Last updated: 02-02-2023
At Cover Genius (collectively, “Cover Genius”, “we”, “our” and “ours”), we take our customers’ (collectively “you”, “yours” and “users”) personal information and your trust very seriously. We strive to ensure the personal information you provide to us when you visit our website or use our services is secure and confidential at all times.
We do not sell, lease, trade or otherwise profit from your information for direct and indirect marketing.
Collecting and processing of personal information
We collect personal information types including but not limited to:
- Name or company name of the covered party (including representation as the case may be);
- Physical address (including, but not limited to street, street number, postal code, city, and country/region);
- Email address;
- Date of birth and/or age;
- Telephone and mobile number;
- A copy of your driver’s license and all the information therein;
- A copy of your passport number and all the information therein;
- Payment information such as your bank details (account number, account holder and card number) for claim purposes;
- Proof of ID for claim purposes including but not limited to photographs;
- Trip or event details;
- Details about the covered product, including proof of purchase;
- Information supporting your claim submission evidencing loss or damage, including but not limited to physical condition and/or medical information;
- Information you provide to us when you communicate with us via phone, chat, email, or any other channels of communication, including customer support service tickets.
We also may periodically obtain both personal and non-personal information about you from affiliated entities, business partners and other independent third-party sources, through your interactions and/or use of our products. Your consent may be obtained by us or on our behalf by our partners.
We collect and process personal information to provide you with the goods or services you have requested or purchased from us, including purchase of our products, submission of claims and other ancillary goods or services. We may also use this information to refine our goods and services to better meet your needs and to refine the user experience for you. If we ask for your personal information and you choose not to give it to us or ask us to stop processing necessary personal information, we may not be able to provide you with any, some, or all the features of our products or services.
We do not knowingly attempt to solicit or receive information from children. If we learn that we have collected personal information on a child under the age of 13, we will delete that data from our systems, except as required by applicable law to maintain transaction data.
Sharing your personal information with third parties
We share your personal information with your consent or to complete any transaction or provide any product or service you have requested or authorized. We may share your personal information with Cover Genius controlled entities, affiliates, and subsidiaries. We may also share personal information with vendors working on our behalf to comply with our legal or regulatory requests and to protect the rights and property of our company and its customers.
Please note that we do not control the privacy practices of business partners and third-party service providers. For these business partners or third-party service providers, we recommend that you read their privacy policies so that you can understand the way your personal information will be handled by them.
To withdraw consent from such partners and third-party service providers, or to exercise your data subject rights or to otherwise access, update or delete any of your personal information retained by them, you should contact them directly.
We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates, and advertisers.
We may share personal information when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
Transfer of personal information
We are a global company, with partners, users, and employees around the world. To provide services requested by you, we may transfer your personal information as necessary. We may share your personal information with affiliates, group companies, business partners, vendors, third party-party service providers, and IT providers outside the country of your residence.
When we engage in such transfers, we employ appropriate technical safeguards and use a variety of secure mechanisms, including contracts such as the standard contractual clauses published by the European Commission and any such equivalent clauses to help protect your rights and enable these protections to travel with your personal information.
You may, however, visit our website anonymously. We will collect personal information from you only if you voluntarily submit such information to us. You can always refuse to share such personal information, except that it may prevent you from engaging in certain website related activities and it may also prevent us from fulfilling services requested by you.
We also allow third parties to collect information about your online activities through cookies and other technologies. The information gathered by these third parties is used to make predictions about your characteristics, interests, and/or preferences.
Data subject rights
As a user of our services, you are entitled to certain rights under applicable data protection laws. If you would like to access, review, update, rectify, or delete any personal information we hold about you, you can reach out to us by email. Our privacy team will examine your request on an individual basis and respond to you as relevant and as soon as possible.
You can also opt-out of receiving marketing communications from us at any time by using the unsubscribe link in the marketing email communications we send. You can accept or manage your cookies by clicking on our cookie banner. You can also separately email us at [email protected] about any such requests.
Please note transactional emails will be sent to you to enable us to smoothly and efficiently provide services requested by you.
