Data Protection Statement
WHO ARE WE?
We are Cayman First Insurance Company Limited (“we”, “us” or “our”), a locally incorporated Class A insurer in the Cayman Islands. We hold personal information in accordance with the Data Protection Law 2017 and, accordingly, have a dedicated Data Controller, whose responsibility is to assist with any data protection questions you may have. The contact details for our Data Controller is as follows:
Cayman First Centre
17 Vibert Bodden Drive (Off Shedden Road)
P.O. Box 2171, Grand Cayman, KY1-1105
Please review this Statement carefully and contact the Data Controller should you have any questions or concerns.
WHAT INFORMATION DO WE COLLECT ABOUT YOU?
The information supplied to us by you, in addition to information obtained from other sources (public and private), will generally consist of the following:
Your contact details such as name, physical address, email address, telephone contacts and postal address;
Personal details such as marital status, employment status, income information and proof of residency;
Government identifiers such as your Driver’s License number and Passport number;
- Your insurance claims history;
- Machine identifiers such as your IP address;
- Information about how your interaction was with us, or how you used our websites and services;
- Your payment card details and banking details in order to complete your purchase;
- Information about others who will be or who are included on your policy (you should have their permission to share);
- Information on your vehicle or property including registration or vehicle identification number (VIN) and geological or flood or Block & Parcel data for your area. Some of this information will be collected from external databases.
- Health information that will assist with the prescription of preventative medicine, medical diagnosis and the provision of care and treatment (e.g. Have you been hospitalized within the last 10 years?).
The Data Protection Law 2017 has additional requirements for data defined as “sensitive”. Generally, the information defined as sensitive will fall within the following categories:
- Your medical or genetic history;
- Your physical or mental health or condition;
- Information about your children;
- Any proceedings for any offence committed or alleged to have been committed.
Sensitive data and its treatment are defined in the Data Protection Law 2017. Schedule 3 of the Law provides specific conditions for the processing of this data which must always be adhered to.
- We collect your sensitive personal information for specific types of policies from the following people:
- The main policyholder who will provide most of the information collected about health and unspent criminal convictions or offences, including information given on behalf of others named on the insurance policy (e.g. Minors for health insurance and named drivers for vehicle insurance);
- Fraud prevention or law enforcement agencies may provide details about criminal convictions or offences;
- Witnesses to an accident may provide information if there is an investigation of a claim.
We collect and use this information as part of your insurance quotation or contract with us, or where it is necessary for a legal obligation, or medical purposes (e.g. Health policy), or as part of the establishment or defense of a claim.
It is important to note that any information received from you pertaining to another Data Subject must be acknowledged by you that you have permission to provide us with the required information and that they are aware of how we will process their data. In addition, we encourage you to share this with anyone whose personal information may be processed to administer a policy including handling any claims.
WHAT DO WE DO WITH THE INFORMATION WE COLLECT ABOUT YOU AND BY WHAT LEGAL BASIS DO WE DO THIS?
We use the information collected to allow us to facilitate a contract of insurance with you. As such, your information is shared with staff members where needed and within our group in the following ways:
1. To Provide Insurance (Contract)
When you request a quote for one of our insurance policies or you purchase an insurance policy from us, we use information about you to:
- determine the risk associated with providing you with the policy, to quote for, and provide you with, a premium for that policy and to determine any special terms that may apply to that policy;
- administer your policy and monitor the payment, in particular, payments done via a payment agreement;
- contact you about the policy (i.e. To provide annual renewal information and billing information); and
- provide the agreed service if you make a claim (e.g. sending our Accident/Roadside Assistance Service — First Response to assist in a roadside breakdown situation or to provide a medical professional if you are injured or unwell).
We cannot provide the services unless we use the information about you in this way.
