Last Updated: 14 November, 2023
Table of contents:
- What information we collect, why we collect it, and how it is used
- How we protect and retain your Personal Information
- How we share your Personal Information
- Your privacy rights.
- HIPAA (the Health Insurance Portability and Accountability) notice of privacy practices
- Transfers of Personal Information
- Use by children
- Interaction with third party products
- Analytic tools/cookies
- Specific provisions applicable under California Privacy Law
- Contact us
1. WHAT INFORMATION WE COLLECT, WHY WE COLLECT IT, AND HOW IT IS USED
(i) We Process the Following Personal Information:
- Information You Provide Directly to Us. We collect the following information you provide directly to us, including, without limitation, information when you browse the Website, register for and use the Services either online or via a telephone call (such as any onboarding questionnaires), interact with the Services, as well as complete a survey, information or service request, promotional contest, or participate in a giveaway or by similar voluntary methods: full name, address, email address, phone number, birthdate, insurance information, your family member or caregiver contact information, credit card information, as well as any other information that you decide to provide/supply us with when you communicate with Squire (via email, Website, App, or telephone). We may also contact you directly, and such calls may be monitored or recorded.
- Information from Other Sources. We may also obtain information about you from other sources, including publicly - or commercially- available information, and through third-party data platforms, partners and service providers.
- Automatic Data Collection. We may automatically collect certain information through your use of the Services, such as your Internet protocol (IP) address, device type, OS version, cookie identifiers and other device identifiers, such as device ID that are automatically assigned to your device, browser type and language, geo-location information, hardware type, operating system, internet service provider and other information about actions taken through the use of the Squire Services.
(ii) We process information for the following purposes:
- To provide you with the Services. Squire will use your information to process your payments and provide the Services. For example, if you request assistance with ordering the products or services of a third party vendor, instructions that you may have for the requested product or service; (iv) fulfill any orders for services or products made by you; (v) track transactions conducted by you; (vi) send you more information about products, services and offerings; and (vii) to personalize your experience with the Services. We may also use your information to contact you about incomplete applications or other forms and submissions available through the Services.
- For Administrative Purposes. We may use your information (i) to respond to your questions, comments, and other requests for customer support, or information, including information about potential or future services; (ii) to provide you with the Squire Services; (iii) for internal quality control purposes; (iv) to establish a business relationship; and (v) to generally administer the Services.
- To improve the Services. We may use your information (in addition to de-identified and aggregated information, as described below) to analyze and improve the Services. For example, we may utilize customer information to develop new product features and improve existing offerings. We may also use your information to contact you in order to ask you if you would be willing to provide us with optional feedback.
- To Market the Services. Squire may use information to market the Squire Services. Such use includes (i) notifying you about offers and services that may be of interest to you; (ii) tailoring content, advertisements, and offers for you, including, targeting and re-targeting practices; (iii) conducting market research; (iv) developing and marketing new products and services, and to measure interest in Squire’s services; (v) other purposes disclosed at the time you provide information; and (vi) as you otherwise consent.
- Security purposes. Some of the abovementioned information will be used for detecting, taking steps to prevent and prosecuting fraud or other illegal activity; to send you product related SMS's (e.g, alerts, notifications, authentications, etc.); to identify and repair errors; to conduct audits; and for security purposes. Information may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims.
- De-identified and Aggregated Information Use. In certain cases, we may or will anonymize or de-identify your information and further use it for internal and external purposes, including, without limitation, to improve the services and for research purposes. We may use this anonymous or de-identified information and/or disclose it to third parties without restrictions (for example, in order to improve our services and enhance your experience with them).
(iii) The lawful bases we rely on for processing personal information are (if and when applicable):
- The data subject has given consent to the processing of his or her personal data;
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- Processing is necessary for compliance with a legal obligation to which the controller is subject; and/or
- Processing is necessary for the purposes of the legitimate interest.
