The average ransomware loss hit $353,000 this year 📈
Cyber Incident? Get Help

1. Introduction

  1. This Privacy Policy (“Policy”) is provided by Coalition, Inc., a Delaware corporation, on behalf of itself, and any of its current and future subsidiaries and affiliates, including Coalition Insurance Solutions, Inc. (“CIS”), Coalition Insurance Solutions Canada, Inc. (“CISC”), Coalition Incident Response, Inc. (“CIR”), Coalition Incident Response Canada, Inc. (“CIRC”), Coalition Risk Solutions, Ltd. (“Coalition UK”), Coalition Insurance Company, Inc. (“CIC”), BinaryEdge AG (“BE”), and Coalition Insurance Solutions Pty Ltd (ACN 657 140 791) (“Coalition AU”) (collectively, “Coalition,” “we,” or “us”).  If you would like to understand which Coalition entity is processing any specific category of your personal data, or which undertakes processing for a particular purpose, please contact us.

2. Policy Application

  1. In order for our websites, online risk management platform (the “Platform”), applications (web-based or mobile), products and/or services (collectively, the “Services”) to function properly, we collect, use, store, disclose or otherwise process personal information about individuals (“you” or “your”) who use, access, or enroll in the Services. In order to provide our threat detection services, we also maintain a security threat database that may include limited personal data relating to actors involved in the incidents detailed within the database. Additional terms applicable in certain jurisdictions:

  2. Please read this notice and the following additional notices to the extent that these apply to you:

    • CALIFORNIA Please see the “California Supplementary Privacy Notice section below.

    • NOTE:  Coalition is required to comply with the United State federal law, the Gramm–Leach–Bliley Act (“GLBA”), also known as the Financial Services Modernization Act of 1999.  Because of this, Coalition is exempt from complying with United States state privacy laws that offer entity exemptions for entities required to comply with the GLBA. 

    • CANADA Please see the “Canada Supplementary Privacy Notice section below.

    • UNITED KINGDOM (UK) AND EUROPEAN ECONOMIC AREA (EEA) Please see the “UK/EEA Supplementary Privacy Notice” section below.

  3. Coalition is committed to protecting your privacy and we want you to understand what personal information we collect and how we use it. We also want you to understand the options that you have regarding our collection, use, and disclosure of, as well as your ability to access and correct, such information. As the leading provider of active insurance, Coalition is required to adhere to certain applicable laws and regulations that protect your information and govern our use and disclosure of it.

  4. The Services are directed towards our business customers and potential customers. They should not be used for personal, family, or household purposes. We treat all personal information covered by this Policy as pertaining to individuals acting as business representatives, rather than in their personal capacity.

  5. Coalition’s Services are not intended for, nor designed to attract, individuals under the age of majority in their jurisdiction of residence. Coalition does not knowingly collect personal information from any person who is under the age of majority in their jurisdiction of residence. If it comes to our attention through reliable means that a registered user is under the age of majority in their jurisdiction of residence, we will cancel that user’s account and/or access to our Services.

  6. If you have any privacy or data use concerns involving the Services, please contact us at privacy@coalitioninc.com or as further set out below under the “Contact Information” section.

3. What Information Do We Collect and How Do We Get It?

  1. When you use our Services, we may collect a variety of personal information that will aid us in providing our Services, including:

    1. Service users, brokers and individuals who communicate with us using our website / blogs / chat facilities:

      • Name;

      • Professional mailing address (if applicable);

      • Professional email address;

      • Professional phone number(s) or your personal phone number if you choose to provide this;

      • Password;

      • Web Address or Domain name(s) of your organization;

      • Job title and other occupational information;

      • Your communications with us, should you choose to contact us;

      • Number and frequency of visits to our website;

      • Any blog posts and comments on other users’ blog posts you may choose to write.  If you wish to update or delete your blog, please contact us at privacy@coalitioninc.com or as further set out below under the “Contact Information” section;

      • Any user testimonials you may choose to write.  If you wish to update or delete your testimonial, please contact us at privacy@coalitioninc.com or as further set out below under the “Contact Information” section; and

      • The information set out in our Cookies Notice.

    2. Additional Information collected in connection with Insureds:

      • Former insurance information, including nature of cover held, payment and claims history;

      • Information in relation to an insurance claim or cyber incident including details of the compromised communications, content or systems and information obtained in the investigation thereof;

      • Insurance coverage information, including endorsements; 

      • Number and frequency of logins to our Services; and

      • Interactions with our Services.

    3. Additional information collected in connection with Service users:

      • Information from public social network channels and torrent downloads;

      • Billing information, credit card or banking information, or other preferred payment means; however, we do not store full credit card numbers of personal account numbers (“PANs”); 

      • Content you create, upload, communicate to or receive from Coalition when using our Services, including, text, email, photos, videos, audiovisual content, documents, spreadsheets, and comment/chat you make on any Coalition’s Platform or blog; 

      • Any videos and/or photos you choose to upload, along with the category, name or “nickname” attached to those data elements; and

      • Certain Services used via our Platform allow you to share your password with the application for safekeeping. Any passwords that you share are not visible by, transmitted to, or stored by Coalition in clear text. They may be saved on your device, with only an encrypted code sent to Coalition for which we do not have the encryption key.

      • Your communications with us, should you choose to contact us; 

      • Files uploaded by you;

      • When Coalition runs its automated scanning and monitoring tool, it collects only publicly available information in order to conduct its risk and vulnerability assessment, including but not limited to names and email addresses sharing the requesting company’s domain name, to the extent permitted by law.

