LossExpress Privacy Policy

Last updated on May 1, 2020

LossExpress is a software application that provides customers and software developers with building blocks to add insurance claim administration features to systems and processes via web applications.

We understand that when you use LossExpress’ platform you are placing your trust in us to handle your data appropriately, including the personal information of you and your end users. That is why we take a “No Shenanigans” approach to data protection.

Part of our “No Shenanigans” approach is to make sure that you, the customer, have information about how we process personal information in connection with your use of our products and services, including our website. We want to enable you to make informed decisions about your information on LossExpress’ platform. We also want to provide you with relevant information to help your end users make informed decisions about their personal information being used on LossExpress’ platform.

We’re realists here. And, as much as our Privacy Team wishes it were otherwise, we know that most customers don’t spend their time reading privacy notices…

But they do read contracts and API docs! So, we’ve added information to our license agreements and API docs about personal information processing to help you be more privacy-aware.

So, let’s say you’ve read everything here and you’ve checked out our license agreement and API docs, but you still have more questions or concerns about how we’re processing personal information, or you would like to know more about how to exercise your rights. You can contact our Privacy Team by emailing us at info@lossexpress.com.

 

Table of Contents

  • Let’s Get Oriented
  • How LossExpress Processes Your Personal Information
  • How LossExpress Processes Your End Users’ Personal Information
  • When and Why We Share Your Personal Information Or Your End Users’ Personal Information
  • Automated Decision Making
  • Handling disputes relating to our data protection practices
  • How We Secure Personal Information
  • Other Information You May Find Useful
  • CCPA Notice

    Let’s Get Oriented

    LossExpress processes two broad categories of personal information when you use our products and services:

    • Your personal information as a customer (or potential customer) of LossExpress’ services — information that we refer to as Customer Account Data, and
    • The personal information of your end users who use or interact with the application — this category contains both your Customer Usage Data (e.g., communications and metadata) and your Customer Content (e.g., the contents of communications).

    LossExpress processes these categories of personal information differently because the direct relationship we have with you, our customer, is different than the indirect relationship we may have with your end users and their data.

     

    How LossExpress Processes Your Personal Information

    Data protection laws and privacy laws in certain jurisdictions, like the European Economic Area (EEA), differentiate between “controllers” and “processors” of personal information. A controller decides why and how to process personal information.

    A processor processes personal information on behalf of a controller based on the controller’s instructions. When LossExpress processes your Customer Account Data, the LossExpress entity with whom you are contracting is acting as a controller.

    Broadly speaking, we use Customer Account Data to further our legitimate interests to:

    • understand who our customers and potential customers are and their interests in LossExpress’ product and services,
    • manage our relationship with you and other customers,
    • carry out core business operations such as accounting, filing taxes, and fulfilling regulatory obligations and
    • help detect, prevent, or investigate security incidents, fraud and other abuse and/or misuse of our products and services.

    What Personal Information LossExpress collects

    While we’re on the subject of Customer Account Data and Customer Usage Data, we’d like to give you a brief summary of the categories of personal information that might be found in the Customer Account Data and Customer Usage Data that we collect from our customers and their end users, so you can know at a glance what we’re talking about.

    We collect and process personal information:

    • When you visit a LossExpress public-facing website like lossexpress.com, or make a request to receive information about LossExpress, like a LossExpress white-paper or a newsletter;
    • When you contact our Sales Team or Customer Support Team; and
    • When you sign up for a LossExpress account and use our products and services.

    We call this personal information Customer Account Data. We also collect Customer Usage Data from you when you send or receive communications through your use of our services. This data might take different forms, and we might use it for different purposes — read on for more information.

    Depending on your interactions with us, we might collect the following categories of personal information, and for the following reasons:

    • We collect Identifiers, like your name and contact information (Customer Account Data), when you sign up or use our products or services and to do things like allow you user our products, verify your identity, and communicate with you.
    • We collect Commercial information when we keep track of the services that you purchase from us and our communications history about those services.
    • We collect Financial information, such as your payment information, when you pay for our services.
    • We collect Internet and other electronic activity information, such as communications metadata, as you browse our website or use our services. This metadata may be information about how you browse our websites and what features you use on our service, or it may be your Customer Usage Data as you send communications over the service.
    • We collect Geolocation information when you use our products or services. Depending on the product or service, this could be location based on your IP address.
    • We collect Professional or employment information, such as your company or employer or your role at your company.
    • In the use of the LossExpress application, we might collect the following information: your customer’s names, addresses, phone numbers email addresses, vehicle information, vehicle loan account information, insurance claim information, or other information that counts as characteristics of protected classifications; however, we will only collect those with your knowledge and consent.