2. To Do what we are required to do by law (Legal Obligation)
As part of our duty as an insurer providing insurance services, at times we are required by law to use information about you for the following reasons:
- To ensure that our customers are being treated fairly (e.g. to assist our regulators where we have a legal duty to do so);
- To deal with complaints;
- To help prevent and detect crime (including, for example, the prevention or detection of fraud); and
- To comply with a legal or regulatory obligation.
3. To Prevent fraud occurring (Legitimate Interest)
We use your personal information to check for signs that customers might be dishonest (e.g. if someone has behaved dishonestly in the past it may increase the risk they will do so in future).
We may use your personal information in this way because it is in our interests to detect fraud and in all our customers’ interests to ensure that they are not prejudiced due to increased premiums as a result of customers acting dishonestly.
4. To Recover debt (Contract)
If you owe us money, we will use your personal information to help us to recover it.
We can use your personal information in this way to ensure that a necessary part of the contract of insurance is adhered to — premiums must be paid.
5. To inform about and promote products (Marketing) (Legitimate Interest)
If you have not chosen to opt out of receiving marketing information, we will provide you with details about our products and services via email, post, telephone or SMS unless and until we have been instructed not to. The simplest way to instruct us is to follow the instructions on the communication to unsubscribe.
6. Where your life or that of another person may be at risk (Vital Interests)
We will use your personal information to assist where your or another person’s life or health is in danger and obtaining your permission is not possible or practical (e.g. arranging emergency medical treatment in a remote location).
7. To administer and improve our services (Legitimate Interest)
To administer our services, we will share information with others (including people or organisations that may be based overseas):
- In order to enable us to process your claim or administer your insurance policy (e.g. Loss adjusters or Third-party administrators (TPA’s));
- To help develop our products, services and systems to deliver to you a more efficient sales and claims experience (e.g. Marketing professionals); and
- To understand how our prospective customers, make decisions about which insurance policy is the optimal policy.We may also process your personal data to better understand you as a customer, including to determine how best to retain you as a customer, and to ask you to provide feedback on the service we provide.
We may also process your personal data to better understand you as a customer, including to determine how best to retain you as a customer, and to ask you to provide feedback on the service we provide.
We can use your personal information in this way because it is in our legitimate interest to provide services in the most efficient way. We will always ensure that we keep the amount of your personal information collected, and the extent of any processing of same, to the absolute minimum to achieve this efficiency.
WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH AND WHY DO WE DO IT?
The Personal Data (Conditions for processing can be found in Schedule 2 of the Data Protection Law 2017) and Sensitive Personal Data (Conditions for processing can be found in Schedule 3 of the said Law) shared with CFI will be shared for insurance purposes and/or financial services and/or employment with the following organizations:
- Bahamas First Group of Companies, Directors and Employees; and
- Third parties such as; locally contracted brokers, claims administrators, loss adjusters or fraud investigators or other insurance companies or their agents or Government/Regulatory bodies (e.g. Royal Cayman Islands Police Force; Department of Vehicles and Driver’s License (DVDL), Heath Insurance Commission (HIC), Cayman Islands Monetary Authority (CIMA)), Health Systems including medical practitioners, reinsurers or their brokers, surveyors, mortgagee and loss payee (Individuals and/or Institutions).
Other key stakeholders and why we share information is noted below:
- Law enforcement or government agencies we may permit law enforcement or government agencies to access and use your personal information, if they request it. In addition, we are regulated by the Cayman Islands Monetary Authority and by the Health Insurance Commission within the Cayman Islands Department of Health Regulatory Services and as such will have reporting responsibilities to them which may include the sharing of your personal data.
- Your spouse or partner who calls on your behalf, provided they are named on the policy. If you would like someone else to deal with your policy on your behalf, please let us know in writing. In some exceptional cases, we may also deal with other people who call on your behalf, but only with your written permission.
- Other insurance companies or brokers to help settle any insurance claim or to verify the information provided (e.g. we will check the level of advised No Claims Discount with your previous insurer or request health claims details to assess portability).
- Health care providers such as Physicians, Hospitals, Pharmacies, both locally and internationally, to ensure that you receive the required healthcare.
