1. PURPOSE OF THIS DOCUMENT
1.1 Risk Management Advisors (Cayman) Ltd (“RMA Cayman”), Risk Management Advisors, Inc. (“RMA”) and RSC Insurance Brokerage, Inc. (“Risk Strategies” and together with RMA and RMA Cayman, the “Company”) are committed to being responsible custodians of the information you provide to us and the information we collect in the course of operating our business and providing insurance management and related services.
1.2 This Privacy Notice sets out how the Company may collect, use and share information about you and individuals connected to you and describes:
- The types of information, including personal data, we may collect;
- How we may use and share the information we collect;
- Legal grounds for using personal data;
- The measures we have in place to protect and safely store the information we collect;
- Retention of the information we collect;
- Your choices and rights in respect of the information we hold;
- How to contact us;
- Changes to this Privacy Notice.
1.3 If you are a contractor, or an employee or officer of the Company, separate privacy notices will apply.
1.4 Wherever we have said “we”, “our” or “us”, we mean the Company.
1.5 Where there is any conflict between the terms of this Privacy Notice and any other document in relation to data protection, the terms of this Privacy Notice shall prevail, although its contents are not contractual.
1.6 An “individual connected to you” could be any guarantor, a director, officer or employee of a company, partners or members of a partnership, any substantial owner, controlling person, or beneficial owner, trustee, settlor or protector of a trust, account holder of a designated account, recipient of a designated payment, your attorney or representative (e.g. authorised signatories), agent or nominee, or any other persons or entities with whom you have a relationship that is relevant to your relationship with us. Whenever we say “you”, “individuals connected to you” should be read as included as well.
1.7 For the purpose of this Privacy Notice, RMA, RMA Cayman and Risk Strategies will act as joint data controllers in accordance with the Cayman Islands Data Protection Law (as amended from time to time).
1.8 Please ensure that any relevant individuals are made aware of this Privacy Notice and the individual rights and information it sets out, prior to providing their information to us or our obtaining their information from another source. If you, or anyone else on your behalf, has provided or provides information on an individual connected to you, you or they must first ensure that you or they have the authority and appropriate legal basis to do so.
2. INFORMATION WE COLLECT
2.1 This Privacy Notice is concerned with personal data we collect about you. Personal data means any data by which you as an individual can be directly or indirectly (e.g. if several pieces of data are combined) identified. Data which is completely anonymised or de- personalised will not count as personal data.
2.2 Some of the personal data we hold about you will have been supplied by yourself. Other personal data may have come from your broker or other intermediary, or other sources from which you have asked us to obtain information. We might also get some personal data from publicly available sources.
2.3 We will usually collect personal data such as:
- Personal details (e.g. name, previous names, gender, date and place of birth, occupation);
- Identification materials we may need for our compliance obligations (e.g. a copy of your passport or national identity card, social security number, utility bills, financial details and/or source of wealth etc.);
- Contact details (e.g. address, email address, position in company, landline and mobile numbers);
- Other information about you which you may have provided us with during the course of our relationship with you, e.g. by filling out forms or during face-to-face contact, telephone and email;
- Information obtained through proposal forms for the purposes of procuring coverage by insurers (i.e. financial information);
- Financial information including your bank name, SWIFT code and account numbers;
- Information about your relationship with us including your ways of interacting with us;
- Complaints or disputes you may have had with us and details of the underlying transaction (where applicable);
- Information about you which is a matter of public record or readily obtainable and which we deem relevant (media, court judgements etc.);
- Sales and marketing information (e.g. offers or communications you have received from us and how you reacted to them);
- Records of correspondence and other communications between you and your representatives and us, including email, telephone calls, letters and the like;
- Information that we need to support our regulatory obligations (e.g. information about transaction details, detection of any suspicious and unusual activity and information about parties connected to you or these activities); and
- Information from third party providers who assist us to combat fraud, money laundering and other crimes.
