Privacy Policy
Last updated: 02-02-2023
At Cover Genius (collectively, “Cover Genius”, “we”, “our” and “ours”), we take our customers’ (collectively “you”, “yours” and “users”) personal information and your trust very seriously. We strive to ensure the personal information you provide to us when you visit our website or use our services is secure and confidential at all times.
We do not sell, lease, trade or otherwise profit from your information for direct and indirect marketing.
This Privacy Policy describes our efforts regarding collection and use of your personal information and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and we will from time to time update this Privacy Policy as we undertake new personal data practices or adopt new privacy policies.
Your continued use of our services and our website after any change will signify and confirm your agreement to changes to our Privacy Policy. This Privacy Policy is applicable for our products and services available under our different affiliates, subsidiaries, and group companies.
Collecting and processing of personal information
We collect personal information types including but not limited to:
- Name or company name of the covered party (including representation as the case may be);
- Physical address (including, but not limited to street, street number, postal code, city, and country/region);
- Email address;
- Date of birth and/or age;
- Telephone and mobile number;
- A copy of your driver’s license and all the information therein;
- A copy of your passport number and all the information therein;
- Payment information such as your bank details (account number, account holder and card number) for claim purposes;
- Proof of ID for claim purposes including but not limited to photographs;
- Trip or event details;
- Details about the covered product, including proof of purchase;
- Information supporting your claim submission evidencing loss or damage, including but not limited to physical condition and/or medical information;
- Information you provide to us when you communicate with us via phone, chat, email, or any other channels of communication, including customer support service tickets.
We also may periodically obtain both personal and non-personal information about you from affiliated entities, business partners and other independent third-party sources, through your interactions and/or use of our products. Your consent may be obtained by us or on our behalf by our partners.
We collect and process personal information to provide you with the goods or services you have requested or purchased from us, including purchase of our products, submission of claims and other ancillary goods or services. We may also use this information to refine our goods and services to better meet your needs and to refine the user experience for you. If we ask for your personal information and you choose not to give it to us or ask us to stop processing necessary personal information, we may not be able to provide you with any, some, or all the features of our products or services.
We do not knowingly attempt to solicit or receive information from children. If we learn that we have collected personal information on a child under the age of 13, we will delete that data from our systems, except as required by applicable law to maintain transaction data.
Sharing your personal information with third parties
We share your personal information with your consent or to complete any transaction or provide any product or service you have requested or authorized. We may share your personal information with Cover Genius controlled entities, affiliates, and subsidiaries. We may also share personal information with vendors working on our behalf to comply with our legal or regulatory requests and to protect the rights and property of our company and its customers.
Please note that we do not control the privacy practices of business partners and third-party service providers. For these business partners or third-party service providers, we recommend that you read their privacy policies so that you can understand the way your personal information will be handled by them.
To withdraw consent from such partners and third-party service providers, or to exercise your data subject rights or to otherwise access, update or delete any of your personal information retained by them, you should contact them directly.
We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates, and advertisers.
We may share personal information when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
Transfer of personal information
We are a global company, with partners, users, and employees around the world. To provide services requested by you, we may transfer your personal information as necessary. We may share your personal information with affiliates, group companies, business partners, vendors, third party-party service providers, and IT providers outside the country of your residence.
When we engage in such transfers, we employ appropriate technical safeguards and use a variety of secure mechanisms, including contracts such as the standard contractual clauses published by the European Commission and any such equivalent clauses to help protect your rights and enable these protections to travel with your personal information.
Cookie policy
Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. We use cookies and similar technologies for storing and honoring your preferences and settings, enabling you to sign into your account, providing interest-based advertising, analyzing how our products perform, and fulfilling other legitimate purposes.
You may, however, visit our website anonymously. We will collect personal information from you only if you voluntarily submit such information to us. You can always refuse to share such personal information, except that it may prevent you from engaging in certain website related activities and it may also prevent us from fulfilling services requested by you.
We also allow third parties to collect information about your online activities through cookies and other technologies. The information gathered by these third parties is used to make predictions about your characteristics, interests, and/or preferences.
Please note that we do not have access to or control over all cookies or other technologies these third parties may use to collect information about your interests, and the information practices of these third parties are not covered by this Privacy Policy.
Data subject rights
As a user of our services, you are entitled to certain rights under applicable data protection laws. If you would like to access, review, update, rectify, or delete any personal information we hold about you, you can reach out to us by email. Our privacy team will examine your request on an individual basis and respond to you as relevant and as soon as possible.
You can also opt-out of receiving marketing communications from us at any time by using the unsubscribe link in the marketing email communications we send. You can accept or manage your cookies by clicking on our cookie banner. You can also separately email us at [email protected] about any such requests.
Please note transactional emails will be sent to you to enable us to smoothly and efficiently provide services requested by you.
While we hope we can answer any questions that you may have, if you have unresolved concerns, you also have the right to complain to the relevant data protection supervisory authority.
