LEGAL

Privacy Policy

Last updated 11/6/2023

In this Privacy Policy, Simply Business, LLC (“Simply Business”, “we”, “our” or “us”) (“Privacy Policy”) sets forth its policies regarding the collection, use, sale, and disclosure of the information that we collect about You from (i) Your interactions with us, including through our websites (including, www.simplybusiness.com, www.harborwayinsurance.com, and the website from which this Privacy Policy was accessed) and Simply Business social media (collectively, our “Sites”), offline through any means (e.g., if You contact customer service), and through Your use of our services available through our Sites and offline (collectively our “Services”); and/or (ii) our partners. This Privacy Policy is incorporated into, and is part of, the Simply Business Terms and Conditions (“Terms”), which governs Your use of the Sites and Services. Capitalized terms not defined herein shall have their meaning set forth in the Terms.

We recommend You consult this Privacy Policy often (at least prior to or during each access or use of the Sites or use of the Services). If You have any questions about this Privacy Policy, please contact: [email protected].

If You are a California resident, please see the section titled “Special Notice for California Residents” within this Privacy Policy, which provides additional information about Your privacy rights.

1. Scope

This Privacy Policy applies solely to Simply Business and its affiliates. This Privacy Policy does not apply to: (i) nonaffiliated websites that may be accessible through the Sites; and (ii) Third-Party Insurance Providers, suppliers and partners with which we may disclose Your information to as part of providing and/or improving the Services or to which You agree. Simply Business is not responsible for the privacy practices of Third-Party Insurance Providers.

2. From and About Whom Do We Collect Data?

We collect Data from and about the following:

• You and/or individuals You authorize to submit Data to us on Your behalf;
• Your business;
• Previous, current, and prospective insurance policyholders;
• Visitors’ interactions with our Sites;
• Business contacts at our Panel Members (the insurers, as defined in our Terms), partners and suppliers;
• People or businesses referred to Us; and
• Prospective employees seeking employment opportunities with Simply Business (“Applicants”).

3. How and What Data Do We Collect About You?

We collect Data about You directly from (i) You and/or individuals You authorize to submit Data to us on Your behalf; (ii) from other sources; and (iii) automatically as You use our Sites and Services.

Information that We Collect Directly from You:

We collect information, including personal information, from You when You take the following actions listed below. The type of personal information that we collect from You varies based on Your interaction with our Sites and Services:

• When You apply for or seek information about obtaining a policy (e.g. when You submit a request for a quotation);
• When You purchase a policy from us;
• When You renew a policy;
• If You respond to a customer survey, study, questionnaire, or marketing campaign;
• If You enter a promotion or contest;
• If You submit an application for employment with us; and/or
• If You contact us for any reason and through any channel of communication (e.g. telephone, email, text, web chat, etc.).

The type of information that we collect from You includes:

• Identifying information about You: Your name, alias, mailing address; home and/or office address; email address; telephone number; IP address; device ID; or other similar identifiers; social security number or employer identification number (if You are obtaining a quote for Workers’ Compensation insurance);
• Risk Information: information necessary to provide a quote for insurance, including information about Your business and current insurance coverage (if any);
• Payment Information: if You purchase a policy from us, we will collect Your credit card information to process Your premium and any other required payments; if we need to issue You a refund and are unable to issue that refund back to the original credit card You used, we will collect Your banking information (bank account number, bank name, bank routing number, and account name) to issue the refund via an ACH payment;
• Policy Information: information about the quotes provided to You and the insurance coverages and policies purchased, including policy numbers;
• Usage Information: data collected through Your interactions with our Sites, Services, or other information technology resources, which may include browsing information on our Sites (such as pages visited, links clicked, mouse movements, time spent on a page);
• Commercial Information: information about the products and services You have received quotes for or have purchased from us. If You participate in any of our customer experience studies or surveys, we may also collect information about Your insurance purchasing history more generally;
• Profiles: We will also create records of Data about You in the course of providing the Services to You, either directly, through our Panel Members, or through our service providers. We may also draw inferences from personal information collected about You to create profiles about You based on browsing behavior on and interactions with our Sites, purchasing history, and/or Your participation in our customer experience studies or surveys.
• Sensory Data: we record certain calls for quality assurance and training purposes; if You visit our offices, we have CCTV cameras installed on premises;
• Employment Information: as our Services are provided to businesses, we will obtain information about Your employer. We may also collect professional or employment-related information, such as work history, if You participate in our customer experience studies or surveys.
• Education Information: if You participate in our customer experience studies or surveys we may collect information from You about Your education history;
• Applicant Information: If You apply for a position with us, we collect Your name, alias, email address, postal address, telephone number, work history, and education history.

