Last updated: November 17, 2021
Coalition is committed to protecting your privacy and we want you to understand what personal information we collect and how we use it. We also want you to understand the options that you have regarding our collection, use, and disclosure of, as well as your ability to access and correct such information. As an insurance agency, Coalition is required to adhere to certain local regulations, including U.S. federal and state laws that protect your information and our use and disclosure of it.
If you have any privacy or data use concerns involving the Services, please contact us at firstname.lastname@example.org or as further set out below under the “Contact Information” section. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/about/submitacase.
Coalition's Services are not intended for, nor designed to attract, individuals under the age of majority in their jurisdiction of residence. Coalition does not knowingly collect personal information from any person who is under the age of majority in their jurisdiction of residence. If it comes to our attention through reliable means that a registered user is under the age of majority in their jurisdiction of residence, we will cancel that user's account and/or access to our Services.
What Information Do We Collect and How Do We Get It?
When you use our Services, we may collect a variety of information that will aid us in providing Services to you, including quoting and servicing your insurance policy. This information includes "nonpublic personal information", which is all information that identifies you and is not available to the general public or information that is not publicly available information as prescribed by applicable law. We also collect information through the insurance policy application process, your communications with us, your transactions on our Platform, and your use of our other Services. The information we collect and how that information is used depends to a certain extent on how you use our Services.
We may collect the below types of personal information:
Web Address or Domain name(s);
Job title and other occupational information;
Former insurance information, including payment and claims history;
Information in relation to an insurance claim or cyber incident including details of the compromised communications, content or systems and information obtained in the investigation thereof;
Insurance coverage information, including endorsements;
Billing information, credit card or banking information, or other preferred payment means; however, we do not store full credit card numbers of personal account numbers (“PANs”); and
Content you create, upload, communicate to or receive from Coalition when using our Services, including, text, email, photos, videos, audiovisual content, documents, spreadsheets, and comment/chat you make on any Coalition’s Platform or blog.
Like most online web services, when you use our Platform, we may automatically collect certain information about your visit and store it in our server logs about the use of our Services, including the number of unique visitors, the frequency of visits, how users interact with our Services, user experience preferences, files, such as the app or website and/or search criteria that led you to our Services, your Internet Protocol address ("IP Address"), UDID, or other device address or ID, device type, operating system, browser information, and what pages you visit when using our Services, and the web pages or sites that you visit just before or just after using the Services. This information may be collected to help us improve the user experience, improve our Services, and mitigate fraudulent activity. We do not link this automatically-collected data to other personal information we collect about you.
When Coalition runs its Automated Scanning and Monitoring tool (“Web Scans”), it collects only publicly available information in order to conduct its risk and vulnerability assessment, including but not limited to names, and email addresses sharing the requesting company’s domain name.
Coalition scans the internet for cyber threats and information relating to cyber incidents, including company names, domain names, individual names, addresses, email addresses, passwords, job titles, and other similar information. Such information is stored and may be later processed for the purposes of detecting, investigating and preventing cyber fraud and crime. Such information could relate to any individual involved in the incident.
Blogs Posts and Testimonials
Our Platform offers publicly accessible blogs. You should be aware that any information you provide in these areas may be collected, read and used by others who access them so care should be taken when posting any personal information. To request removal of your personal information from our blog, please contact us at email@example.com or as further set out below under the “Contact Information” section. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
From time to time, we may collect and display personal testimonials of satisfied customers on our Platform in addition to other endorsements. Where you have consented, we may post your testimonial along with your name and employer name. If you wish to update or delete your testimonial, please contact us at firstname.lastname@example.org or as further set out below under the “Contact Information” section.
Cookies and Tracking Technologies
Information from Referrals
If you choose to use our referral service to tell someone about our Services, we may collect a name and email address from you. We will automatically send them a one-time invitation email to visit the Platform and provide your name as the person who made the referral, and a one-time reminder if permitted by applicable law. Coalition stores this information for the sole purpose of sending the invitation and reminder email (if applicable), and for tracking the success of our referral program. Any recipient of an invitation may contact us at email@example.com if they believe that their personal information has been provided to us improperly, or to request that we remove this information from our database. In using our referral service, you represent that you have obtained the necessary consents to provide us with personal information relating to other individuals and acknowledge that it may be used in accordance with this Policy.