Technical & organizational measures
We have controls in place to maintain the confidentiality of your personal information at all times and take reasonable efforts to protect your personal information. We implement robust administrative, physical, and technical safeguards to protect any information we hold in our records from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
We continually strive to enhance our privacy controls to create a secure and reliable website for you. However, no use of the internet or transmission of data over the internet can be guaranteed.
All passwords and usernames allocated to you must be kept secret and must not be disclosed to anyone without express written notice to us. You must not use any false identity in email or other communications, and you must not attempt or participate in the unauthorized entry or viewing of another user’s account or into another system.
Sub-processors
Personal information collected by us may be stored and processed in your country of residence and in any country that we or our affiliates, subsidiaries, or service providers have operations in. We use third parties (“Sub-processors”) to process personal information in accordance with the terms of a contract between our company and the Sub-processor. We currently maintain data centers in Germany and other locations and have offices in Australia, EU, Latin America, Asia, the United Kingdom, and the United States.
We use reasonable efforts to ensure that our Sub-processors have appropriate technical, operational, and organizational safeguards to handle personal information and are commissioned to process personal information. For additional information for these Sub-processors, we recommend that you read their privacy policies so that you can understand the manner in which your personal information will be handled by them.
Our list of Sub-processors include but are not limited to Amazon Web Services, Google Cloud Platform, Adyen, Stripe and Braintree. The list may change from time to time.
Bug bounty – vulnerability program
We welcome all reports of possible security issues and treat them seriously. Currently, we do not have a public bug bounty program and are unable to provide payment for any such reports. We are committed to having an open dialogue with you and have a vulnerability disclosure policy where you can expect the following from us:
- We will acknowledge that your report has been received.
- After triage, we will send an expected timeline, and commit to being as transparent as possible about the remediation timeline as well as on issues or challenges that may extend it.
- Notification when the vulnerability analysis has completed each stage of our review.
- As appropriate and relevant, credit (attribution) after the vulnerability has been validated and fixed.
Please note, you will require written permission from our security team before you initiate any testing. To request permission and to report any such vulnerabilities or bugs, please contact [email protected].
Personal information deletion and minimization
We will typically need to retain your information throughout the duration of our relationship with you, and potentially beyond that point to comply with all applicable laws, privacy legislation, and industry specific regulations to which we are subject. As these needs can vary for different personal information types, the context of our interactions with you or your use of products, actual retention periods can vary significantly. We only retain personal information that is necessary to process your requested services and that are required for regulatory or legal purposes.
We safely and securely destroy personal information which we no longer need to keep in accordance with our data retention policies. Further details can be provided upon written request by emailing us.
Region specific notices:
Notice for Brazilian Residents
This section provides additional details about the personal information we collect about Brazilian users and the rights afforded to them under the Lei Geral de Protecao de Dados / Brazilian General Data Protection Act (“LGPD”). This LGPD section supplements our Privacy Policy.
According to the LGPD, you have certain rights in relation to the personal information we collect from you. These rights to request include, but are not limited to: (i) a right to request access, correction, or to refuse processing of your personal information and (ii) a right to request the deletion of your personal information. You can make such requests here.
Notice for California Residents
This section provides additional details about the personal information we collect about California users and the rights afforded to them under the California Consumer Privacy Act (“CCPA”). This CCPA section supplements our Privacy Policy.
We do not sell (as defined under the CCPA) your personal information. Thus, we do not offer an opt-out to the sale of personal information.
You have the right to request: (i) what personal information we collect, use, disclose, and sell and (ii) the deletion of your personal information. You may make these requests yourself or through an authorized agent. We require that the authorized agent has your express written permission to do so, and we may ask you to submit proof of such permission.
We may also ask for additional information, such as your country of residence, email address, and phone number, to validate your request before honoring the request.
You have a right not to receive discriminatory treatment if you exercise your CCPA rights. We will not discriminate against you if you exercise your CCPA rights. You can make such requests here.
Notice for European Residents
This section provides additional details about the personal information we collect about European and United Kingdom consumers and the rights afforded to them under the General Data Protection Rights Act (“GDPR”). This GDPR section supplements our Privacy Policy.
According to GDPR, you have certain rights in relation to the personal information we collect from you. These rights include: (i) a right to request access and obtain a copy of your personal information; (ii) a right to request to rectify, delete or object to processing your personal information; and (iii) a right to request your personal information be ported or transferred to another company. You can make such requests here.
Updates to the Privacy Policy
We see data protection as an ongoing process, not an endpoint that can be guaranteed. As such, we continue to enhance our privacy controls daily to secure your personal information. We may amend the Privacy Policy from time to time. It is your sole responsibility to check this website from time to time to view any such changes to the terms of this Privacy Policy.
If you do not agree to any changes, if and when such changes may be made to this Privacy Policy, you must cease access to this website. If we make any material change in how we collect your personal information online, or how we use or share it, we will prominently post notice of the changes on the website covered by this Privacy Policy.
Contact Information
You can make data subject requests or reach out to us about specific privacy questions by emailing us at [email protected]. Your request will be reviewed on an individual basis by our privacy team.