Information We Collect from Other Sources:

• Your Employer: If Your employer purchases or inquires about a product from us, it may provide us with Your information (such as name, telephone number, email address, business mailing address) for billing, customer service, or other purposes;
• Partners: When You are referred to buy a policy through Simply Business by one of our partner entities, such as lead demand generation companies;
• From Your friends: Your friends may “refer” You to us through our “refer a friend” program;
• Data brokers: We may purchase leads of prospective customers from lead generation providers;
• From advertisers we work with, including providers of digital advertising;
• Internet service providers/data analytics providers: As discussed below, we engage service providers to assist us in evaluating use of our Sites and Services. Please see the discussion below regarding automatically collected data;
• Panel Members: we may receive data from panel members about Your purchase/maintenance of the insurance; in such cases, we receive the data in aggregated form; and
• From recruiters to fill open employment positions with us.

Data Collected Automatically as You Use our Sites and Services:

We collect data from You automatically as You use our Sites and our Services. In particular, we use cookies and other technologies to collect information about You when You visit our Sites and use our Services. Specifically, we may collect the following information via these technologies; we may collect this information ourselves or through service providers, including internet service providers, digital advertisers, and data analytics providers:

• Your browser type and operating system;
• Web pages You view;
• Links You click;
• IP address;
• Site visited before coming to our Sites;
• Whether You submit information in furtherance of obtaining a policy

We use this data predominantly to determine which portions of our Sites are most useful to visitors and to improve our Sites and our Services. We also may share this data to insurers and advertisers for advertising purposes. We typically do not combine the above-listed automatically collected data with other information that we maintain about You. We may share this data with insurers and lead generation partners to help them improve their products and services.

We also track reader response to our emails. In some circumstances, we may associate whether You read a particular email with other information that we have about You. We do this to help determine more relevant communications with You. Please also see Section 6 “Tracking & Technology” below for additional information.

4. How Do We Use the Information that We Collect About You?

We may use Your information for one or more of the following business purposes:

• Transactional Purposes: To fulfill or meet the reason You provided the information to us. For example, if You share Your name and contact information to request an insurance quote or ask a question about an insurance product on one of the Sites, we will use that information to fulfill Your quote or respond to Your inquiry, which may include sharing Your information with our Panel Members or partners. If You provide Your information to purchase a product or service, we will use that information to process Your payment and facilitate delivery;
• Administration, Product, and Site Improvement: To understand how You access and use our Sites and Services to ensure technical functionality of the Sites and Services, develop new products and services (including insurance products and services), improve the Sites, and analyze Your use of the Sites and Services including Your interaction with applications, advertising, products, and services that are made available, linked to, or offered through the Sites;
• Customer service purposes: To create, maintain, customize, and secure Your account with us. To provide You with support and to respond to Your inquiries, including investigating and addressing Your concerns and monitoring and improving our responses;
• Administrative and fraud prevention purposes: To process Your requests, purchases, transactions, and payments and to identify and prevent transactional fraud;
• If You purchase insurance services through the Site, to communicate with You with respect to the provision, renewal, or cancellation of or collection of payment for, such insurance services; and
• Marketing and advertising purposes: To communicate with You, as permitted by applicable law or with Your consent, either directly or through one of our partners, services providers, or Panel Members for:
  • marketing;
  • research;
  • participation in contests, surveys and sweepstakes; or
  • promotional purposes, including to offer products and services of our Panel Members via emails, notifications, or other messages, consistent with any permissions You may have communicated to Us
• To personalize Your experience on our Sites and to deliver content and product and service offerings relevant to Your interests, including targeted offers and ads through our Sites, non-affiliated sites, mobile applications, and via email or text message (with Your consent, where required by law), and to evaluate the success of our advertising campaigns (including our online advertising and offline promotional campaigns);
• To help maintain the safety, security, and integrity of our Sites, products and services, databases and other technology assets, and business;
• Legal purposes: To comply with legal obligations, as part of our general business operations, and for other business administration purposes;
• Employment purposes: to evaluate and contact Applicants during the recruitment process;
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
• As described to You on the Sites or through the Services when collecting Your Data;
• Analytics purposes: we evaluate overall usage of our Sites. For example, we tally the number of visitors to our Sites, number of users submitting quotes, number of persons obtaining a policy, and similar usage data about our Sites. We may combine this data with demographic information that we obtain from other sources. We may share this aggregated information with insurers for our own and their own product improvement;

