PRIVACY NOTICE
Last Updated: April 25, 2024
Socotra, Inc. (“Socotra,” “we,” “us,” and “our”) is a platform that provides insurers with a modern, enterprise-grade core system that enables them to rapidly develop and distribute products that better services their clients. This Privacy Notice explains how we collect, use, disclose, and otherwise process Personal Information in connection with our services. When we use the term “Services”, we are referring to all the services that we offer on our behalf, including, without limitation, our product and service offerings and the websites and services that link to this Privacy Notice.
Region-Specific Disclosures
We may choose or be required by law to provide different or additional disclosures relating to the processing of Personal Information about residents of certain countries, regions or states. Please refer below for disclosures that may be applicable to you:
What is Personal Information?
When we use the term “Personal Information” in this Privacy Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you. It does not include aggregated or deidentified information that is maintained in a form that is not reasonably capable of being associated with or linked to you.
Our Collection of Personal Information
We collect Personal Information about individuals when they visit our site, request a demo, or interact with our blog. Sometimes we collect Personal Information automatically when an individual interacts with our Services and sometimes we collect the Personal Information directly from an individual. At times, we may collect Personal Information about an individual from other sources and third parties, even before our first direct interaction.
Personal Information You Provide
We collect the following Personal Information you provide in connection with our Services:
Personal Information Automatically Collected
We may collect certain Personal Information automatically when you visit our Services, including:
For information about our and our third-party partners’ use of cookies and related technologies to collect information automatically, and any choices you may have in relation to its collection, please visit our Cookie Notice.
Personal Information from Third Parties
We may also obtain Personal Information from third parties; which we often combine with Personal Information we collect either automatically or directly from you.
We receive the same categories of Personal Information as described above from the following third parties:
Our Use of Personal Information
We may use Personal Information we collect to:
Where an individual chooses to contact us, we may need additional information to fulfill the request or respond to inquiries. We may provide additional privacy disclosures where the scope of the inquiry/request and/or Personal Information we require fall outside the scope of this Privacy Notice. In that case, the additional privacy disclosures will govern how we may process the information provided at that time.
Our Disclosure of Personal Information
We may disclose Personal Information in the following ways:
We may also share information with others in an aggregated or otherwise anonymized form that does not reasonably identify you directly as an individual.
Links to Third-Party Websites or Services
Our site and online services may include links to third-party websites, plug-ins and applications. Except where we post, link to or expressly adopt or refer to this Privacy Notice, this Privacy Notice does not apply to, and we are not responsible for, any Personal Information practices of third-party websites and online services or the practices of other third parties. To learn about the Personal Information practices of third parties, please visit their respective privacy notices.
Updates to This Privacy Notice
We may update this Privacy Notice from time to time. When we make changes to this Privacy Notice, we will change the date at the beginning of this Privacy Notice. If we make material changes to this Privacy Notice, we will notify individuals by email to their registered email address, by prominent posting on this website or our online services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided.
Contact Us
If you have any questions or requests in connection with this Privacy Notice or other privacy-related matters, please send an email to privacy@socotra.com. Alternatively, inquiries may be addressed to:
Socotra, Inc.
33 New Montgomery Street, Suite 290
San Francisco, CA 94105
Alternatively, inquiries may be addressed to:
Socotra, Inc.
33 New Montgomery Street, Suite 290
San Francisco, CA 94105
ADDITIONAL EEA, SWITZERLAND AND UK PRIVACY DISCLOSURES
Last Updated: April 24, 2020
Unless otherwise expressly stated, capitalized terms in these Disclosures have the same meaning as defined in the Privacy Notice.
Scope of Disclosures
These Additional European Economic Area (“EEA”), Switzerland and United Kingdom (“UK”) Privacy Disclosures (“European Privacy Disclosures”) supplement the information contained in our Privacy Notice. However, these European Privacy Disclosures apply only to our processing of your Personal Data where you are based in the EEA, Switzerland or the UK. Socotra is the data controller responsible for the collection and use of such Personal Data.
