics and advertising providers for purposes assisting us in evaluating use of our Sites and/or evaluating effectiveness of our digital advertising and marketing strategies:
Simply Business does not have actual knowledge that it sells or shares the personal information of consumers under the age of 16.
We may use or disclose Your sensitive personal information, provided that we only use or disclose Your sensitive personal information for the purposes specified in Section 7027(m) of the CCPA regulations, and we only collect or process sensitive personal information without the purpose of inferring characteristics about You.
The CCPA provides California residents with specific rights regarding their personal information. The following describes Your CCPA rights (to the extent applicable to You) and explains how to exercise those rights:
You may have the right to request that Simply Business disclose certain information to You about our collection and use of Your personal information over the past twelve (12) months or such other period required by the CCPA. Once we receive and confirm Your verifiable consumer request from You (in the manner described below), to the extent required by the CCPA, we will disclose to You:
a. The categories of personal information we collected about You.
b. The categories of sources for the personal information we collected about You.
c. Our business or commercial purpose for collecting, sharing or selling that personal information.
d. The categories of third parties to whom we disclose that personal information.
e. The specific pieces of personal information we collected about You.
f. If we shared, sold and/or disclosed for a business or commercial purpose Your personal information, the personal information categories that each category of third party purchased or received.
As a California resident, You have the right to request that Simply Business delete any of Your personal information that we collected from You and retained, subject to certain exceptions. Once we receive and confirm a verifiable consumer request from You (or Your authorized agent) in the manner described below, we will delete (and notify our service providers and/or contractors to delete and notify all third parties to whom we have sold or shared the personal information to delete, unless this proves impossible or involves disproportionate effort to notify such third parties to whom we have sold or shared Your personal information to or with) Your personal information from our records, unless an exception applies or retention of Your personal information is otherwise permitted by the CCPA. We may deny Your deletion request if retaining the information is reasonably necessary for us or our service provider(s) and/or contractor(s) to:
a. Complete the transaction for which we collected the personal information, provide a product or service that You requested, take actions reasonably anticipated by You within the context of our ongoing business relationship with You, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with You.
b. Help to ensure security and integrity to the extent the use of Your personal information is reasonably necessary and proportionate for those purposes.
c. Debug to identify and repair errors that impair existing intended functionality.
d. Exercise free speech, ensure the right of another consumer to exercise that consumer’s free speech rights, or exercise another right provided for by law.
e. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
f. Engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the ability to complete the research, if You have provided informed consent.
g. Enable solely internal uses that are reasonably aligned with consumer expectations based on Your relationship with us and compatible with the context in which You provided the information.
h. Comply with a legal obligation.
You have the right to request that we correct inaccurate personal information about You that we maintain, taking into account the nature of the personal information and the purposes of the processing of the personal information. If we receive a verifiable consumer request from You to correct inaccurate personal information, we will use commercially reasonable efforts to correct such inaccurate personal information as directed by You, pursuant to Section 1798.130 of the CCPA and regulations adopted pursuant to the CCPA.
a. To exercise Your right to know, delete, and/or correct described above, please submit a verifiable consumer request to us by either: (1) calling us at (855) 769-6958; (2) emailing us at [email protected]; or (3) submitting the request via our website by clicking this link. Only You, or someone legally authorized to act on Your behalf, may make a verifiable consumer request related to Your personal information. You may make a verifiable consumer request for access or data portability no more than twice within a twelve (12) month period.
The verifiable consumer request must:
(i) provide sufficient information that allows us to reasonably verify You are the person about whom we collected personal information or an authorized agent; and (ii) describe Your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to Your request or provide You with personal information if we cannot verify Your identity or authority to make the request and confirm the personal information relates to You. Making a verifiable consumer request does not require You to create an account with us. We will only use personal information provided for the purposes of verification of a consumer request to verify the requestor's identity or authority to make the request. We will need certain information from You to verify Your request and locate Your information, including Your first and last name, address, email address.
For instructions on exercising sale or sharing opt-out rights, click here.
b. We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform You of the reason and extension period in writing. If You have an account with us, we may deliver our written response to that account. If You do not have an account with us, we will deliver our written response by mail or electronically, at Your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide Your personal information that is readily usable and should allow You to transmit the information from one entity to another entity without hindrance. If Your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request and notify You of the reason for refusing the request.
a. If You are 16 years of age or older, You have the right to direct us to not sell or share Your personal information at any time (the “right to opt-out”). We do not sell or share the personal information of California residents we actually know are less than 16 years of age. California residents who opt-in to personal information sales or sharing may opt-out of future sales or sharing at any time.
b. You (or Your authorized agent) can opt-out of our sharing and sale of Your personal information by clicking this link: Do Not Sell or Share My Personal Information.
c. Once You make an opt-out request, we will wait at least twelve (12) months before asking You to reauthorize personal information sales or sharing.
d. You do not need to create an account with us to exercise Your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.
We will accept verifiable consumer requests to delete, correct, know, and opt-out of sale and/or sharing of personal information from a natural person or business entity that You have authorized to act on Your behalf (an “authorized agent”), provided that such requests meet the requirements set forth in this section. The authorized agent must provide a signed authorization from the consumer that the authorized agent may submit the request on the consumer’s behalf. We reserve the right to require the consumer to either (1) verify their own identity directly with Simply Business; or (2) directly confirm that the consumer provided the authorized agent permission to submit the request.
We will not discriminate against You for exercising any of Your CCPA rights. Unless permitted by the CCPA, we will not:
We will only retain Your personal information (including sensitive personal information) for as long as necessary to fulfill the purposes for which we collected it or as otherwise permitted by applicable law. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of that personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process Your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
*Harborway Insurance policies are underwritten by Spinnaker Insurance Company and reinsured by Munich Re, an A+ (Superior) rated insurance carrier by AM Best. Harborway Insurance is a brand name of Harborway Insurance Agency, LLC, a licensed insurance producer in all 50 states and the District of Columbia. California license #6004217.