We may also use de-identified, anonymized or aggregated Data, including customer information, to provide potential insurers with a general profile of people using our Sites, and to analyze the effectiveness of our Services to customers.

5. How Do We Disclose the Data We Collect?

Simply Business provides services exclusively to business customers. Our goal is to help You find the appropriate insurance for Your company’s particular needs, and, to do so, we do need to disclose certain information with our Panel Members and other entities. Simply Business may disclose Your Data, including personal information, to another entity for a business purpose, or sell or share Your Data, including personal information, subject to Your right to opt-out of the sharing or sale of Your personal information if You are a California Resident. We may disclose Your Data to:

• Service providers: we share Your information with entities that assist us in providing our Services, which include entities that host our website, provide marketing services on our behalf, and otherwise assist us in providing our Services to You. This also may include entities that assist us with online analytics.
• Panel Members: we provide a portion of Your information to a select group of insurers to obtain quotes on Your behalf. Once You select a provider, we will share Your information with the provider once we have underwritten Your policy.
• Other insurers: If none of our Panel Members are able to underwrite Your policy, then, with Your consent, we will ask Your permission to share Your information with providers outside of our network. We also share aggregated data with the Third-Party Insurance Providers for the purpose of assisting the providers in building and improving their products and services.
• Lead generation providers: if You come to us as a lead from a lead generation provider (instead as an initial inquiry directly from You) and either we receive and act upon Your lead or You submit to us information, we may send information to the lead generation provider, including (i) whether the lead was successful; (ii) policy information; and (iii) other information as described to You on the Sites or through the Services when collecting Your Data. If we are unable to provide services to You – or we are not the right fit for Your business – we may share Your lead with a different lead generation provider or an insurer outside of our panel that we believe, in our sole discretion, may be able to fulfill Your insurance needs;
• Analytics providers: As described below, we engage analytics providers to assist us in evaluating use of our Sites. These providers may collect data automatically as You use our Sites; and
• Advertising providers: As described in Section 6 titled “Tracking & Technology” below, we may share Your data with advertising providers as part of our online marketing campaigns.

We also may disclose Your data in the following circumstances; typically, in doing so, we are disclosing Your data to law enforcement, legal advisors, other persons to assist us in protecting our rights and interests and the rights and interests of other persons:

• To comply with legal and regulatory obligations: we may share Your information with law enforcement, regulatory bodies, and other persons where we are legally required to do so, e.g., in response to a subpoena;
• To protect our rights and interests and the rights and interests of other persons: we will share Your information with other persons, which may include law enforcement, government entities, and other persons, when we believe it appropriate to protect our rights, property, and interests, and the rights, property, and interests of other persons. We also may share information to protect the health and safety of persons;
• Due to a corporate transaction: we may share Your information in furtherance of a sale of a part or all of our assets, involuntary or voluntary dissolution, or other corporate transaction

