Privacy policy

Last updated: February 24th 2022

IMPORTANT: BY ACCESSING AND/OR USING THE SERVICES (DEFINED BELOW) YOU ACCEPT THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY AND CONSENT THAT ALL PERSONAL INFORMATIONTHAT YOU SUBMIT OR THAT IS PROCESSED OR COLLECTED THROUGH OR IN CONNECTION WITH YOUR ACCESS OR USE OF THE SERVICES WILL BE PROCESSED BY US AND/OR OUR AFFILIATES IN THE MANNER AND FOR THE PURPOSES DESCRIBED IN THE FOLLOWING PRIVACY POLICY. 

Acceptance of Privacy Policy

By accessing or using Ahoy MIT Inc.’s (“Ahoy“, “we“, “us” or “our“) website and mobile application and all products, services, materials and content provided therein (collectively, the “Services“), you agree to the term and conditions of this Privacy Policy. This Privacy Policy, together with our Terms of Use available at Terms and Conditions, (collectively, the “Terms“) constitute a binding agreement between you and us. By accessing or using the Services, you agree to abide by, and be bound, by these Terms. 

YOU ARE NOT LEGALLY REQUIRED TO PROVIDE US WITH PERSONAL INFORMATION, HOWEVER, USE OF THE SERVICES REQUIRES THAT YOU PROVIDE PERSONAL INFORMATION. IF YOU CHOOSE TO WITHHOLD ANY PERSONAL INFORMATIONREQUIRED IN RESPECT THEREOF, IT WILL NOT BE POSSIBLE FOR YOU TO USE THE SERVICES. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS SET FORTH HEREIN PLEASE DO NOT ACCESS OR USE THE SERVICES.

We recognize that privacy is important. This Privacy Policy applies to all of the services, information, tools, features and functionality available on the Services offered by us or our subsidiaries or affiliated companies and covers how personal information that we collect and receive, including in respect of any use of the Services, is treated. If you have any questions about this Privacy Policy, please feel free to contact us at: [email protected] 

References to “you” in the Terms means you, your duly authorized representatives and any entity you may represent in connection with your use of the Services. By accessing or using the Services for your own personal use, you confirm that (i) you can form a binding contract with us under the applicable laws of your jurisdiction, and (ii) you are over the age of 18. By accessing or using the Services on behalf of a corporation (or any other legal entity), you confirm that you are duly authorized by such legal entity to enter into an agreement on behalf of that legal entity and are nevertheless you are individually bound by the Terms, even if we have a separate agreement with such legal entity.

Personal information We Collect

We may collect the following categories of information for the purposes identified below. Please note that the examples are not an exhaustive list and may fall into multiple categories. Categories and specific pieces of information collected may vary depending on the nature of your relationship with us.

CategoryPurpose of UseWhat may be included in this categorySome examples
InternalAuthenticate your identity; create, maintain and secure your account with us; maintain your preferences.Knowledge and Belief, Authenticating, PreferencePasswords, PIN, mother’s maiden name, individual interests
HistoricalComplete a transaction or provide a service for which the personal information was collected; conduct analytics and modeling.Personal historyPast claims, prior insurance carriers, prior addresses, medical history, criminal history
FinancialProcess your billing; make payments; complete a transaction or provide a service for which the personal information was collected.Account, Ownership, Transactional, CreditCredit card number, bank account, records of real or personal property, credit, income, loan records, taxes
ExternalIdentify information to verify you; complete a transaction or provide a service for which the personal information was collected; deliver product offerings that may be relevant to you; conduct analytics.Identifying, Ethnicity, Gender, Demographic, Medical and Health, Physical CharacteristicsName, username, government issued identification, social security number, gender, browsing behavior, age range, income bracket, physical and mental health, medical records
SocialEstablish your communication preferences; complete a transaction or provide a service for which the personal information was collected; process your policy, account or claim.Professional, Criminal, Public Life, Family, Social Network, CommunicationJob titles, work history, school attended, convictions, charges, marital and family status, email, telephone recordings
TrackingContact you; provide relevant information; provide a location-based product or service requested by you; conduct analytics.Computer or Mobile Device, Contact, LocationIP Address, geolocation, email address, physical address, telephone number, country

We receive and store personal information about you from a variety of sources:

  • Information you provide to us. We may collect the following categories of information directly from you: Internal, Historical, External, Financial, Social. Specifically, we collect information you provide to us, for example, in your application, which includes your name, date of birth, email address, physical address, phone number, payment method, and as applicable to pay claims, bank account information. We may also collect your policy or claim information. If you submit any such information relating to people other than yourself, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy;
  • Information we collect automatically. We may collect the following categories of information indirectly from you: Tracking. Specifically, we collect information about you and your use of the Services, such as your interactions with us and our online advertising, as well as information regarding your computer or other device used to access our Services. This information includes:
    • your activity on our website, our mobile application, use of our social media sites, and your interaction with our online advertisements;
    • device IDs or other unique identifiers;
    • device and software characteristics, connection information, statistics on page views, referring source, IP address, geographic location, browser and standard web server log information;
    • details of your interactions with our support representatives, such as date, time, and reason for contacting us, transcripts of any chat conversations, and if you call us or we call you, your phone number and call recordings;
    • details about your transactions with us, our affiliates or others, such as your policy coverage, premiums, and payment history; and
    • details collected via the use of cookies, web beacons and other technologies.
  • Information obtained from other sources. We also obtain the following categories of information from other sources: Historical, External, Financial, Social. We protect this information according to the practices described in this Privacy Policy, plus any additional restrictions imposed by the source of the data. The sources vary over time, and the information collected includes:
    • credit report information, insurance credit score, and claims history from a consumer reporting agency or insurance support organization;
    • details of your interactions with select strategic partners with which we offer co-branded Services or engage in joint marketing activities; and
    • details about you from publicly available sources.

How We Use Your Personal information

We may use personal information we collect about you in order to:

  • Provide a quote, underwrite and rate policies, respond to your questions, fulfill service requests, and complete your transactions;
  • Process claims and/or provide you with support; 
  • Confirm or correct certain information about you;
  • Send you information that we believe may interest you, including marketing materials;
  • Facilitate use of certain features of the Services;
  • Personalize your experience while using our Services;
  • Facilitate social media sharing that you authorize;
  • Help us prevent fraud and other crimes;
  • Comply with applicable laws and regulations;
  • Conduct our business, including the development of new products and services; and
  • Perform other functions, as permitted by law.  

How We Protect Your Personal information

We follow generally accepted industry standards to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of your personal information. We use reasonable organizational, technical, and administrative measures to safeguard your personal information against loss, theft, and unauthorized access, use, and modification. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. We retain your personal information only for as long as reasonably necessary for the purposes for which it was collected or to comply with any applicable legal reporting or document retention requirements.

Sharing Personal information

As part of providing the Services our affiliates, agents, representatives and service providers will have access to your personal information. We require these parties to process such information in compliance with this Privacy Policy and subject to security and other appropriate confidentiality safeguards. We will also share your personal information in the following circumstances: (a) as required for providing the Services or any features therein; (b) for maintenance and improvement of the Services; (c) if we become involved in a reorganization, merger, consolidation, acquisition, or any form of sale of some or all of our assets, with any type of entity, whether public, private, foreign or local; and/or (d) to satisfy applicable law or prevention of fraud or harm or to enforce applicable agreements and/or their terms, including investigation of potential violations thereof.

We may disclose your personal information to non-affiliated third parties that perform marketing services on our behalf or with which we have joint marketing agreements or to otherwise help us manage or service our business, such as insurance support organizations and consumer reporting agencies. Please be aware that information we share with insurance support organizations and consumer reporting agencies, such as your claims history, may be retained by them and disclosed to others. We do not share or sell your personal information with or to any non-affiliated third parties for their own marketing purposes.

We do not disclose any personal information about you, as our customer or former customer, except as described in this Privacy Policy.

Third Parties’ Websites, Platforms, Applications and Links

Our Services may be provided through and/or utilize features operated by third-party platforms, or contain links to websites or applications operated by third parties whose policies regarding the handling of information may differ from ours. These websites and platforms have separate and independent privacy or data policies, privacy statements, notices and terms of use, which we recommend you read carefully. In addition, you may encounter third party applications that interact with our Services.

Please be aware that we are not responsible for the privacy practices of third-party websites, platforms or applications even though our name or logo may appear on such. We encourage you to be aware of this and to read the privacy statements of each and every website, platform or application that you visit. Our Privacy Policy applies solely to our Services.

Your Choices 

Email. If you no longer want to receive certain communications from us via email, simply click the “unsubscribe” link in the email. If you want to opt-out of all electronic communication, including service-related correspondence, you may do so by emailing us at [email protected] with the following subject line “WITHDRAW ELECTRONIC CONSENT.” The body of the email must include your name, policy number, effective and expiration dates of the policy, the effective date of your withdrawal and whether you want (a) all communications to be in paper form; and/or (b) your insurance policy to be sent to you in paper form.

Push Notifications. You can choose whether or not to receive mobile push notifications from us. If you subsequently change your mind, you can use your mobile device’s settings functionality to modify your preferences.

Interest-Based Ads. Internet-based ads are online ads tailored to your likely interests based on your use of various apps and websites across the Internet. If you are using a browser, then cookies and web beacons can be used to collect information to help determine your likely interests. If you are using a mobile device, tablet, or streaming media device that includes an advertising identifier, then that identifier can be used to help determine your likely interests. For your choices about interest-based ads from us, please see the Cookies and Internet Advertising section (below).

