Privacy Policy

This privacy policy is effective as of January 1, 2021.

Your privacy is very important to Spitfire Underwriting Inc. ("Spitfire").

Spitfire operates as a Managing General Agent (MGA) in Canada on behalf of insurance companies by providing underwriting services for risks though Spitfire’s online portal, and/or manually underwritten. In order to provide these services, and to ensure we can assist the insurance companies we represent to make informed underwriting and claims decisions, it is necessary that we obtain information about you and / or your businesses on their behalf. We will keep your personally identifiable information in confidence and access to that information will be restricted to those having a legitimate need to review or use that information.

Spitfire complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy legislation. For more information about PIPEDA, please visit the Office of the Privacy Commissioner of Canada's 'Privacy laws in Canada' website at www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada.

This privacy policy covers any personally identifiable information collected by Spitfire. The following is considered personally identifiable information and is explicitly protected under PIPEDA:

Age, name, ID numbers, income, ethnic origin, or blood type
Opinions, evaluations, comments, social status, or disciplinary actions
Employee files, credit records, loan records, medical records, existence of a dispute between a customer and a merchant, intentions (for example, to acquire goods or services, or change jobs).

Accountability

Spitfire is responsible for personally identifiable information under its control. Spitfire's Privacy Officer is accountable for Spitfire’s policy with respect to the management of personally identifiable information and is the person to whom complaints and inquiries can be forwarded.

Marc Sargent

Privacy Officer

 marc@spitfireunderwriting.com

 +1 416-583-2403

Identifying Purposes

Spitfire collects, uses and discloses personally identifiable information for the following purposes:

Offering insurance quotes, policies, bonds, and related products and services on behalf of our insurers,
Assisting our insurers to make informed underwriting and claims decisions,
Helping our insurers to administer and process insurance products and services,
Assisting our insurers to establish and maintain communication with you through your broker,
Verifying your identity and the accuracy of your personally identifiable information,
Tracking your usage of our website,
Determining your eligibility for products offered on behalf of our insurers,
Facilitating and tracking your payment of premiums, fees and taxes,
Assisting our insurers to investigate and settle claims,
Detecting and preventing fraud and unauthorized or illegal activities,
Sharing your information with our insurers, provided there are reasonable safeguards and it is legally permitted,
Compiling statistics or aggregate data,
Assisting our insurers to report to regulatory or industry oversight entities as required by law,
Gathering your feedback to help our insurers improve their products and services,
Complying with all applicable laws.

Spitfire will not use or disclose your personally identifiable information for any additional purpose unless we obtain your consent to do so.

Spitfire will not sell user lists or personally identifiable information to other parties.

Consent

Canada's privacy laws stipulate that an individual's consent is required prior to or at the time we collect his or her personally identifiable information. Consent is also required prior to disclosing any personally identifiable information to a third party, except in certain situations identified in the legislation. We rely on the following actions by you as indications of your consent to our use of your personally identifiable information until you notify us of your withdrawal of your consent:

Your voluntary provision of personally identifiable information directly to us or through our insurers, brokers, or agents or their representative for the purpose of acquiring an insurance or surety contract or related product or service (including information previously provided to us),
Your request for website access by signing up for a website account,
Your logging in to one of our websites using your selected or assigned unique log in name and password,
Your consent solicited by us (or our agent) for a specified purpose,
Your receipt of this Privacy Policy,
Your consent given through your authorized representative such as an agent, legal guardian or holder of a power of attorney.

By providing personally identifiable information about a third party such as a family member, director, officer or employee by any of the above methods, you represent that you have obtained their consent to the collection, use and disclosure of such personally identifiable information in accordance with this Privacy Policy.

In the event you request changes, endorsements, renewals or cancellations to your policy or bond, the original consent provided to us will remain in effect.

For certain products and where allowed by law, you may be given the option to give consent for us to access limited credit information about you or your company's shareholders from a credit reporting agency. Consent will be explicitly requested by us and you must provide explicit consent before we will attempt to obtain such credit information.

Please note that if you refuse or withdraw consent to the collection, use or disclosure of your personally identifiable information we may be unable to allow access to the secure sections of our website or provide the product or service requested.

Limiting Collection

Spitfire limits the collection of personally identifiable information to that which is necessary for the purposes identified.

Limiting Use, Disclosure, and Retention

Spitfire will not use disclosed personally identifiable information for purposes other than those for which it was collected, except with your consent or as permitted by law. Spitfire will retain personally identifiable information only as long as necessary for the fulfilment of those purposes or to satisfy our legal or business obligations.

Accuracy

Spitfire will keep your personally identifiable information as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

You may request corrections to your personally identifiable information in order to ensure its accuracy and completeness. A request to correct personally identifiable information must be made in writing and provide sufficient detail to identify the personally identifiable information and the correction being sought.

If the personally identifiable information is demonstrated to be inaccurate or incomplete, we will correct the information as required and send the corrected information to any organization to which we disclosed the personally identifiable information in the previous year. If the correction is not made, we will note your correction request in the file.

Safeguards

Spitfire is committed to ensuring the security of your personally identifiable information in order to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks.

Spitfire will protect your personally identifiable information by various physical, technological and organizational safeguards. Spitfire will protect personally identifiable information using security safeguards appropriate to the sensitivity of the information.

All interactions where we collect personally identifiable information on our website will be done using secure sockets layer protocol (encrypted).

Spitfire will not process, store or transfer personally identifiable information collected in Canada to any entity, server or location outside of Canada.

Spitfire will use appropriate security measures when destroying your personally identifiable information.Spitfire will continually review and update our security policies and controls as technology changes to ensure ongoing personally identifiable information security.

Openness

Upon written request, Spitfire will make available to you specific information about our policies and practices relating to the management of personally identifiable information.

Individual Access

Upon written request, Spitfire will inform you of the existence, use, and disclosure of your personally identifiable information and will give you access to that information, subject to limited exceptions. A minimal fee may be charged for providing access to personally identifiable information. Where a fee may apply, we will inform you of the cost and request further direction from you on whether or not we should proceed with the request. If a request is refused in full or in part, we will notify you in writing, providing the reasons for refusal and the recourse available to you.

Challenging Compliance

An individual shall be able to address a challenge concerning compliance with the above principles to Spitfire's Privacy Officer.