Use of Third Party Accounts, Features and Links in Connection with the Services
If you download a mobile version of the Platform via the App store or Google Play, you may be subject to usage terms set forth by Apple, Inc or Google, Inc, respectively. Our Platform may also include links to or provide the ability to connect with other websites and applications (“Third Party Sites”). Our Platform also includes social media features, such as the Facebook “Like” button, and widgets, such as the “share this” button or other interactive mini-programs that run on our Platform. These features may collect your IP address, which page you are visiting on our Platform, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by Third Party Sites or hosted directly on our Platform.
Our Platform also offers publicly accessible community forums managed by Third Party Sites that may require you to register to post a comment. We do not have access or control of the information posted to the community forum. You will need to contact or login into the third party application if you want to access or remove the personal information that was posted or collected related to these forums.
Audio, Visual and Similar Information Collection
Certain applications that are part of the Services may provide you with the ability to upload or share videos, photos, or the category, name or nickname attached to those data elements which in turn Coalition may collect, access or store.
In addition to the information we collect from you directly, we may also collect information (as listed above) about you from other sources, including trusted partners, marketing parties, business partners, security partners, our affiliates, or publicly accessible sources as permitted by applicable law so that we can improve the user experience, mitigate fraud or malicious activity, or comply with internal company and external regulatory requirements.
Password Management and Security
Certain Services used via our Platform allow you to share your password with the application for safekeeping. Any passwords that you share are not visible by, transmitted to, or stored by Coalition in clear text. They may be saved on your device, with only an encrypted code sent to Coalition for which we do not have the encryption key.
The Ways Coalition Uses Information
Coalition uses the information you provide or we collect in connection with the Services for the following purposes:
Provide or Fulfill Services to you;
Establish and verify your identity;
Handle and resolve billing transactions;
Activate, maintain and service your account or an insurance policy;
Develop, operate, maintain, and enhance the Services now and in the future;
Communicate with you about our Services, including by sending announcements, updates, security alerts, and support and administrative messages;
Offer updates, notices, and other information, including marketing and promotional materials related to our products, services, sales, or promotions, or those of our affiliates and business partners we believe will be of interest to you, as further described in the “Communications with Coalition” section, where permissible according to applicable law. (Note: at any time, you may choose to withdraw your consent to Coalition’s use or disclosure of your personal information for marketing and promotional purposes by contacting Coalition at firstname.lastname@example.org or as further set out below under the “Contact Information” section of this Policy);
Respond to your questions, inquiries, comments and instructions;
Track and analyze de-identified data and provide such data to third-parties that provide services to Coalition;
Personalize our Services, such as remembering your information so that you will not have to re-enter it during your visit or the next time you use our Services;
Provide customized third party advertisements, content, and information in accordance with applicable law;
Monitor and analyze the effectiveness of our Services and third party marketing activities;
Monitor aggregate Platform usage metrics such as total number of visitors and pages viewed;
Protect our, your, or others’ rights, privacy, safety or property (including by making and defending legal claims);
To facilitate audit of our internal processes for compliance with legal and contractual requirements and internal policies, enforce the terms and conditions that govern the Services;
Prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft:
In order to assist you and employer respond to a cyber incident; and
To comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities as permitted by applicable law.
Communications with Coalition
If you are a Coalition policyholder or user of our Services, we may contact you regarding your policy (as applicable), such as billing notices and confirmations of changes, by mail or through email. We will also use your email address to provide you with updates about our products and Services in accordance with applicable law. We may also contact you by phone regarding timely matters such as late payment or other factors that might affect your policy or use of our Services.
When you register for an account, we will use your name and email address to send periodic emails to you of both promotional and transactional nature in accordance with applicable law. You may choose to stop receiving promotional emails by following the unsubscribe instructions included in these emails or please contact us at email@example.com or as further set out below under the “Contact Information” section.