    4. Information collected in connection with our Threats Database:

      • Coalition scans the internet for cyber threats and information relating to cyber incidents, including company names, domain names, individual names, addresses, email addresses, passwords, job titles, and other similar information. Such information is stored and may be later processed for the purposes of detecting, investigating and preventing cyber fraud and crime. Such information could relate to any individual involved in the incident (irrespective whether they are a Service or Platform user).

    5. Additional information collected in connection with CoalitionAITM - USA users only: When using our Platform, you may have the option to engage with CoalitionAI Broker and Security Copilots (each a "Copilot" and collectively, the "Copilots"), Coalitions's AI-powered education and chat features:

      • CoalitionAI Broker Copilot: Appointed brokers in the U.S. now have access to the Broker Copilot, a generative AI chatbot embedded into the Coalition broker dashboard that can answer questions about cybersecurity best practices, cyber policy coverage options, and more. The Broker Copilot is trained on publicly-available documents and resources published by Coalition for broker inquiries and education. 

      • CoalitionAI Security Copilot: Businesses using Coalition ControlTM – Coalition's cyber risk assessment and monitoring platform – can now seek and gain details on cyber security vulnerabilities, better understand coverage contingencies, and learn about ways to resolve cyber security issues using the new Security Copilot.

      When interacting with a Copilot the following information may be collected:

      • Usage information: user activity related to interaction with a Copilot, as well as the configuration of a user's computer and performance metrics related to the use of a Copilot.  

      • Log information:  when using a Copilot, information about a user may be logged, including Internet Protocol ("IP") address.

      • Information collected by cookies and other similar technologies:  Copilots use various technologies to collect information which may include saving cookies to users computers, which can be disabled at the option of a user, but may affect the performance of a Copilot. 

4. Cookies and Website Use

Cookies, Tracking Technologies, and Session Information

  1. Coalition, our partners (such as our marketing partners), and our analytics or service providers use technologies such as cookies, beacons, tags, and scripts, to analyze trends, administer the Services, track users' movements around the Platform, and to gather demographic information about our user base as a whole. In this Policy we use the term “cookie” to refer to both cookies and other similar technologies previously mentioned above.

  2. Coalition, our partners, and our analytics or service providers may collect information about your interactions with the Platform, including the resources that you access, pages viewed, how much time you spent on a page, and how you reached our Platform. Coalition, our partners, and our analytics or service providers may log the details of your visits to our Platform and information generated in the course of using our Platform, such as mouse movements, clicks, page visits, text entered, and other details of your actions on our Platform. Details on how we use cookies can be found in our opt-in cookie consent.

  3. In certain areas of the Platform, we offer a chat feature to help answer your questions about our Services. We collect information you may enter into the chat. We will collect and retain transcripts of those conversations. Additionally, your browser may automatically transmit the following data: date and time of access, duration of the visit, type of browser including version, operating system used, amount of data sent, type of event, IP address.

  4. Where we place cookies on your device, they are called first party cookies.  Third parties may also use cookies to help them better manage their content on our Platform and to gather demographic information about our user base as a whole.

  5. We use the following types of cookies:

    • Essential Cookies Essential cookies are necessary for Services functionality and cannot be disabled by users.  These cookies do not gather information about you that can be used for marketing purposes and do not remember where you have been on the internet. 

    • Performance and Functionality Cookies Performance and functionality cookies are used to enhance the performance and functionality of our Services, but are not essential to its use.  However, without these cookies, certain functionality may become unavailable.  Performance and functionality cookies will only be used upon receipt of your consent. 

    • Analytics Cookies Coalition uses analytic cookies in order to determine user interests.  Providers Google Analytics, Heap and Amplitude may use cookies to collect the following information:  (1) visitor usage, (2) events, as well as (3) application performance and stability.

    • Marketing Cookies A marketing cookie collects personal information such as your name, pages visited, a user’s history arriving at our website, and the like.  Collected information is used to evaluate the effectiveness of our marketing campaigns or to provide better targeting for marketing.  

    • Third Party Website Cookies Third party cookies do not originate from Coalition sites.  Rather, they are from a third party, such as an advertiser.  These cookies collect information on a user’s behavior, demographics, or personalized marketing.  When visiting our sites, a user may encounter embedded content or be directed to a website for activities.  These websites and embedded content use their own cookies.  If you do not want cookies placed on your device by a third party, may third parties offer methods to opt-out of these cookies.

  6. If you consented to cookies placed on your device but then wish to disable such cookies, please note that many cookies used on Coalition’s sites can be enabled/disabled through a user’s browser.  To disable cookies through a browser, follow instructions located within the “Edit”, “Tools”, or “Help” menus in the browser.  Disabling a cookie or category of cookies does not delete the cookie from a user’s browser unless manually completed through a user’s browser function.