While we hope we can answer any questions that you may have, if you have unresolved concerns, you also have the right to complain to the relevant data protection supervisory authority.
Technical & organizational measures
We have controls in place to maintain the confidentiality of your personal information at all times and take reasonable efforts to protect your personal information. We implement robust administrative, physical, and technical safeguards to protect any information we hold in our records from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
We continually strive to enhance our privacy controls to create a secure and reliable website for you. However, no use of the internet or transmission of data over the internet can be guaranteed.
All passwords and usernames allocated to you must be kept secret and must not be disclosed to anyone without express written notice to us. You must not use any false identity in email or other communications, and you must not attempt or participate in the unauthorized entry or viewing of another user’s account or into another system.
Personal information collected by us may be stored and processed in your country of residence and in any country that we or our affiliates, subsidiaries, or service providers have operations in. We use third parties (“Sub-processors”) to process personal information in accordance with the terms of a contract between our company and the Sub-processor. We currently maintain data centers in Germany and other locations and have offices in Australia, EU, Latin America, Asia, the United Kingdom, and the United States.
We use reasonable efforts to ensure that our Sub-processors have appropriate technical, operational, and organizational safeguards to handle personal information and are commissioned to process personal information. For additional information for these Sub-processors, we recommend that you read their privacy policies so that you can understand the manner in which your personal information will be handled by them.
Our list of Sub-processors include but are not limited to Amazon Web Services, Google Cloud Platform, Adyen, Stripe and Braintree. The list may change from time to time.
Bug bounty – vulnerability program
We welcome all reports of possible security issues and treat them seriously. Currently, we do not have a public bug bounty program and are unable to provide payment for any such reports. We are committed to having an open dialogue with you and have a vulnerability disclosure policy where you can expect the following from us:
- We will acknowledge that your report has been received.
- After triage, we will send an expected timeline, and commit to being as transparent as possible about the remediation timeline as well as on issues or challenges that may extend it.
- Notification when the vulnerability analysis has completed each stage of our review.
- As appropriate and relevant, credit (attribution) after the vulnerability has been validated and fixed.
Please note, you will require written permission from our security team before you initiate any testing. To request permission and to report any such vulnerabilities or bugs, please contact [email protected].
Personal information deletion and minimization
We will typically need to retain your information throughout the duration of our relationship with you, and potentially beyond that point to comply with all applicable laws, privacy legislation, and industry specific regulations to which we are subject. As these needs can vary for different personal information types, the context of our interactions with you or your use of products, actual retention periods can vary significantly. We only retain personal information that is necessary to process your requested services and that are required for regulatory or legal purposes.
We safely and securely destroy personal information which we no longer need to keep in accordance with our data retention policies. Further details can be provided upon written request by emailing us.
Region specific notices:
Notice for Brazilian Residents
According to the LGPD, you have certain rights in relation to the personal information we collect from you. These rights to request include, but are not limited to: (i) a right to request access, correction, or to refuse processing of your personal information and (ii) a right to request the deletion of your personal information. You can make such requests here.
Notice for California Residents
We do not sell (as defined under the CCPA) your personal information. Thus, we do not offer an opt-out to the sale of personal information.
You have the right to request: (i) what personal information we collect, use, disclose, and sell and (ii) the deletion of your personal information. You may make these requests yourself or through an authorized agent. We require that the authorized agent has your express written permission to do so, and we may ask you to submit proof of such permission.
We may also ask for additional information, such as your country of residence, email address, and phone number, to validate your request before honoring the request.
You have a right not to receive discriminatory treatment if you exercise your CCPA rights. We will not discriminate against you if you exercise your CCPA rights. You can make such requests here.
Notice for European Residents
According to GDPR, you have certain rights in relation to the personal information we collect from you. These rights include: (i) a right to request access and obtain a copy of your personal information; (ii) a right to request to rectify, delete or object to processing your personal information; and (iii) a right to request your personal information be ported or transferred to another company. You can make such requests here.
You can make data subject requests or reach out to us about specific privacy questions by emailing us at [email protected]. Your request will be reviewed on an individual basis by our privacy team.