PRIVACY NOTICE
PURPOSE OF THIS DOCUMENT
INFORMATION WE COLLECT
HOW WE OBTAIN YOUR PERSONAL INFORMATION
HOW WE WILL USE PERSONAL INFORMATION
WHO WE MIGHT SHARE YOUR PERSONAL INFORMATION WITH
RETENTION OF PERSONAL INFORMATION
INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
HOW DO WE KEEP PERSONAL INFORMATION SECURE AND MAINTAIN DATA INTEGRITY
INDIVIDUALS’ RIGHTS
MISCELLANEOUS
CONTACT US
WHEN THIS PRIVACY NOTICE LAST UPDATED
1.PURPOSE OF THIS DOCUMENT
1.1 Blue Ocean Holding Company Ltd., Blue Ocean Solutions Ltd., Blue Ocean Governance Services Ltd. and Blue Ocean Insurance Management Services Ltd. (together “Blue Ocean” or the “Group”), is committed to be a responsible custodian of the Personal Information (sometimes referred as “Personal Data” or “data” as applicable) we collect in the course of operating our business and providing services.
1.2 This Privacy Notice sets out how we collect, use, retain, store and share your Personal Information and Personal Information of individuals connected to you and describes:
The types of Personal Information we may collect;
How we may use and share the Personal Information we collect;
Legal grounds for using Personal Information;
The measures in place to protect and store Personal Information we collect;
Retention of the Personal Information we collect;
Your choices and rights in respect of the Personal Information we hold;
How to contact us;
Complaints; and
Changes to this privacy notice.
1.3 If you are a contractor, or an employee or officer of Blue Ocean, a separate privacy notice or policy may apply.
1.4 Wherever we have said the “company”, “we”, “our” or “us”, we mean Blue Ocean.
1.5 Where there is any conflict between this Privacy Notice and any other document in relation to dataprotection (other than the Law, regulations and rules), this Privacy Notice shall prevail, although its contents are not contractual.
1.6 An “individual connected to you” could be any individual including but not limited to a director, partner, officer, employee, beneficial owner, controller, authorised person, policyholders of insurers who we act as insurance manager for, and professional advisors with whom you have a relationship and who are relevant to your relationship with us. Whenever we say “you”, “individuals connected to you” should be read as included as well.
1.7 For the purpose of this Privacy Notice, Blue Ocean will act as data controller in accordance with the Cayman Islands Data Protection Act (as amended from time to time) (the “Law”).
1.8 Please ensure that any relevant individuals connected to you are made aware of this Privacy Notice and therights and information set out herein, prior to providing their Personal Information to us or obtaining their Personal Information from another source. If you, or anyone else on your behalf, has provided or provides Personal Information of an individual connected to you, you or such individual providing Personal Information shall ensure that appropriate consent and authority is granted by such individual connected to you and that you have the appropriate legal basis to do so.
2. INFORMATION WE COLLECT
2.1 This Privacy Notice elaborates the safety methods and precautions we utilise to protect your PersonalInformation we collect. Personal Information means any data by which you as an individual can be directly orindirectly (e.g. if several pieces of data are combined) identified. Data which is completely anonymised or de‐personalised will not be considered to be Personal Information.
2.2 Some of the Personal Information we hold about you will have been supplied by you or an individual connected to you and/or other sources you’ve asked us to obtain information from. We might also get some Personal Information from publicly available sources.