  7. Collection of a user’s data from Coalition’s cookies can be deleted.  If these cookies are deleted, the information collected prior to the preference change may still be used.  However, Coalition will cease using the disabled cookie to collect any further information from your user experience. Information from Referrals

  8. If you choose to use our referral service to tell someone about our Services, we may collect a name and email address from you. We will automatically send the individual that you have referred to us a one-time invitation email to visit the Platform and provide your name as the person who made the referral, and a one-time reminder if permitted by applicable law. Coalition stores this information for the sole purpose of sending the invitation and reminder email (if applicable), and for tracking the success of our referral program. This privacy notice will be provided to recipients of an invitation and such recipients may contact us at privacy@coalitioninc.com if they believe that their personal information has been provided to us improperly, or to request that we remove this information from our database. In using our referral service, you represent that you have provided a copy of this notice and obtained the necessary consents relating to other individuals. Use of Third Party Accounts, Features and Links in Connection with the Services

  9. Coalition may, now or in the future, allow you to link your account on the Platform to your account(s) on third party services, such as social networking sites (“Linked Accounts”). If you link your account on the Platform to a Linked Account, you are authorizing Coalition to store and use your access credentials to access your Linked Account on your behalf as your agent to integrate your experience with the Platform with content, information, and features available through such Linked Account. This may include importing certain information of the Linked Account, and/or pushing updates regarding your use of the Services out to your Linked Accounts. The information we receive when you link your account through a third party service depends on the settings, permissions, and privacy policy controlled by that Linked Account. Linking, accessing, or using a third party service through the Platform in this manner may be subject to additional terms and privacy policies established by the applicable third party, and it is your sole responsibility to comply with such third party terms and familiarize yourself with such privacy policies.

  10. If you download a mobile version of the Platform via the App store or Google Play, you may be subject to usage terms set forth by Apple, Inc or Google, Inc, respectively. Our Platform may also include links to, embedded content from, or the ability to connect with other websites and applications (“Third Party Sites”). Our Platform also includes social media features, such as a “Like” button, and widgets, such as the “share this” button or other interactive mini-programs that run on our Platform. These features may collect your IP address, which page you are visiting on our Platform, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by Third Party Sites or hosted directly on our Platform.

  11. Your interactions and any personal information that you submit via Linked Accounts, Third Party Sites or other features of these Third Party Sites are governed by the privacy policy of companies that are not controlled by Coalition and we do not assume responsibility for their privacy practices. Therefore, the terms of usage and their privacy policy may differ from the terms of this policy. You are encouraged to review the privacy policy of any Third Party Sites that you visit or engage with.

  12. Please be aware that any information that you submit to a social media site such as Facebook, Instagram or X (formerly known as Twitter) is done at your own risk and without any expectation of privacy. Coalition cannot control the actions of social media site users and is not responsible for any content or submission contained on such sites. Further, Coalition cannot guarantee the privacy and safety of these sites and is therefore not responsible for any content that you or any other social media user posts. You should always review the privacy policy of any Third Party Sites or website that you interact with.

5. The Ways Coalition Uses Information

  1. Coalition generally uses the information you provide or we collect in connection with the Services for the following purposes:

    • Provide or Fulfill Services to you; 

    • Establish and verify your identity; 

    • Handle and resolve billing transactions; 

    • Activate, maintain and service your account or an insurance policy; 

    • Develop, operate, maintain, and enhance the Services now and in the future;

    • Communicate with you about our Services, including by sending announcements, updates, security alerts, and support and administrative messages.  If you are a Coalition policyholder or user of our Services, we may contact you regarding your policy (as applicable), such as billing notices and confirmations of changes, by mail or through email. We will also use your email address to provide you with updates about our products and Services in accordance with applicable law. We may also contact you by phone and email regarding timely matters such as late payment or other factors that might affect your policy or use of our Services, including to notify you of potential security vulnerabilities;

    • Offer updates, notices, and other information, including marketing and promotional materials related to our products, services, sales, or promotions, or those of our affiliates and business partners we believe will be of interest to you, where permissible according to applicable law.  Depending on the jurisdiction in which you reside, you may choose to opt-in to receiving promotional emails, or conversely, to opt out at any time by following the unsubscribe instructions included in any Coalition emails you receive or by contacting Coalition at privacy@coalitioninc.com or as further set out below under the “Contact Information” section of this Policy);

    • Respond to your questions, inquiries, comments and instructions; 

    • Enforce the applicable Terms of Use;

    • Track and analyze de-identified data and provide such data to third-parties that provide services to Coalition;

    • Personalize our Services, such as remembering your information so that you will not have to re-enter it during your visit or the next time you use our Services;

    • Provide customized third party advertisements, content, and information in accordance with applicable law;

    • Monitor and analyze the effectiveness of our Services and third party marketing activities;

    • Monitor aggregate Platform usage metrics such as total number of visitors and pages viewed;

    • Protect our, your, or others’ rights, privacy, safety or property (including by making, investigating, and defending legal claims);

    • To facilitate audit of our internal processes for compliance with legal and contractual requirements and internal policies, enforce the terms and conditions that govern the Services;

    • Prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft;

    • In order to assist you and employer respond to a cyber incident; 

    • To comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities as permitted by applicable law; 

    • To process and follow up on applications received in response to our job postings on our website or elsewhere, and to communicate with applicants and candidates in this regard;

    • For such other purposes as you may consent to from time to time; and

    • As otherwise required or permitted by law.

6. The Ways Coalition Discloses Information

  1. We will not use or disclose your personal information to non-affiliated third parties except as disclosed in this Policy. In order for us to provide some of our Services we may also disclose certain of the categories of personal information described in the “What Information Do We Collect and How Do We Get It?” section to the following categories of third parties where it is necessary and/or appropriate to do so:

    • Disclosures In Connection with Claims: We may disclose your personal information to a policyholder’s insurers, their agents and representatives, claims representatives, insurance agents, law enforcement agencies, courts, and government agencies. These parties may disclose personal information to other parties as permitted by law in order to process and/or investigate insurance claims.