Personal Data Disclosures
When we use the term “Personal Data” in these European Privacy Disclosures, we mean any information relating to an identified or identifiable natural person.
Legal Bases for Processing
We use the Personal Data we collect about you in the following ways and rely on the following legal grounds to process Personal Data about you, whether it is obtained from you or a third party:
Contact information, such as name, phone number and email address.
We use this information to communicate with you, including sending service-related communications.
The processing is necessary for the performance of a contract between you and us, and/or to take steps at your request prior to entering into a contract.
We use this information to send you unsolicited marketing communications in accordance with your preferences.
We will only use your Personal Data in this way to the extent you have given us consent to do so.
We use this information to deal with inquiries and complaints made by you relating to your use of our Services.
The processing is necessary for our legitimate interests, namely administering our Services and for communicating with you effectively to respond to your queries or complaints.
Data collected through the use of our Services, including information about how you use our Services, your actions on our Services, including feedback through the Services.
We may use information about how you use and connect to our Services to present our Services to you on your device.
The processing is necessary for our legitimate interests, namely, to tailor our Services to the user.
We may use this information to determine products and services that may be of interest to you for marketing purposes.
The processing is necessary for our legitimate interests, namely, to inform our direct marketing.
We may use this information to monitor and improve our Services and business, resolve issues and to inform the development of new products and services.
The processing is necessary for our legitimate interests, namely, to monitor and resolve issues with our Services and to improve our Services generally.
Your preferences, such as preferences set for notifications, marketing communications, [how our Services are displayed and the active functionalities on our Services].
We use this information to provide our Services to you in accordance with your choices.
The processing is necessary for our legitimate interests, namely ensuring our Services are displayed in accordance with the user’s preferences.
We use this information to ensure that we comply with our legal obligation to send only those marketing communications to which you have consented.
The processing is necessary for compliance with a legal obligation to which we are subject.
Payment information. When you purchase our products and Services, we will collect confirmation of your payment from the payment processor.
We use this information to record that your payment has been processed and to grant you access to the paid features of our Services.
The processing is necessary for the performance of a contract between you and us, and/or to take steps at your request prior to entering into a contract.
Location information, we do not collect information about your precise location (other than information you choose to provide us); however, your WiFi, wireless network triangulation, or your IP address may help us determine an approximate location.
Providing you with content that is more relevant to you based on your location.
We only process your Personal Data in this way to the extent that you have given us your consent.
Information provided by social networks you connect to our Services, including when you “Like”, follow or share Socotra content on Facebook, Twitter, Instagram or other sites. We also receive profile information, picture, user ID, and any other information associated with your social media account that you permit the social network to share with third parties. The data we receive is dependent on your privacy settings with the social network.
We use this information to promote and market our Services and increase user engagement with our products and Services.
The processing is necessary for our legitimate interests, namely promoting our products and services and increasing user engagement with our products and services.
Information contained in communications between you and Socotra, including any information you provide when you contact us or interact with us directly, such as by participating in a contest or promotion, or submitting feedback or other information to us.
We use this information to respond to comments, questions or requests for customer service.
The processing is necessary for our legitimate interests, namely administering our Services and addressing your queries and concerns.
We use this information to address any violations of our Terms of Service, or any other rules, regulations or policies relating to our Services.
The processing is necessary for the performance of a contract between you and us.
Information about how you access and use our Services, including usage history, and your clicking and browsing patterns.
We use this information to operate, maintain and provide to you the features and functionality of our Services, to improve our products and services, for research and product development.
The processing is necessary for our legitimate interests, namely, to tailor our Services to you, to improve our Services and to develop new features and functionalities on our Services.
Internet and network information, including device information, logs and analytics data.
We use this information to provide and monitor the effectiveness of our Services; monitor usage of and activities on our Services; diagnose errors and problems with our Services; otherwise plan for and enhance our Services; understand your activities when you use our Services to deliver ads and information about products and services that may be of interest to you.
The processing is necessary for our legitimate interests, namely, to tailor our Services to you, to improve our Services and to develop new features and functionalities on our Services.
All Personal Information set out above.