2.3 As we are in the business of providing several services including insurance management, reinsurance, advisory and directorship services, the Personal Information we hold and process, depending on our relationship, may include:
(a) Contact information (e.g. name, address, email, telephone number and social networking profile details);
(b) General information (e.g. gender, marital status, date and place of birth, your status as director or partner or other ownership or management interest in an organisation, your signature and other information from which you can be identified);
(c) Education and employment (e.g. educational qualifications, details of employer and history of employment, experience, professional license. memberships and affiliations);
(d) Insurance and claim information (e.g. policy and claim numbers, insured, claimant or other relevant individual, relevant damage, and other information relevant to policy issuance, claims assessment and settlement);
(e) Government and other official identification numbers (e.g. social security numbers, national insurance numbers, passport number, tax identification, driver’s license numbers and/or other government issued identification documents);
(f) Financial information (e.g. credit or debit card numbers, bank account details or other financial accountdetails, credit card history, assets and income and other financial details);
(g) Medical conditions and status of health (e.g. current or previous physical, mental or medical condition, status of heath, injuries, disabilities, medical diagnosis and habits such as smoking or consumption of alcohol);
(h) Other sensitive information (e.g. information about religion, ethnicity, trade or union membership, sexual life and orientation or general biometric information);
(i) Records of correspondence and other communications (including photographs and video recording) between you and your representatives and us, including email, telephone calls, letters, administration and assessment, claim dispute as well as CCTV recordings captured by equipment on our premises and the like);
(j) Information that we need to comply with our regulatory obligations (e.g. information about our clients and, where applicable their policy holders, and individuals connected to them, transaction details, detection of any suspicious and unusual financial activity and information about parties connected to you or their unusual financial activities, investigation and prevention of fraud, money laundering and other criminal activities); and
(k) Information enabling us to provide services, online activity and supplemental information from other sources (e.g. marketing preferences, responses to voluntary customer satisfaction surveys, personal information received while you use our digital services and information which is in public domain).
3. HOW WE OBTAIN YOUR PERSONAL INFORMATION
We collect Personal Information from you as part of our client on‐boarding processes and or while providing services as necessary in the course of establishing a business relationship with you. We gather Personal Information about you when you provide it to us, or interact with us directly, for instance engaging with our staff, providing a business card or from an authorised representative. We may also collect or receive Personal Information about you from other sources, such as from our clients, (re)insurers, network partners, brokers, health service providers, third party service providers, from background checks and screening tools, or by keeping the contact details accurate and up to date using publicly available sources.
4. HOW WE WILL USE PERSONAL INFORMATION
4.1 We use your Personal Information to carry out our business activities. The purposes for which we use your Personal Information will differ based on our relationship, including the type of communications between us and the services we provide. Personal Information will be used for different purposes including if you are a policy holder, insured or claimant under an insurance policy, a commercial insurance broker or appointed representative or another individual with whom we have a relationship. Most commonly, we will use your Personal Information in the following circumstances:
(a) Where we need to perform the contract we entered into with you;
(b) Where we need to comply with a legal or regulatory obligation;
(c) Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests; and
(e) Where it is needed in the public interest or for official purposes (such as in compliance with a court order or regulatory direction).
4.2 Based on the circumstances we use your Personal Information noted above, the purposes for which we use such information commonly include:
(a) To contact you (performance of a contract);
(b) To carry out our obligations arising from any contracts entered into between you and us and to provide with you the information, products and services you request from us (performance of a contract; legitimate interests);
(c) To provide information about other products and services that we offer which we feel may interest you (legitimate interests);
(d) To permit selected third parties:
(i) To provide information about products or services which we feel may interest you; and/or
(ii) To assist us in the improvement and optimisation of advertising, marketing material and content, our services and the website;
(e) To assist us in the improvement and optimisation of advertising, marketing material and content, our services and the website (legitimate interests);
(f) To notify any changes to our services (performance of a contract, compliance with legal obligations and legitimate interests);
(g) To ensure that content on our website is presented in the most effective manner for you and your computer (legitimate interests);
(h) To verify your identity (compliance with legal obligations and legitimate interests);
(i) As part of our efforts to keep our website safe and secure and to prevent or detect fraud (legal obligations and legitimate interests);
(j) To provide customer support (performance of a contract with you); and
(k) To comply with the requirements imposed by law or any court order (legal obligations).