The Ways Coalition Discloses Information
Coalition is the responsible party for the personal information collected on the Platform and through the Services set out in this policy. We will not use or disclose your personal information to non-affiliated third parties except as disclosed in this Policy. In order for us to provide some of our Services we may also disclose any of the categories of personal information described in the “What Information Do We Collect and How Do We Get It?” section to the following categories of third parties:
Disclosures In Connection with Claims:
We may disclose your personal information to a policyholder’s insurers, their agents and representatives, claims representatives, insurance agents, law enforcement agencies, courts, and government agencies. These parties may disclose personal information to other parties as permitted by law in order to process and/or investigate insurance claims.
Third Party Service Providers:
Coalition works with other third party service providers in the U.S. and other jurisdictions to provide website development, hosting, maintenance, transcription, marketing, billing, contract and account management, customer support and customer relationship management, and claims support as well as other business services for us. To the extent it is necessary for these service providers to complete their work, these third-parties may have access to or process your personal information in accordance with applicable law. Such users are required to agree to limit their use of the information for the purpose for which it was provided or to seek your consent for any additional purposes.
Promotional Partners and third party Apps:
From time to time and where permissible under applicable law, Coalition may notify you about an offer from one of our promotional partners (e.g., Apps Marketplace partners) via our Platform or email. We will share your personal information (such as your name, company name, business email address, etc.) with the applicable partner only if you affirmatively consent and respond to a promotional offer. If you install an app from one of our third party partners, Coalition may provide your email address to that partner for account creation and communication with that partner.
We may share your data with our affiliates, including Coalition Insurance Solutions, Inc., Coalition Insurance Solutions Canada, Inc., Coalition Incident Response, Inc., and BinaryEdge AG, to collect and share insurance application information, market products and services, collect payment information, and for other purposes consistent with this Policy or delivering our Services.
In the event we are involved in a proposed or actual purchase, merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets (including a liquidation, realization, foreclosure, or repossession), or transition of service to another provider or any assets or shares of our business or a division thereof (collectively, “Transaction”), for you to continue to receive the same or similar Services from the third party, we reserve the right to share, transfer, or assign the information that we have collected from users, including personal information in connection with such Transaction, in accordance with applicable law.
Comply with Laws and/or Legal Process:
We reserve the right to disclose your information that we believe is reasonable, appropriate, or necessary to take precautions against liability; to protect Coalition and others from fraudulent, abusive, predatory, or unlawful uses or activity; to investigate and defend ourselves against any third party claims or allegations; to assist government enforcement agencies; to protect the security or integrity of our Services; or to protect or vindicate the rights, property, or personal safety of Coalition, our users, or others. In addition, we may be required by law, court order, or other legal process to provide information about our customers to outside parties.
Coalition may aggregate data we collect about our users. For example, we may aggregate data to determine if particular software used by our users is susceptible to exploitation. If we aggregate this sort of data and provide it to external parties, our users' personal information will not be attached to or included in such aggregated data. Please note, data that our users provide to us, including data collected in our underwriting process, may be included in the aggregate data, reports, and statistics but will always be anonymous.
In addition to the above uses and disclosures, Coalition may identify you as a customer or user your website’s name in connection with proposals to perspective customers, to hyperlink to your websites home page, to display your logo on Coalition’s Platform or in marketing of its Services, or to otherwise refer to you in print or electronic form for marketing and reference purposes.
The Ways Coalition Protects Your Personal Information
We take commercially reasonable steps to protect personal information we receive from our users from loss, misuse or unauthorized access, disclosure, alteration, and/or destruction. We have put in place physical, industry standard technological, and administrative procedures designed to safeguard and secure such information; however, no Internet or email transmission is ever fully secure or error free. Therefore, you should take special care in deciding what information you send to us in connection with our Services. We will notify you of any confirmed security breach of your personal information to the extent required by and in accordance with applicable state, federal or other jurisdictional laws.