    When we’re processing your personal information as our customer, we’re generally processing Customer Account Data or Customer Usage Data. When we do, we’re a controller, as we described above, and this Privacy Statement details the rules that control our use of that data.

    In addition, as a processor and a service provider, we process Customer Content that may include personal information from any of those categories, plus others. If you’re an end user of a customer of ours, our customer will be able to help you with more details on what categories they’re collecting and using.

    What Customer Account Data LossExpress Processes When You Visit Our Website, or Make a Request for Information About LossExpress and Why

    When you visit our website or request more information about LossExpress, we collect information automatically using tracking technologies, like cookies, and through web forms where you type in your information. We collect this information to provide you with what you request through the web form, to learn more about who is interested in our products and services, and to improve navigation experience on our pages.

     

    Information You Share Directly: In some places on LossExpress’ public-facing websites, you can fill out web forms to ask to be contacted by our Sales Team, sign up for a newsletter, register for a LossExpress event, or take a survey. The specific personal information requested on these forms will vary based on the purpose of the form. We will ask you for information necessary for us to provide you with what you request through the form (for example, we will ask you for your email address if you want to sign up for an email newsletter and for your phone number if you want a member of our Sales Team to call you). We may also ask you for additional information to help us understand you better as a customer like your LossExpress use case, your company name, or your role at your company. If you sign up to receive ongoing marketing communications from LossExpress, like a newsletter, you can always choose to opt out of further communications through a preferences page which will be linked from any marketing email you receive from LossExpress.

    Information We Collect Automatically: When you visit LossExpress websites, including our web forms, we and our service providers acting on our behalf automatically collect certain information using tracking technologies like cookies, web beacons, and similar technologies. We use this information to understand how visitors to our websites are using them and which pages and features of the websites are most popular. This helps us understand how we can improve our websites and track performance of our advertisements. In addition, we use tracking technologies to help improve the navigation experience on LossExpress websites. We don’t sell this information to third parties, though.

    What Customer Account Data LossExpress Processes When You Communicate with Our Sales or Customer Support Teams and Why

    You may share personal information, like your contact information, with a member of our Sales or Customer Support Team when you communicate with them. We keep a record of this interaction.

     

    If you contact our Sales or Customer Support Teams, those teams keep a record of that communication, including your contact details and other information you share during the course of the communication. We store this information to help us keep track of the inquiries we receive from you and from customers generally so we can improve our products and services and provide training to team members. This information also helps our teams manage our ongoing relationships with our customers. Because we store a record of these communications, please be thoughtful about what information you share with our Sales and Customer Support Teams. While we will take appropriate measures to protect any sensitive information you share with us, it is best to avoid sharing any personal or other sensitive information in these communications not necessary for these teams to assist you.

    What Customer Account Data LossExpress Processes When You Sign Up for and Log Into a LossExpress Account and Why

    When you sign up for an account with us, we ask for certain information like your contact details and billing information so we can communicate with you and so you can pay for our products and services. We also collect some information automatically, like your IP address, when you log in to your account or when your software application built on LossExpress makes requests to our APIs. We use this to understand who is using our services and how, and to detect, prevent and investigate fraud, abuse, or security incidents.

     

    Information You Share Directly: When you sign up for a LossExpress account with us, you’ll be asked to give us your name, email address, and optionally, your company name, and to create a password. You can also name your account (or accounts, if you have more than one). We collect this information so we know who you are, we can communicate with you about your account(s), and we can recognize you when you communicate with us through the account portal or otherwise.

    We also use your email address to send you information about other LossExpress products, services or events in which we think you may be interested. You can opt out of further marketing communications through your marketing preferences page linked from any marketing email you receive from LossExpress.

    When you first sign up for an account, we also ask you for a telephone number so we can communicate a verification code to that telephone number and have you enter the code into our website. This helps us ensure you’re actually a human being. A LossExpress team member may also contact you at this number to help you with on-boarding unless you tell us you don’t want us to contact you.

