Date last updated 2020-10-10
Kiwi Insurance Services, Inc. d/b/a Pilotbird (“Pilotbird”)
1. What Information We Collect
We may collect information from you when you:
- Details used to register an account, or administer your account
- Identifiers such as: real name, alias, postal address, unique personal identifier, online identifier, social media accounts, internet protocol address, email address, account name, social security number, driver’s license number, passport number or other similar identifiers;
- Characteristics of protected classifications such as: race, color, sex, age (over 40), religion, national original, disability, citizenship status, genetic information, sexual orientation, gender identity and expression, ancestry, medical conditions, AIDS/HIV, military status, veteran status, political affiliations or activities, status as a victim of domestic violence, assault or stalking, and request for family care leave;
- Commercial Information such as: records of personal property, products or services purchased, obtained, or considered, or other purchasing or consumer histories or tendencies;
- Internet or other electronic network activity information such as: browsing history, search history, and information regarding your interaction with an internet website, application, or advertisement;
- Geolocation information;
- Input, post, or upload information, data, or other content through the Services
- Submitted questions, requests, or other communications to us via various communication channels
- Education information that is not publicly available personally identifiable information under the Federal Educational Rights and Privacy Act;
- Inferences drawn from any of the above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
- Contact us contents for customer support or technical support
- Details of your visit any of our websites or access any of our applications
- Information provided any promotions, demonstrations, contests, surveys, or other marketing events
Below is additional information that we may collect from you, depending on how you interact with the Services:
You (and anyone who can interact with your use of the Services) own and control the nature of the information, data, and other content you input, post, or upload through the Services (“Content”), subject to any applicable terms and conditions. Our collection, use, and disclosure practices with respect to Content are distinct from those with respect to other sorts of information, as explained in Section 2.a. below. We may upload Content automatically with your authorization from third-party service providers (such as from your Google Drive).
(b). Customer Information
Information related to the creation of accounts or that otherwise identifies you as a customer or end user of the Services is what we call “Customer Information.” Customer Information may include personal information, such as your name, email address, gender, postal address, phone number and payment card information. If you are an end user using the Services through an account created on your behalf by an Pilotbird customer (such as an employer, an organization of which you are a member, or another individual), we may collect and process Customer Information about you on behalf of the Pilotbird customer with whom your use of the Services is associated.
When you create an account with Pilotbird, we may collect certain Customer Information directly from you or, if you create your account using a third-party service such as Google, Apple, or a single-sign-on service such as Okta, we may collect Customer Information about you from the third-party service (such as your username or user ID associated with that third-party service). By choosing to create an account using a third-party service, you authorize us to collect Customer Information necessary to authenticate your account with the third-party service provider.
(c). Automatically-Collected Information
We collect information about how you use the Services and your actions on the Services, including your IP addresses, browser types, operating systems, ISPs, platform types, device types, mobile device identifiers such as make and model, and mobile carrier. We may also use tools, including third-party tools, to collect analytics data. Some of this information is collected through the use of “cookies” and other tracking technologies, such as web beacons, pixels, session replay scripts, and similar technologies (“tracking technologies”).
Our uses of cookies and tracking technologies fall into the following general categories:
(1) Operationally Necessary:- This includes tools and technologies that allow you access to our Services; are required to identify irregular site behavior, prevent fraudulent activity and improve security; and allow you to make use of our functionality;
(2) Performance Related:- We may use technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how our visitors use the Services;
(3) Functionality Related:- We may use technologies that allow us to offer you enhanced functionality when accessing or using our Services, including, for example, identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;
(4) Advertising or Targeting Related:- We may use first-party or third-party technologies to deliver content, including ads, relevant to your interests, on our Services or on third-party sites.
2. How We Use the Information We Collect
(b). Use of Other Information
We use the information we collect for a variety of purposes, and how we use it depends on what we collect and what Services (or features of the Services) you use. These purposes may include
- Once Pilotbird collects and compiles the information responsive to its client’s request, Pilotbird returns the information to the requesting client and the client pays for the information returned. In addition, Pilotbird may generate scores (or inferences) about individual consumers and businesses. These scores are derived from publicly available web data and are indicative of claimant’s eligibility for fast-tracked claims processing.
- Sale of Personal Information: Pilotbird’s Services involve the sale of information, including personal information, to its clients in response to a client request. Pilotbird’s clients consist of insurance companies and those insurance companies request information from Pilotbird in order to underwriting insurance policies, engage customers and to investigate insurance claims. Upon receipt of a client request, Pilotbird uses the information provided to us by our client in order to search for relevant information about the business or individual inquired upon. Pilotbird will search for such information on internet web sites (including social media sites). Pilotbird will also request relevant information from its third-party data sources. The searches that Pilotbird conducts involve the disclosure of personal information to the entities with whom we conduct the search.