Cookies and Internet Advertising

A cookie is a message sent to your browser from a web server that is stored on your computer’s hard drive. The message is sent to the web server whenever the browser requests a page from that server. Many commercial internet sites use cookies.

In general, cookies allow us to identify you as a particular user and thus provide you with a more customized service. We may also use cookies to track customer or user requests, inquiries and traffic patterns or to determine audience size and repeated usage. We use web beacons (also known as pixel tags or clear gifs) to help manage online advertising. These files enable us to recognize a unique cookie on your web browser, which in turn enables us to learn which advertisements bring users to our website. With both cookies and Spotlight technology to measure online advertising, the information that we collect and share is anonymous and not personally identifiable. It does not contain your name, address, telephone number, or email address.

You may opt out of accepting cookies by changing the settings on your browser. However, rejecting cookies may prevent you from using certain functions and you may have to repeatedly enter information to take advantage of Services or promotions.

We do not currently support Do Not Track signals, but may in the future.

When you visit our website, other parties may collect personally identifiable information about your online activities over time and across different websites. Notwithstanding any other provision, we may work with a third party partner who may collect information from you, such as your IP address and information about your browser or operating system, and may place or recognize a unique cookie on your browser for the purpose of enabling interest-based content or advertising to you. The cookies placed by our third party partners contain no personally identifiable information, but may contain demographic or other interest-based data in a de-identified form. The information in these cookies may be linked to data you voluntarily submitted to us, such as your name, postal address or email, which we may share in hashed or encrypted form. To opt-out of these data provider cookies, please go to [please insert link].

EEA Users

The following information applies to residents of the European Economic Area (“EEA”), who use our Service in the EEA. 

A “resident” of the EEA is an individual who is physically present in the EEA. This section does not apply to EEA citizens who are resident outside of the EEA (for example, a French citizen who is resident in the United States). The EEA consists of the member states of the European Union, i.e., Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the United Kingdom, and Iceland, Liechtenstein, and Norway. This section also applies to residents of Switzerland as well. Residents of the EEA and Switzerland are referred to here as “EEA Residents.”

From May 25, 2018, all processing of Personal information of EEA Residents is subject to the General Data Protection Regulation (2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of Personal information and on the free movement of such data (“GDPR”).

Under the GDPR, we are both a controller and a processor of the personal information of EEA Residents. Our purpose for collecting and processing personal information from EEA Residents is to allow users to subscribe to and log in to our Services and to provide our Services to our customers. Our legal basis for collecting Personal information will be one of the following:

  • to fulfil our contractual obligations to you, for example to provide the Services or to ensure that invoices are paid correctly;
  • to comply with our legal and/or regulatory obligations, for example obtaining proof of your identity to enable us to meet our anti-money laundering obligations; and/or
  • to meet our legitimate interests, for example to: understand how you use the Services and to enable us to use this knowledge to improve our products and services and to develop new ones; to communicate with you about the products and services that you use or we offer; maintain our accounts and records; to assess patterns of use; and to plan and evaluate our marketing and business development programs. When we process Personal information to meet our legitimate interests, we put in place, when needed, safeguards designed to protect your privacy interests, freedoms, and rights under applicable laws.

We may obtain your consent to collect and use certain types of personal information when we are required to do so by law (for example, in relation to some direct marketing activities, our use of cookies and tracking technologies or when we process sensitive personal information). If we ask for your consent to process your personal information, you may withdraw your consent at any time by contacting us using the details provided in this Privacy Policy.

We may anonymize your personal information and use it for other purposes. For example, we may prepare aggregated reports about how users interact with the Services for research.

Under GDPR, your rights in relation to privacy and data protection are as follows: 

  • Right of Access and Rectification. You have the right to know what personal information we collect about you and to ensure that such data is accurate and relevant for the purposes for which we collected it. We allow our users the option to access and obtain a copy of their personal information and to rectify such personal information if it is not accurate, complete, or updated. However, we may first ask you to provide us certain credentials to permit us to identify your personal information. 
  • Right to Delete Personal information or Restrict Processing. You have the right to delete your personal information or restrict its processing. We may postpone or deny your request if your personal information is in current use for the purposes for which it was collected or for other legitimate purposes such as compliance with legal obligations.  
  • Right to Withdraw Consent. You have the right to withdraw your consent to the processing of your personal information. Exercising this right will not affect the lawfulness of processing your personal information based on your consent before its withdrawal.
  • Right of Data Portability. Where technically feasible, you have the right to ask to transfer your Personal information in accordance with your right to data portability.
  • Right to Lodge Complaint. You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your Personal information.  