    • Payment Processors: Coalition collects and maintains certain personal information from our customers for the purposes of billing. When you purchase our Services, your payment card information may be collected and processed directly by our payment processors, such as Stripe, Inc. (“Stripe”). Accordingly, in addition to this Privacy Policy and our Terms of Use, your data is also processed pursuant to Stripe’s or other processors’ services agreements and privacy policies. Moreover, when your payment information is collected and stored by your broker or a third party payment provider (as applicable), your information will be subject to their respective privacy policies and practices.

    • Third-Party Service Providers: Coalition works with other third party service providers in the U.S. and other jurisdictions to provide website development, hosting, maintenance, transcription, marketing, billing, contract and account management, customer support and customer relationship management, and claims support as well as other business services for us. To the extent it is necessary for these service providers to complete their work, these third-parties may have access to or process your personal information in accordance with applicable law. Such users are required to agree to limit their use of the information for the purpose for which it was provided or to seek your consent for any additional purposes. Third-party service providers are required to maintain the confidentiality and security of your personal information, and comply with applicable privacy laws.

    • Promotional Partners and Third Party Apps: From time-to-time and where permissible under applicable law, Coalition may notify you about an offer from one of our promotional partners via our Platform or email. We will share your personal information (such as your name, company name, business email address, etc.) with the applicable partner only if you affirmatively consent and respond to a promotional offer. If you install an app from one of our third party partners, Coalition may provide your email address to that partner for account creation and communication with that partner.

    • Affiliates: We may share your data with our affiliates, including CIS, CISC, CIR, CIRC, CIC, BE, Coalition UK, and Coalition AU, to collect and share insurance application information, market products and services, collect payment information, and for other purposes consistent with this Policy, any applicable intercompany services agreement, or delivering our Services.

    • Business Transfers: In the event we are involved in a proposed or actual purchase, merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets (including a liquidation, realization, foreclosure, or repossession), or transition of service to another provider or any assets or shares of our business or a division thereof (collectively, “Transaction”), for you to continue to receive the same or similar Services from the third party, we reserve the right to share, transfer, or assign the information that we have collected from users, including personal information in connection with such Transaction, in accordance with applicable law.

    • Comply with Laws and/or Legal Process: We reserve the right to disclose your information that we believe is reasonable, appropriate, or necessary (as applicable in the relevant jurisdiction) to take precautions against liability; to protect Coalition and others from fraudulent, abusive, predatory, or unlawful uses or activity; to investigate and defend ourselves against any third party claims or allegations; to assist government enforcement agencies; to protect the security or integrity of our Services; or to protect or vindicate the rights, property, or personal safety of Coalition, our users, or others. In addition, we may be required by law, court order, or other legal process to provide information about our customers to outside parties.

    • Aggregated and Anonymized Information: Coalition may aggregate and anonymize data we collect about our users. For example, we may aggregate and anonymize data to determine if particular software used by our users is susceptible to exploitation. If we aggregate and anonymize this sort of data and provide it to external parties, our users’ personal information will not be attached to or included in such aggregated and anonymized data. Please note, data that our users provide to us, including data collected in our underwriting process, may be included in the aggregate and anonymized data, reports, and statistics but will always be anonymous.

    • Enforce our Terms of Use: In addition to the above uses and disclosures, Coalition may identify you as a customer or user or your website’s name in connection with proposals to prospective customers, to hyperlink to your websites home page, to display your logo on Coalition’s Platform or in marketing of its Services, or to otherwise refer to you in print or electronic form for marketing and reference purposes.

7. The Ways Coalition Protects Your Personal Information 

  1. We are committed to taking steps to protect personal information we receive from our users and otherwise control from loss, misuse or unauthorized access, disclosure, alteration, and/or destruction. We have put in place physical, industry standard technological, and administrative procedures designed to reasonably safeguard and secure such information; however, no Internet or email transmission is ever guaranteed to be fully secure or error free. Therefore, you should take special care in deciding what information you send to us in connection with our Services. In addition, consider minimizing the amount of personal data you transmit via email.  We will notify you of any confirmed security breach of your personal information to the extent required by and in accordance with applicable state, federal or other jurisdictional laws.

  2. If you have reason to believe that your personal information is no longer secure, please contact us immediately at privacy@coalitioninc.com or as further set out below under the “Contact Information” section.

8. Your Rights Regarding Your Personal Information

  1. Depending on applicable law, you may have certain rights regarding your personal information, including, but not limited to, the right to access, correct, amend, or delete  your personal information.  For information about the rights available to California residents, please refer to the section “CCPA Privacy Notice and for information about the rights available to European data subjects, please refer to the section “Privacy Notice to European Data Subjects”). There may be exceptions to such rights in accordance with applicable law, including, but not limited to: (a) where the rights of persons other than the requesting individual risk being violated; (b) where the information cannot be disclosed for legal, security, or commercial proprietary reasons; or (c) where the information is subject to solicitor-client or litigation privilege.

  2. To make a request to exercise a right regarding your personal information under applicable law, or if you have a privacy related concern, please contact us through the information set forth in the “Contact Information” section.

9. How Long Coalition Keeps Your Personal Information

  1. We keep your account information for as long as your account is in existence because we need it to operate your account. We also keep information about you and your use of the Platform for as long as necessary to comply with laws and for our legitimate business interests, such as providing the Services and defending or prosecuting claims, including as described in “The Ways Coalition Uses Information” and “The Ways Coalition Discloses Information” sections. To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. In general, we keep your personal information for as long as necessary to fulfill the purposes for which it was collected and as permitted or required by law.