- Fulfilling our contract with You and Providing the Services to You. We may use the information we collect for: (i) responding to requests or inquiries from you (including requests for customer support or technical assistance); (ii) providing customer support or technical assistance; (iii) contacting you to provide product updates, information about products you have requested or purchased, marketing Pilotbird products, services and features that you may be interested in, and monitoring the performance of our advertisements and marketing efforts; and (iv) creating, managing, or administering your information and account, including identifying you with your account or the account of a Pilotbird customer.
- Analyzing and Improving our Services Pursuant to our Legitimate Interest. We may use the information we collect for: (i) deriving market insights, ways to improve the Services, and other business analysis or research purposes; (ii) customizing existing and future product offerings and other aspects of the Services to you and other users; (iii) securing the Services and our systems, and protecting your information and data; (iv) detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity; and (v) measuring interest and engagement in our Services and short-term, transient use, such as contextual customization of ads.
- Providing You with Additional Content and Services. We may use the information we collect for: (i) furnishing you with customized materials about offers, products, and services that may be of interest, including new content or services; and (ii) auditing relating to interactions, transactions and other compliance activities.
- Marketing Our Products and Services. We may use personal information to tailor and provide you with content and advertisements.
- Legal Obligations and Rights. We may disclose personal information to third parties, such as legal advisors and law enforcement: (i) in connection with the establishment, exercise, or defence of legal claims; (ii) to comply with laws or to respond to lawful requests and legal process; (iii) to protect the rights and property of Pilotbird, our agents, customers, and others, including to enforce our agreements, policies, and Terms of Service; (iv) to detect, suppress, or prevent fraud; (v) to reduce credit risk and collect debts owed to us; (vi) to protect the health and safety of Pilotbird, our customers, or any person; or (vii) as otherwise required by applicable law.
- Consent. We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information, or with your consent.
- Aggregated and De-Identified Data. We may use aggregated and de-identified information for a wide variety of statistical, analytical, and Services improvement purposes. The aggregation and de-identification process prevents the information from being reassociated or identified with any one customer account, user, or individual.
- Other Purposes. We may use the information we collect for our other, legitimate business purposes.
3. How We Share Information
We may disclose information we collect:
- When you ask us to, or otherwise give your specific consent (for example, by posting Content using the Universe feature, you consent to our sharing that Content with other Pilotbird users);
- With vendors we engage to provide you with aspects of the Services, such as data storage, hosting, and payment processing;
- With third-party service providers who enable certain features or functionalities of the Services that you’ve requested
- With vendors we engage to help us with marketing and email campaigns, to advertise, gain insights, and perform analytics into how the Services are used and how they might be improved (for example, we may share Customer Information with various social media platforms to engage in custom audience advertising or use third-party data enrichment services to match Customer Information or other personal information we collect with publicly available database information in order to communicate more effectively with you);
- With an employer or other organization on whose behalf you use the Services, that created an Pilotbird account on your behalf, or that owns, manages, or is associated with the email domain for an email address on your account;
- As necessary to comply with applicable law, including governmental requests, law enforcement requests, and otherwise to protect the rights, privacy, safety, or property of you, us, or others;
- As necessary in the event of a proposed or actual reorganization, merger, sale, joint venture, assignment, transfer, financing, or other disposition of all or any portion of Pilotbird business, assets, or stock;
4. Managing Your Information
5. Managing Cookies and Tracking Technologies
We support the Self-Regulatory Principles for online behavioral advertising (“Principles“) published by the Digital Advertising Alliance (“DAA“). This means that we allow you to exercise choice regarding the collection of information about your online activities over time and across third-party websites for online interest-based advertising purposes. More information about these Principles can be found at www.aboutads.info. If you want to opt out of receiving online interest-based advertisements on your internet browser from advertisers and third parties that participate in the DAA program and perform advertising-related services for us and our partners, please following the instructions at: www.aboutads.info/choices, or www.networkadvertising.org/choices. If you’re in the EU, you can find additional information about your choices with respect to advertising networks and online behavioral advertising by clicking here: www.youronlinechoices.com.
If you want to opt out of receiving online interest-based advertisements on mobile apps, please follow the instructions at www.aboutads.info/choices.
To make opt-out requests related to mobile apps on your device for businesses participating in the DAA’s CCPA App-based Opt-Out Tool, you can download the appropriate app at www.privacyrights.info/appchoices.
- You may opt-out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available at google.com/ads/preferences.
- You can also view Google’s currently available opt-out options at tools.google.com/dlpage/gaoptout.