6. Tracking & Technology

We, and certain service providers who analyze the activity of visitors to our Sites on our behalf (“Analytics Providers”) and advertising providers, may use ‘IP Addresses’, ‘cookies,’ ‘web beacons’, ‘pixel tags,’ and other tracking technologies (described in more detail below) in the Sites and Services, or in our communications with You (“Tracking Technologies”). These Tracking Technologies allows us and the Analytics Providers and advertising providers to have access to some Data and analysis about You which helps to:

• Enhance the functionality and features of the Sites and Services;
• Verify Your viewing and/or receipt of communications;
• Keep (and sometimes track) information about You;
• Make Your transactions and other activities more convenient and efficient;
• Diagnose problems with our server;
• Administer the Sites and Services; and
• Assist us in determining, facilitating, serving, and measuring our online advertising.

IP Address and Clickstream Data

Our servers may collect Data about the computer or other device You use to access or use the Sites or Services. This Data may include the Internet address of the computer or other device You use when You access or use the Sites or Services. Your computer’s Internet Protocol address, or IP Address, is a number that is automatically assigned to Your computer by Your Internet Service Provider (“ISP”) whenever You connect Your computer to the Internet. When You operate Your device to request and receive web pages or other content from our Sites or Services, our servers may log Your IP Address. We may also log Your domain name, which is a textual identifier for Your computer that also may have been assigned by Your ISP. As stated above, we do not typically associate Your browsing information with Your account. We may, however, use Your IP Address and domain name to help identify You (or the corporate entity) and to gather demographic information about our customers as a whole. We may also record the referring webpage that linked You to us (e.g., of another website or a search engine); the webpages or other content You view on the Sites; the website or webpage You visit after the Sites; the ads You see on the Sites and/or click on; other Data about the type of web browser, computer, platform, related software and settings You are using when accessing and/or using the Sites or the Services; any search terms You have entered on any Site or a referral site; and other web usage activity and data logged by our web servers. We use this Data for internal system administration, to help diagnose problems with our server, and to administer the Sites and the Services. Such information may also be used to gather demographic information, such as country of origin and ISP. We do not typically associate this information with You.

Cookies

A “cookie” is a small data file that a website may send to Your browser and that Your browser may then store on Your computer or other device. Cookies may be used to track where You travel on the Sites and Services and what You look at and transact with. We may use cookies to deliver specific messages to You, for example, to announce a new feature that was added since the last time You visited a Site or used a Service. We may use session cookies, for example, to simulate a continuous connection, as cookies help us “remember” information about Your preferences and allow You to move within the Sites without reintroducing Yourself. A cookie may enable us to relate Your use of the Sites to other information about You, including Your personal information.

Most web browsers automatically accept cookies. You can usually refuse cookies, or selectively accept cookies, by adjusting the preferences in Your web browser. Please know, if You refuse or delete cookies (or configure Your web browser to refuse or delete cookies), there may be some features of the Sites or Services that will not be available to You and some webpages, areas of the Sites, Services, or features may not display or function properly.

For the avoidance of doubt, some service providers (including Analytics Providers) may place cookies on Your computer or mobile device. If You would like to disable these “third party” cookies, You may be able to turn them off by going to the third party’s website.

Web Bugs

We may use web bugs (aka “web beacons” or “pixel tags”) or similar technologies in the Sites, Services, and/or in communications with You to enable us to evaluate the Sites and Services usage information about users, upgrade user information, and know whether You have visited a webpage or received a message. A “web bug” is typically a one-by-one pixel, transparent image (although it can be a visible image as well), located on a webpage or in an e-mail or other type of message, which is retrieved from a remote site on the Internet enabling the verification of an individual’s viewing or receipt of a webpage or e-mail message. A web bug may enable us to relate Your viewing or receipt of a webpage or other message to other information about You, including Your personal information.