We may use this information to comply with any professional or legal obligation to which we may be subject, such as disclosure of information to comply with a court order or at the request of a regulator.
The processing is necessary for the compliance with a legal obligation to which we are subject.
We may use this information to facilitate our internal business operations that are put in place for compliance with our legal obligations.
The processing is necessary for our legitimate interests, namely the detection and prevention of fraud and the fulfilment of professional obligations.
We may use this information to determine products and services that may be of interest to you for marketing purposes.
The processing is necessary for our legitimate interests, namely, to inform our direct marketing.
We use the Personal Data we automatically collect about you in the following ways and rely on the following legal grounds to process Personal Data about you, whether it is obtained from you or a third party:
Information about how you access our Services. For example, the site from which you came and the site to which you are going when you leave our websites, how frequently you access the Services, whether you open emails or click the links contained in emails, and whether you access the Services from multiple devices.
We or the third-party partners we use, may use the data collected through tracking technologies to:
The processing is necessary for our legitimate interests, namely: to tailor our Services to the user and to improve our Services generally; to monitor and resolve issues; for marketing purposes; to communicate with users; to contact users; and for the detection and prevention of fraud.
For more information on the legal basis for cookies, please see our Cookie Notice.
Information about how you use our Services. For example, the pages you visit, the links you click, the ads you view and click on, your purchase and subscription information, your location when you access or interact with our Services and other similar actions.
Information about the computer, tablet, smartphone or other device you use, such as your IP address, browser type, Internet service provider, platform type, device type/model/manufacturer, operating system, date and time stamp, a unique ID that allows us to uniquely identify your browser, mobile device or your account (including, for example, a persistent device identifier or an Ad ID), and other such information.
Analytics information. We may collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for our Services and to understand more about the demographics and behaviors of our users.
You are not required to provide Personal Data to us, but we do rely on your Personal Data to provide certain of our services and products. For example, we need your Personal Data to facilitate and deliver an order that you request. If you choose not to provide us with your Personal Data, we may not be able to provide you with a service or product you request.
Data Retention
We retain Personal Data about you for as long as is necessary for the purposes set out in these European Privacy Disclosures, unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights.
The criteria used to determine the period for which Personal Data about you will be retained varies depending on the legal basis under which we process the Personal Data:
Legitimate Interests
Where we are processing Personal Data based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects
Consent
Where we are processing Personal Data based on your consent, we generally will retain the information for the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain of your data erased (please see the Your Privacy Rights section below)
Contract
Where we are processing Personal Data based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship
Legal Obligation
Where we are processing Personal Data based on a legal obligation, we generally will retain the information for the period of time necessary to fulfil the legal obligation
Legal Claim
We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.
In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the Personal Data, as well as the potential risk of harm from unauthorized use or disclosure of your Personal Data.
International Data Transfers
We may transfer Personal Data about you among us and to our subsidiaries or affiliates, as well as to the categories of third parties identified in the Our Disclosure of Personal Information section of the Privacy Notice. Personal Data may be transferred to, stored and processed in a country other than the one in which it was collected, including, but not limited to, the United States. The country to which Personal Data is transferred may not provide the same level of protection for Personal Data as the country from which it was transferred.
We may transfer Personal Data about you outside the EEA, Switzerland and the UK, and when we do so, we rely on appropriate or suitable safeguards recognized under the GDPR including adequacy decisions, standard contractual clauses and the EUU.S. Privacy Shield.
Standard Contractual Clauses
The European Commission has adopted Standard Contractual Clauses, which provide safeguards for Personal Data transferred outside of the EEA, Switzerland and the UK. We may use these Standard Contractual Clauses when transferring Personal Data from a country in the EEA, Switzerland or the UK to a country outside the EEA, Switzerland or the UK that has not been deemed to adequately safeguard Personal Data. You can request a copy of our Standard Contractual Clauses by contacting us as set forth in the Contact Us section below.
Your Privacy Rights
You have the following rights in relation to your Personal Data (subject to certain limitations at law):
Access
The right to obtain:
Rectification
The right to correct or update any Personal Data about you that is inaccurate or incomplete.