5. WHO WE MIGHT SHARE YOUR PERSONAL INFORMATION WITH?
5.1 We may share relevant Personal Information of yours with parties where it is necessary and lawful to do so, including where:
(a) It is necessary to comply with our legal or contractual obligations or as per your instructions with service providers, financial institutions, regulators, government agencies, and any other third party;
(b) We have a public or legal duty to do so (e.g. to assist with detecting and preventing fraud, money laundering/terrorism financing, sanctions, tax evasion and financial crime or compliance with a court order);
(c) We are obligated to comply with regulatory reporting, litigation or asserting or defending legal rights and interests;
(d) We have a legitimate business reason for doing so (e.g. to manage risk or verify identity); and
(e) You have given consent to share upon our request.
5.2 Parties we might share your Personal Information include (without limitation):
(a) Service providers acting as processors who provide IT and system administration services, anti‐money laundering detecting and related services and other parties who enable us to perform our contract with you;
(b) Professional advisers acting as processors or joint controllers including insurers, reinsurers, loss adjusters, brokers, lawyers, bankers, auditors who provide consultancy, banking, legal, compliance and accountancy services;
(c) Banks you instruct us to make payments to and receive payments from;
(d) Third parties who host our website or provide services related to it, including IT security providers;
(e) Any person(s) or a company(ies) where required in connection with potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with you;
(f) Law enforcement, government, courts, dispute resolution bodies, regulators, auditors and any party appointed or requested by the regulators to carry out investigations or audits on our business activities;
(g) Other parties involved in any disputes, including disputed transactions;
(h) Fraud prevention agencies who would also use Personal Information to detect and prevent fraud and other financial crimes and to verify your identity;
(i) Anyone who provides instructions to us on your behalf (e.g. under a Power of Attorney, solicitors, intermediaries, etc.);
(j) Anybody else that you instructed us to share your information with; and
(k) Insurers or reinsurers who may provide cover for your business with us.
5.3 We might share aggregated and/or anonymised or de‐personalised information with third parties for analytics, marketing and research purposes. Where we do so, we will ensure that neither you nor any individual connected to you will be identifiable from such information.
6. RETENTION OF PERSONAL INFORMATION
6.1 We keep your Personal Information either electronically (including in the cloud) or in paper form only for aslong as it is necessary for the specific purpose that the Personal Information was collected and as long as we are required to retain records by applicable laws and regulations. The precise period will depend on kind of information and purpose for which it is being processed. We are generally required to retain records for at least five (5) years from the date that the contractual relationship ends between you and us or potentially longer, depending on the kind of information we retain and relevant laws and regulations applicable for retention of specific information.
6.2 We may keep Personal Information for longer periods than the legally required retention period of personal data where we have a legitimate interest for doing so. Among other reasons, we retain the information in order to respond to any queries or concerns that may be raised at a later date with respect to a complaint, assert or defend our rights in on-going litigation or other dispute resolution procedures or to respond to requests from regulators or assist judicial authorities.
6.3 Personal Information that we are not required to retain anymore will be deleted, destroyed or as per your request returned to you promptly. Electronic files stored on storage media devices are securely disposed by wiping and erasing the device and, thereafter, degaussing and shredding the device. Physical files are disposed of by secure shredding and pulping.
6.4 Where we share your Personal Information with third parties, this Privacy Notice and laws and regulations applicable to such third parties will determine how long they will have to retain your Personal Information.
7. INTERNATIONAL TRANSFERS OF PERSONAL DATA
7.1 Where we have to transfer Personal Information outside the Cayman Islands, we will ensure that the transferis lawful, and that the Personal Information is appropriately secured, protected and where applicable encrypted. We will ensure that written agreements are put in place in order to secure your Personal Information with the recipients/processors.
7.2 In the event that we are required to transfer sensitive Personal Information while providing services to you, we will ensure to take extra precautionary measures on safety of such sensitive Personal Information being transferred cross border, as required by Law along with the consent of the relevant data subject.