“Do Not Track”

Some third parties have ways (e.g. Browser do-not-track signals) for users to control how online services collect their information. We do not take any action based on these signals.

Ad Networks

We use network advertisers to serve advertisements on our Sites, Services, and on non-affiliated websites or other media (e.g., social networking platforms). This enables us and these network advertisers to target advertisements to You for products and services in which You might be interested. Ad network providers, advertisers, sponsors and/or traffic measurement services may use cookies, JavaScript, web bugs, Flash LSOs and other tracking technologies to measure the effectiveness of their ads and to personalize advertising content to You. These cookies and other technologies are governed by each entity’s specific privacy policy, not this one. We may provide these advertisers with information, including personal information, about You.

We may disclose certain information (such as Your email address) to Facebook Custom Audiences, Google Custom Audiences or similar advertising platforms so that we can better target ads and content to You and others with similar interests on third parties’ websites or media (“Custom Audiences”). We may also work with other ad networks and marketing platforms that enable us and other participants to target ads to Custom Audiences submitted by us and others. You may also control how these third parties display certain ads to You, as explained further in their respective privacy policies or by using the opt-outs described below.

Users may opt out of many ad networks. For example, you may go to the Digital Advertising Alliance (“DAA”) Consumer Choice Page for information about opting out of interest-based advertising and their choices regarding having information used by DAA companies. You may also go to the Network Advertising Initiative (“NAI”) Consumer Opt-Out Page for information about opting out of interest-based advertising and their choices regarding having information used by NAI members.

Opting out from one or more companies listed on the DAA Consumer Choice Page or the NAI Consumer Opt-Out Page will opt You out from those companies’ delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through our Site, Services, or on other websites. You may continue to receive advertisements, for example, based on the particular website that You are viewing (i.e., contextually based ads). Also, if Your browsers are configured to reject cookies when You opt out on the DAA or NAI websites, Your opt out may not be effective. Additional information is available on the DAA’s website at www.aboutads.info or the NAI’s website at www.networkadvertising.org.

If You are a California resident, please see our “Notice of Your Right to Opt-Out of Sale or Sharing of Your Personal Information and How to Exercise that Right” contained in Section 13 of this Privacy Policy to understand how You can exercise Your right to opt out of our sale or sharing of Your personal information. We note that opting out of the ad networks via the NAI and DAA links provided in the two paragraphs above may not fully opt You out of our sharing and/or sale of Your personal information.

7. Third Party Content and Sites

When You are on the Site You may be directed to other sites that are operated and controlled by parties that we do not control. We are not responsible for the data collection and privacy practices employed by any of these parties or their sites. We encourage You to note when You leave our Sites and to review the privacy policies of the different websites You visit.

8. Changing Communication Preferences

At the point of submitting Your personal details, we collect Your email address to enable Simply Business and insurance organizations to contact You. Additionally, this allows Simply Business’s customer service team to get in touch if any more information is needed. You may opt-out of future marketing communications by contacting us at [email protected] or using the opt-out details set out in one of our marketing emails.

9. Children and COPPA

The Sites and Services are not geared towards children, and use of all of the Sites and all of the Services is limited to legally-competent adults aged 18 and older. Simply Business does not knowingly solicit, collect or maintain any information from children under the age of 13. If You believe that Your child under 13 has gained access to the Sites or Services without Your authorization and without our permission, please contact us at [email protected].

10. Security

We use commercially reasonable safeguards to help protect and secure Your personal information. However, no data transmission over the Internet, mobile networks, wireless transmission or electronic storage of information can guarantee to be 100% secure. Please note that we cannot ensure the security of any information You transmit to us, and You use our Sites and provide us with Your information at Your own risk.

11. Changes to this Privacy Policy

We may revise this Privacy Policy from time to time and will post any changes on our Sites and Services. We encourage You to check this page periodically for any changes. Your continued use of the Sites or Services following the posting of non-significant changes to this Privacy Policy constitutes Your acceptance of those changes.