Restriction of Processing
The right to require us to limit the purposes for which we process your Personal Data if the continued processing of the Personal Data in this way is not justified, such as where the accuracy of the Personal Data is contested by you.
Erasure
The right to request the deletion or erasure of Personal Data about you without undue delay if the continued processing of that Personal Data is not justified.
Portability
The right to obtain a copy of Personal Data about you in an easily accessible format and the right to transmit that Personal Data to another controller.
Objection to Processing
You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your Personal Data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
Please note that if the exercise of these rights limits our ability to process Personal Data, we may not be able to provide our products or services to you, or otherwise engage with you going forward.
Right to Withdraw Consent
Where we rely on your consent for processing of your Personal Data, as identified in the Purposes and Legal Basis for Processing section above, you also have the right to withdraw your consent to such processing. You may withdraw your consent at any time by contacting us using the contact details at the end of these European Privacy Disclosures.
Submitting Requests
To submit a request, please contact us as set forth in the Contact Us section below. We may need to verify your identity before processing your request, which may require us to obtain additional Personal Data from you. In certain circumstances, we may decline a request to exercise the rights described above.
Right to Lodge a Complaint
If you have any complaints regarding our privacy practices, you have the right to lodge a complaint with your national data protection authority (i.e., supervisory authority). If you are based in the EEA, Switzerland or UK, information about how to contact your local data protection authority is available here. However, we encourage you to first reach out to us by using the contact details set out in the Contact Us section below so that you have an opportunity to address your concerns directly and so that we may find a solution together before you do lodge a complaint.
Updates to These Disclosures
We may update these European Privacy Disclosures from time to time. When we make changes to these European Privacy Disclosures, we will change the “Last Updated” date at the beginning of these European Privacy Disclosures. If we make material changes to these European Privacy Disclosures, we will notify you by email to your registered email address, by prominent posting on our online services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided in the notification.
Contact Us
If you have any questions or requests in connection with these European Privacy Disclosures or other privacy-related matters, please send an email to privacy@socotra.com. Alternatively, inquiries may be addressed to:
Socotra, Inc.
33 New Montgomery Street, Suite 290
San Francisco, CA 94105
COOKIE NOTICE
Last Updated: April 24, 2020
Unless otherwise expressly stated, capitalized terms in this Notice have the same meaning as defined in the Privacy Notice.
Scope of Notice
This Cookie Notice supplements the information contained in the Privacy Notice by explaining how we and our business partners and service providers use cookies and related technologies in the course of managing and providing our online services and our communications to you. It explains what these technologies are and why we use them, as well as your rights to control our use of them.
In some cases, we may use cookies and related technologies described in this Cookie Notice to collect Personal Information, or to collect information that becomes Personal Information if we combine it with other information. For more details about how we process your Personal Information, please review the Privacy Notice.
What Are Cookies and Related Technologies
Cookies are small data files that are stored on your computer that allow us and our third-party partners and providers to collect certain information about your interactions with our email communications, websites and other online services, and that improve your experience. We and our third-party partners and providers may also use other, related technologies to collect this information, such as web beacons, pixels, embedded scripts, location-identifying technologies and logging technologies (collectively, “cookies”).
What We Collect When Using Cookies
We and our third-party partners and providers may use cookies to automatically collect certain types of usage information when you visit or interact with our email communications, websites and other online services. For example, we may collect log data about your device and its software, such as your IP address, operating system, browser type, date/time of your visit, and other similar information. We may collect analytics data or use third-party analytics tools such as Google Analytics to help us measure usage and activity trends for our online services and better understand our customer base. We may also collect location data, including general geographic location based on IP address or more precise location data when a user accesses our online services through a mobile device.
We use the following types of cookies:
How We Use Information Collected via Cookies
We use or may use the data collected through cookies to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit our websites and online services; (b) provide and monitor the effectiveness of our websites and online services; (c) monitor online usage and activities of our websites and online services; (d) diagnose errors and problems with our websites and online services; (e) otherwise plan for and enhance our online services; and (f) facilitate the purposes identified in the Our Use of Personal Information section of our Privacy Notice. We and our advertising partners also use the information we collect through cookies to understand your browsing activities, including across unaffiliated third-party sites, so that we can deliver ads and information about products and services that may be of interest to you.