2. HOW WE PROTECT AND RETAIN YOUR PERSONAL INFORMATION
- Security. We have implemented and maintain reasonable technical, organizational and security measures designed to protect your personal information. However, please note that we cannot guarantee that the information will not be compromised as a result of unauthorized penetration to our servers. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.
- Retention of your information. Your personal information will be stored until we delete our records, and we proactively delete it, or if you send a valid deletion request. Please note that in some circumstances we may store your personal information for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, and/or (iii) if we reasonably believe there is a prospect of litigation relating to your information or dealings.
3. HOW WE SHARE YOUR PERSONAL INFORMATION
We may share your information as follows:
- With your family members or other caregivers, as authorized by you, and as necessary to provide you with the Services.
- In order to provide you with our Services, and only where permitted by law, we may share your personal information with: (1) our partners who may share with certified credit bureaus to verify information about your credit report; and (2) government agencies to verify your previous claims history and other relevant information. Your information is maintained by credit agencies and disclosed by them to others as permitted by law.
- We may also share your personal information with our affiliated companies about you.
- We may use third party service providers to process your personal information for the purposes outlined above, including, without limitation:
- With cloud service providers for hosting purposes;
- With websites and web content creation platforms in order to help us manage our Website;
- With email providers, marketing, CRM, other similar tool providers and/or sales dialer software;
- With analytic companies, in order to help us understand and analyze information we collect in accordance with this policy;
- With billing companies; and/or
- With data validation and enrichment companies.
- To the extent necessary, with regulators, courts, banks or competent authorities, to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order, as well as for internal compliance procedures and to protect the safety, security, and integrity of Squire, our Services, customers, employees, property, and/or the public.
- If, in the future, we sell or transfer, or we consider selling or transferring, some or all of our business, shares or assets to a third party, we will disclose your personal information to such third party (whether actual or potential) in connection with the foregoing events (including, without limitation, our current or potential investors). In the event that we are acquired by, or merged with, a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to sell and transfer your personal information in connection with the foregoing events.
- Certain social networking services ("SNS") may link-to the Services (e.g., Instagram, Facebook and/or LinkedIn). These SNS maintain their own privacy policies and policies relating to data collection, retention and use, and to the extent that you elect to utilize the SNS linking within the Services, you acknowledge and agree to comply with any of these third party terms, in addition to acknowledging, that except where prohibited by law, Squire is not liable or responsible for any use of the SNS that you elect to engage in. These SNS may receive your data when you visit or use their services or through third parties they work with.
- Where you have otherwise provided your consent to us for sharing or transferring your information.
4. YOUR PRIVACY RIGHTS.
1. The following rights (which may be subject to certain exemptions or derogations) shall apply to certain individuals (some of which only apply to individuals protected by specific laws):
- You have the right to withdraw consent to the processing, where consent is the basis of processing.
- You have the right to access the personal information that we hold and request further details about how we process it, under certain conditions.
- You have the right to demand rectification of inaccurate personal information about you. We will promptly correct any information found to be incorrect.
- You have the right to object to unlawful data processing under certain conditions.
- You have the right to the erasure of past data about you (your “right to be forgotten”) under certain conditions.
- You have the right to demand that we restrict the processing of your personal information, under certain conditions, if you believe we have exceeded the legitimate basis for processing, the processing is no longer necessary, or if you believe your personal information is inaccurate.
- You have the right to data portability of personal information concerning you that you provided us in a structured, commonly used, and machine-readable format, subject to certain conditions.
- The personal information we collect is not used for automated decision-making and profiling, except for automated processes in the context of marketing. As stated above, you can opt out of direct marketing by Squire by contacting Squire directly or by following the instructions through the unsubscribe options in our email messages.
2. Rights: You can exercise your rights by contacting us at email@example.com. Subject to legal and other permissible considerations, we will make a reasonable effort to honor your request promptly in accordance with applicable law or inform you if we need further personal information in order to fulfil your request. When processing your request, we may ask you for additional personal information to confirm or verify your identity and for security purposes, before processing and/or honoring your request. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than requested, we will address your request to the maximum extent possible, all in accordance with applicable law.
