Privacy Policy

EFFECTIVE DATE: May 22, 2018

LAST UPDATE: June 06, 2024

BOXX Insurance Inc. (“BOXX Insurance,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal data. We wrote this Privacy Policy (“Policy”) to help you understand what information how we collect, use disclose the personal information we gather in connection with our global business operations.  some of the concepts below are a bit technical, we tried our best to explain things in a straightforward and transparent way.

This Policy is designed to comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

Please read this Policy carefully to understand our practices regarding your personal information and the choices available to you. By accessing or using our website, services, or products, you consent to the collection, use, disclosure, and processing of your personal data as described in this Policy.

SCOPE OF OUR PRIVACY POLICY


Information we collect

Personal Information

We may collect personal information directly from you or from third parties, such as when you apply for or purchase our insurance and/or services, interact with us through our website, contact us via telephone, email, social media, chatbots or engage in other business activities. The personal information we collect may include, but is not limited to:

  • Contact information (e.g., name, email address, phone number)
  • Identification information (e.g., date of birth, government-issued ID)
  • Financial information (e.g., credit card details, payment history)
  • Employment information (e.g., job title, company name)
  • Geolocation data
  • Any other personal information you provide to us

Technical Data

When you access our website or use our services, we may automatically collect certain technical information about your device and usage. This may include:

  • IP address
  • Browser type and version
  • Operating system
  • Device information (e.g., device ID, advertising ID)
  • Log files
  • Cookies and similar technologies (as explained in the Cookies and Similar Technologies section, below)


Use of Personal Information

We may use your personal information or retain recordings of conversations and interactions you have with us via our services for the following purposes:

  • Provide and administer our insurance services
  • Assess, underwrite, and manage insurance policies
  • Provide an administer our cyber services
  • Communicate with you and respond to your inquiries
  • Process your transactions and fulfill your requests
  • Customize and personalize your experience
  • Conduct data analysis and research to improve our services
  • Comply with legal obligations and enforce our rights


Disclosure of personal information

We may disclose your personal information to third parties in the following circumstances:

  • Insurance brokers, agents, or intermediaries who assist in the provision of our services
  • Reinsurers or other insurance partners involved in underwriting and managing policies
  • Service providers and business partners who support our operations
  • Regulatory authorities, law enforcement agencies, or government bodies as required by law or to protect our rights
  • In the event of a merger, acquisition, or any form of sale or transfer of some or all of our assets, your personal information may be included as part of the transferred assets

We will ensure that any third parties with whom we share your personal information will comply with this Policy and applicable data protection laws.


Cookies and Similar Technologies

We use cookies and similar technologies to collect and store certain information about your interaction with our website. Cookies are small data files that are placed on your device when you visit a website. By using our website, you consent to the use of cookies and similar technologies as described in our Cookie Policy.


Data Relating to Children

We do not knowingly collect personal information from children under the age of 16. If you believe that we may have inadvertently collected personal information from a child, please contact us using the contact information provided in the Contact Us section below and we will take appropriate steps to delete such information from our records.


Your rights

You have certain rights regarding your personal information, including:

  1. Right to Information: You have the right to be informed about the collection and use of your personal data. This includes information about the categories of personal information collected, the purposes for which it is used, and the categories of third parties with whom it is shared.
  2. Right of Access and Request: You have the right to access the personal data we hold about you. This includes the right to obtain confirmation of whether or not we process your personal data and, if so, to obtain a copy of that data. You also have the right to request information regarding the categories of personal information we have collected, the sources from which we obtained it, the purposes for which we have used it, and the categories of third parties with whom we have shared it.
  3. Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to request its rectification or completion.
  4. Right to Erasure: In certain circumstances, you have the right to request the erasure of your personal data. This includes situations where the data is no longer necessary for the purposes for which it was collected, or if you withdraw your consent and there is no other legal basis for processing.
  5. Right to Restrict Processing: Under certain conditions, you have the right to request the restriction of the processing of your personal data. This means that we can only store the data but not use it further.
  6. Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit that data to another controller without hindrance.
  7. Right to Object: You have the right to object to the processing of your personal data on grounds relating to your particular situation. We shall no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms.
  8. Right to Withdraw Consent: If we rely on your consent as the legal basis for processing your personal data, you have the right to withdraw that consent at any time.
  9. Right to Opt-Out: You have the right to opt-out of the sale of your personal information to third parties. We do not sell your personal information unless explicitly disclosed in our privacy policy.
  10. Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights. This means we will not deny you goods or services, charge you different prices or rates, provide a different level or quality of goods or services, or suggest any changes that may negatively impact you for exercising your rights.
  11. Right to Lodge a Complaint: If you believe that we have infringed upon your rights, you have the right to lodge a complaint with a supervisory authority.

