Professional Business Privacy policy
GLOBAL RE OVERSEAS Ltd (GRO) is a reinsurance company authorised by the Financial Services Regulation and Supervision Department - Office of the Registrar of International Insurance, having the Commercial Registration No: I 57722 and LEI: 2549002D7MQHO16VCL46. . According with the Licence granted by the supervisory authority, the GRO is authorised to carries out reinsurance activity in accordance with the Nevis International Insurance Ordinance Cap 7.07.
Introduction: At GRO, the privacy and security of your personal information are paramount. We are dedicated to protecting the information we collect and process from our clients, business partners, and website visitors. This Privacy Policy outlines how we manage personal information to ensure your privacy is respected and protected.
We understand the importance of privacy for our online visitors and clients. It is essential to us that you feel secure when interacting with our site and confident that your data is handled with the utmost care. We adhere strictly to data protection laws and employ advanced technology to secure communications and safeguard your information from unauthorized access.
By engaging with our website and services, you entrust us with your personal details, and we commit to maintaining that trust by handling your information responsibly and with integrity
.
1. Scope of application
This data protection notice pertains to the internet presence of GRO. Our website may include external links to third-party websites. Please note that these linked websites are managed by their respective operators, and GRO does not assume responsibility for their content.
We are committed to maintaining a compliant and lawful internet presence. If you encounter any links on our website that lead to external sites with content that appears to violate applicable laws, please inform us immediately at [email protected]. We will review the link and remove it promptly from our website if necessary.
GRO does not guarantee the topicality, accuracy, completeness, or quality of the information provided on external linked sites.
2. Information Collection
We collect personal information in various ways, including:
- Directly from individuals when they provide it to us (e.g., by contacting us for services or information, registering for an account, or signing up for newsletters).
- Through business interactions with clients and partners.
- Via our website through cookies and other similar tracking technologies, which help us understand how visitors use our site.
3. Use of your data:
We would hereby like to explain how your personal data will be processed when you visit GRO’s website, and to inform you of your rights under data protection law.
3.1. Who will be responsible for processing your data, and how can you reach the Data Protection Officer?
GRO
Telephone : +971 44 54 97 45
E-Mail: [email protected]
You may contact our Data Protection Officer at “Data Protection Officer” via the e-mail address [email protected].
3.2 What categories of data will we use, and for what purposes do we process personal data?
Visiting Our Website - anonymous browsing
You are welcome to visit our website anonymously. At GRO, we prioritize your privacy; therefore, we do not collect any personal or identifiable data, such as IP addresses, from our website visitors. We do gather non-personal data such as the date, time, pages viewed, navigation paths, and software used during visits. This information is used solely to analyze user habits through an external service provider. All data is anonymized before being stored by the service provider to ensure privacy.
Providing Your Personal Data
If you choose to provide your personal data under specific circumstances (e.g., by completing a contact form), we treat this information with the utmost confidentiality and in compliance with the data protection laws applicable at our Company’s registered office. When you send us an email or submit an online form, we use your personal information (such as your name or email address) only to correspond with you, to provide the information you requested, or for other purposes as explicitly outlined on the form.
Protected Areas and Special Authorizations
For legal or technical reasons, personal data might also be collected in encrypted form from parts of our website that are accessible only to users with special authorisation (e.g., shareholder portal or job application portal). The extent of data collected varies depending on the application.
Dedicated Privacy Statements
For every service or interaction that involves the collection of your personal data, we will provide a specific privacy statement. This document will inform you about how your data is processed, emphasizing our commitment to protecting your privacy.
3.3 What is the legal basis for our processing of your personal data?
We process your data on the basis of the provisions of the ECLAC Reviews Caribbean Data Protection, the St. Kitts and Nevis Data Protection Bill 2018, Legislation EU General Data Protection Regulation (GDPR) and all other laws applicable to the processing of personal data.
The substantive legal grounds for the processing depend on the context and the purpose for which we collect your data.
As a rule, we collect and process your personal data to communicate with you and send you the information that you request. This may be necessary, in the context of a contractual relationship, to fulfil a contract or during the pre-contractual process (for example, job application process), or at your request.
The legal grounds for processing your data vary depending on the context and purpose for which the data is collected:
- Contractual Necessity: generally, we collect and process your personal data to fulfill contractual obligations or to manage pre-contractual engagements such as during the job application process, upon your request.
- consent: For restricted-access applications, like our job applicant portal, processing may be based on your explicit consent. You have the right to withdraw this consent at any time; however, any processing carried out prior to your withdrawal remains lawful and valid.
Purposes for Collecting Personal Data: we utilize the personal data collected for multiple purposes:
- Service Provision: to deliver and manage the reinsurance services we offer.
- Communication: to communicate with clients, fulfill their requests, and address their inquiries.
- Operational Management: to conduct internal operations, including audits, data analysis, and research, aimed at enhancing our services.
- Legal Compliance: to adhere to legal obligations, regulations, or contractual stipulations.
- Safety and Rights Protection: to safeguard the rights, property, or safety of our business, our clients, and others.
This policy outlines our approach to responsible data management, ensuring that your personal data is handled with the highest standards of security and compliance.
3.4. Disclosure of Information
Within GRO, only those staff and departments who are responsible for the respective process will receive your data. The data may also be disclosed to service providers for the purposes set out above. If we process any of your personal data for certain purposes, you will receive a notice about how exactly your data is being used.
We may share personal information with:
- Service providers who perform services on our behalf, such as IT and communication service providers. for the purpose of administration and maintenance of our IT systems.
- Legal and regulatory authorities, as required by law or in response to legal processes or requests.
- Business partners involved in providing the reinsurance services that clients have requested.
- In the event of a corporate restructuring, such as a merger or acquisition, information may be transferred as part of the corporate assets.
- Credit Reference Agencies and Fraud Prevention Agencies, for meeting regulatory requirements, if such communication is necessary in accordance with the law.
Use of Personal Information for Security and Financial Assessments
We and other authorized organizations may access your information for the following purposes:
- Fraud and Crime Prevention: To detect and prevent fraud, money laundering, and other criminal activities.
- Credit Assessments: To make informed decisions about credit-related services and assessments.
- Account Management: To manage and make decisions about your accounts, insurance policies, and claims.
- Debt Recovery: To facilitate the recovery of debts.
Credit Reference Agencies:
- Data Linking: Information held about you by credit reference agencies may be linked to records relating to your partner or other household members if a financial "association" has been established.
- Credit Inquiries: Each credit inquiry we make may consider any associated records, which could affect your overall credit score.
This policy outlines the basis on which we access and use your personal information to ensure the security of financial transactions and the integrity of our services.
Another person’s history will be associated with yours when:
- you make a joint application;
- you advise us of a financial association with another person; or
- if the credit reference agencies have existing linked or “associate” records.
This “association” will be taken into account in all future applications by either or both of you and shall continue until one of you applies to the credit reference agencies and is successful in filing a “disassociation”.
Credit reference agencies keep a record of our inquiries and may record, use, and give out the information we give them to other financial institutions, insurers, and other organizations. If false or inaccurate information is provided or fraud is suspected, details may be passed to fraud prevention and credit reference agencies. Law enforcement agencies may access and use this information. The information recorded by fraud prevention agencies may be obtained and used by organizations in several countries, including the UK. We can provide the names and addresses of the credit reference and fraud prevention agencies we use if you would like a copy of Your Information held by them. Please contact us in writing to our Head Office or branch offices if you want to receive such details.
3.5. What measures do we have in place to protect your data?
GRO have state-of-the-art technical and organisational security measures to protect data against accidental or intentional manipulation, loss, destruction, and access by unauthorised parties. We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. Our security practices are regularly reviewed and updated in line with technological developments.
3.6. International Transfers
Personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal data. We will take steps to ensure that such transfers comply with applicable privacy laws and that your information remains protected to the standards described in this policy.
3.7. What data protection rights can you claim as a data subject?
At the address provided above, you are entitled to inquire about the personal data we hold under your name. Additionally, you have several rights concerning your personal data, including:
- Access: You can request information about the personal data we store about you at any time.
- Correction: If any of the personal data we hold is incorrect or incomplete, you have the right to have it corrected.
- Deletion: Under certain conditions, you may request the deletion of your personal data.
- Restriction of Processing: You may have the right to restrict the processing of your data, limiting how we use your personal information.
- Data Portability: You also have the right to receive the data you have provided to us in a structured, commonly used, and machine-readable format, and you may have the right to transmit those data to another controller.
- Right to be forgotten: You may have a right to have some or all of the information we hold about you deleted. However, we are required to retain many records even after you close your account, as already mentioned. Our complying with your request will be subject to our fulfilling our obligations as an insurer/reinsurer to such legal/regulatory requirements.
- Automated decision-making – We may use automatic systems to make decisions about your eligibility for a particular account or products, and to carry out credit and fraud prevention checks. Automated decision making may typically be based on the information you give us, which we check against different parameters to determine whether you meet the eligibility criteria for the product intended. Where the outcome of such decision making goes against you, you will be able to contest the decision, give your views, and make sure there is proper human involvement.
- Consent – If you consent to us using your information, you have the right to withdraw that consent at any time.
Whether you want to exercise the rights mentioned above, you may do so by contacting the Data Protection Officer.
These rights ensure that you have significant control over your personal information and our handling of it.
3.8. Right to object
If we process your data for the purposes of safeguarding legitimate interests, you may object to this processing on grounds relating to your particular situation. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
3.9. Who can you contact if you have a complaint?
If you have a complaint, you may contact the aforementioned Data Protection Officer, or the Saint Christopher and Nevis data protection authority - Information Commissioner appointed in base of art. 23 of the Data Protection Act n.5 of 2018.
3.10 How long will your data be stored?
Your personal data will be retained only for as long as necessary to fulfill the purposes outlined previously. Once the need for data processing has concluded and there are no legal, regulatory, or contractual obligations to retain the data, we will proceed with its deletion.
Additional Information: Specific retention periods for different types of data processing are detailed under the respective sections, where applicable. This ensures transparency and compliance with all relevant data protection regulations.
The personal information we possess about you will be kept with us as follows:
- Till the time your relationship with us continues;
- After the termination of your relationship, we will continue to hold the personal information for a period as per our internal policy guidelines to ensure that we meet our obligations to the legal bodies and the Regulators;
- To defend contractual rights arising from such relationships (in the UK the period is six years after the customer relationship has ended);
- Where the data is not required due to relationships not established or the information is no longer needed due to other reasons, the data will be retained only for a reasonable time, which is decided by our internal policy, beyond which processes are in place to erase the data.
3.11 Are you required to provide us with your data?
You are not required to provide personal data when accessing GRO’s website. However, there are services for which we require personal data from you – for example, to send you information, a newsletter you have requested, details about a contract. Without this data, GRO cannot carry out the services you request. We collect only the data that is required in a particular case. Where we do process your personal data, we will inform you separately about the purposes, recipients, legal basis and any other rights you may have.
- Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on our website, and where appropriate, notified to you by email.
- Contact Us
If you have any questions about this Privacy Policy or our handling of your personal information, please contact our Privacy Officer at:
- Email: [email protected]
- Address: A.L. Evelyn Ltd Building, Main Street, Charlestown, Nevis (KN-N), KN1200, SAINT KITTS AND NEVIS.
- Cookies and log files
Currently, our website does not use cookies, and as such, we do not collect or analyze cookie-based data. Should we implement cookies in the future to improve user experience, we will update you promptly and provide detailed information on how we use them.
- E-mail Communication Policy
When you provide your email address to GRO, we use it solely to respond to your inquiries and to send you the information you request. We take your confidentiality seriously:
- Security Measures: Any sensitive information will be encrypted for protection. If encryption is not possible, we will opt to send the information via regular mail to ensure security.
- Email Retention: If your email pertains to a contractual relationship, it will be saved for record-keeping and reference in our correspondence with you.
- Privacy Assurance: Your email address is used exclusively for correspondence between you and GRO and is never shared with third parties.
- Unsolicited Emails: GRO does not send unsolicited emails. If you receive an email claiming to be from us that you did not request, please consider it fraudulent and delete it immediately.
- Caution with Unencrypted Emails: Please be aware that the contents of an unencrypted email can be accessed or altered by unauthorized parties. For secure communication, we recommend using the contact form on our website.
This policy is designed to inform you of how we handle email communications to maintain your privacy and the security of your information.
Effective Date: 2024-01-29