This policy (together with our Terms of Service and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, in connection with the website www.findyourcanopy.com and/or the mobile application known as ‘Canopy’ (together, the “Platform”) will be processed by us.
Please read the following carefully to understand the types of personal data we collect from you, how we use that personal data and the circumstances under which we will share it with third parties. By visiting this website or downloading this mobile application, you are accepting and consenting to the practices described in this policy.
For the purpose of the Data Protection Act 1998, the data controller is Insurestreet Limited (trading as Canopy) of 25 Moorgate, London EC2R 6AY, United Kingdom (“Canopy”, “we”, “our” or “us”). Our ICO Registration Number is: ZA207155.
PERSONAL DATA WE MAY COLLECT
Canopy collects a variety of information that will aid us in quoting and servicing your insurance policy and providing the Service to you. This information includes “non-public personal information”, which is all information that identifies you and is not available to the public.
We collect this information through your application information, your communications with us, your transactions, your consumer report and use of the Service.
We may collect and process the following personal data:
USES MADE OF PERSONAL DATA
Canopy is not in the business of selling or commercialising your information with third party companies for marketing purposes. We will share your personal information with third parties only in the ways that are described in this privacy statement. There are however some circumstances in which we disclose your information in connection with developing, providing, and maintaining the Service and operating our business, but only as permitted by law.
We use personal data held about you in the following ways:
DISCLOSURE OF YOUR PERSONAL DATA
We may share your personal data with the following selected third parties:
We may also disclose your personal data to particular third parties in the following circumstances:
WHERE WE STORE YOUR PERSONAL DATA
The personal data that we collect is stored by us on our secure servers located in the European Economic Area (“EEA”), and is not transferred out of the EEA for processing.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We restrict access of your personal data to those employees of Canopy who have a business reason for knowing such personal data. We continuously educate and train our employees about the importance of confidentiality and privacy of personal data. We maintain physical, electronic and procedural safeguards that comply with the relevant laws and regulations to protect your personal data from any unauthorised access.
Unfortunately, the transmission of personal data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Platform; any transmission is at your own risk. Once we have received your personal data, we use strict procedures and security features to try to prevent unauthorised access.
Canopy is committed to protecting your information from unauthorised access and disclosure. We have certain physical, electronic, and procedural safeguards in place that are designed to help protect the security and integrity of your information both during transmission and once it is received. To reduce the risk that your account may be compromised, we recommend the use of passwords greater than eight characters, and that include letters, numbers, and special characters, and that you regularly change your password to one that you have not used within the last year. If you have any questions about security on our website, you can contact us at firstname.lastname@example.org.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your personal data) if we intend to use your personal data for such purposes or if we intend to disclose your personal data to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your personal data. You can also exercise the right at any time by contacting us at email@example.com.
REVIEWING / CORRECTING YOUR INFORMATION
As a consumer, you have the right to review the information we have about you and update, change or delete your information if needed. Support is provided for consumers to request any needed updates to their data either via email firstname.lastname@example.org. We will respond to your request within a reasonable timeframe.
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
In addition, every policyholder has an account secured by a username and password on our website that contains a summary of the information we have about you. Any necessary updates can be emailed to email@example.com or policyholders may call the customer service phone number listed in their online account.
THIRD PARTY WEBSITES
If you’d like to opt out of Google Analytics for Display Advertising (e.g., Remarketing, Google Display Network Impression Reporting, the DoubleClick Campaign Manager integration, or Google Analytics Demographics and Interest Reporting) or customize Google Display Network ads you may do so by configuring your Ads Settings.
BLOG / FORUM
Our website offers publicly accessible blogs. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
ACCESS TO PERSONAL DATA
You have the right to access personal data held about you. Your right of access can be exercised in accordance with the Data Protection Act 1998. Any access request may be subject to a fee to meet our costs in providing you with details of the personal data we hold about you.