We may allow our users access to their own personal information, and allow them to correct, amend, or delete inaccurate personal information (for information about the rights available to European data subjects, please refer to section “Notice to European Data Subjects”). There may be exceptions to such access in accordance with applicable law, including, but not limited to: (a) where the rights of persons other than the requesting individual risk being violated; (b) where the information cannot be disclosed for legal, security, or commercial proprietary reasons; or (c) where the information is subject to solicitor-client or litigation privilege.
How Long Coalition Keeps Your Personal Information
We keep your account information for as long as your account is in existence because we need it to operate your account. We also keep information about you and your use of the Platform for as long as necessary to comply with laws and for our legitimate business interests, such as providing the Services and defending or prosecuting claims, including as described in “The Ways Coalition Uses Information” and “The Ways Coalition Discloses Information” sections. To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your Rights Related to Your Personal Information
While we take various steps to ensure the accuracy and completeness of your personal information, we rely upon you to provide accurate and complete information when interacting with us.
Upon request and as required by law or any applicable agreement between you and Coalition, you may request that we correct or update your personal information.
Also, if you do not wish Coalition to use your name, website’s name or logo in connection with any marketing or references for our Services, you may submit such a request in writing.
To make such a request, or if you have a privacy related concern, please contact us at firstname.lastname@example.org or as further set out below under the “Contact Information” section. If you have an unresolved privacy or data use concern that we have not addressed to your satisfaction, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/about/submitacase.
Processing of Personal Information in the United States
CCPA Privacy Notice
The types of information that Coalition collects and how it collects that information are described in the Section, “What Information Do We Collect and How Do We Get it?”
How Coalition uses your information is described in the Section, “The Ways Coalition Uses Information.”
How and why Coalition may share your information is described in the Section, “The Ways Coalition Discloses Information.”
Subject to applicable exceptions, California residents may request information from Coalition about how it collects, uses and discloses your personal information, request access to your information, and request that Coalition delete that information, unless prohibited by applicable laws or regulations. After we receive your request, we may request additional information to verify your identity. Your authorized agent may submit requests in the same manner, although we may require the agent to present signed written permission to act on your behalf, and you may also be required to independently verify your identity with us and confirm that you have provided the agent permission to submit the request. The CCPA also requires that you not be discriminated against for exercising your privacy rights.
We also describe the ways in which Coalition protects your personal information, how long we keep your personal information and describe your rights to manage your personal information, which include access, review, updating and deleting your information (except where Coalition may be prohibited by law or regulation from doing so). Questions or requests related to your rights under the CCPA may be addressed to please contact Coalition at email@example.com or as further set out below under the “Contact Information” section of this Policy.
We do not sell, rent, or share Personal Information with third-parties.
Notice to European Data Subjects
This section provides additional information to data subjects in the European Economic Area (EEA), Switzerland and the UK (collectively, “Europe”), pursuant to applicable European data protection laws (“GDPR”).
Data Controller. Coalition, Inc. is the data controller for your personal data under the GDPR, except if you are purchasing Services from Coalition Risk Solutions LTD (“Coalition UK”) where Coalition UK will be the data controller under the GDPR. You can find relevant contact information in the “Contact Information” section. Other Coalition entities may process your personal data as a controller from time to time for the purposes described in this Policy; we will notify you of the identity of the applicable controller at the relevant time.
Purposes and Legal Bases for Processing. Your personal data is processed for the purposes described in this Policy (refer to “The Ways Coalition Uses Information” section), and is retained in accordance with the “Data Retention” section. Under applicable European data protection laws, we are required to specify the legal basis which allow us to process personal data.
Providing or Fulfilling Services to you;
Establishing and verifying your identity;
Handling and resolving billing transactions;
Activating, maintaining and servicing your account or insurance policy;
Communicating with you about our Services, including by sending announcements, updates, security alerts, and support and administrative messages;
Responding to your questions, inquiries, comments and instructions; and
Assisting you and employer respond to a cyber-incident.
We undertake the following processing to comply with our legal obligations:
Complying with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities as permitted by applicable law.