To exercise your rights, please contact us using the contact information provided in the Contact Us section below. We will respond to your request within a reasonable timeframe and in accordance with applicable laws.


Data Security

We have instituted physical, technical and procedural safeguards to store and maintain information we collect in a secure environment. For example, when any confidential information is transmitted over public infrastructure it is encrypted. You may also be required to use a password to access certain pages on our online environments where certain types of your information can be changed or deleted. It is therefore important for you to protect against unauthorized access to your password and to your device.

You take full responsibility for maintaining the complexity and confidentiality of your password. While we have implemented safeguards, you should be aware that Internet security technology rapidly changes. We cannot guarantee that the safeguards we employ today can protect your information from the threats of tomorrow.

You should also be aware that despite our efforts, factors beyond our control may result in disclosure of information. Accordingly, we are not in a position to guarantee that your information will be secure under all circumstances.


Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes outlined in this privacy policy unless a longer retention period is required or permitted by law. Once the retention period expires, we will securely delete or anonymize your personal data in a manner that ensures its protection and prevents unauthorized access.


International Transfers

Your personal information may be transferred to and stored in countries outside of your jurisdiction, including countries that may not provide the same level of data protection as your home country. We will ensure that any international transfers comply with applicable data protection laws and that appropriate safeguards are in place to protect your personal information.


Contact Us

If you have any questions, concerns, or requests regarding this Policy or our privacy practices, please contact us at the following, based on the country you are based within:

Canada and rest of the world (excluding USA/EU/EEA) USA EU/EEA
Email: Privacy@boxxinsurance.com Email: Privacy@boxxinsurance.com Email: datarequest@datarep.com and quoting <BOXX Insurance, Inc.> in the subject line
Postal address:
BOXX Insurance,
1 Toronto Street, Suite 804,
Toronto, ON M5C 2V6,
Canada		 Postal Address:
BOXX Insurance
801 Brickell Ave, Suite 800
Miami, FL 33131
USA		 Postal Address:
DataRep, Calle de Manzanares 4,
Madrid, 28005,
SpainPLEASE NOTE: when mailing inquiries, it is ESSENTIAL that you mark your letters for ‘DataRep’ and not ‘BOXX Insurance, Inc.’, and within your correspondence refer to BOXX Insurance, Inc.
Online: www.datarep.com/data-request


Changes to this Policy

We may update this Policy from time to time. We will notify you of any material changes by posting the updated Policy on our website or by other means. We encourage you to review this Policy periodically to stay informed about how we collect, use, disclose, and protect your personal information.

When This Privacy Policy Does Not Apply

This privacy policy does not apply to:

  • Websites, mobile apps or other products and services that have their own privacy statement or policy;
  • Websites, mobile apps or other products and services that do not display or link to this privacy policy;
  • Information submitted to us on applications and forms available for download on our online environments; and
  • Information collected offline.

If you have any questions as to whether this privacy policy applies to you, please do not hesitate to contact us using the information provided in the Contact Us section above.

 

 

PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

This Privacy Notice for California Residents supplements the information contained in the Company’s general Privacy Notice and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Notice.

Categories of Personal Information Collected & Disclosed

The following identifies the categories of Personal Information we may collect about you (and may have collected in the prior 12 months). Note that our collection, use and disclosure of Personal Information about you will vary depending upon the circumstances and nature of our interactions or relationship with you. Depending on how you use our Services, we may collect the following categories of Personal Information:

  • Identifiers, such as real name, alias, job title, address, email address, date of birth, policy number, salary information, social security number, driver’s license number, other government identifiers, credit card number, and tax ID.
  • Online Identifiers, such as unique personal identifiers, device IDs, ad IDs, IP addresses, and cookie data.
  • Customer or Claimant Records, such as paper or electronic customer or claimant records containing Personal Information, as well as information provided by an insurance broker/agent or reinsurer for underwriting purposes and information included in a list of claims, such as name, signature, physical characteristics or description, address, telephone number, education, current employment, employment history, social security number, passport number, driver’s license or state identification card number, insurance policy number, bank account number, payment card number, gender, height, weight, medical information (including reports and medical bills), health insurance information, details about home address, security and travel plan arrangements, records of personal property, products or services purchased or obtained.
  • Financial Information, such as your bank account or credit card number and other payment details.
  • Characteristics of Protected Classifications under California Law, such as age (40 years or older), race, national ancestry, national origin, citizenship, religion or creed, marital status, pregnancy, medical condition, physical or mental disability, sex, sexual orientation, and veteran or military status.
  • Usage Data, such as Internet or other electronic network activity information regarding a California resident’s interaction with portals, Internet websites, applications, or advertisements, including, but not limited to, browsing history, clickstream data, search history and content of public posts.
  • Biometric Information, such as individual biological or behavioral characteristics including measurements of physical characteristics such as height, weight and blood pressure, sleep, health, or exercise data that contain identifying information.
  • Education Information, such as education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes and student disciplinary records.
  • Geolocation Data, such as physical location or movements.
  • Audio, Video and Other Electronic Data, such as audio information including call recordings, video and photographs, recorded meetings and webinars, and CCTV footage to secure our offices and premises.
  • Professional or Employment-Related Information, such as employment history, qualifications, licensing, and disciplinary record.
  • Inferences and Preferences, such as inferences drawn from any of the information described in this section about a consumer including inferences reflecting the consumer’s preferences, characteristics, behavior and abilities.
  • Sensitive Personal Information, such as social security number, driver’s license number, racial or ethnic origin, religious or philosophical beliefs, medical condition, and physical or mental disability.