7.3 Reasons for having to transfer your Personal Information outside the Cayman Islands may include:
(a) provision of services under relevant service agreement between you and us;
(b) required for international cooperation arrangements;
(c) in order to fulfil our legal obligations;
(d) in order to store and back up electronic data on cloud‐based technology;
(e) to protect the public interest; and/or
(f) for your or our legitimate interests.
7.4 In some countries the law might compel us to share your certain Personal Information and we will only share such Personal Information with parties who have the lawful authority and right to receive them and only to the extent that such parties are permitted to receive them.
8. HOW DO WE KEEP PERSONAL INFORMATION SECURE AND MAINTAIN DATA INTEGRITY
We use reasonable and appropriate technical, physical, legal and organisational measures to keep Personal Information secure, considering the nature, scope, context, complexity, risks and purposes of the processing of Personal Information.
We have implemented appropriate data protection policies that provide for the aforementioned security measures. We also train our employees regularly on data protection and information security.
As most of the Personal Information we hold is stored electronically we have implemented appropriate IT security measures to ensure this Personal Information is kept secure. For example, we may use anti-virus protection systems, firewalls, and data encryption technologies. We have procedures in place at our premises to keep any hard copy records physically secure.
When we engage a third party (including our service providers) to collect or otherwise process Personal Information on our behalf, the third party will be selected carefully and we will enter into written agreements requiring them to use appropriate security measures to protect the confidentiality and security of Personal Information.
Unfortunately, no data transmission over the Internet or electronic data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Information you might have sent to us has been compromised), please immediately notify us(see section below “Contact Us”).
We will take reasonable steps designed to ensure that the Personal Information processed is reliable for its intended use and is accurate and complete for carrying out the purposes described in this Privacy Notice.
9. INDIVIDUALS’ RIGHTS
9.1 As an individual or “data subject”, you have certain rights in relation to your Personal Information. These rights include:
(a) The right to access Personal Information we hold about you and to obtain information about how we process it;
(b) The right to object to and withdraw your consent to our processing of your Personal Information. This right can be exercised at any time. However, in some situations we may continue to process your Personal Information if we were relying on another legal basis to process that data, such as legitimate interests or legal obligation. Please also note depending on which kind of processing you object to, wemay no longer be able to perform our contractual obligations with you;
(c) You have the right to request us to rectify Personal Information that we hold about you if it is inaccurate or incomplete;
(d) In some circumstances, you have the right to request erasure and deletion of Personal Information we hold. We may however continue to retain it if we are entitled or required by Law and any other relevant legislation to do so; and
(e) You have the right to object to, and to request that we restrict, our processing of your Personal Information in some circumstances. However, we may be entitled or obligated under relevant Law to continue processing the Personal Information not withstanding your request.
9.2 You also have the right to complain to the data protection regulator in the Cayman Islands, which is the Office of the Ombudsman. You can access their website here: ombudsman.ky.
9.3 You may also be able to seek compensation for any violation of your data protection rights in the courts of Cayman Islands or challenge a decision by the regulator.
10. MISCELLANEOUS
We may collect data about your computer (or mobile device), including where available your IP address, operating system and browser type, for system administration or for our own commercial purposes. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
Please ensure that any Personal Information you provide us directly or through a third party is up to date, accurate and complete in all respects. If there are any changes to such Personal Information provided, please inform us as soon as reasonably possible.
This Privacy Notice is governed by the laws of the Cayman Islands. Any dispute arising from or in connection with this Privacy Notice is subject to the exclusive jurisdiction of the courts of Cayman Islands.
11. CONTACT US
For any further questions or queries in relation to this Privacy Notice, please get in touch with your usual relationship contact or email: Compliance@BlueOceanReinsuranceGroup.com.
12. WHEN THIS PRIVACY NOTICE LAST UPDATED
This Privacy Notice was last updated in July 2024.
We review this Privacy Notice regularly and reserve the right to make changes at any time to take account of changes in our business activities, legal requirements, and the manner in which we process Personal Information. We will place updates on this website and where appropriate we will give notification of any changes.