10. Processing of Personal Information in the United States

  1. Coalition has users located across the globe. We are headquartered in the United States with service providers that operate in other countries. We may transfer your personal information to the United States and other countries which may not have the same data protection laws as your home country or territory, and where such laws will apply to your personal information while it is located there, but we will generally protect your personal information in accordance with this Privacy Policy, or as otherwise disclosed to you. Those laws may require disclosure of your personal information to authorities in that other country or territory. For more information about our policies and practices regarding service providers outside of your home country or territory, please contact us at privacy@coalitioninc.com or as further set out below under the “Contact Information” section.

11. CCPA Privacy Notice

  1. The California Consumer Privacy Act (“CCPA”) requires specific disclosures for California residents. This Privacy Policy is intended to help you understand how Coalition or its affiliates handle your information, specifically:

  2. The types of information that Coalition collects and from what sources we collect information are described in the Section, “What Information Do We Collect and How Do We Get It?

  3. How Coalition uses your information is described in the Section, “The Ways Coalition Uses Information.

  4. How and why Coalition may share your information is described in the Section, “The Ways Coalition Discloses Information.” We share every category of personal information that we collect as described in that section.

  5. Retention Periods: We retain your information according to the “How Long Coalition Keeps Your Personal Information” section above.

  6. Your CCPA Rights: Subject to applicable exceptions, California residents may request information from Coalition about how it collects, uses and discloses your personal information, request access to your information, to correct inaccurate personal information, and request that Coalition delete that information. After we receive your request, we may request additional information to verify your identity. Your authorized agent may submit requests in the same manner, although we may require the agent to present signed written permission to act on your behalf, and you may also be required to independently verify your identity with us and confirm that you have provided the agent permission to submit the request. The CCPA also requires that you not be discriminated against for exercising your privacy rights.

  7. Opt-Out of Sale or Share: We don’t sell your personal information in exchange for money, but some of our website tracking qualifies as a “selling” or “sharing” under the CCPA, so online tracking information is the only category of information that we sell. You have the right to opt-out of the sale or sharing of your personal information. You may do so through certain browser enabled opt-out preference signals, such as the Global Privacy Control. You can learn more about that option here: https://globalprivacycontrol.org/. We do not have actual knowledge that we sell the personal information of anyone under 16 years of age.

  8. Limit Use and Disclosure of Sensitive Personal Information: We do not collect sensitive personal information other than as a consumer would reasonably expect. As such, we do not offer a right to limit our use of such information.

  9. How to Exercise CCPA Rights: Questions or requests related to your rights under the CCPA may be addressed to privacy@coalitioninc.com or as further set out below under the “Contact Information” section of this Policy.

12. Privacy Notice for Data Subjects Located in the UK/EEA/ Switzerland

  1. This section of our Policy provides additional information to data subjects in the European Economic Area (EEA), Switzerland and the United Kingdom (collectively, “Europe”), pursuant to applicable data protection laws and supplements the information provided above. Sources of personal information

  2. We collect information from the following sources:

    • the insurance policy application process;

    • your communications with us;

    • your transactions on our Platform;

    • your use of our Services; 

    • Social media platforms in connection with cookies and similar tracking technologies.

  3. Purposes and Legal Bases for Processing. Your personal data is processed for the purposes described in this Policy (refer to “The Ways Coalition Uses Information” section). Under applicable European data protection laws, we are required to specify the legal basis which allows us to process personal data, which depends on the personal data collected and the specific context in which we collect it. We process personal data from you when:

    • We have your consent to do so;

    • Necessary to perform our contract with you pursuant to our Terms of Use or other relevant contract with you, including:

    • Providing or fulfilling Services to you;

    • Establishing and verifying your identity;

    • Handling and resolving billing transactions;

    • Activating, maintaining and servicing your account or insurance policy;

    • Communicating with you about our Services, including by sending announcements, updates, security alerts, and support and administrative messages;

    • Responding to your questions, inquiries, comments and instructions; and

    • Assisting you and your employer to respond to a cyber-incident.

  4. We process personal data to comply with our legal obligations, including:

    • Complying with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities as permitted by applicable law.

  5. Processing for our legitimate business interests including the promotion, delivery and improvement of our services, ensuring network and information security and preventing and detecting crime and fraud, enforcing our terms and pursuing and defending legal claims, including:

    • Enforcing the applicable Terms of Use;

    • Protecting our, your, or others’ rights, privacy, safety or property (including by making and defending legal claims);

    • Facilitating the audit of our internal processes for compliance with legal and contractual requirements and internal policies, enforce the terms and conditions that govern the Services;

    • Developing, operating, maintaining, and enhancing the Services now and in the future;

    • Offering updates, notices, and other information, including marketing and promotional materials related to our products, services, sales, or promotions, or those of our affiliates and business partners we believe will be of interest to you, as further described in the “Communications with Coalition” section, where permissible according to applicable law. (Note: at any time, you may choose to withdraw your consent to Coalition’s use or disclosure of your personal information for marketing and promotional purposes by contacting Coalition at privacy@coalitioninc.com or as further set out below under the “Contact Information” section of this Policy);

    • Tracking and analyzing de-identified data and providing such data to third-parties that provide services to Coalition;

    • Personalizing our Services, such as remembering your information so that you will not have to re-enter it during your visit or the next time you use our Services;

    • Providing customized third party advertisements, content, and information;

    • Monitoring and analyzing the effectiveness of our Services and third party marketing activities;

    • Monitoring aggregate Platform usage metrics such as total number of visitors and pages viewed; and

    • Preventing, identifying, investigating, and deterring fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft.

  6. If we need to collect and process personal data by law, or under a contract we have entered into with you, and you fail to provide the required personal data when requested, we may not be able to perform our contract with you.

  7. Transfers of Personal Data. Coalition, Inc. is based in the United States and relies on cloud storage providers that store data on its behalf in the United States. If you are visiting our Platform from outside the United States, please be aware that your information may be transferred to, stored, and/or processed in the United States where our servers are located and our central database is operated for the purposes described in this Policy. The United States may have data protection laws less stringent than or otherwise different from the laws in effect in Europe. We have taken measures to protect the confidentiality and security of your personal information, as outlined in this Policy, and your rights as a data subject. If your personal data is transferred outside of the EEA, Switzerland, or the United Kingdom, we take commercially reasonable efforts to protect such personal data, including, where required, implementing standard contractual clauses approved by the European Commission or relevant United Kingdom or Swiss authorities. For further information, please refer to the “Contact Information” section below.

  8. Automated Decision-Making. As a part of our Services, we may use automated decision-making (ADM) under limited circumstances, namely the use of machine learning (ML) to assist with reviewing insurance applications (for example, to confirm whether you are eligible to receive a certain Service). This assessment is made solely by technological means without human involvement or review.  The ML uses relevant personal data (for example, relating to validation of your identity, your previous claims history, anti-fraud and anti-money laundering checks and assessment of your credit history) and the logic involved is based on and replicates our established workflow and process for such requests. The potential results of this ML component may be that your quote is declined at the initial phase or advanced for further assessment.

  9. Additionally, when calculating insurance premiums we may compare your personal data against industry averages. Your personal data may also be used to create the industry averages relied on in the future. This is known as profiling and is used to ensure premiums reflect risk. We use profiling to assess information you provide to understand fraud patterns.

  10. Where your application to receive the service does not appear to meet the criteria for eligibility it may be refused and we will inform you if this is the case. You have the right to request that we undertake a human review of any automated decision that has a legal (or equivalent) affect on you (please see “your rights” for more information).  If you have additional questions about your quote results, please refer to the “Contact Information” section below.  

13. Your Rights

  1. If you are a resident of the EEA, Switzerland, or the United Kingdom, you have the right to: (a) request to access the personal data we hold about you; (b) request we correct any inaccurate personal data we hold about you; (c) request we delete any personal data we hold about you (although certain aspects may be retained by us to meet our legal or regulatory compliance, obligations, exercise, establish, or defend claims, and to protect against fraudulent or abusive activity relating to our Services); (d) restrict the processing of personal data we hold about you in certain circumstances; (e) object to the processing of your personal data in certain circumstances, such as if we are using your personal data for direct marketing and/or automated decision making (see above), for our or a third party’s legitimate interests or the public’s interest, or for scientific or historical research and statistics; and/or (f) receive any personal data we hold about you in a structured and commonly used machine readable format or have such personal data transmitted to another company. Please note that we may ask you to verify your identity before responding to such requests.

  2. If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time, but this will not affect any processing of your personal data that has already taken place nor will it affect processing of your personal data conducted in reliance on a legal basis other than consent.

  3. Your exercise of these rights may be subject to certain exemptions, including (but not limited to) to safeguard the public interest (e.g. the prevention or detection of crime); our interests (e.g. the maintenance of legal privilege), or where the rights of other persons may be violated should we meet the request.

  4. To exercise any of your rights in connection with your personal data, please contact us privacy@coalitioninc.com or as further set out below under the “Contact Information section. If you have a complaint about how we use your personal data, we hope that you will contact us, and we will promptly address your concern. However, you also have the right to file a complaint to a data protection authority in your country. Contact details for data protection authorities in the EEA are available at https://edpb.europa.eu/about-edpb/board/members_en. Contact details for the data protection authority in the United Kingdom is available at https://ico.org.uk/.

14. Privacy Notice to Canadian Residents

  1. Subject to our use of certain foreign third-party service providers as discussed above, we will keep your personal information in our offices and data centers in Canada and the United States.

  2. We collect, use, and disclose your personal information with your consent or otherwise as permitted or required by applicable law. We will typically obtain your consent for the collection, use, or disclosure of your personal information at the time that we collect, and in the case where such information had already been collected for different purposes, prior to using or disclosing it for new purposes, except where permitted or required by law. 

  3. Depending on the circumstances and the type of information required, consent can be express or implied. The form of consent that we seek, including whether it is express or implied, will largely be determined by assessing the sensitivity of the personal information and the reasonable expectations you might have in the circumstances. 

  4. You can withdraw or vary your consent at any time as required by applicable law. Where feasible or required by applicable law, we will generally accommodate requests to withdraw or vary consent – subject to legal or contractual restrictions. Withdrawal of your consent may mean that we will no longer be able to provide you with certain products or services. If you wish to withdraw your consent to our collection, use, or disclosure of your personal information, please contact us at privacy@coalitioninc.com or as further set out below under the “Contact Information” section. Please note that if you opt-out from receiving marketing-related emails, we may still need to send you communications about your use of our products or services, or other matters.

  5. For access requests regarding your personal information, we may require that you provide sufficient identification to fulfil your access request regarding your personal information, and any such identifying information will be used only for this purpose. Where required by applicable laws, we will not charge you any fees to access your personal information in our records without first providing you with an estimate of the approximate fees, if any, as permitted. 

