Pilotbird is now SOC 2 Type 2 compliant

Privacy Policy - Overview

Pilotbird takes data privacy seriously and we are committed to protecting and respecting your privacy. This privacy notice describes how and why we, as data controller, obtain, store and process personal data. For the purpose of this Privacy Notice, we’ll just call them our “Services”. Personal data is information relating to you that enables us to identify you, for example, your name, email address, payment details and information about your access to this website.

We will process your personal data fairly, lawfully and transparently. This privacy notice describes the personal data we are collecting about you and how it is used. We will only collect and use your personal data for the following purposes, to:

· provide our services

· improve our services

· make our marketing more relevant to you and your interests

· meet our legal responsibilities

We may update this notice from time to time and we will notify you of any changes.

Please do not hesitate to contact us if you have questions in addition to the information provided in this notice – privacy@pilotbird.com

Who Are We?

When we refer to ‘we’ (or ‘our’ or ‘us’), that means Kiwi Insurance Services, Inc., trading as Pilotbird. Our headquarters are in New York, United States of America.

For more information about who we are and what we do, visit the Pilotbird website.

Your Rights & Our Commitment to You

You have several rights under the data privacy legislation and Pilotbird is committed to you being able to freely exercise your Rights. Where possible, we have incorporated automated tools on our website that enable you to facilitate your Rights in real-time. Use the Pilotbird Privacy Center to access and manage the personal data we hold on you and manage your preferences.

Your Rights include, under certain circumstances, the right to:

Be informed:you have the right to be informed if and how your personal data is being processed.

Access, rectification or erasure: you have the right of access to personal data we hold about you in our records. You are also entitled to have your personal data corrected if it is inaccurate, or to have it erased if we do not have a legitimate reason for retaining your data.

To request data portability: for personal data which you have provided to a controller, where processing was based on your consent, or where processing is done by automated means, you have the right to obtain a digital copy of your personal data, request the transfer of your personal data to another company or request to move your data from one IT system to another in a safe and secure way.

To request restriction of processing: you have the right to restrict the processing of your personal data where you are contesting the accuracy of that information, you have objected to processing (as described below), or where the processing is unlawful. Where processing is restricted, we may need to retain sufficient information about you to ensure that the restriction is respected in future.

To object to automated decision-making including profiling: you have the right not to be the subject of any automated decision-making or profiling by us.

To withdraw consent: in cases where we are relying on your consent for the processing of your personal data, you have the right to withdraw your consent at any time. In respect of the e-marketing we conduct, an unsubscribe (withdraw consent) option is included with every e-marketing communication we send.

To object to processing: where your personal data is being processed based on the legitimate interests of a data controller or third party, you have the right to object to that processing.

To complain to the relevant supervisory authority: should you have any concerns or complaints regarding the way in which we process your data, please email us directly at privacy@pilotbird.com. Cookies Preferences: You can manage cookies as you wish – please visit the Privacy Center and click Manage Cookies. You can also do so by adjusting your web browser controls. Please consult our Cookie Policy or more information about our use of cookies on the Website and how to accept and reject them.

The Personal Data We Collect

Personal data means any information about an individual from which that person can be identified. It does not include anonymised data, where the identity and identifying information has been removed.

Depending on the type and level of engagement you have with us, we may collect the following categories of personal data:

From the Services: We receive and store information you provide directly to us. For example, when setting up new users, we collect Personal Information, such as name and e-mail address, to provide them with the Services. The types of information we may collect directly from our customers and their users include: name, email address, gender, postal address, phone number and payment card information and transactional information (including Services purchased), as well as any other contact or other information they choose to provide us or upload to our systems in connection with the Services.

From our Website: We may collect any Personal Information that you choose to send to us or provide to us, for example, on our “Request a Demo” online form. If you contact us through the Website, we will keep a record of our correspondence.

Information We Automatically Collect:

When you use our Services:

· Usage information – we keep track of user activity in relation to the types of Services our customers and their users use, the configuration of their computers, and performance metrics related to their use of our Services.

· Log information – we log information about our customers and their users when you use one of our Services including Internet Protocol (“IP”) address.

· Information collected by cookies and other similar technologies – we use various technologies to collect information which may include saving cookies to users’ computers.

· Customer Feedback – While using our Services, you may be asked to provide feedback (e.g. in the software directly or after receiving help from our support team). Providing this feedback is entirely optional.

When you use the Website: When you visit the Website, we collect certain information related to your device, such as your device’s IP address, referring website, what pages your device visited, and the time that your device visited our Website.