Please note that we link some of the Personal Information we collect through cookies with the other Personal Information that we collect about you and for the purposes described in our Privacy Notice.
Your Choices About Cookies
If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Please note that doing so may negatively impact your experience using our online services, as some features and services on our online services may not work properly. Depending on your device and operating system, you may not be able to delete or block all cookies. In addition, if you want to reject cookies across all your browsers and devices, you will need to do so on each browser on each device you actively use. You may also set your email options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our email and performed certain functions with it.
You can learn more about Google’s practices with Google Analytics by visiting Google’s privacy policy here. You can also view Google’s currently available opt-out options here.
We may also utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick advertising cookie) or other third-party cookies together to inform, optimize, and display ads based on your past visits to the services. You may control your advertising preferences or opt-out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available at https://google.com/ads/preferences, or by visiting NAI’s online resources at http://www.networkadvertising.org/choices.
Your Choices About Online Ads
We support the self-regulatory principles for online behavioral advertising (Principles) published by the Digital Advertising Alliance (DAA). This means that we allow you to exercise choice regarding the collection of information about your online activities over time and across third-party websites for online interest-based advertising purposes. More information about these Principles can be found at www.aboutads.info. If you want to opt out of receiving online interest-based advertisements on your internet browser from advertisers and third parties that participate in the DAA program and perform advertising-related services for us and our partners, please follow the instructions at www.aboutads.info/choices, or http://www.networkadvertising.org/choices/ to place an opt-out cookie on your device indicating that you do not want to receive interest-based advertisements. Opt-out cookies only work on the internet browser and device they are downloaded onto. If you want to opt out of interest-based advertisements across all your browsers and devices, you will need to opt out on each browser on each device you actively use. If you delete cookies on your device generally, you will need to opt out again.
If you want to opt out of receiving online interest-based advertisements on mobile apps, please follow the instructions at http://www.aboutads.info/appchoices.
Please note that when you opt out of receiving interest-based advertisements, this does not mean you will no longer see advertisements from us or on our online services. It means that the online ads that you do see from DAA program participants should not be based on your interests. We are not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs. In addition, third parties may still use cookies to collect information about your use of our online services, including for analytics and fraud prevention as well as any other purpose permitted under the DAA’s Principles.
Updates to This Cookie Notice
We will update this Cookie Notice from time to time. When we make changes to this Cookie Notice, we will change the “Last Updated” date at the beginning of this Cookie Notice. If we make material changes to this Cookie Notice, we will notify you by email to your registered email address, by prominent posting on this website or our online services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided in the notification.
Contact Us
If you have any questions or requests in connection with this Cookie Notice or other privacy-related matters, please send an email to privacy@socotra.com. Alternatively, inquiries may be addressed to:
Socotra, Inc.
33 New Montgomery Street, Suite 290
San Francisco, CA 94105
Annex – Cookies
[Google Analytics]
[__utma]
[Analytics cookie]
[This is one of the four main Cookies set by the Google Analytics services which enables website owners to understand visitor behavior and measure the website performance. This Cookie distinguishes between users and sessions. It is used to calculate new and returning visitor statistics. The Cookie is updated every time data is sent to Cookie Analytics. The lifespan of the Cookie can be customized by website owners. Currently configured for [six months].
Please also see Google’s Policy: https://policies.google.com/te…]
[You may review Google’s site “How Google uses data when you use our partners’ sites or apps” located at www.google.com/policies/privacy/partners/ . You can learn about Google Analytics’ currently available opt-outs, including the Google Analytics Browser Ad-On here https://tools.google.com/dlpage/gaoptout/ ]
[Hubspot]
[_ptq.gif]
[Pixel]
Sends data to the marketing platform Hubspot about the visitor’s device and behavior. Tracks the visitor across devices and marketing channels