  6. We use reasonable efforts to ensure that your personal information is accurate, complete and up to date as necessary for the purposes for which such information was collected by us. If you successfully demonstrate that the personal information we hold is inaccurate or incomplete, we will amend the personal information as required. When appropriate, we will transmit the amended information to any parties to whom we sent the original information. If you object to how we handle your request, you have the right to make a complaint to the applicable privacy commissioner or regulator.

15. Global Employee and Candidate Privacy Notice

The personal data we collect from you allows us to manage the recruiting, hiring and employment process with you, conduct our business, and comply with applicable global laws and regulations. 

The defined terms in this Global Employee and Candidate Privacy Notice have the following meanings:

Candidate” means an individual who has submitted information to Coalition in order to become a Workforce Member, or who has otherwise provided consent to be considered as a candidate for employment with Coalition.

Workforce Member” means a full or part time Coalition employee, director, board member, non-executive director, independent contractor, interns or agency workers. 

For the most part, this Global Employee and Candidate Privacy Notice applies equally to Candidates and Workforce Members. 

What Personal Data Do We Collect and How Do We Get It?

Depending on whether you are a Candidate or Workforce Member, we may collect the following categories of personal data about you to the extent permitted under local law.  Some may or may not apply to you.

Data Category

Examples

Identification Data 

Name, Photograph, Date of Birth, Government Identifiers, Employee Identification Number

Contact Information

Residential Address, Telephone, Email Addresses, Emergency Contact Information

Hiring Data

Information Relating to Candidate Qualifications, Past Employment, Interview Notes, References, Immigration Status & Documentation, Residency Permits & Visas

Demographic Data

Date of Birth, Gender, Race/Ethnicity, Veteran Status, Disability, Sexual Orientation, Gender Expression, Marital Status, Dependent Status

Additional data collected in connection with staff:

Data Category

Examples

Financial Data

Banking Details, Tax Information, Payroll Information, Withholdings, Salary, Expenses, Company Allowances, Stock & Equity Grants

Performance & Management Data

Information related to performance evaluations or reviews, disciplinary actions & grievances, & training & development plans

Internet or Other Similar Network Activity Information

Activity on Coalition’s information systems (such as internet browsing history, search history, intranet activity, email communications, stored documents and emails, usernames and passwords) and all activity on communications systems (such as phone calls, call logs, voicemails, text messages, chat logs, app use, mobile browsing and search history, mobile email communications and other information regarding an employee’s use of Coalition-issued devices)

Benefits Data

Information related to employee benefits we provide to you, such as spouse and dependent information, health information (including vaccination status), vacation, leaves of absence, & accommodations information, pensions contributions (including amounts paid, the frequency and currency of payment)

Employment Data

Information related to your qualifications, your role at Coalition such as position information, role changes, resignation/termination, resume/CV, employment contracts, office location, academic/professional qualifications, criminal records data, immigration status & documentation, residency permits & visas, national ID/passport, occupational health assessments & work-related accidents, training & employee resource group participation

Other Information You Might Share with Us

Information you choose to provide to us, including social preferences, feedback surveys, and participation in other company-sponsored programs

In the table below, we have set out the relevant legal basis that applies to each processing activity for which we use your personal information in the recruitment and employment contexts.

Processing activity

Types of personal data processed

Legal basis for processing

Recruitment

— Creation of a job applicant file

— Managing job applications

— Organizing interviews

— Identification Data

— Contact Information

— Hiring Data

— Demographic Data

— Employment Data

Legal obligations, and legitimate interests (to enable us to effectively recruit staff).

For any sensitive personal data processed (such as health data or data concerning racial or ethnic origins), we may also rely on employment legal obligations.

Selection

— Conducting background checks

— Onboarding

— Identification Data

— Contact Information

— Hiring Data

— Demographic Data

— Employment Data

Legal obligations, and legitimate interests (to enable us to effectively recruit staff).

For any sensitive personal data processed (such as health data or data concerning racial or ethnic origins), we may also rely on employment legal obligations.

Managing staff relations

— Creation and updating of training and other development opportunities

— Determination of work performance requirements and career development needs

— Arranging and/or reimbursing travel

— Management of day-to-day business operations (managing inter-business relationships)

— The creation of employee directories or to send documents or other items to your residential address

— Investigate and support decisions on disciplinary actions or terminations, conduct grievance management, or as necessary to detect fraud and other wrongdoings

— Performance & Management Data

Contract performance, legal obligations, and legitimate interests (to enable us to manage our staff).

For any sensitive personal data processed (such as health data or data concerning racial or ethnic origins), we may also rely on employment legal obligations.

Storage of Workforce Member related emails and Workforce Member related documents

— Internet or Other Similar Network Activity Information

Legitimate interests (to enable us to effectively manage our staff and our staff's output).

For any sensitive personal data processed, we may also rely on employment legal obligations.

Security purposes

— To maintain the security of Coalition’s computing resources, assets and premises, and provide you with access to them, to manage our general operations and assets, and to provide services to you as necessary for your role;

— Prevent unauthorized access to, use, or disclosure or removal of Coalition’s property, records, data, and information

— Internet or Other Similar Network Activity Information

Legitimate interests (to enable us to ensure the security of our systems).

Employee benefits

— Management of payroll, taxes and benefits, as well as work-related claims and leaves of absence

— Contact Information

— Benefits Data

Contract performance, legal obligations, legitimate interests (to enable us to provide you with your remuneration and benefits).