12. Contact Simply Business

If You have any questions about the Privacy Policy or practices described in it, You should contact us at [email protected] or at our mailing address: Simply Business, LLC, 53 State Street, 19th Floor, Boston, MA 02109.

13. Special Notice for California Residents

A. Scope & Applicability

This Section 13, titled “Special Notice for California Residents” (“CA Notice”) supplements the information contained in this Privacy Policy with respect to California residents only and provides California residents notice of the categories of personal information that Simply Business collects about California residents at or before collection, the purposes for which those categories are collected and used, and how long Simply Business may retain such information. This CA Notice explains (i) how Simply Business collects, uses, shares, sells, and retains personal information of California residents pursuant to the California Consumer Privacy Act of 2018 (the “CCPA”), as amended by the California Privacy Rights Act of 2020; and (ii) the rights that may be applicable to such residents and how to exercise those rights. The personal information that we collect, use, disclose, sell and share about a California resident will depend on our relationship or interaction with that specific resident. Any terms that are defined in the CCPA shall have the same meaning when used in this CA Notice.

B. Personal Information Collected

Under the CCPA, “personal information” is information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with particular California residents or households. Personal information does not include deidentified or aggregated information, publicly available information or lawfully obtained, truthful information that is a matter of public concern, or any other information that is excepted from the definition of “personal information” under the CCPA, or any information that is otherwise not regulated by the CCPA. We collect personal information relating to California residents in a variety of situations, including, for example, from those who request or obtain our products or services, visit our Sites, apply for employment with us, work for our vendors, partners, contractors or similar personnel, and who visit our locations. We note that we do not knowingly collect personal information of minors (please see Section 9 above of this Privacy Policy for more information). In particular, we have collected the following categories of personal information from California residents within the last twelve (12) months and we may collect the following categories of personal information from California residents:

• Identifiers: such as real name, alias, postal address, unique personal identifiers (including cookies, mobile ad identifiers, pixel tags and/or beacons), online identifiers, IP address, email address, telephone number, and insurance policy number.
• Personal information described in California Civil Code § 1798.80(e) (California disposal of records law): such as name, social security number, address, telephone number, insurance policy number, employment history, bank account number, credit card number or any other financial information to purchase our products or receive a refund.
• Characteristics of protected classifications under California or federal law: such as gender, race, ethnicity, sexual orientation, marital status, medical conditions, disability, age, citizenship, and military status of our employees; such as race, sex, gender, sexual orientation, marital status, age, ethnicity and disability of participants in our customer experience studies or surveys.
• Consumer information: such as transaction information, purchase history, and products considered.
• Internet or network activity information: such as browsing history, search history, information regarding a consumer’s interaction with our Sites and digital advertisements.
• Geolocation data: such as IP address (city, state, region).
• Audio, electronic, visual, thermal, olfactory, or similar information: such as information regarding use of our Sites, call recordings of individuals who contact our customer service center, video recordings via CCTV of visitors to our offices.
• Professional or employment-related information: such as work history.
• Education information: such education history.
• Inferences drawn from other personal information: such as inferences drawn from any of the personal information listed above to create a profile about an individual’s preferences, characteristics and purchasing tendencies, behaviors, and attitudes.
• Sensitive personal information: social security number; driver’s license; state identification card or passport number.

The section of this Privacy Policy titled “How and What Data Do We Collect About You” above provides additional detail about the personal information we may collect.

C. Categories of Sources We Collect Personal Information From; Purposes for Collection of Personal Information

Simply Business collects personal information for the business or commercial purposes described in the “How Do We Use the Information that We Collect About You?” section of this Privacy Policy above. Simply Business obtains personal information from the categories of sources described in the How and What Data Do We Collect About You?” section of this Privacy Policy.