    When you upgrade your trial account, if applicable, we’ll ask you to provide our payment processor with your payment method information like a credit card, and/or your billing address. Our payment processor, acting on our behalf, gathers this so we can bill you for your use of our products and services. Our payment processor will share your billing address with LossExpress. Your billing address may also be used by LossExpress for tax calculation and audit purposes.

    For some products, we may also obtain a physical address from you that includes a proof of address, name, or other identification information. For example, to get a phone number in certain countries, local law may require us to have a physical service address on file for the individual who will be using that LossExpress number, whether that’s you or your end user, and/or proof of identity and physical service address. We call these “subscriber records.”

    We may have to share subscriber records with the local telecommunications carrier that provides local connectivity services or with local government authorities. We may also use this physical service address for tax purposes.

    Similarly, for some of our products, you or your end user, whoever is going to be making use of the product, may have to complete an application form providing details about your company and your intended use of the product, like when you are interested in getting a short code. We’ll use this information for the purpose for which it was gathered from you. We may also use it in connection with improving our own internal processes and services or training our team members.

    Information We Generate or Collect Automatically. When you sign up for an account with LossExpress, we’ll automatically assign you and your account(s) unique IDs called SIDs and/or we’ll automatically generate an API token for each of your accounts. These are used like a username and password to access the application and/or make API requests. Instead of using these API tokens, you can provision API Keys, and use your API key for authentication when making requests to our APIs. We keep a record of these credentials so we know it is you making the requests when your application makes requests to our API using these credentials.

    In addition, when you use our account portal, we collect your IP address and other data through tracking technologies like cookies, web beacons, and similar technologies. We use this information to understand how customers are using our platform, who those customers are (if they are a company and the IP address is associated with that company), what country they are logging in from (for analytics and export control purposes), and to help improve the navigation experience.

    Note that we also collect the IP address of your devices or servers when you make requests to our APIs. When you use our APIs, we also collect and process the information contained in those interactions.

    All information we collect when you sign up for a LossExpress account and interact with the LossExpress account portal or our products or services may be used to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and services. We will also use it, and share it with our service providers, as needed for our operational purposes — such as to do things to function as a business and provide our services to you.

    Other Customer Account Data We Collect and Why 

    We may collect information about you, as our customer, from publicly-available sources so we can understand our customer base better. We may use publicly-available information about you through services like LinkedIn, or we may obtain information about your company from third party providers to help us understand our customer base better, such as your industry, the size of your company, and your company’s website URL.

    How Long We Store Your Customer Account Data

    LossExpress will store your Customer Account Data as long as needed to provide you with our services and to operate our business. If you ask LossExpress to delete specific personal information from your Customer Account Data (see ‘How To Make Choices About Your Customer Account Data’ below), we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.

     

    Here is an overview of how long we hold on to Customer Account Data in a form that can be used to identify you, unless there is a specific need or obligation to retain your information longer (like in the case of an open investigation, audit or other legal matter):

     

    • Customer Account Data stored in our customer relationship management system(s) is generally stored up to 7 years following closure of your account. Invoice records, including their digital equivalent, may be retained in identifying form by LossExpress for longer periods for accounting, tax, and audit purposes depending on and in accordance with applicable law.
    • Similarly, where we collect subscriber records, such as a physical address or identity information, in connection with providing our communications products and services, we will retain this data as needed for legal, security and anti-fraud purposes and depending on and in accordance with applicable local law.
    • We may retain your communications with LossExpress’ Customer Support Teams for up to 3 years after your account is closed.
    • Apart from the above, within 60 days following closure of your account, we will either delete other Customer Account Data or transform it such that it can no longer be used to identify you.

    How To Make Choices About Your Customer Account Data

    You can make various choices about your Customer Account Data through the account portal, such as accessing it, correcting it, deleting it, or updating your choices about how it is used, when you log into your LossExpress account or through the preferences center. Any other requests about your data you cannot make through these self-service tools, you can request by emailing info@lossexpress.com.