For any sensitive personal data processed, we may also rely on employment legal obligations, protection of vital interests of you or another person (where you are unable to consent), health services or legal claims.

Occupational health and absences

Establishment of emergency contacts for you and respond to and manage emergencies, crises, and business continuity

— Contact Information

— Demographic Data

— Employment Data

Legal obligations, and legitimate interests (to enable us to effectively manage our employees’ fitness for work).

For any sensitive personal data processed, we may also rely on employment legal obligations, protection of vital interests of you or another person (where you are unable to consent).

Workforce management

— DEI goals (e.g., understanding the diversity of our workforce and support core business diversity, equity, and inclusion initiatives)

— Demographic Data

— Other Information You Might Share with Us

Legitimate interest (to enable us to effectively manage our workforce).

For any sensitive personal data processed, on the basis of consent.

Compliance with law and regulations

— Fulfilling external obligations, including reporting responsibilities (e.g., labor and employment laws, health and safety, tax, anti-discrimination laws) or to exercise or defend our legal rights

— Identification Data

— Contact Information

— Hiring Data

— Demographic Data

— Financial Data

— Performance & Management Data

— Internet or Other Similar Network Activity Information

— Benefits Data

— Employment Data

Legal obligations, legal claims, legitimate interests (to enable us to cooperate with law enforcement and regulatory authorities).

For any sensitive personal data processed, we may rely on legal claims and substantial public interest (prevention and detection of fraud and crime).

Sharing with Third Parties

You provide us with most of your personal data.  However, we may also obtain personal data about you during the course of the application process, as well as from third parties such as recruiting agencies. 

Your personal data shall only be shared within Coalition where lawful to do so and for legitimate purposes.  We may share your personal data with third parties under the following circumstances, following a robust vetting process:

  • HR service providers (e.g., benefits providers, payroll providers);

  • Insurance organizations;

  • In connection with the sale, assignment or other transfer of all or part of our business external advisors (e.g., legal, management consultants, accounting);

  • Employee benefits providers; and

  • Government organizations or agencies.

Further Information for Employees and Candidates 

Further information regarding the retention of your personal data may be found here.  Legal basis, transfer information and personal data rights related to your personal data may be found in the following sections in this Policy, depending on the applicable jurisdiction in which you reside:  California-specific information is in the “CCPA Privacy Notice” section above. Europe-specific information is in the “Notice to European Data Subjects” section above. Canada-specific information is in the “Notice to Canadian Residents” section above.

If you have any privacy or data use concerns or questions, please contact us at privacy@coalitioninc.com or as further set forth under the “Contact Information” section below.

16. Notification of Policy Changes

  1. We take the trust and privacy of our customers extremely seriously, and do not believe that we will need to change the core principles set forth in this Policy going forward. However, if we are required to modify this Policy, we will provide notice to Users of the Services of any material changes and seek your affirmative consent where required by law. Coalition will post the modified Policy on the Platform along with the effective date of the policy updates, as indicated by the “Last updated” date at the top of this Policy.

17. Contact Information

  1. We make information about our privacy policies and practices available. If you have any concerns, complaints, or if you would like further information regarding our privacy policies or practices, please contact the relevant Privacy Team as set out below.

United States of America (USA) and Canada

Coalition, Inc. Attention: Privacy & Compliance  548 Market St, #94729  San Francisco, CA 94104-5401 Email: privacy@coalitioninc.com

United Kingdom (UK)

If your questions relate to Services purchased from Coalition UK, please contact Coalition UK as set out below:

Coalition Risk Solutions, Ltd. 34-36 Lime Street  London, EC3M 7AT United Kingdom  Data Protection Officer: privacy@coalitioninc.com

Germany

If your questions relate to Services purchased from Coalition GmbH, please contact Coalition GmbH as set out below:

Coalition Insurance Solutions GmbH Thurn-und Taxis-Platz 6 D-60313 Frankfurt  Data Protection Officer: privacy@coalitioninc.com

Further recourse

If you are in the UK and you are not satisfied with our response to your complaint, you can also refer it to the Information Commissioner’s Office (ICO) at the details shown here: https://ico.org.uk/global/privacy-notice/how-you-can-contact-us/ 

If you are in Germany and you are not satisfied with our response to your complaint, you can also refer it to the following data protection authority:

The Hessian Commissioner for Data Protection and Freedom of Information Address: Gustav-Stresemann-Ring 1, 65189 Wiesbaden Telephone: 0611 – 1408 0 Fax: 0611 – 1408 611 E-mail: poststelle@datenschutz.hessen.de

If you are you in Australia and you are not satisfied with our response to your complaint, you can also refer it to the Office of the Australian Information Commissioner (OAIC) or the Australian Financial Complaints Authority (AFCA):

OAIC (Office of the Australian Information Commissioner) Telephoning: 1300 363 992 Writing: Fill in the privacy complaint form available on the OAIC website (https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us) and send it to Office of the Australian Information Commissioner, GPO Box 5288, SYDNEY NSW 2001 Online: https://forms.business.gov.au/smartforms/servlet/SmartForm.html?formCode=APC_ENQ&tmFormVersion  AFCA (Australian Financial Complaints Authority) Telephoning: 1800 931 678 Writing: AFCA Service Complaints, Australian Financial Complaints Authority GPO Box 3, Melbourne VIC 3001. Emailing: info@afca.org.au Online: https://www.afca.org.au/make-a-complaint