International Data Transfers. If you are located in the EU, you have a right to request further information regarding the data transfer mechanisms used by us with respect to data transfers to third countries. In order to keep your personal information safe, we apply strict safeguards when transferring it outside of the EEA, which may include the following:

  • Transferring your personal information to countries approved by the European Commission (EC) as having adequate data protection laws;
  • Entering into standard contracts that have been approved by the EC and which provide an adequate level of high-quality protection, with the recipients of your personal information.

Your California Privacy Rights 

The California Consumer Privacy Act of 2018 (“CCPA”) provides California residents (“California consumers”), with specific rights regarding their personal information. If you are a California resident (regardless of citizenship), the following information applies to you and describes your CCPA rights and how to exercise those rights.

Under the CCPA, California consumers may have the following rights:

  • Right to Know and Right to Delete. The right to request that we disclose what personal information we collect and process about you and the right to submit requests to delete certain personal information. 

When we receive a request to know or delete from a California consumer, we will confirm receipt of the request within 10 days and provide you with information about how we will process the request, including process for making sure that you are the individual who is making the request. We will respond to such requests within 45 days.

  • Right for Disclosure of Information. You may submit requests that we disclose specific types or categories of personal information that we collect about you. 

Under certain circumstances, we are not required to provide you with this information, including where the disclosure of the information would create a substantial, articulable and unreasonable risk to the security of that Personal Information, customers’ account with us, or the security of our systems or networks. We will also not disclose your social security number, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, or account passwords and security questions and answers, if any of such personal information was collected by us.

  • Do Not Sell My Personal information/Notice of Right to Opt Out. Under CCPA, the sale of your personal information means the sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information to any third party for monetary or other valuable consideration.
    • In the preceding twelve (12) months, we have not sold any personal information. 
    • While we do not sell personal information in exchange for any monetary or other valuable consideration, we do share personal information for other benefits that could be deemed a “sale,” as defined by the CCPA (Cal. Civ. Code 1798.140(t)(1)). This includes sharing personal information with advertising networks, website analytics companies, and event sponsors. 
    • Although we do not currently share personal information in a manner that would be considered a sale under CCPA, you may still submit a request to opt out.

California consumers may exercise their rights under the CCPA by: 

  • Submitting Requests. If you would like to make any requests under the CCPA, please direct them as follows: [please insert link to the webform we provided].
  • Verifying Requests. If we receive any request from you, we will use a two-step process for online requests where the California consumer must first, clearly submit the request and then second, separately confirm the request. We will use other appropriate measures to verify requests received by mail or telephone.

If you are a California consumer submitting a request, you must provide sufficient information to identify yourself, such as name, e-mail address, home or work address, or other such information that is on record with us so that we can match such information to the personal information that we maintain. Do not provide social security numbers, driver’s license numbers, account numbers, credit or debit card numbers, medical information or health information with requests.

If we are unable to verify you based on the information you have provided and the information in our systems, we will advise you that we cannot complete your request based on an inability to verify you.

  • Response Timing and Format. We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail.

Disclosures we provide may only cover the 12-month period preceding a California consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

  • Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights.

Enforcement

We regularly review our compliance with this Privacy Policy. Please feel free to direct any questions or concerns regarding this Privacy Policy or our treatment of personal information by contacting us as provided above. When we receive formal written complaints, it is our policy to contact the complaining user regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal information that cannot be resolved between us and an individual.

Legal Justification and Consent to Processing

By providing any personal information to us pursuant to this Privacy Policy, all users, including, without limitation, users in the United States and member states of the EEA and EU, fully understand and unambiguously consent to this Privacy Policy and to the collection and processing of such personal information abroad. By submitting your personal information through the Services, you consent, acknowledge, and agree that we will collect, use, process, transfer, and disclose your Personal information as described in this Privacy Policy.

Children and Minors

We will not knowingly contact or engage with children under the age of 18, and will not collect, use or process personal information of such without parental consent. If you have reason to believe that a child’s personal information has been provided us without parental consent, please contact us at the address given above and we will endeavor to delete that personal information from our databases

Modifications to this Privacy Policy

We reserve the right, at our discretion, to modify this Privacy Policy from time to time. We encourage you to periodically review this Privacy Policy for the latest information about our privacy practices. Please take a look at the “Last Updated” legend at the top of this page to see when this Privacy Policy was last revised. 

Any changes to this Privacy Policy will become effective when we post the revised Privacy Policy on our website. Your access or use of the Services following these changes means that you accept and consent to the revised Privacy Policy.

Contact Us

If you have any questions about this Privacy Policy, concerns about the way we process your personal information, or if you wish to delete all information regarding your use of the Services, please feel free to contact us at: [email protected]