2.4 In addition to the above, in relation to our website www.riskmgmtadvisors.com we may also collect:
- Information that you provide to us, such as when you fill out a contact or web form, or if you register to receive alerts or updates;
- Information that we obtain or learn, such as information about the browser or device you use to access the website, how you use this site and the pages you visit, traffic and location data;
- Information you provide to us if you experience problems when using the website. We may also ask you to complete surveys for research purposes, although you don't have to respond to these; and
- If we have an existing relationship with you, and we are able to identify you from information obtained or provided by your use of the website, we may associate those sets of information, e.g. to enable us to respond to a query you have submitted.
2.5 We may also collect certain types of sensitive or special category data about you, such as details about any criminal records or information about your health, political affiliations, ethnicity or religious beliefs.
2.6 Please note that our website and any associated domains are not designed or intended for children and we do not knowingly collect data relating to children.
3. HOW WE WILL USE PERSONAL DATA
3.1 We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we have entered into with you;
- Where we need to comply with a legal or regulatory obligation;
- Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests;
- Where we need to protect your interests (or someone else's interests);
- Where it is needed in the public interest or for official purposes (such as compliance with a court order or regulatory direction).
3.2 Based on the reasons for using your data noted above, the purposes for which we use your information commonly include:
- To contact you (performance of a contract);
- To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services you request from us (performance of a contract; legitimate interests);
- To provide you with information about other goods and services that we offer which we feel may interest you (legitimate interests);
- To permit selected third parties:
- To provide you with information about goods or services which we feel may interest you; and/or
- To assist us in the improvement and optimisation of advertising, marketing material and content, our services and the website;
- To assist us in the improvement and optimisation of advertising, marketing material and content, our services and the website (legitimate interests);
- To notify you about changes to our service (performance of a contract; compliance with legal obligations; legitimate interests);
- To ensure that content from our website is presented in the most effective manner for you and your computer (legitimate interests);
- To verify your identity (compliance with legal obligations; legitimate interests);
- As part of our efforts to keep our website safe and secure, and to prevent or detect fraud (legal obligations; legitimate interests);
- To provide customer support (performance of a contract with you);
- To comply with the requirements imposed by law or any court order (legal obligations).
4. INFORMATION ABOUT THE WEBSITE
4.1 IP addresses
We may collect information about your computer (or mobile device) including, where available, your IP address, operating system and browser type, for system administration or for our own commercial purposes. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
5. WHO WE MIGHT SHARE YOUR PERSONAL DATA WITH?
5.1 We may share relevant personal data of yours with other parties where it is lawful to do so, including where:
- It is necessary to comply with our contractual obligations or with your instructions such as insurance companies or their representatives, claims adjusters, or surveyors;
- We have a public or legal duty to do so (e.g. to assist with detecting and preventing fraud, tax evasion and financial crime or compliance with a court order);
- We are obligated to in connection with regulatory reporting, litigation or asserting or defending legal rights and interests;
- We have a legitimate business reason for doing so (e.g. to manage risk or verify identity);
- We have asked you if we can share it, and you gave consent.
5.2 Parties we might share your personal data with can include (without limitation):
- Other members within the Risk Strategies group of companies for business purposes such as billing, internal administration and providing you with our services. We do not sell, rent, or otherwise share any information with unaffiliated entities.
- Service providers acting as processors who provide IT and system administration services, anti-money laundering service providers and services to enable us to perform our contract with you;
- Insurance companies or other brokers who process your personal data in order to arrange and facilitate your visit to their marketing suite;
- Advertisers and advertising networks (including social media) that require the data to select and serve relevant adverts to you;
- Professional advisers acting as processors or joint controllers including brokers, lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accountancy services;
- Banks you instruct us to make payments to and receive payments from;
- Third parties who host our website or provide services related to it, including IT security providers;
- Any people or companies where required in connection with potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with you;
- Law enforcement, government, courts, dispute resolution bodies, our regulators, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities;
- Other parties involved in any disputes, including disputed transactions;
- Fraud prevention agencies who’ll also use personal data to detect and prevent
fraud and other financial crime and to verify your identity;
- Anyone who provides instructions to us on your behalf (e.g. under a Power of Attorney, solicitors, intermediaries, etc.);
- Anybody else that you instructed us to share your information with;
- Insurers who may provide cover for your business with us.