How We Collect Your Data

We may collect your personal data in one of the following ways:

· When you visit our website

· When you create an account

· When you engage with us on social media

· When you contact us with queries

· When you review our services

· When you apply for an employment vacancy with Pilotbird

Data from Third parties

We may also receive personal data about you from various third parties, including:

· Technical Data from third parties, including analytics providers such as Google. Please see further information in the section entitled ‘Marketing preferences, adverts and cookies’ below.

· Technical Data from affiliate networks through whom you have accessed our website.

· Identity and Contact Data from social media platforms when you log in to our website using such social media platforms.

· Contact, Financial and Transaction Data from providers of technical, payment and delivery services.

How We Use Your Personal Data

The legal basis for processing your personal data

We will only collect and process your personal data where we have a legal basis to do so. As a data controller, the legal basis for our collection and use of your personal data varies depending on the manner and purpose for which we collected it. We will only collect personal data from you when:

· we have your consent to do so, or

· we need your personal data to perform a contract with you. For example, to provide you with our service to you, or

· pursuing our legitimate interests in a way that you might reasonably expect to be a part of running our business and that does not significantly impact your interests, rights and freedoms, for example, showing Pilotbird advertisements to you as you browse the internet.

· we have a legal obligation to collect or disclose personal data from you (e.g. in suspected instances of fraud where we need to give personal data to a government body).

This is why we process your personal data:

· Set up a user account

· Provide, operate and maintain our services

· Process and complete transactions, and send related information, including transaction confirmations and invoices

· Manage our customers’ use of our services, respond to enquiries and comments and provide customer service and support;

· Send customers technical alerts, updates, security notifications, and administrative communications

· Investigate and prevent fraudulent activities, unauthorised access to our services, and other illegal activities; and

· For any other purposes about which we notify customers and users.

· We use your Personal Information in this context based on the contract that we have in place with you or our legitimate interest for security purposes (e.g. the prevention and investigation of fraudulent activities). Personal Information will be deleted based on the terms of the contract.

How We Share Your Data

We sometimes share your personal data with our trusted categories of third parties we use to conduct our business, for example, to provide our Privacy Center services to you; to handle feedback and complaints; and to help us understand your behaviour in order to customise and maximise our services, advertising, marketing, competitions and offers to you.

Our trusted categories of third parties include website hosts, cloud service providers, social media providers, professional services providers, customer survey service providers and advertising partners.

As part of our e-marketing methods and on the basis of our legitimate business interests, we use some Google services and some Facebook products in accordance with the practices explained in the Google and Facebook terms and privacy notices. In order to protect your personal data by pseudonymising it, Google and Facebook ensure that a hashing algorithm is applied automatically at the point of sharing personal data with Google and Facebook. Please consult their relevant terms and privacy notices for further information and your options. If we can help you in any way please do not hesitate to contact us at privacy@pilotbird.com.

As part of our fraud monitoring, detection and prevention methods and on the basis of our legitimate business interests, we use a third-party fraud monitoring, detection and prevention service provider for all website/online sales. As part of this service, we may share personal data that is required to make identity checks and personal data that we obtain from making identity checks (including data relating to your age, name and location), together with account information, with third party organisations (including law enforcement agencies), involved in fraud prevention and detection and credit risk reduction. Please note that these third parties may retain a record of the information that we provide to them for this purpose.

We may share your personal data with government bodies and law enforcement.

We may also share your personal data with our professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

Marketing Preferences, Adverts and Cookies

Marketing - Your Preferences

We may send you marketing communications and promotional offers:

· if you have created an account with us or subscribed to our services, and you have not opted out of receiving marketing (in accordance with your preferences, as explained below);

· by email if you have signed up for email newsletters;

We may use your personal data (as outlined in the ‘Personal Data We Collect’ section) to form a view on what we think you may like, or what may be of interest to you, and to send you details of services which may be relevant for you.

We will ask you for your preferences in relation to receiving marketing communications by email, and other communication channels.

You will always have full control of your marketing preferences. If you do not wish to continue receiving marketing information from us (or any third party, if applicable) at any time:

· you can unsubscribe or ‘opt-out’ by using the unsubscribe button and following the link included in the footer of any marketing email; or

· account holders may withdraw their consent by simply logging in to the Pilotbird Privacy Center and managing their preferences.

We will process all opt-out requests as soon as possible, but please note that due to the nature of our IT systems and servers it may take a few days for any opt-out request to be implemented.