6. Information from Children
Pilotbird is not directed to children under the age of 13 (or other age as required by local law) and we do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will take reasonable steps to delete such information from our files as soon as is practicable. If you learn that your child has provided us with personal information without your consent, you may contact us at [email protected]
8. California-Specific Disclosures
The disclosures in this section apply solely to individual residents of the State of California (“consumers” or “you“) and provide additional information about how we collect, use, disclose, and otherwise process personal information of individual residents of the State of California within the scope of the California Consumer Privacy Act of 2018 (“CCPA“).
- Identifiers, such as your name, mailing address, email address, zip code, telephone number, or other similar identifiers.
- California Customer Records (Cal. Civ. Code § 1798.80(e)), such as username and password, payment information, company name, job title, business email address, and department.
- Protected Classification Characteristics, such as age and gender.
- Commercial Information, such as information about products or services purchased, obtained or considered.
- Internet/Network Information, such as your browsing history, log and analytics data, information about the device(s) used to access the Services, domain server, search history and information regarding your interaction with our websites or Services and other usage data.
- Geolocation Data, such as information about your physical location collected from geolocation features on your device, including your IP address.
- Sensory Information, such as pictures you provide or upload in connection with our Services, and the content and audio recordings of phone calls between you and us that we record where permitted by law.
- Profession/Employment Information, such as current employer.
- Other Personal Information, such as personal information you provide to us in relation to a survey, comment, question, request or inquiry, information you provide when connecting a third-party account, product or service, and any other Content you upload.
- Inferences, including information generated from your use of our Services reflecting predictions about your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.
- The Right to Know any or all of the following information relating to your personal information we have collected and disclosed in the last 12 months, upon verification of your identity:
- The specific pieces of personal information we have collected about you;
- The categories of personal information we have collected about you;
- The categories of sources of the personal information;
- The categories of personal information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed;
- The categories of personal information we have sold and the categories of third parties to whom the information was sold; and
- The business or commercial purposes for collecting or selling the personal information.
- The Right to Request Deletion of personal information we have collected from you, subject to certain exceptions.
- The Right to Opt Out of Personal Information Sales to third parties now or in the future.
To Exercise Your Right to Know or Right to Deletion
To Exercise Your Right to Opt Out of Personal Information Sales
9. EU-Specific Disclosures
- Personal Data We Collect From You When You Use the Services and How We Use It. We collect personal data as set out in the “What Information We Collect” and “How We Use the Information We Collect” above. We will indicate to you where the provision of certain personal data is mandatory. If you choose not to provide such personal data, we may not be able to provide those parts of the Services to you or respond to your other requests.
- Information We Collect About You Automatically. Please see the “What Information We Collect” section above.
- How Long Will We Store Your Personal Data. We will usually store the personal data we collect about you for no longer than necessary for the purposes for which it was collected, including for the purposes of satisfying any legal or reporting requirements, and in accordance with our legal obligations and legitimate business interests. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and the applicable legal requirements.
- Recipients of Personal Data. We may share your personal data with the recipients as set out in the “How We Share Information” section above.
- Marketing and Advertising. From time to time we may contact you with information about our products and services, including sending you marketing or advertising messages and asking for your feedback on our products and services. For some marketing or advertising messages, we may use personal data we collect about you to help us determine the most relevant marketing or advertising information to share with you. We will only send you marketing or advertising messages if you have given us your consent to do so. You can withdraw your consent at a later date by clicking on the unsubscribe link at the bottom of our marketing or advertising emails or by contacting Pilotbird Support at [email protected].
- International Transfers of Your Personal Data. The personal data we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations, including in the United States. If you are accessing our Site from the EEA, your personal data will be processed outside of the EEA. In the event of such a transfer, we ensure that: (i) the personal data is transferred to countries recognised as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission. Pilotbird is closely monitoring developments and guidance from both European and U.S. regulatory authorities and will update these EU Disclosures as needed. If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of these EU Disclosures.
- Your Rights in Respect of Your Personal Data. In accordance with applicable privacy law, you have the following rights in respect of your personal data that we hold: (i) Right of access; (ii) Right of portability; (iii) Right to rectification; (iv) Right to erasure; (v) Right to restriction; (vi) Right to withdraw consent; and (vii) Right to object.
You also have the right to lodge a complaint to your local data protection authority. Information about how to contact your local data protection authority is available here.
10. E.U. General Data Protection Regulation (“GDPR”)
Pilotbird acts as both a “Data Controller” and a “Data Processor” under the GDPR. Pilotbird acts as a data controller with respect to personal data about its contractors in the EU (i.e., human resource data), personal data it collects from its clients and prospective clients (i.e., its own customer relationship management data), and personal data about EU citizens it licenses from others (i.e., EU personal data Pilotbird licenses to its clients).
