Privacy

Bima Privacy Policy

Last modified on January 17, 2024

Bima’ services enable users to achieve cybersecurity compliance. This Privacy Policy describes how we handle personal information in connection with operating our websites, interacting with prospective and current users and customers, and providing our services.

Our websites and services are designed for business customers. For purposes of the Privacy Policy, with the exception of job applicants, we treat all individuals who interact with us as representatives of businesses to which we may provide services or that may provide services to us, and not as individuals acting in their personal capacity.

Our customers may choose to include personal information in the spreadsheets they create with our services. We do not control the contents of the spreadsheets, and handle the information in the spreadsheets in our role as a service provider/processor on behalf of our business customers, pursuant to our agreements with those customers.

Personal Information We Collect

We may collect information about you when you visit our websites, use our services as an authorized user of one of our customers, or otherwise interact with us.

You may provide information to us, such as:

Contact and account data, such as your first and last name, email address, job function, size of employer, account level, and spreadsheet needs.
Payment and transaction data. This information is collected by our payment service provider, Stripe, and we do not have access to payment card numbers.
Communications that we exchange with you, including when you contact us with questions, feedback, or otherwise.
Google analytics data that you provide us access to when you connect a Google Analytics account to Bima.
Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them.
Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

We may also collect information about you from:

Third parties, such as data providers, third-party advertisers, and others.
Public sources, such as social media platforms.

Automatic data collection. We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our website, services, and communications, such as:

Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state or geographic area.
Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to our website, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.

We use the following tools for automatic data collection:

Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

How We Use Personal Information

We use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery. We use your personal information to:

Provide, operate, analyze, and improve our website, services, and our business;
Communicate with you about our services, including by sending
Provide support for our services, and respond to your requests, questions and feedback.

Research and development. To continue to operate and improve our website and services, and to create new features and capabilities for our users, we may create and use aggregated, de-identified or other anonymous data from personal information we process.

Marketing and advertising. We may use personal information for marketing and advertising purposes, including:

Direct marketing. We may send you marketing communications about our services; and
Interest-based advertising. We may engage third party advertising companies and social media companies to advertise our services. We and our advertising partners may use cookies and similar technologies to collect information about your interaction (including the data described in the “Automatic data collection” section above) over time across the web, our communications and our corporate website, and use that information to serve online ads. You can learn more about your choices for limiting interest-based advertising in the “Online tracking opt out” section below.

Compliance and protection. We may use personal information to:

Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
Protect our, your or others’ rights, privacy, safety, or property (including by making and defending legal claims);
Audit our internal processes for compliance with legal and contractual requirements and internal policies;
Enforce the terms and conditions that govern our website and services; and
Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft.

Note: we never use your Google analytics data for any purpose other than “Service delivery” as defined above. This is distinct from our Google analytics data that is collected automatically by our systems for our purposes.

How We Use Personal Information

We may share your personal information with:

Service providers. Companies and individuals that provide services on our behalf or help us operate our services or our business (such as hosting, information technology, customer support, email delivery, and website analytics services).

Advertising partners. When you visit our website, third party advertising companies may use automated technologies to collect information for interest-based advertising purposes described above. We do not allow advertising partners to collect this data from our web application after you log into your Bima account.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Bima or our affiliates (including, in connection with a bankruptcy or similar proceedings)

Job Applicants

When you apply for a job with Bima, we collect the information that you provide in connection with your job application. This includes name, contact information, professional credentials and skills, educational and work history, and other information that may be included in a resume or provided during interviews (which may be recorded). We may also conduct background checks and receive related information.

We use applicants’ information to facilitate our recruitment activities and process employment applications, including evaluating candidates and monitoring recruitment statistics. We also use successful applicants’ information to administer the employment relationship. We may also use and disclose applicants’ information to improve our website and for the compliance and protection purposes described above.

Your Choices

Opt out of marketing communications. You may opt out of marketing-related communications by following the instructions contained in the marketing communications we send you.

Online tracking opt-out. There are a number of ways to limit online tracking, which we have summarized below:

Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers. You can also opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.
Platform opt outs. The following advertising partners offer opt out features that let you opt out of use of your information for interest-based advertising:
Google: www.adsettings.google.com
Facebook: www.facebook.com/about/ads
Twitter: www.twitter.com/settings/personalization
Advertising industry opt out tools. You can also use these opt out options to limit use of your information for interest-based advertising by participating companies:
Digital Advertising Alliance for Websites: outout.aboutads.info
Network Advertising Initiative: optout.networkadvertising.org

Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to "Do Not Track" or similar signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.

Retention of Personal Data

Bima shall retain data as long as the company has a need for its use, or to meet regulatory or contractual requirements.

Customer accounts and data shall be deleted within 90 days of contract termination and formal written request through manual data deletion processes.

Other Sites and Services

Our website may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.

Data Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, no security measures are failsafe and we cannot guarantee the security of your personal information.

Children

The website and services are not intended for use by children under 18 years of age. If we learn that we have collected personal information through our services from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the website.

How to Contact Us

You can reach us by email at privacy@bimasecurity.com.