SquareTrade EU Privacy Notice
SquareTrade Limited, 2nd Floor, 5 Golden Square, Soho, London, W1F 9BS, ("we," “us” or “SquareTrade”) is committed to protecting and respecting the privacy of SquareTrade customers.
This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
SquareTrade will process your personal data in accordance with the EU General Data Protection Regulation 2016/679, or any of its nationally equivalent legislation (collectively, “GDPR”). For the purposes of the GDPR, SquareTrade Limited shall be (i) a joint data controller with any companies through which SquareTrade Limited acts as intermediary for insurance in the EU and (ii) a data processor for any company whose behalf SquareTrade Limited administers insurance.
If you have any questions about this privacy notice, or wish to contact SquareTrade in relation to any of your rights in relation to your personal data, please contact SquareTrade at: email@example.com.
- What information do we process about you?
We will collect and process the following personal data from you, as a result of your interaction with our websites: www.squaretrade.co.uk, www.squaretrade.fi, www.squaretrade.at, www.squaretrade.se, www.squaretrade.es, www.squaretrade.pt, and www.squaretrade.dk (“our sites”) or as otherwise described below.
Information you give us
We will collect and process your personal data when you carry out the following activities:
- Register your claim
- Log in to your account
- Express interest in or purchase our products or services
- Request information
- Send us comments or questions
- Use our websites or our applications on third-party sites or platforms
The personal data that you may provide through carrying out the above activities, and which we may collect and process, includes your:
- Country of residence
- Email address
- Account username and password
- Residential and billing addresses
- Telephone, including mobile telephone, number
- Payment information
- IMEI of mobile phones
- Message contents, such as comments or questions
Information we collect about you
With regard to each of your visits to our sites, we will collect the following information automatically:
- technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products or services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service numbers.
- What cookies do we use?
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Every time you return to our site, the browser retrieves the cookie and sends it to the site’s server.
We use the following cookies on our site:
- Strictly necessary cookies - these are cookies that are required for the operation of our site. They include, for example, cookies that enable you to log into secure areas of our site.
- Analytical/performance cookies - these allow us to recognise and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way the site works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies - these are used to recognise you when you return to our site. This enables us to personalise our content for you and remember your preferences.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
Except for essential cookies, all cookies will expire after 30 days.
- What are our legal bases for processing your personal data?
In respect of any of your personal data that we process in connection with any products or services we offer to you and/or fulfilling any obligation to you, we will process that personal data on the basis of performing a contract to which you are party, or in order to take steps at your request prior to entering into such a contract.
In respect of any other of your personal information that we process in connection with any interaction that you make with any of our sites, we will process that personal data on the basis of carrying out our legitimate interests in making our services available to you through our sites, and achieving our related business objectives including identity verification and fraud prevention.
We may also process your personal data to comply with our legal obligations.
- How do we use your personal data?
We use your personal data that we hold about you in the following ways.
Information you give to us
We will use this information to:
- provide and deliver products and services you request
- send you information relevant to your requests, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages
- respond to your comments and questions and provide customer service
- take steps to address any concerns that you raise with us
- operate and improve our websites
- verify your identity and prevent fraud
- comply with our legal obligations
Information we collect about you
We will use this information:
- to service our obligations to you
- to improve our sites to ensure that content is presented in the most effective manner for you and the device from which you are reviewing the content
- as part of our efforts to keep our sites safe and secure
- to allow you to participate in any features of our service, when you choose to do so
- to administer our sites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
- verify your identity and prevent fraud
- comply with our legal obligations
- Who may we share your personal data with?
We may share your personal data with:
- Our insurers, third party vendors, consultants, and other service providers who work for or on behalf of us and need access to your personal data to provide their services to us and perform certain functions on our behalf. These third parties will have access to your information only for purposes of performing these services or tasks on our behalf.
- Our parent company, subsidiaries, joint ventures, or other companies under common control with us (“Related Companies”) for the purposes of internal administration and management, delivering our services, internal analytics, data management and technical support. When we share information with our Related Companies we will require them to honour this privacy notice.
- Third parties in connection with any merger, financing, acquisition or dissolution, transaction or proceeding involving the sale, transfer, divestiture, or disclosure of all or a portion of our business or assets to another company.
- Another party if we become insolvent or otherwise cease trading and such third party shall then process your personal data in accordance with their privacy notice.
- Insurers for the purpose of providing insurance and handling claims and repairs in certain circumstances.
- Other parties for legal reasons, such as public and government authorities to respond to any request they have, or other legal authorities, professionals or courts to comply with court orders and other legal processes, pursue available remedies, limit damages we may sustain, protect our operations or protect the rights, privacy, safety or property of ourselves, you and others.