3. Marketing emails – opt-out: You may choose not to receive marketing email of this type by sending a single email with the subject "BLOCK" to firstname.lastname@example.org. Please note that the email must come from the email account you wish to block OR if you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails, and we will process your request within a reasonable time after receipt.
5. HIPAA (THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY) NOTICE OF PRIVACY PRACTICES. The Health Insurance Portability and Accountability Act (“HIPAA”) may apply to information disclosed to Squire directly from Covered Entities (as defined under HIPAA), including your healthcare provider and health plans. Squire’s use of Protected Health Information (as defined under HIPAA) collected directly from your healthcare provider or health plan will comply with the applicable HIPAA Notice of Privacy Practices. Please contact your health care provider or health plan for a copy of its HIPAA Notice of Privacy Practices. For clarity, information that you provide directly to us is not governed by HIPAA.
6. TRANSFERS OF PERSONAL INFORMATION
We store the personal data with the following storing companies: Firebase, Amazon Web Services, Mixpanel, Google, and Cisco in order to run our business and provide our Website and Services to you, we transfer personal data to certain countries around the world, including to our affiliates and service providers, many of whom are located outside of your jurisdiction. Therefore, your personal data may be processed in countries with privacy laws that are different from privacy laws in your country. Whenever we make such transfers, we will use commercially reasonable efforts to implement an appropriate level of protection to your personal data by implementing at least one of the following safeguards:
- making sure the destination country has been deemed to provide an adequate level of protection for personal data; and/or
- by executing implement data onward transfer instruments such as data processing and protection agreements.
7. USE BY CHILDREN. We do not offer our products or services for use by children and, therefore, we do not knowingly collect information from, and/or about children under the age of 18. If you are under the age of 18, do not provide any information to us without the involvement of a parent or a guardian. In the event that we become aware that you provide information in violation of applicable privacy laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at email@example.com.
8. INTERACTION WITH THIRD PARTY PRODUCTS. We enable you to interact with third party websites, products and services (such as mobile software applications) that are not owned, or controlled, by us (each, a “Third Party Service”). We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services can collect information from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third Party Service.
9. ANALYTIC TOOLS/COOKIES
- Firebase Analytics. We also use “Google Analytics for Firebase”. By enabling this tool, we enable the collection of data about App users, including via identifiers for mobile devices (including Android Advertising ID and Advertising Identifier for iOS), cookies and similar technologies. We use the information we get from Google Analytics for Firebase to maintain and improve our App(s). We do not facilitate the merging of personally-identifiable information with non-personally identifiable information unless we have robust notice of, and your prior affirmative (i.e., opt-in) consent to, that merger. Finally, please note that Google Analytics for Firebase’s terms (available at https://firebase.google.com/terms/) shall also apply.
- Through our Services we may allow third party advertising partners to set technologies and other tracking tools to collect information regarding your activities and your device (e.g., your IP address, mobile identifiers, page(s) visited, location, time of day). We may also combine and share such information and other information (such as demographic information and past purchase history) with third party advertising partners. These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering targeted advertisements to you when you visit third party websites within their networks. This practice is commonly referred to as “interest-based advertising” or “online behavioral advertising”. We may allow access to other data collected by the services to share information that may be useful, relevant, valuable or otherwise of interest to you.
- We also use some targeting and retargeting tools, such as Google and Facebook (Meta), etc.
- We reserve the right to remove or add new analytic tools, cookies, pixels and other tracking technologies.
10. SPECIFIC PROVISIONS APPLICABLE UNDER CALIFORNIA PRIVACY LAW
- California Privacy Rights: California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding our disclosure of information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org. Please note that we are only required to respond to one request per customer each year.
- Our California Do Not Track Notice: Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers, but we may allow third parties, such as companies that provide us with analytics tools, to collect personally identifiable information about an individual consumer’s online activities over time and across different web sites when a consumer uses the Services.
11. CONTACT US. If you have any questions, concerns or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us at email@example.com.