     

    Closing Your Account and Deletion. To request closure or deletion of your LossExpress account, you can email us at info@lossexpress.com. You should know that closure and/or deletion of your LossExpress account will result in you permanently losing access to your account and data in the account. Please note that certain information associated with your account may nonetheless remain on LossExpress’ servers in an aggregated form that does not identify you or your end users. Similarly, data, including personal information, associated with your account we are required to maintain for legal purposes or for necessary business operations (see “How Long We Store Your Customer Account Data” section above) will be retained after account closure until no longer needed.

    Promotional Communications. You can choose not to receive promotional emails from LossExpress by following the unsubscribe/opt-out instructions in those emails. Please note that even if you opt out of promotional communications, we may still send you non-promotional messages relating to things like updates to our terms of service or privacy notices, security alerts, and other notices relating to your access to or use of our products and services.

    Cookies and Tracking Technologies. How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used.

    Other Choices About Your Customer Account Data. In addition, you can express other choices about your Customer Account Data (i.e., accessing it, deleting it, restricting its use, porting it, or withdrawing consent for its use) by contacting info@lossexpress.com.

    If you are an end user of an application or process built on LossExpress’ platform and not a direct customer of LossExpress, you should direct requests relating to your personal information to the relevant application provider in accordance with the application provider’s own privacy policy.

    California Consumer Access and Deletion Rights 

    For those customers that would like more information about our use of Customer Account Data or Customer Usage Data, you have the ability to request:

    • that we provide details about the categories of personal information that we collect about you, including how we collect and share it;
    • that we provide you access to the personal information we collect about you; and
    • that we delete the personal information we have about you.

    Please be aware that when you ask us for these things, we will take steps to verify that you are authorized to make the request.

     

    As part of the services we provide to our customers, we provide you with a number of self-service features at no additional cost, including the ability to access your data, download a copy of your data, delete your data, or restrict the use of your data. If you need more help than that, let our Support team know; we will provide reasonable and timely assistance to assist you.

    Please keep in mind that when you ask us for your personal information, or you ask us to delete your personal information, we may need to withhold or retain some of that personal information for security, legal, or anti-fraud reasons. Also, we do need some of the Customer Account Data and Customer Usage Data we have to maintain customer accounts. If you ask us to delete that information, we may not be able to continue providing you our services. This also means that we won’t be able to provide access to or delete information about customers who are the point of contact for businesses that use our services. If you would like to request access or deletion, you may email info@lossexpress.com.

    How LossExpress Processes Your End Users’ Personal Information 

    Your end users’ personal information typically shows up on LossExpress’ platform in a few different ways:

    • Communications-related personal information about your end users, like your end users’ phone numbers for number-based communications, your end users’ email addresses for email communications, IP addresses for IP-based communications, or device tokens for push notifications, show up in our systems when you use or intend to use this information to contact your end user through use of our products and services.
    • Your end users’ personal information may show up in “friendly names,” which are strings you provide, if you choose to include your end users’ personal information as part of a string.
    • Your end users’ personal information may also be contained in the content of communications you (or your end users) send or receive using LossExpress’ products and services.

    We call the information in the first two bullets above Customer Usage Data. The information in the third bullet is what we refer to as Customer Content.

    As noted above, data protection law (including privacy law) in certain jurisdictions, like the EEA, differentiate between “controllers” and “processors” of personal information. When LossExpress processes Customer Content, we generally act as a processor. When we process Customer Usage Data, we act as a processor in many respects, but we may act as a controller in others. For example, we may need to use certain Customer Usage Data for the legitimate interests of billing, reconciling invoices with telecommunications carriers, and in the context of troubleshooting and detecting problems with the network.

    What Customer Usage Data and Customer Content LossExpress Processes and Why 

    We use Customer Usage Data and Customer Content to provide services to you and to carry out necessary functions of our business as a communications service provider. We do not sell your end users’ personal information and we do not share your end users’ information with third parties for those third parties’ own business interests.

     

    The particular end user personal information LossExpress processes when you, our customer, use our products and services and the reason LossExpress processes depends on how you use our products and services and which LossExpress products and services you use.

    In some cases, you can opt to store records of your communications, or other activities, on LossExpress, which may include your end users’ personal information. You may also have the option to use additional features or tools within LossExpress’ products or services that allow you to do things such as analyze the records, including end user personal information, in your LossExpress account. In those cases, LossExpress will process this information to provide you with the service you request.