Sources of Personal Information

We generally collect Personal Information from the following categories of sources:

  • Directly from you and automatically;
  • Our affiliates and subsidiaries;
  • Brokers and agents;
  • Corporate policyholders; and
  • Our vendors and service providers (e.g., third party administrators).

Purposes for Collecting and Disclosing Personal Information

In general, we collect and otherwise process the personal information we collect for the following business or commercial purposes:

  • Operate our business;
  • Provide you products and services;
  • Communicate with you;
  • Evaluate and improve our products and services;
  • Analytics models to support our business;
  • Marketing and advertising;
  • Inferences;
  • Find locations on request;
  • Fraud and security purposes;
  • Legal requirements;
  • Business transfers; and
  • Other operational and business purposes.

Sensitive Personal Information

Notwithstanding the purposes described above, we do not collect, use, or disclose “sensitive personal information” beyond the purposes authorized by the CCPA. Accordingly, we only use and disclose sensitive personal information as reasonably necessary and proportionate: (i) to perform our services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our services; (v) for compliance with our legal obligations; (vi) to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.

Retention of Personal Information

We retain the Personal Information we collect only as reasonably necessary for the purposes described in this Privacy Policy or otherwise disclosed to you at the time of collection. For example, we will retain certain identifiers for as long as it is necessary to comply with our tax, accounting and recordkeeping obligations, to administer certain policies and coverage, and for research, development and safety purposes, as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, and to comply with our legal obligations. From time to time, we may also deidentify your Personal Information, retain it and use it for a business purpose in compliance with CCPA.

Disclosure of Personal Information to Third Parties and Other Recipients

The categories of Personal Information we have disclosed for a business purpose in the preceding twelve (12) months include: identifiers, online identifiers, customer records, financial information, characteristics of protected classifications, usage data, biometric information, education information, geolocation data, audio, video, and other electronic data, professional or employment-related information, inferences, and sensitive personal information.

The categories of third parties and other recipients to whom we may disclose personal information for a business purpose may include:

  • Affiliates, subsidiaries, and business partners;
  • Vendors and service providers;
  • Acquirers of business assets;
  • Advisors, auditors, consultants, and representatives;
  • Agents and brokers;
  • Reinsurers;
  • Regulators, government entities, and law enforcement;
  • Operating systems and platforms; and
  • Others as required by law.

Additionally, the CCPA defines “sale” as disclosing or making available personal information to a third-party in exchange for monetary or other valuable consideration, and “sharing” includes disclosing or making available personal information to a third-party for purposes of cross-contextual behavioral advertising. While we do not “sell” Personal Information, we may “share” the following categories of Personal Information: online identifiers, and usage data. We disclose this information to third-party advertising networks, analytics providers, and social networks for purposes of marketing and advertising. We do not sell or share “sensitive personal information,” nor do we sell or share any Personal Information about individuals who we know are under sixteen (16) years old.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
    • sales, identifying the personal information categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained. If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  8. Comply with a legal obligation.
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.


Exercising Access, Data Portability, and Deletion Rights

Email us at privacy@boxxinsurance.com

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
    – Proof of identity.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an account with us.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

For instructions on exercising sale opt-out rights, see Personal Information Sales Opt-Out and Opt-In Rights.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Personal Information Sales Opt-Out and Opt-In Rights

We do not sell personal information.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

Changes to Our Privacy Notice

We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

Contact Information

If you have any questions or comments about this notice, the ways in which BOXX Insurance collects and uses your information described here, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Email: privacy@boxxinsurance.com

Postal Address:
BOXX Insurance
801 Brickell Ave, Suite 800
Miami, FL 33131