Cookies

Our website uses cookies to distinguish you from other users of our website and to keep track of your visits. They help us to provide you with the very best experience when you browse our website and to make improvements to our website. They also help us and our advertising networks to make advertising relevant to you and your interests.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

You can manage cookies as you wish – please visit the Privacy Center and click Manage Cookies. For detailed information on the cookies which we and our third-party providers use and the reasons why we use them, please refer to our Cookie Policy.

Links to Other Websites and Third Parties

Our website may include links to and from the websites of our partner networks, advertisers and affiliates, or to social media platforms. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to their websites.

Transferring Your Data Outside the EEA

The personal data we collect from you may be transferred to, and stored at, destinations outside the European Economic Area ("EEA") using legally-provided mechanisms to lawfully transfer data across borders. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the provision of our services to you. We will take all steps necessary to ensure that your data is treated securely and in accordance with this privacy notice.

If we share your personal data outside of the European Economic Area, we ensure that there is an appropriate transfer mechanism in place to protect your personal data and comply with our data protection obligations.

Please contact us if you want further information on the countries to which we may transfer personal data and the specific mechanism used by us when transferring your personal data outside the EEA – privacy@pilotbird.com

Storing, Securing and Retaining Your Data

Storing your data

We need to retain your personal data to satisfy our legal obligations, to deal with complaints and queries, in order to resolve, litigate or defend a dispute and to prevent fraud and abuse.

Having obtained your consent (or other legal basis) to contact you, we will retain your personal data for marketing and analysis purposes until you withdraw your consent. If you choose to withdraw your consent to marketing, we will delete your personal data from our systems, unless we have another legal basis to retain it, which may include performance of our contract with you.

Securing your data

The communication between your browser and our website uses a secure encrypted connection wherever your personal data is involved.

We have put in place physical, electronic and managerial security procedures in the storage and disclosure of your personal data to protect it against accidental loss, destruction or damage. Nevertheless, any data transmission over the internet or by any other means can never be fully secure, such is the character of the internet, and provision of personal data by you to us is at your own risk. We take all reasonable measures to protect your personal data by putting appropriate technical and operational security measures in place.

When we disclose your personal data to trusted third parties (for the purposes set out in this notice), we require all third parties to have appropriate technical and operational security measures in place to protect your personal data, and we work with them to ensure that your data protection and privacy rights are respected. Where your personal data is shared with a third party, it must only be used for the purposes for which it was supplied.

In the unfortunate event of a personal data breach, we will notify you and any applicable regulator when we are legally required to do so.

Retaining your data

Your personal data will be deleted when it is no longer reasonably required for the provision of the Services described above or when you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data.

The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal or regulatory requirements).

We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. For example, where you ask to be unsubscribed from marketing communications, we may keep a record of your email address and the fact that you have unsubscribed to ensure that you are not sent any further emails in the future.

Children

While our website is designed for a general audience, we will not knowingly collect any data from children under the age of 18 or sell products to children.

Please do not attempt to sign up to our services, create an account or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under age 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us Personal Information, please email privacy@pilotbird.com. Our privacy team will act upon this information as quickly as possible.

The California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (“CCPA”) provides consumers with specific rights regarding their Personal Information. You have the right to request that businesses subject to the CCPA (which may include our Merchants with whom you have a relationship) disclose certain information to you about their collection and use of your Personal Information over the past 12 months. In addition, you have the right to ask such businesses to delete Personal Information collected from you, subject to certain exceptions. If the business sells Personal Information, you have a right to opt-out of that sale. Finally, a business cannot discriminate against you for exercising a CCPA right.

When offering services to its Merchants, Pilotbird acts as a “service provider” under the CCPA and our receipt and collection of any consumer Personal Information is completed on behalf of our Merchants in order for us to provide the Service. Please direct any requests for access or deletion of your Personal Information under the CCPA to the Member with whom you have a direct relationship.

Consistent with California law, if you choose to exercise your applicable CCPA rights, we won’t charge you different prices or provide you a different quality of services. If we ever offer a financial incentive or product enhancement that is contingent upon you providing your Personal Information, we will not do so unless the benefits to you are reasonably related to the value of the Personal Information that you provide to us.

Changes to This Privacy Notice

From time to time we may change this privacy notice. If there are any significant changes we will post updates on our website, applications or let you know by email at privacy@pilotbird.com

How to Contact Us

We welcome feedback and are happy to answer any questions you may have about your data.

You can contact us at:

Email: privacy@pilotbird.com

This notice was most recently updated: 18th April 2023