D. Selling or Sharing of Personal Information

1. We may sell or share, as those terms are defined in the CCPA, the categories of personal information listed in Section B of this CA Notice titled “Personal Information Collected” with certain third parties for business purposes. Specifically:a. In the preceding twelve (12) months, Simply Business has shared the following categories of personal information of California residents with marketing and advertising providers for purposes of cross-context behavioral advertising:
   • IdentifiersCommercial informationInternet or other electronic network activityGeolocation dataElectronic information
   b. In the preceding twelve (12) months, Simply Business has sold the following categories of personal information of California residents to analytics and advertising providers for purposes assisting us in evaluating use of our Sites and/or evaluating effectiveness of our digital advertising and marketing strategies:
   • Identifiers
   • Commercial information
   • Internet or other electronic network activity
   • Geolocation data
   • Electronic information
2. Simply Business does not have actual knowledge that it sells or shares the personal information of consumers under the age of 16.

E. Disclosures of Personal Information for a Business or Commercial Purpose

Simply Business may disclose the categories of personal information listed in Part B of this CA Notice titled “Personal Information Collected” to certain third parties for our business purposes. Specifically, in the preceding twelve (12) months, Simply Business has disclosed the following categories of personal information of California residents to our service providers, affiliates, parent company, insurance carriers, legal and financial advisors, regulators and partners for our operational business purposes described in Section 4 of the Privacy Policy titled “How Do We Use the Information that We Collect About You?”:

• Identifiers
• Personal information described in California Civil Code § 1798.80(e) (California disposal of records law)
• Characteristics of protected classifications under California or federal law
• Consumer information
• Internet or network activity information
• Geolocation data
• Audio, electronic, visual, thermal, olfactory, or similar information
• Professional or employment-related information
• Education information
• Inferences drawn from other personal information
• Sensitive personal information

F. Sensitive Personal Information

We may use or disclose Your sensitive personal information, provided that we only use or disclose Your sensitive personal information for the purposes specified in Section 7027(m) of the CCPA regulations, and we only collect or process sensitive personal information without the purpose of inferring characteristics about You.

G. California Residents’ Rights and Choices

The CCPA provides California residents with specific rights regarding their personal information. The following describes Your CCPA rights (to the extent applicable to You) and explains how to exercise those rights:

1. Right to Know and Access to Specific Information:

You may have the right to request that Simply Business disclose certain information to You about our collection and use of Your personal information over the past twelve (12) months or such other period required by the CCPA. Once we receive and confirm Your verifiable consumer request from You (in the manner described below), to the extent required by the CCPA, we will disclose to You:

a. The categories of personal information we collected about You.

b. The categories of sources for the personal information we collected about You.

c. Our business or commercial purpose for collecting, sharing or selling that personal information.

d. The categories of third parties to whom we disclose that personal information.

e. The specific pieces of personal information we collected about You.

f. If we shared, sold and/or disclosed for a business or commercial purpose Your personal information, the personal information categories that each category of third party purchased or received.

2. Deletion Request Rights:

As a California resident, You have the right to request that Simply Business delete any of Your personal information that we collected from You and retained, subject to certain exceptions. Once we receive and confirm a verifiable consumer request from You (or Your authorized agent) in the manner described below, we will delete (and notify our service providers and/or contractors to delete and notify all third parties to whom we have sold or shared the personal information to delete, unless this proves impossible or involves disproportionate effort to notify such third parties to whom we have sold or shared Your personal information to or with) Your personal information from our records, unless an exception applies or retention of Your personal information is otherwise permitted by the CCPA. We may deny Your deletion request if retaining the information is reasonably necessary for us or our service provider(s) and/or contractor(s) to:

a. Complete the transaction for which we collected the personal information, provide a product or service that You requested, take actions reasonably anticipated by You within the context of our ongoing business relationship with You, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with You.

b. Help to ensure security and integrity to the extent the use of Your personal information is reasonably necessary and proportionate for those purposes.

c. Debug to identify and repair errors that impair existing intended functionality.

d. Exercise free speech, ensure the right of another consumer to exercise that consumer’s free speech rights, or exercise another right provided for by law.

e. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).

f. Engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the ability to complete the research, if You have provided informed consent.

g. Enable solely internal uses that are reasonably aligned with consumer expectations based on Your relationship with us and compatible with the context in which You provided the information.

h. Comply with a legal obligation.