    In addition, records containing end user personal information may, from time to time, also be used in debugging or troubleshooting or in connection with investigations of security incidents, as well as for the purposes of detecting and preventing spam or fraudulent activity, and detecting and preventing network exploits and abuse. It may also be anonymized, as allowed by law, and we may use data that can no longer identify you or relate to you for our legitimate business needs.

    How Long Do We Store Customer Usage Data and Customer Content and Exercising Choices About End User Personal Information

    Details regarding how long your end user personal information may be stored on LossExpress’ systems and how to delete, access, or exercise other choices about end user data will depend on which LossExpress products and services you are using and how you are using them.

     

    As a LossExpress customer, if the LossExpress product or service you use enables you to store records of your usage on LossExpress, including personal information contained within those records, and you choose to do so, then LossExpress will retain these records for as long you instruct. In some cases, use of extended storage may cost more. If you later instruct us to delete those records, we will do so. Please note that it may take up to 30 days for the data to be completely removed from all systems. In some cases, a copy of those records, including the personal information contained in them, may nonetheless be retained to carry out necessary functions like billing, invoice reconciliation, troubleshooting, and detecting, preventing, and investigating spam, fraudulent activity, and network exploits and abuse. Sometimes legal matters arise that also require us to preserve records, including those containing personal information. These matters include litigation, law enforcement requests, or government investigations. If we have to do this, we will delete the impacted records when no longer legally obligated to retain them. We may, however, retain or use records after they have been anonymized, if the law allows.

    When and Why We Share Your Personal Information Or Your End Users’ Personal Information

    We do not sell or allow your Customer Account Data to be used by third parties for their own marketing purposes, unless you ask us to do this or give us your consent to do this. Further, we do not sell your end users’ personal information. We also do not share it with third parties for their own marketing or other purposes, unless you instruct us to do so. You can read more in our CCPA Notice contained herein.

     

    Below are the different scenarios under which we may share your data with third parties.

    • Telephony operators as necessary for proper routing and collection of data to provide the LossExpress products and services. LossExpress provides an easier way to collect data for your business process needs that includes sending communications to telephony operators to collect such data. Therefore, communications-related data is shared with and received from telephony operators as necessary to provide the LossExpress products and services. How those telephony operators handle this data is generally determined by those operators’ own policies and local regulations.
    • Third-party service providers or consultants. LossExpress engages certain third-party service providers to carry out certain data processing functions on our behalf. These providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances they will appropriately safeguard the data.
    • Sub-processors. We may share Customer Content with sub-processors who assist in providing the LossExpress services, like our infrastructure provider, or as necessary to provide optional functionality like transcriptions.
    • Add-on Partners. Add-ons are additional features, functionality or services offered by LossExpress’ Add-on Partners (third parties not affiliated with LossExpress). LossExpress may make Add-ons available through the LossExpress Marketplace. Some Add-ons may need to access or collect some of your information, including personal information. If you choose to use an Add-on, LossExpress will share your information with the Add-on Partner so you can use the Add-on. LossExpress does not control Add-on Partners’ use of your information and their use of your information will be in accordance with their own policies. If you do not want your information to be shared with an Add-on Partner, then you should not use the Add-on.
    • Compliance with Legal Obligations. We may disclose your or your end users’ personal information to a third party if (i) we reasonably believe that disclosure is compelled by applicable law, regulation, legal process, or a government request (including to meet national security, emergency services, or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. If LossExpress is required by law to disclose any personal information of you or your end user, we will notify you of the disclosure requirement, unless prohibited by law. Further, we object to requests we do not believe were issued properly.
    • Other LossExpress Group Entities. We may share your personal information or your end users’ personal information within the LossExpress group of companies or affiliates. We, our subsidiaries and affiliates will only use the information as described in this notice.
    • Business transfers. If we go through a corporate sale, merger, reorganization, dissolution or similar event, data we gather from you may be part of the assets transferred or shared in connection with the due diligence for any such transaction. In that situation, and that situation only, we might transfer your data in a way that constitutes a sale under applicable law. If we do, we’ll let you know ahead of time, and any acquirer or successor of LossExpress may continue to process data consistent with this notice.
    • Aggregated or de-identified data. We might also share data with third parties if the data has been de-identified or aggregated in a way so it cannot be used to identify you or your end users.