We undertake the following processing for our legitimate business interests including the promotion, delivery and improvement of our services, ensuring network and information security and preventing and detecting crime and fraud, enforcing our terms and pursuing and defending legal claims:
Protecting our, your, or others’ rights, privacy, safety or property (including by making and defending legal claims);
Facilitating the audit of our internal processes for compliance with legal and contractual requirements and internal policies, enforce the terms and conditions that govern the Services;
Developing, operating, maintaining, and enhancing the Services now and in the future;
Offering updates, notices, and other information, including marketing and promotional materials related to our products, services, sales, or promotions, or those of our affiliates and business partners we believe will be of interest to you, as further described in the “Communications with Coalition” section, where permissible according to applicable law. (Note: at any time, you may choose to withdraw your consent to Coalition’s use or disclosure of your personal information for marketing and promotional purposes by contacting Coalition at firstname.lastname@example.org or as further set out below under the “Contact Information” section of this Policy);
Tracking and analyzing de-identified data and providing such data to third-parties that provide services to Coalition;
Personalizing our Services, such as remembering your information so that you will not have to re-enter it during your visit or the next time you use our Services;
Providing customized third party advertisements, content, and information in accordance with applicable law;
Monitoring and analyzing the effectiveness of our Services and third party marketing activities;
Monitoring aggregate Platform usage metrics such as total number of visitors and pages viewed; and
Preventing, identifying, investigating, and deterring fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft.
From time to time, we may ask for your consent to use your personal data for certain specific reasons that will be explained to you at that time.
If we need to collect and process personal data by law, or under a contract we have entered into with you, and you fail to provide the required personal data when requested, we may not be able to perform our contract with you.
Categories of Recipients of Personal Data. We describe the categories of recipients of the personal data in the “The Ways Coalition Discloses Information” section.
Transfers of Personal Data. Coalition, Inc. is based in the United States and relies on cloud storage providers that store data on its behalf in the United States. If you are visiting our Platform from outside the United States, please be aware that your information may be transferred to, stored, and/or processed in the United States where our servers are located and our central database is operated for the purposes described in this Policy. The United States may have data protection laws less stringent than or otherwise different from the laws in effect in Europe. We have taken measures to protect the confidentiality and security of your personal information, as outlined in this Policy, and your rights as a data subject. Where required, we implement standard contractual clauses approved by the European Commission or UK or Swiss authorities. For further information, please refer to the “Contact Information” section below.
Your Rights. You may have the right to: (a) a copy of the personal data we hold about you; (b) request we correct any inaccurate personal data we hold about you; (c) request we delete any personal data we hold about you; (d) restrict the processing of personal data we hold about you; (e) object to the processing of your personal data; and/or (f) receive any personal data we hold about you in a structured and commonly used machine readable format or have such personal data transmitted to another company. Please note that we may ask you to verify your identity before responding to such requests.
If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place.
Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). To exercise any of your rights in connection with your personal data, please contact us at email@example.com or as further set out below under the “Contact Information” section. We will check your entitlement and respond in most cases within a month. You also have the right to complain to a Data Protection Authority in your country about our collection and use of your personal data.
Notification of Policy Changes
We take the trust and privacy of our customers extremely seriously, and do not believe that we will need to change the core principles set forth in this Policy going forward. However, if we are required to modify this Policy, we will promptly provide notice to Users of the Services of any material changes and seek your affirmative consent where required by law. Coalition will post the modified Policy on the Platform along with the effective date of the policy updates, as indicated by the “Last updated” date at the top of this Policy.
We make information about our privacy policies and practices available. If you have any concerns, complaints, or if you would like further information regarding our privacy policies or practices, including with respect to our use of service providers outside of the United States and Canada, please contact our Privacy Team as set out below.
Attention: Privacy ComplianceCoalition, Inc. 1160 Battery St., Ste 350San Francisco, CA 94111
If your questions relate to Services purchased from Coalition UK, please contact Coalition UK as set out below:
Coalition Risk Solutions LTD
5 New Street Square
London, EC4A 3TW
Our data protection representative in the EEA is: