Privacy Policy
Updated: 11th September, 2024
Introduction
This Online Privacy Notice and Cookie Policy ("Policy" or "Privacy Policy") is an external statement for all third-party data subjects describing how Soter Insurance Limited ("SIL", "we", "us", "our”) collect, use, retain, protect and disclose Personal Information of users of our websites ("Site"). It also describes the rights that the user of the Site ("You" "Your") has over Your Personal Information and how You may exercise those rights.
Who we are/ Who is the Controller?
SIL is incorporated in Bermuda, as an Innovative Insurer regulated by the Bermuda Monetary Authority (“BMA”) at Rosebank Centre, 5th Floor, 11 Bermudiana Road. SIL is the Controller.
What information do we collect?
When You visit the Site we collect Your Personal Information such as:
- Profile or contact data such as first and last name, email, phone number, company name, title etc.;
- Device/IP data such as IP address, device ID, domain server, type of device/operating system/browser used to access the Site;
- Web analytics such as IP address, device ID, domain server, type of device/operating system/browser used to access the Site;
- Other identifying information that You voluntarily choose to provide.
How do we use Personal Information?
We use the Personal Information for:
- personalisation of content, business information or user experience
- account set up and administration
- delivering marketing and events communication
- carrying out polls and surveys
- internal research and development purposes
- providing goods and services
- legal obligations (e.g. prevention of fraud)
- meeting internal audit requirements
What legal basis do we have for processing Your Personal Information?
SIL processes Personal Information because it is necessary:
- for the performance of contracts;
- for compliance with any legal obligation to which it is subject;
- for the purposes of the legitimate interests pursued by SIL or a Third Party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of the data subject; or
- for the purpose of performance of a task carried out by a public authority in the interest of the BMA, or in the exercise of its functions by the BMA or the Registrar of Companies or official authority vested with SIL under applicable law.
When do we share Personal Information?
We generally do not share information collected about You through the Site.
We may, however, share Your information (i) with Third Parties who provide services to us (such as hosting, technology and communication providers and analytics providers), (ii) as required by law and when we believe in good faith that disclosure is necessary to protect our rights or those of third parties, protect Your safety or the safety of others, investigate fraud, or comply with a court order or other legal process, (iii) among our affiliates for our business purposes in accordance with this Privacy Policy, or (iv) in connection with a corporate change or dissolution, including a merger, acquisition, sale of assets, reorganization, consolidation, bankruptcy, liquidation or wind down of business.
In addition, we may share non-personally identifiable Site usage information (including aggregated and de-identified data) with others, for their own use, in a form that does not include Your name or contact information. The third parties that support our website analytics tools may be able to access and use Your Site usage information.
Where do we store and process Personal Information?
You acknowledge that we may transfer the Personal Information described in this privacy policy to and from, and process and store it in, Bermuda and other countries. Where this is the case, we will obain your consent in advance and we will take appropriate measures to protect your Personal Information in accordance with this privacy policy. It is our responsibility to assess the level of protection provided by the overseas Third Party for that Personal Information and to ensure, contractually or by other means, that the overseas Third Party provides a comparable level of protection. We will take all steps reasonably necessary to ensure Your Personal Information is treated securely and in accordance with this privacy policy.
Cookies
Our Website uses cookies to distinguish You from other users of our Website. This helps us to provide You with a good experience when You browse the Site and also allows us to improve the Site and the services we provide. By accessing and browsing our website, You are agreeing to our use of cookies.
Reporting a data breach
In the event of a data breach there may be an obligation on SIL to report such a breach to the Privacy Commissioner, potentially also the BMA and/or any individuals affected by the breach.
Direct marketing
We generally will not use Your Personal Information for direct marketing. In the rare circumstances We do use Personal Information for direct marketing purposes, we will make sure that those who receive our marketing information have given prior consent which will be clearly communicated and require a clear affirmative ‘opt-in’ and have the opportunity to ‘opt-out’ of marketing. We will support the following conditions:
- individuals can opt-out at any time;
- opting out is as easy as opting in; and
- there is no charge for opting out.
Your Rights under the Personal Information Protection Act (PIPA)
Under PIPA, and where applicable under EU GDPR rules, You have rights such as:
- Right to be informed purpose of collecting Your Personal Information;
- Right to access Your Personal Information ;
- Right to object to processing Your Personal Information for the purposes of advertising, marketing or public relations, or where the use of that Personal Information is causing or is likely to cause substantial damage or distress to You or another individual;
- Right to erasure of Personal Information where such Personal Information is no longer relevant for the purposes of its use;
- Right to rectification.
To exercise these rights, You can also contact us at compliance@soter.insure and we will respond within 30 days.
Deletion
You have the right to request that we delete the Personal Information that we have collected about You, where that Personal Information is no longer relevant for the purposes of its use. We may, however, need to retain your Personal Information to continue to provide you with access to the Site or to complete a transaction or other action that You have requested. If your deletion request is subject to one of these exceptions, we may deny Your deletion request.
Exercising Your PIPA Rights
To exercise the rights described above, You must send us a request that (1) provides sufficient information to allow us to verify that You are either the person about whom we have collected Personal Information or are an agent authorized by that person, and (2) describes Your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Information provided in a Valid Request to verify Your identity and complete Your request. You may submit a Valid Request pursuant to the following methods:
Email us at:
Submit a form at this address: compliance@soter.insure
c/o lucian@soter.insure
Attention: Compliance Team
We will work to respond to Your Valid Request within 30 days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
You may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.
Privacy Officer
Every organisation using personal information in Bermuda is required to appoint a privacy officer ("PO") for the purposes of compliance with PIPA, who has primary responsibility for communicating with the Office of the Privacy Commissioner of Bermuda, as necessary. The current PO for SIL is: Lucian Crisan.