    If you’re a Californian interested in what personal information we have shared lately for our business purposes, here’s a list:

    • Identifiers
    • Commercial information
    • Financial information
    • Internet or other electronic activity information
    • Geolocation information
    • Professional or employment information

    By “our business purposes,” we mean that we only share personal information as we describe in this section (in other words, with telephony operators, communications providers, and so on).

     

    Automated Decision Making

    LossExpress may use automated decision making using a variety of signals derived from account activity to help identify and suspend accounts sending spam or engaged in other abusive or fraudulent activity. Holders of accounts suspended under these circumstances are notified of the suspension and given an opportunity to request human review of the suspension decision.

    Handling disputes relating to our data protection practices

    We hope we can resolve any disputes relating to our data protection practices between us. You can raise your concern or dispute by emailing our Privacy Team at info@lossexpress.com or by writing to us at:

    LossExpress, 2323 Ross Avenue, Suite 1700, Dallas, TX 75201

     

    If you have a dispute with us relating to our data protection practices, please contact us by email us at info@lossexpress.com.

    If we can’t resolve the dispute through those channels, please see Section 18 (Agreement to Arbitrate) of our Terms of Service, which describes how disputes will be resolved between us. As described in that section, the American Arbitration Association (http://www.adr.org) will conduct the dispute resolution proceedings. Please be sure to review our Terms of Service, including Section 18, before you use any of our products and services.

    How We Secure Personal Information

    We use appropriate security measures to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place.

    Please note that no service is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.

     

    To protect the confidentiality of your account and protect from unauthorized use of your account, we recommend enabling two-factor authentication for your account. Additionally, you must keep your account password and Auth Token confidential and not disclose them publicly or to unauthorized individuals — this includes accidentally distributing them in a binary or checking them into source control. Please let us know right away if you think your password or Auth Token was compromised or misused.

    Similarly, if you provision an API Key, you should keep your secret, well… secret. You should store your API Key Account SID and secret in a secure location.

    Other Information You May Find Useful

    Here’s some other information about our privacy practices, such as how we handle certain types of data like children’s data or protected health information, how we handle do-not-track signals, what to expect if we make changes to our notice, and the legal bases for processing personal information.

     

    Information from Children

    We do not knowingly permit children (under the age of 13 in the US) to sign up for a LossExpress account. If we discover someone who is underage has signed up for a LossExpress account, we will take reasonable steps to promptly remove that person’s personal information from our records. If you believe a person who is underage has signed up for a LossExpress account, please contact us at info@lossexpress.com.

    Do-Not-Track Signals

    LossExpress does not currently respond to web browser’s Do-Not-Track signals. You can learn more about Do Not Track here.

    Changes to Our Privacy Notice

    We may change our Privacy Notice from time to time. If we make changes, we’ll revise the “Updated” date at the top of this notice, and we may provide additional notice such as on the LossExpress website homepage, account portal sign-in page, or via the email address we have on file for you. We will comply with applicable law with respect to any changes we make to this notice and seek your consent to any material changes if this is required by applicable law.

    If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact information provided in the introduction section of this privacy statement.

     

    CCPA Notice

    This notice supplements the LossExpress Privacy Policy as well as any other agreement you have with us, such as the LossExpress Terms of Service, Master License Agreement, or other agreement for the use of our services. Any terms we use in this notice that aren’t defined here will have the meanings we give them in those agreements. 

    Let’s get oriented

    Our Privacy Policy defines Customer Account Data, Customer Usage Data, and Customer Content. We’ll refer to those here, too…but mostly, we’re talking about our customers’ personal information. Personal information is defined in the California Consumer Privacy Act, or “CCPA,” and we use that definition.

    We will also talk about some other terms from the same law, such as “consumer,” “business,” “service provider,” “business purpose,” or “commercial purpose,” and those also have the definitions set out in that law.

    When we talk about a “sale,” or “selling,” personal information, we are using the definitions of “sale,” and “sell” as defined in the CCPA. It’s important that we be clear on what this means: it means we don’t sell, rent, or otherwise disclose your personal information in exchange for money or something else of value.