- Insurance industry databases, such as a Claims Database so that insurers can verify your claims history.
- Government bodies, such as the Department of Vehicles and Driver’s License (DVDL) to confirm cover, vehicle information and the like.
When you visit our login page, a temporary cookie will be set in order to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when your browser is closed.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
We use Google Analytics software to collect information about how you use this site. We do this to help make sure the site is meeting the needs of its users and to help us make improvements.
Google Analytics stores information about:
- the pages you visit
- how long you spend on each page
- how you got to the site
- what you click on while you’re visiting the site
- your behavior on the website
You can accept or decline cookies from any website by modifying the settings in your browser. If you wish to restrict or block the cookies which are set by our website, you can do this through your browser settings. Please note, that by deleting or disabling cookies this could affect the functionality of our website and you may not be able to access certain areas or features of our site.
HOW LONG MAY WE KEEP YOUR PERSONAL INFORMATION FOR?
As a general rule, we will keep personal information for seven (7) years beyond your policy’s lifecycle, as it is likely that we will need the information for regulatory reasons or to defend claims. However, there may be exceptions where we are required to keep your personal information for longer periods, such as a claim involving a minor.
We will also retain data in an anonymous form for statistical and analytical purposes, for example, to assess risk of Hurricane damage, damage from flooding and/or sea surge.
WHEN CAN YOU ASK US TO STOP USING YOUR INFORMATION?
We are obligated to provide you with a copy of the information we hold about you. A request for your information held by us can be made at any time by contacting the Data Controller in writing and/or by completing our ‘Subject Access Request Form’ and returning it to the Data Controller. Such a request may incur an administrative fee.
At your request, we will correct any information that is inaccurate and/or. in some cases, have your data erased.
At any time, you can advise us to stop using your personal information to market our products or services.
WHAT HAPPENS IF AUTOMATIC PROCESSING HAS OCCURRED?
In the case where automatic processing has occurred, you may request that processing be made by an employee and not through an automatic process.
WHAT HAPPENS IF YOU DON’T GIVE US SOME OF YOUR PERSONAL INFORMATION?
Where you do not provide the personal information required, it will hinder our ability to provide the service that you are requesting.
HOW TO CONTACT US ABOUT THIS PRIVACY NOTICE
We have a dedicated Data Controller whose responsibility is to assist with any data protection questions you may have. They can be contacted at Cayman First Centre, 17 Vibert Bodden Drive. In addition, we have several resources available to contact the Data Controller, either via our website through our Subject Access Request Form or through our dedicated email address — firstname.lastname@example.org.
You may contact us at the address above for one or more of the following reasons:
- To ask us to correct information about you that is inaccurate or incomplete, or to delete personal information about you.
- To tell us you no longer agree to, that you object to, or that you wish to restrict us from using information about you and ask us to stop.
- To advise us to stop using your personal information to market our products or services that may be of interest to you (direct marketing).
- To ask us not to use information about you in a way that allows our computer systems to make decisions about you.
Sometimes we will not be able to stop using your personal information when you ask us to (e.g. where we are required by law to use it or we are required to retain the information for regulatory purposes).
Additionally, if we stop using your personal information, we may not be able to provide certain services to you, such as administering your insurance policy or servicing your claim.
When contacted we will advise you as to whether or not we are able to comply with your request, or how your request might impact you.
Once again, the contact details for our Data Controller is as follows:
Cayman First Centre
17 Vibert Bodden Drive (Off Shedden Road)
P.O. Box 2171, Grand Cayman, KY1-1105
CHANGES TO THIS DATA PROTECTION STATEMENT
This Data Protection Statement will be reviewed periodically in light of changing business practices, technology and legal requirements. As a result, it will be updated from time to time. Any such changes will be posted on our Company’s website and copies made available in our office(s). If we make a significant or material change in the way we use or share your personal information, you will be notified via email and/or any other means of contact at least 30 days prior to the changes taking effect.