Privacy Policy

3.1 Individuals in scope of this Privacy Notice

This Privacy Notice is intended to provide privacy information for individuals (past, current and prospective) whose personal data we process, including:
• Business contacts e.g. Brokers, (re)insurers, experts instructed in relation to claims, suppliers, professional services, conference attendees, visitors to our offices, regulators, government officials and authorities;
• Those in respect of the insurance, and reinsurance policies we place and/or Insurance policies we issue as part of our insurance business activities e.g. Parties covered under the policies, potential beneficiaries of the policies, claimants and other parties involved in a claim in respect of the policies;
• Other individuals such as those entering competitions & promotions, requesting marketing information, making general enquiries and individuals captured on CCTV.

3.2 How we collect your personal data
We may collect your personal data when you provide your personal data directly to us. We may also collect your personal data indirectly from:
• Our clients
• Publicly available sources such as social media platforms, property and assets registers, and claims and conviction records;
• Government authorities, law enforcement officials and regulators;
• Credit reference agencies and sanctions screening tools
• Information provided by other members of our Group;
• Businesses you own or associated with as well as the directors, partners, trustees, authorised officers or agents of those businesses; and
• Third parties who provide us with details of potential clients.

3.3 Personal data we collect
We typically collect the following types of personal data:
• General information such as name, title, marital status, date of birth, age, gender, nationality, identification information such as signature or national identifier;
• Contact information including address, telephone number and email address;
• Employment information such as job title, business description, education, employment history and professional certifications;
• Consent and marketing preferences;
• Due diligence information including sanction checks, which may include criminal offences and alleged offences and cautions, court sentences or criminal convictions; and
• Day-to day business operations information such as information about visits to our offices (including CCTV), attendance at meetings and events hosted by us, preferences, photographic images and information offered up in communication and captured during recordings of telephone calls.
• Electronic Identifying Data (such as, including but not limited to, IP addresses, geolocation data, online identifiers (including in relation to your device), cookies and Data relating to your use of our Sites, such as browsing activity or transaction logs)
• Information relating to customer transactions
• In some circumstances, and only when it is permitted/required by applicable laws and regulations, We will record, monitor and retain communications (including, but not limited to, telephone conversations, email, and any other electronic communications) when it is permitted/required by applicable laws and regulations. Such records are made and maintained to ensure compliance with legal and regulatory obligations and internal policies. Such records are and shall remain the sole property of Optivus Insurance Ltd and will be deemed by you as conclusive evidence of the recorded communications, if and when applicable
Sometimes we collect sensitive personal data, for example when we complete due diligence checks or when you offer this information in communication. Sensitive personal data may include data relating to your health, genetic or biometric data, criminal convictions, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs and trade union membership.
Please see below for other types of personal data we may collect, which vary according to the type of service we provide and the relationship between us, or between you and our client.

3.3.1 Core insurance and reinsurance business activities
We may collect the following personal data:
• Information about your finances, such as bank account numbers, transaction information; brokerage account number, tax information, salary and remuneration, details of your income, property, assets, investments, pension and benefits, debts, creditworthiness, tax status, and existing reinsurance arrangements;
• Statements made by or about you;
• Information relating to any professional disciplinary action that you are or have been the subject of;
• Personal data related to the provision of the services, such as policy information (e.g. start & end dates, cover, premium, individual terms), claims history, mid-term adjustments, reasons for cancellation and risk profile; and
• Sensitive personal data relevant to the policy and / or claim such as details of your current or former physical or mental health. We will only process such data to the extent necessary in connection with the insurance and reinsurance policy or in accordance with legal proceedings.

3.4 How we use your personal data
We typically use your personal data to/for:
• The specific, explicit and legitimate purposes determined at the time of collection the data. In addition, if the processing is intended to cover multiple purposes, consent must be obtained for each purpose in a manner that is clearly distinguishable, in an intelligible and easily accessible form, using clear and plain language;

• Provide general client care, communicate with you and respond to any enquiries you have including the delivery of service information and sending invitations for events;

• Advertise, market and promote our services, including but not limited to the means of email, post or telephone, and to evaluate, measure and improve the effectiveness of our advertising campaigns; to send you newsletters, offers or other information we think may interest you; to contact you about our services or information we think may interest you; and to administer promotions;

• Enter into business relationships, including carrying out due diligence and background checks such as fraud, sanctions, credit and anti-money laundering checks;

• Provide the services and fulfil our contractual obligations to clients including work necessary for business transactions such as arrangement of reinsurance modelling;

• Enhance our internal or external communications and / or publicity material, including via social media;

• Manage our business operations including maintaining accounting records, analyzing financial results, complying with internal audit requirements, receiving professional advice, and applying for and claiming on our own insurance.

• Comply with legal and professional obligations (including without limitation to meet national security or law enforcement requirements), discovery requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities;

• Ensure business continuity by preventing or detecting criminal conduct or other wrongdoing, or otherwise as reasonably necessary to protect our rights or the rights of any third party. This includes monitoring the safety and security of premises, employees, visitors and data;

• Monitor and prevent fraud;

• Develop, enhance, expand or modify our services through research and development including surveys, and risk modelling and data analysis by understanding risk exposures, crafting solutions with appropriate reinsurance coverage, limits, deductibles based on historical datasets;

• Improve quality, training and security (for example, with respect to recorded calls);

• Facilitate commercial transactions, including a reorganization, merger, sale of all or a portion of our assets, a joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). Should such a sale or transfer occur, we will use reasonable efforts to ensure the entity to which we transfer your personal data uses it in a manner consistent with this Privacy Notice; and

• Exercise, defend or protect our legal rights, including tracing and recovering debt.

Please see below for other uses of personal data, which vary according to the type of service we provide and the relationship between us, or between you and our client.

3.4.1 Core insurance, and reinsurance business activities
• Facilitate and enable placement of (insert type of insurance policy you issued i.e. insurance, reinsurance) policies for our clients and to assist in the ongoing management of such policies, including premium management, renewals, adjustments, cancellations and claims;
• Advise our clients on the management of their business risks, affairs and (insert the type of arrangement you have i.e. reinsurance) arrangements;
• Provide services which you did not personally request but were requested by our client(s) and require us to interact, directly or indirectly, with you; and
• Exercise, defend or protect the legal rights of our clients or third parties.
• Carrying out and effecting of insurance contracts for you

3.5 Legal basis for processing personal data
Where we are required by local law to have a legal basis to process your personal data, in most cases our legal basis for processing your personal data will be one of the following:
• Data Subject has given consent, which complies with applicable rules of Data Protection Regulations to the Processing of that Personal Data for specific purposes;
• Processing is necessary for the performance of a contract to which a data subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract;
• Processing is necessary for compliance with applicable law that a controller is subject to;
• Processing is necessary in order to protect the vital interests of a data subject or of another natural person;
• Processing is necessary for enforcing or defending our rights, or those of a member of the Group or a third party employed by us;
• Processing is necessary for:
o performance of a task carried out by a competent relevant regulatory body in every country we operate in
o exercise of a competent relevant regulatory body’s powers and functions in every country we operate in; or
o the exercise of powers or functions vested by a competent relevant regulator body in a third party to whom personal data is disclosed by the competent relevant regulatory body in every country we operate in; or
• Processing is necessary for the purpose of legitimate interest(s) pursued by a controller or a third party to whom the personal data has been made available, subject to the applicable laws, except where such interests are overridden by your interests or rights.

When we process Special Categories of personal data we will only do so with an appropriate legal basis, where:
• You have given explicit consent that complies with the applicable laws, to the processing of those Special Categories of personal data for one or more specified purposes;
• Processing is necessary for the purpose of carrying out the obligations and exercising the specific rights of a controller or a data subject in the context of the data subject's employment, including but not limited to recruitment, visa or work permit processing, the performance of an employment contract, termination of employment, the conduct of proceedings relating to employment and the administration of a pension, retirement or employee money purchase benefit scheme;
• Processing is necessary to protect the vital interests of a data subject or of another natural person, where the data subject is physically or legally incapable of giving consent;
• Processing is carried out by a foundation, association or any other non-profit-seeking body in the course of its legitimate activities, subject to appropriate assurances and provided that the processing relates:
o solely to the members or former members of such an entity; or
o to other persons who have regular contact with such a body in connection with its purpose,
• Personal Data is not disclosed to a third party without the consent of a data subject;
• Processing relates to personal data that has been made public by a Data Subject;
• Processing is necessary for the establishment, exercise or defence of legal claims (including, without limitation, arbitration and other structured and commonly recognised alternative dispute resolution procedures, such as mediation) or is performed by a court acting in its judicial capacity;
• Processing is necessary for compliance with a specific requirement of applicable law to which a controller is subject, and in such circumstances the controller must provide a data subject with clear notice of such processing as soon as reasonably practicable unless the obligation in question prohibits such notice being given;
• Processing is necessary to comply with applicable law that applies to a controller in relation to anti-money laundering or counter-terrorist financing obligations or the prevention, detection or prosecution of any crime;
• Processing is required for protecting members of the public against dishonesty, malpractice, incompetence or other improper conduct of persons providing banking, insurance, investment, management consultancy, information technology services, accounting or other services or commercial activities (either in person or indirectly by means of outsourcing), including any resulting financial loss; or
• Processing is proportional and necessary to protect a data subject from potential bias or inaccurate decision making, where such risk would be increased regardless of whether Special Category personal data is processed.
• Processing is necessary for substantial public interest reasons that are proportionate to the aim(s) pursued, respect the principles of data protection and provide for suitable and specific measures to safeguard the rights of the Data Subject.

3.6 Who we share your personal data with
We may share your personal data for any of the purposes described in this Privacy Notice with companies in our group and the following third parties:
• Professional Advisors e.g. underwriters, actuaries, claims handlers, surveyors, loss adjustors/assessors, accident investigators, specialist risk advisors, pension providers, banks and other lenders (including premium finance providers), health professionals, lawyers, accountants, auditors, tax advisors, consultants;
• Insurance partners;
• Providers of insurance platforms;
• Service providers e.g. IT software, security and cloud suppliers, finance and payment providers, marketing agencies, document management providers, telephony providers, debt collection agencies, credit reference agencies;
• Third party service providers and their sub-contractors/delegates.
• Industry bodies;
• Regulators;
• Law enforcement agencies e.g. police, judicial bodies, governments, quasi-governmental authorities; and
• Asset purchasers e.g. those who may purchase or to whom we may transfer, all of our assets and business.
• Any other third parties to the extent necessary for establishing and exercising any legal right.
Where required, when we share your personal data with corporate third parties we will ensure that those third parties maintain a comparable level of protection of your personal data as set out in this Privacy Notice by using contractual requirements or other means. To the fullest extent permitted by applicable law, we are not liable for the use of your personal data by third parties.