     

    LossExpress’ relationship with you under California law

    The LossExpress Privacy Policy describes “controllers” and “processors,” and discusses the purposes for which we process personal information in Customer Account Data, Customer Usage Data, and Customer Content. For the purposes of the CCPA, in the same way that we act as a processor of Customer Content, we act as a service provider for Customer Content. For Customer Account Data and Customer Usage Data, we act as a business, which means that we may use this data for our own business purposes. Regardless of whether we are acting as a business or a service provider, we process, retain, use, and disclose personal information only as necessary to provide the services we have agreed to provide. In other words, we use the personal information we have strictly for business purposes. You can read more about our business purposes for each type of personal information in our Privacy Policy. Regardless, we will not:

    • sell your personal information or your end users’ personal information;
    • process your personal information for any commercial purpose other than providing the services; or
    • retain, use, or disclose your personal information outside of the scope of the agreement we have with you.

    To be clear, we are not receiving any of your personal information or your end users’ personal information as consideration for any services or other items of value that we provide to you. We also understand our obligations under the CCPA and will comply with them.

    By the same token, you are responsible for ensuring that you have complied, and you will continue to comply, with the requirements of the CCPA in your use of the services we provide to you and your own processing of personal information.

     

    LossExpress’ obligations under California law

    We will ensure that any person we authorize to process your Customer Content has agreed to protect personal information consistent with our confidentiality obligations under our agreement with you.

    We use third party service providers to fulfill our obligations under our agreement with you and for our own business purposes. When we do use service providers, we have entered into a written contract that includes terms substantially similar to this notice. We conduct appropriate due diligence on our service providers and we will remain liable for any breach of this notice that is caused by an act, error, or omission of our service providers.

     

    Your access and deletion rights

    As part of the services we provide to you, we provide you with a number of self-service features at no additional cost, including the ability to delete, retrieve, or restrict use of Customer Content, which you may use in complying with your obligations under the CCPA with respect to responding to requests from consumers. If you need more assistance than that, let our Support team know; we will provide reasonable additional and timely assistance to assist you in complying with your obligations with respect to consumer access and deletion requests under the CCPA. If additional assistance requires going above and beyond what Support can provide, further assistance may be at your expense.

    In the event that we receive any request, complaint, or other communication from a verifiable consumer, regulatory authority, or third party in connection with our processing of your Customer Content, we will promptly inform you and provide details, to the extent legally permitted. Unless legally obligated to do so, we will not respond to any such request, inquiry or complaint without your prior consent except to confirm that the request relates to you.

     

    Data retention and deletion of content

    We hate to see any relationship end. However, if our agreement with you terminates, we will give you thirty days after the termination effective date to obtain a copy of your Customer Content via the LossExpress Services. We’ll automatically delete any stored Customer Content thirty days after the termination effective date, and automatically delete any stored Customer Content on our back-up systems sixty days after the termination effective date. 

    Upon termination of our agreement with you, we may retain Customer Content in storage for the periods described in this section, provided that we will ensure that your Customer Content is processed only as necessary for the purpose specified in this notice and no other purpose. Also, at all times, we will ensure that we protect Customer Content as we have promised to, and as the law requires us to.

    Of course, if we are required by law to retain any portion of your Customer Content, we may do so, regardless of the requirements of this section. If we must do so, we will ensure we maintain the same security protections on your Customer Content.

     

    Security

    As part of the services, you may elect to use certain features and functionalities that impact the security of the data processed, such as TLS encryption or use of multi-factor authentication on your account. You are responsible for reviewing the information we make available regarding our data security, including our audit reports, and making an independent determination as to whether the services we provide to you meet your requirements and legal obligations, including your legal obligations. You are also responsible for properly configuring the services we provide to you and using available features and functionalities to maintain appropriate security in light of the nature of the data you’re processing.

    In the event that we become aware of a security breach that involves your Customer Content, we will, to the extent we’re permitted by law, notify you without undue delay via your account owner’s email address. We will make reasonable efforts to identify and, to the extent any security incident is caused by our violation of the requirements of this notice, remediate the cause of the security incident. We will provide reasonable assistance to you in the event that you are required by law to notify a regulatory authority or any individuals of a security incident.

     

    Material changes in our practices or in the law

    We may modify this notice where required, such as due to a material change in our business practices with respect to your personal information or due to a material change in the CCPA. If this happens, we’ll notify you before such modifications take effect as our agreement with you provides.