Privacy Policy
EFFECTIVE DATE: May 22, 2018
LAST UPDATE: June 06, 2024
BOXX Insurance Inc. (“BOXX Insurance,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal data. We wrote this Privacy Policy (“Policy”) to help you understand what information how we collect, use disclose the personal information we gather in connection with our global business operations. some of the concepts below are a bit technical, we tried our best to explain things in a straightforward and transparent way.
This Policy is designed to comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.
Please read this Policy carefully to understand our practices regarding your personal information and the choices available to you. By accessing or using our website, services, or products, you consent to the collection, use, disclosure, and processing of your personal data as described in this Policy.
Changes to this Policy
We may update this Policy from time to time. We will notify you of any material changes by posting the updated Policy on our website or by other means. We encourage you to review this Policy periodically to stay informed about how we collect, use, disclose, and protect your personal information.
When This Privacy Policy Does Not Apply
This privacy policy does not apply to:
- Websites, mobile apps or other products and services that have their own privacy statement or policy;
- Websites, mobile apps or other products and services that do not display or link to this privacy policy;
- Information submitted to us on applications and forms available for download on our online environments; and
- Information collected offline.
If you have any questions as to whether this privacy policy applies to you, please do not hesitate to contact us using the information provided in the Contact Us section above.
PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
This Privacy Notice for California Residents supplements the information contained in the Company’s general Privacy Notice and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Notice.
Categories of Personal Information Collected & Disclosed
The following identifies the categories of Personal Information we may collect about you (and may have collected in the prior 12 months). Note that our collection, use and disclosure of Personal Information about you will vary depending upon the circumstances and nature of our interactions or relationship with you. Depending on how you use our Services, we may collect the following categories of Personal Information:
- Identifiers, such as real name, alias, job title, address, email address, date of birth, policy number, salary information, social security number, driver’s license number, other government identifiers, credit card number, and tax ID.
- Online Identifiers, such as unique personal identifiers, device IDs, ad IDs, IP addresses, and cookie data.
- Customer or Claimant Records, such as paper or electronic customer or claimant records containing Personal Information, as well as information provided by an insurance broker/agent or reinsurer for underwriting purposes and information included in a list of claims, such as name, signature, physical characteristics or description, address, telephone number, education, current employment, employment history, social security number, passport number, driver’s license or state identification card number, insurance policy number, bank account number, payment card number, gender, height, weight, medical information (including reports and medical bills), health insurance information, details about home address, security and travel plan arrangements, records of personal property, products or services purchased or obtained.
- Financial Information, such as your bank account or credit card number and other payment details.
- Characteristics of Protected Classifications under California Law, such as age (40 years or older), race, national ancestry, national origin, citizenship, religion or creed, marital status, pregnancy, medical condition, physical or mental disability, sex, sexual orientation, and veteran or military status.
- Usage Data, such as Internet or other electronic network activity information regarding a California resident’s interaction with portals, Internet websites, applications, or advertisements, including, but not limited to, browsing history, clickstream data, search history and content of public posts.
- Biometric Information, such as individual biological or behavioral characteristics including measurements of physical characteristics such as height, weight and blood pressure, sleep, health, or exercise data that contain identifying information.
- Education Information, such as education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes and student disciplinary records.
- Geolocation Data, such as physical location or movements.
- Audio, Video and Other Electronic Data, such as audio information including call recordings, video and photographs, recorded meetings and webinars, and CCTV footage to secure our offices and premises.
- Professional or Employment-Related Information, such as employment history, qualifications, licensing, and disciplinary record.
- Inferences and Preferences, such as inferences drawn from any of the information described in this section about a consumer including inferences reflecting the consumer’s preferences, characteristics, behavior and abilities.
- Sensitive Personal Information, such as social security number, driver’s license number, racial or ethnic origin, religious or philosophical beliefs, medical condition, and physical or mental disability.
Sources of Personal Information
We generally collect Personal Information from the following categories of sources:
- Directly from you and automatically;
- Our affiliates and subsidiaries;
- Brokers and agents;
- Corporate policyholders; and
- Our vendors and service providers (e.g., third party administrators).
Purposes for Collecting and Disclosing Personal Information
In general, we collect and otherwise process the personal information we collect for the following business or commercial purposes:
- Operate our business;
- Provide you products and services;
- Communicate with you;
- Evaluate and improve our products and services;
- Analytics models to support our business;
- Marketing and advertising;
- Inferences;
- Find locations on request;
- Fraud and security purposes;
- Legal requirements;
- Business transfers; and
- Other operational and business purposes.
Sensitive Personal Information
Notwithstanding the purposes described above, we do not collect, use, or disclose “sensitive personal information” beyond the purposes authorized by the CCPA. Accordingly, we only use and disclose sensitive personal information as reasonably necessary and proportionate: (i) to perform our services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our services; (v) for compliance with our legal obligations; (vi) to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.
Retention of Personal Information
We retain the Personal Information we collect only as reasonably necessary for the purposes described in this Privacy Policy or otherwise disclosed to you at the time of collection. For example, we will retain certain identifiers for as long as it is necessary to comply with our tax, accounting and recordkeeping obligations, to administer certain policies and coverage, and for research, development and safety purposes, as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, and to comply with our legal obligations. From time to time, we may also deidentify your Personal Information, retain it and use it for a business purpose in compliance with CCPA.
Disclosure of Personal Information to Third Parties and Other Recipients
The categories of Personal Information we have disclosed for a business purpose in the preceding twelve (12) months include: identifiers, online identifiers, customer records, financial information, characteristics of protected classifications, usage data, biometric information, education information, geolocation data, audio, video, and other electronic data, professional or employment-related information, inferences, and sensitive personal information.
The categories of third parties and other recipients to whom we may disclose personal information for a business purpose may include:
- Affiliates, subsidiaries, and business partners;
- Vendors and service providers;
- Acquirers of business assets;
- Advisors, auditors, consultants, and representatives;
- Agents and brokers;
- Reinsurers;
- Regulators, government entities, and law enforcement;
- Operating systems and platforms; and
- Others as required by law.
Additionally, the CCPA defines “sale” as disclosing or making available personal information to a third-party in exchange for monetary or other valuable consideration, and “sharing” includes disclosing or making available personal information to a third-party for purposes of cross-contextual behavioral advertising. While we do not “sell” Personal Information, we may “share” the following categories of Personal Information: online identifiers, and usage data. We disclose this information to third-party advertising networks, analytics providers, and social networks for purposes of marketing and advertising. We do not sell or share “sensitive personal information,” nor do we sell or share any Personal Information about individuals who we know are under sixteen (16) years old.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained. If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
Email us at privacy@boxxinsurance.com
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
– Proof of identity. - Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
For instructions on exercising sale opt-out rights, see Personal Information Sales Opt-Out and Opt-In Rights.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales Opt-Out and Opt-In Rights
We do not sell personal information.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
Changes to Our Privacy Notice
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.
Contact Information
If you have any questions or comments about this notice, the ways in which BOXX Insurance collects and uses your information described here, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Email: privacy@boxxinsurance.com
Postal Address:
BOXX Insurance
801 Brickell Ave, Suite 800
Miami, FL 33131