5.3 We might share aggregated and/or anonymised or de-personalised data with third parties for analytics, marketing and research purposes. Where we do so, we will ensure that neither you nor any other person will be identifiable from the data.
6. RETENTION OF PERSONAL DATA
6.1 We keep personal data only for as long as it is necessary for the specific purpose the data was collected for, or as long as we are required by applicable laws and regulation. We are generally required to retain records for at least seven (7) years from the date the contractual relationship with you ends or potentially longer, depending on the kind of data and relevant laws and regulations applicable to it.
6.2 We may keep personal data for longer periods where we have a legitimate interest for doing so, for instance to address complaints, assert or defend our rights in litigation or other dispute resolution procedures, or to respond to requests from regulators or assist judicial authorities.
6.3 Any information we are not required to hold for any minimum period and for which there is no purpose in us holding it any longer will be deleted, destroyed or returned to you more promptly.
6.4 Where we share your personal data with third parties, the privacy notices and laws and regulations of the third party will determine how long they will have to retain your data.
7. INTERNATIONAL TRANSFERS OF PERSONAL DATA
7.1 Reasons for having to transfer your personal data outside the Cayman Islands may include:
- We need to carry out our contract with you;
- We have to fulfil a legal obligation;
- We need to back up electronic data on cloud-based technology;
- We need to protect the public interest; and/or
- For your or our legitimate interests.
7.2 In some countries the law might compel us to share certain information. We will only share any information with parties who have the lawful authority and right to see it and only to the extent that such parties are permitted to see it.
Where we have to transfer personal data outside of the Cayman Islands, we deploy administrative, technical, and physical safeguards designed to comply with applicable legal requirements and safeguard the information that we collect. This includes, when required or appropriate and feasible, obtaining written assurances from third parties that may access your data that they will protect the data with safeguards designed to provide a level of protection equivalent to that adopted by the Company. Appropriate legal agreements may also be put in place with the recipient of that data.
7.3 However, no information system can be 100% secure. So, we cannot guarantee the absolute security of your information. Moreover, we are not responsible for the security of information you transmit to us over networks that we do not control, including the Internet and wireless networks.
8. INDIVIDUALS’ RIGHTS
8.1 As an individual or “data subject”, you have certain rights in relation to your personal data. These rights include:
- The right to access information we hold about you and to obtain information about how we process it;
- The right to object to and withdraw your consent to our processing of your data. This right can be exercised at any time. However, we may continue to process your personal data if there is another legitimate reason or legal obligation for doing so. Please also note that depending on which kind of processing you object to, we may no longer be able to perform our contractual obligations with you;
- The right to request that we rectify information we hold about you if it is inaccurate or incomplete;
- In some circumstances, you have the right to request erasure and deletion of personal data we hold. We may, however, continue to retain it if we are entitled or required by law to do so;
- The right to object to, and to request that we restrict, our processing of your information in some circumstances. Please note that despite this general right we may be entitled under law to continue processing the information and / or to refuse that request.
8.2 You also have the right to complain to the data protection regulator in the Cayman Islands, which is the Office of the Ombudsman. You can access their website here: www.ombudsman.ky
8.3 You may also be able to seek redress for any violation of your data protection rights in the Cayman Islands courts or challenge a decision by the regulator.
9.1 Please ensure that any data you give us or ask third parties to provide to us is up to date, accurate and complete in all respects. Please inform us about any changes as soon as reasonably possible.
9.2 We use a range of measures to keep information safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information. If you wish to know more about our data protection measures, please contact us (details provided below).
9.3 This Privacy Notice is governed by the laws of the Cayman Islands. Any dispute arising from or in connection with this Privacy Notice is subject to the exclusive jurisdiction of the Cayman Islands courts.
10. CONTACT US
For any further questions or queries in relation to this Privacy Notice, please get in touch with your usual relationship contact or email: firstname.lastname@example.org.
This Privacy Notice was updated on 14 September 2023.