3. Correction Request Rights:

You have the right to request that we correct inaccurate personal information about You that we maintain, taking into account the nature of the personal information and the purposes of the processing of the personal information. If we receive a verifiable consumer request from You to correct inaccurate personal information, we will use commercially reasonable efforts to correct such inaccurate personal information as directed by You, pursuant to Section 1798.130 of the CCPA and regulations adopted pursuant to the CCPA.

4. Exercising Your Rights to Know, Delete, and/or Correct:

a. To exercise Your right to know, delete, and/or correct described above, please submit a verifiable consumer request to us by either: (1) submitting the request via our website by clicking this link or (2) calling us at (855) 769-6958. Only You, or someone legally authorized to act on Your behalf, may make a verifiable consumer request related to Your personal information. You may make a verifiable consumer request for access or data portability no more than twice within a twelve (12) month period.

The verifiable consumer request must:

(i) provide sufficient information that allows us to reasonably verify You are the person about whom we collected personal information or an authorized agent; and (ii) describe Your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to Your request or provide You with personal information if we cannot verify Your identity or authority to make the request and confirm the personal information relates to You. Making a verifiable consumer request does not require You to create an account with us. We will only use personal information provided for the purposes of verification of a consumer request to verify the requestor’s identity or authority to make the request. We will need certain information from You to verify Your request and locate Your information, including Your first and last name, address, email address.

For instructions on exercising sale or sharing opt-out rights, click here.

b. We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform You of the reason and extension period in writing. If You have an account with us, we may deliver our written response to that account. If You do not have an account with us, we will deliver our written response by mail or electronically, at Your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide Your personal information that is readily usable and should allow You to transmit the information from one entity to another entity without hindrance. If Your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request and notify You of the reason for refusing the request.

5. Notice of Your Right to Opt-Out of Sale or Sharing of Your Personal Information and How to Exercise that Right:

a. If You are 16 years of age or older, You have the right to direct us to not sell or share Your personal information at any time (the “right to opt-out”). We do not sell or share the personal information of California residents we actually know are less than 16 years of age. California residents who opt-in to personal information sales or sharing may opt-out of future sales or sharing at any time.

b. You (or Your authorized agent) can opt-out of our sharing and sale of Your personal information by clicking this link: Do Not Sell or Share My Personal Information.

c. Once You make an opt-out request, we will wait at least twelve (12) months before asking You to reauthorize personal information sales or sharing.

d. You do not need to create an account with us to exercise Your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.

H. Requests from Authorized Agents

We will accept verifiable consumer requests to delete, correct, know, and opt-out of sale and/or sharing of personal information from a natural person or business entity that You have authorized to act on Your behalf (an “authorized agent”), provided that such requests meet the requirements set forth in this section. The authorized agent must provide a signed authorization from the consumer that the authorized agent may submit the request on the consumer’s behalf. We reserve the right to require the consumer to either (1) verify their own identity directly with Simply Business; or (2) directly confirm that the consumer provided the authorized agent permission to submit the request.

I. Non-Discrimination

We will not discriminate against You for exercising any of Your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny You goods or services.
• Charge You different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide You a different level or quality of goods or services.
• Suggest that You may receive a different price or rate for goods or services or a different level or quality of goods or services; or
• Retaliate against an employee, applicant for employment, or independent contractor, as defined in subparagraph (A) of paragraph (2) of subdivision (m) of Section 1798.145 of the CCPA for exercising their rights under the CCPA.

J. Personal Information Retention

We will only retain Your personal information (including sensitive personal information) for as long as necessary to fulfill the purposes for which we collected it or as otherwise permitted by applicable law. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of that personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process Your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

K. Contact

If You have any questions or concerns relating to this Privacy Policy or our personal information practices, please contact us in accordance with Section 12 of the Privacy Policy titled “Contact Simply Business.”