Pilotbird acts as a data processor under GDPR to the extent it processes personal data about EU citizens on behalf of its clients. In this instance, our clients are considered data controllers. Pilotbird processes the personal data according to contract and written instructions from the data controller.
This privacy notice focuses on the personal data that Pilotbird collects and processes that are used for insight, recognition, and contact purposes. Employees of Pilotbird partners in the European Union should refer to their employee handbook for information regarding Pilotbird’s privacy policies.
We conduct business primarily in the United States. Individuals wishing to contact us about data protection issues may reach us at Consumer Advocate by emailing us at [email protected]
- Insight: we use this data to create a marketing picture of individuals. This includes demographics such as age, income, hobbies and interests that relate to people’s lifestyle choices and market-specific predictors such as technology and financial product ownership. We use a combination of actual data held (at the individual level or summarized at household, address, postcode or other geographical levels) and derived information (through statistical modelling or by applying a logical rule set) which indicates an individual’s likelihood of having a particular attribute, e.g. a person’s likelihood to have to purchase insurance of financial products. The resulting dataset is then used by our clients for retention or product placement.
- Recognition: we use this data for matching and linking to other databases. For example, a partner or client sends us a list of names and addresses, we then match those names and addresses to our product. Where there is a match, we add triggers that we hold on those matched individuals to partner or client file.
- Contact: we use the contact information from this data to create a trigger and monitoring file. For example, we create a file of names and addresses of individuals who are used for customer retention and engagement.
- To send you relevant marketing communications
- To improve the relevance of marketing communications through the use of lifestyle and demographic insight data
- To clean, validate, and enhance marketing databases
- To undertake research and analysis
- For product development and testing
- for identity verification, fraud detection, and prevention
- To support client relationships
- To connect and link your data to other marketing and advertising databases and platforms
- For campaign planning, management and strategic decision making
We share data directly via our APIs and Dashboards. We also share data (usually in a form where individuals cannot be directly identified) with other marketing companies such as social media and programmatic platforms. We make sure the recipients of our data are reputable entities by conducting appropriate checks on them. Before we share our data, we enter into written agreements with recipients which contain data protection terms that safeguard your data.
Personal data used in Pilotbird’s data products and services may also be passed to and used by members of the Pilotbird group of companies, worldwide. We may also pass data to other companies that process personal data on our behalf to help us conduct our business. When we do so, we ensure that appropriate contractual safeguards are put in place.
(e). Data retention, security, and transfers
The data we hold is non-sensitive personal data and not subject to any sector-specific data retention requirements. Our data retention periods are as follows:
Personal data that is not used for any purpose is deleted. If a data subject under GDPR objects to us processing their data, we will remove it from our data products, and then from our environment in accordance with our data deletion cycle, unless we have a valid justification to hold on to it, such as to resolve disputes or comply with our legal obligations. We also retain personal data which is necessary to keep on a suppression file so if we obtain someone’s data again, we will know not to use it.
(e). Data transfer
Where business needs exist, Pilotbird intends to transfer your personal data to entities outside the US and EU. However, your personal data will not be transferred unless a valid transfer mechanism is in place legitimizing such a transfer. In the case of transfers referred to in Article 46, 47, or the second paragraph of Article 49(1), this will typically involve EU model clauses or the EU-US Privacy Shield Framework. Safeguards afforded by the EU model clauses may be accessed here: Click
Information about the EU-US Privacy Shield Framework may be accessed here: www.privacyshield.gov.
(f). Your rights
Individuals may request access to, deletion or correction of their personal data, or restrict or object to the use of their data by writing to us at Consumer Advocate Pilotbird by emailing us at [email protected]
We do not collect personal data about citizens residing in a country other than the US, Argentine, Australia, Austria, Belgium, Brazil, Canada, India, Ireland, Italy, Japan, Mexico, Spain, Sweden, and Switzerland. If your request relates to your personal data for countries other than these, it is unlikely we have any personal data about you.
Lastly, if you are living in UK or Germany and are interested in exercising your rights, you can do so at the respective Pilotbird office by contacting them through the following link or email address:
(g). Other data protection information
Pilotbird uses and shares personal data based on its legitimate commercial interests, and those of its partner businesses, for direct marketing, fraud prevention, information security, and organizational purposes, in accordance with Article 6(1)(f) of the GDPR. We take great care to handle all personal data in accordance with data protection law and to ensure that it is never used in ways that unduly prejudice individuals’ interests. Users of our data are prohibited by contractual restrictions from using our data in a way which discriminates unfairly against individuals or produces legal or similar effects. You have the right to object to this processing if you wish and if you wish to do so please inform us by using one of the contact channels in the preceding section.