This privacy policy is effective as of January 1, 2021.
Your privacy is very important to Spitfire Underwriting Inc. ("Spitfire").
Spitfire operates as a Managing General Agent (MGA) in Canada on behalf of insurance companies by providing underwriting services for risks though Spitfire’s online portal, and/or manually underwritten. In order to provide these services, and to ensure we can assist the insurance companies we represent to make informed underwriting and claims decisions, it is necessary that we obtain information about you and / or your businesses on their behalf. We will keep your personally identifiable information in confidence and access to that information will be restricted to those having a legitimate need to review or use that information.
Spitfire complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy legislation. For more information about PIPEDA, please visit the Office of the Privacy Commissioner of Canada's 'Privacy laws in Canada' website at www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada.
This privacy policy covers any personally identifiable information collected by Spitfire. The following is considered personally identifiable information and is explicitly protected under PIPEDA:
Spitfire is responsible for personally identifiable information under its control. Spitfire's Privacy Officer is accountable for Spitfire’s policy with respect to the management of personally identifiable information and is the person to whom complaints and inquiries can be forwarded.
Spitfire collects, uses and discloses personally identifiable information for the following purposes:
Spitfire will not use or disclose your personally identifiable information for any additional purpose unless we obtain your consent to do so.
Spitfire will not sell user lists or personally identifiable information to other parties.
Canada's privacy laws stipulate that an individual's consent is required prior to or at the time we collect his or her personally identifiable information. Consent is also required prior to disclosing any personally identifiable information to a third party, except in certain situations identified in the legislation. We rely on the following actions by you as indications of your consent to our use of your personally identifiable information until you notify us of your withdrawal of your consent:
By providing personally identifiable information about a third party such as a family member, director, officer or employee by any of the above methods, you represent that you have obtained their consent to the collection, use and disclosure of such personally identifiable information in accordance with this Privacy Policy.
In the event you request changes, endorsements, renewals or cancellations to your policy or bond, the original consent provided to us will remain in effect.
For certain products and where allowed by law, you may be given the option to give consent for us to access limited credit information about you or your company's shareholders from a credit reporting agency. Consent will be explicitly requested by us and you must provide explicit consent before we will attempt to obtain such credit information.
Please note that if you refuse or withdraw consent to the collection, use or disclosure of your personally identifiable information we may be unable to allow access to the secure sections of our website or provide the product or service requested.
Spitfire limits the collection of personally identifiable information to that which is necessary for the purposes identified.
Spitfire will not use disclosed personally identifiable information for purposes other than those for which it was collected, except with your consent or as permitted by law. Spitfire will retain personally identifiable information only as long as necessary for the fulfilment of those purposes or to satisfy our legal or business obligations.
Spitfire will keep your personally identifiable information as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
You may request corrections to your personally identifiable information in order to ensure its accuracy and completeness. A request to correct personally identifiable information must be made in writing and provide sufficient detail to identify the personally identifiable information and the correction being sought.
If the personally identifiable information is demonstrated to be inaccurate or incomplete, we will correct the information as required and send the corrected information to any organization to which we disclosed the personally identifiable information in the previous year. If the correction is not made, we will note your correction request in the file.
Spitfire is committed to ensuring the security of your personally identifiable information in order to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks.
Spitfire will protect your personally identifiable information by various physical, technological and organizational safeguards. Spitfire will protect personally identifiable information using security safeguards appropriate to the sensitivity of the information.
All interactions where we collect personally identifiable information on our website will be done using secure sockets layer protocol (encrypted).
Spitfire will not process, store or transfer personally identifiable information collected in Canada to any entity, server or location outside of Canada.
Spitfire will use appropriate security measures when destroying your personally identifiable information.Spitfire will continually review and update our security policies and controls as technology changes to ensure ongoing personally identifiable information security.
Upon written request, Spitfire will make available to you specific information about our policies and practices relating to the management of personally identifiable information.
Upon written request, Spitfire will inform you of the existence, use, and disclosure of your personally identifiable information and will give you access to that information, subject to limited exceptions. A minimal fee may be charged for providing access to personally identifiable information. Where a fee may apply, we will inform you of the cost and request further direction from you on whether or not we should proceed with the request. If a request is refused in full or in part, we will notify you in writing, providing the reasons for refusal and the recourse available to you.
An individual shall be able to address a challenge concerning compliance with the above principles to Spitfire's Privacy Officer.