- Our Related Companies and/or third party vendors in order to provide marketing to you, but only if you have consented to receiving such marketing from us.
- Where do we transfer and store your personal data?
Personal data collected by SquareTrade may be stored or processed in the United States or in any other country where SquareTrade or its affiliates, subsidiaries, or third party service providers maintain facilities. SquareTrade has put the following protective mechanisms in place with regard to transfers of your personal data to countries outside of the EEA that do not afford the same level of personal data protection.
EU-US Privacy Shield
- SquareTrade Inc., our parent company, has elected to self-certify to the EU-US Privacy Shield Framework.
- For more information about the Privacy Shield, see the U.S Department of Commerce's Privacy Shield website located at: https://www.privacyshield.gov. To review SquareTrade Inc.'s representation on the Privacy Shield list, see the U.S Department of Commerce's Privacy Shield self-certification list located at: https://www.privacyshield.gov/list.
- SquareTrade Inc. adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.
- Principle 7, the Accountability for Onward Transfer Principle, means that SquareTrade Inc. remains potentially liable if a third party processing your personal data processes that personal data in a way which is inconsistent with the Privacy Shield Principles (unless SquareTrade Inc. can prove that it is not responsible for the event giving rise to the damage).
- Within the United States, for the purposes of enforcing compliance with the Privacy Shield, SquareTrade Inc. is subject to the investigatory and enforcement authority of the US Federal Trade Commission.
Standard contractual clauses
We also executed standard contractual clauses that have been approved by the European Commission in respect of transfers of your personal data to SquareTrade, Inc., in the United States. Under the GDPR, SquareTrade, Inc., acts as a data processor in respect of such transfers and SquareTrade Limited acts as a data controller. SquareTrade, Inc. also ensures that it uses corresponding standard contractual clauses with any vendor that it engages in connection with the processing of any of your personal data outside of the EU and U.S.
- What security measures do we put in place?
Confidentiality and security of your personal data are very important to us. We have implemented appropriate administrative, technical and physical security measures (including in accordance with the Privacy Shield) designed to protect your information from loss, unauthorised access, use, modification or disclosure, including the use of encryption and other technology safeguards to reduce security risks.
We ensure that we have data protection agreements in place with any service providers that we engage to fulfil your requests, in accordance with the GDPR.
We review our internal security policies and guidelines from time to time to take into account new technology and methods, the risk represented by the processing and the nature of the data being protected. We limit access to our databases containing personal data to authorised persons having a justified need to access such information and limit retention periods to retain data for no longer than is necessary.
All personal data you provide to us is stored on our secure servers. Unfortunately, the transmission of information via the internet is not completely secure. Although we will use all reasonable measures to protect your personal data, we cannot guarantee the security of your personal data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent any unauthorised access.
- What rights do you have in relation to your personal data?
You may have the following rights in relation to your personal data to the extent permitted by the GDPR:
- to rectify any inaccurate personal data that we hold about you
- to have your personal data erased under certain circumstances
- to have the processing of your personal data restricted where you dispute its accuracy, if you think its processing is unlawful, if you otherwise object to its processing, or when we no longer need your personal data and you need it in relation to a legal claim
- to have access to your personal data, and the right to receive copies of your personal data in a structured, commonly used and machine-readable format and transfer those copies to another data controller, under certain circumstances
- to complain to your national data protection regulator if you feel that any of your personal information is not being processed in accordance with the GDPR
If you wish to contact SquareTrade in relation to any of the rights in relation to your personal data, please contact SquareTrade at: firstname.lastname@example.org. We will need to validate your identity before we will take action with respect to your exercise of any of your above referenced rights.
If you have consented to receiving marketing from us, you may also withdraw any consent that you give us to process your personal data by emailing: email@example.com. If you withdraw your consent, we will stop processing the relevant personal data except to the extent we have other grounds for processing it under applicable laws.
- Are there risks if I access third party sites from the site?
Our sites may, from time to time, contain links to and from other websites or platforms.
If you follow a link to, or share something on, any of these websites or platforms, please note that they have their own privacy policies, and that we do not accept any responsibility or liability for these other policies. Please check these policies before you submit any personal data.
- For how long do we retain your personal data?
Personal data is retained by SquareTrade for no longer than is necessary to provide our services and/or execute our obligations under applicable contracts with customers and business partners.
- Changes to our privacy notice
We may change our privacy notice from time to time and will denote the date of the notice by changing the "last updated" date below. We will provide additional notification if these changes are material.
Last updated 1 May 2018