Cades Bay Management Limited (“CBML”) is an independent consultancy company with over 75 years experience amongst its senior personnel including broking, underwriting, claims, accounting, legal and regulatory supervision in both the general insurance world and specific to the captive industry and is committed to protecting the privacy and confidentiality of personal data the company processes in connection with the services we provide to clients and individuals’.
What does this Privacy Statement do?
This Privacy Statement (“Statement”) explains CBML’s information processing practices. It applies to any personal information you provide to CBML and any personal information we collect from other sources. This Statement is a statement of our practices and of your rights regarding your personal information. This is not a contractual document, and it does not create any rights or obligations on either party, beyond those which already exist under data protection laws.
This Statement does not apply to your use of a third party site linked to on this website.
Who is responsible for your information?
The Privacy Officer at CBML.
When and how do we collect your information?
CBML collects personal information in the following ways:
When we perform services for our clients.
Our services include; Captive Feasibility Studies, Licensing of Captive Entities, Consultancy Services (supporting the operation and development of existing captive and other licensed and regulated insurance clients) and Accounting Services. In these cases, your personal information will normally be provided to us or by our clients (or service providers/introducers acting on behalf of our clients), or sometimes our clients may ask us to contact you directly. We may also need to obtain information from third parties such as independent vetting agencies to assist us with our statutorily required due diligence vetting along with publicly available sources.
When you request a service from us. For example, if you enquire about a professional service you would like us to offer your company. When you register with or use any of our websites or applications.
When you apply for a position at CBML.
You may provide this information directly.
If you contact us with a complaint or query.
What information do we collect?
Information you provide to us
When you request services, we ask that you provide accurate and necessary information that enables us to respond to your request. When a visitor provides personal information to us, we use it for the purposes for which it was provided to us as stated at the point of collection or as obvious from the context of collection.
Information we collect from clients or third parties shareholders, directors and control persons when we provide the services listed above for our clients, shareholders, directors and control persons we may collect personal information such as your name, contact details (phone numbers and email addresses), date of birth, gender, marital status, financial details, employment details, social security details, proof of address, photo identification (usually passport and/or drivers license), professional and bank references, resume, criminal affidavits, anti money laundering affidavit and benefit coverage. We may also collect (in each case as strictly relevant to the services we provide) sensitive information about you, such as criminal convictions.
We will not collect any sensitive information through our website unless this is required. Sensitive information includes a number of types of data relating to: race or ethnic origin; political opinions; religious or other similar beliefs; trade union membership; physical or mental health; sexual life or criminal record. We suggest that you do not provide sensitive information of this nature unless we specifically request this information.
If you provide us with sensitive personal information, you understand and give your explicit consent that we may collect, use and disclose this information to appropriate third parties for the purposes described in this Statement. If you provide personal information about other individuals such as employees or dependents, you must obtain their consent prior to your disclosure to us.
Information we collect over Cades Bay website, mobile applications and social media
For the purposes of this Statement, “website” includes our mobile applications.
We may ask you for some or all of the following types of information when you register for events, request services, manage accounts, access various content and features or directly visit our websites. This includes, but is not limited to:
- Contact information, such as name, e-mail address, postal address, phone number and mobile number;
- Communication preferences, such as which newsletters you would like to receive;
- Search queries;
- Contact information about others when you refer a friend to a particular site or service (note: this information is used solely to facilitate requested communications); and
- Information posted in community discussions and other interactive online features.
If you access our websites on your mobile telephone or mobile device, we may also collect your unique device identifier and mobile device IP address, as well as information about your device’s operating system, mobile carrier and your location information.
How do we use your personal information?
The following is a summary of the purposes for which we use personal information. More information about the personal information collected for each of our services, together with the purpose and legal basis for collecting the information, will be provided to you in separate privacy notices which are relevant to the services which affect you.
Performing services for our clients
We process personal information which our clients provide to us in order to perform our professional consultancy and insurance management services. The precise purposes for which your personal information is processed will be determined by the scope and specification of our client engagement, and by applicable laws, regulatory guidance and professional standards. It is the obligation of our client to ensure that you understand that your personal information will be disclosed to Cades, Regulatory Bodies, designated Registered Office/Registered Agent, third party due diligence screening companies such as Thomas Reuters and/or NameScan, Insurance Brokers and Insurance and Reinsurance companies.
Administering our client engagements
We process personal information about our clients and the individual representatives of our corporate clients in order to carry out “Know Your Client” checks and screening prior to starting any new engagement; to carry out client communication, service, billing and administration; to deal with client complaints; and to administer claims. It may also be utilized for contacting and marketing our clients and prospective clients.
- Provide information and services as requested by you;
- Determine eligibility and process applications for products and services;
- Provide information and services as requested by clients;
- Understand and assess clients’ ongoing needs and offer products and services to meet those needs;
- Conduct data analysis;
- Execute monitoring and training;
- Develop new services;
- Market products and services subject to appropriate consent. ; and – leave in and perhaps we have a box to tick on the management agreements to opt in for marketing?
- Conduct processing necessary to fulfill other contractual obligations for the individual.
If we wish to use your personal information for a purpose which is not compatible with the purpose for which it was collected for, we will request your consent. In all cases, we balance our legal use of your personal information with your interests, rights, and freedoms in accordance with applicable laws and regulations to make sure that your personal information is not subject to unnecessary risk.
Legal basis. All processing (i.e. use) of your personal information is justified by a “lawful basis” for processing. In the majority of cases, processing will be justified on the basis that:
- the processing is necessary for the performance of a contract to which you are a party.
- the processing is necessary for us to comply with a relevant legal obligation (e.g. where we are required to collect certain information about our clients for tax or accounting purposes, or where we are required to make disclosures to courts or regulators); or
- the processing is in our legitimate commercial interests, subject to your interests and fundamental rights (e.g. where we use personal information provided to us by our clients to deliver our services, and that processing is not necessary in relation to a contract to which you are a party).
In limited circumstances, we will use your consent as the basis for processing your personal information, for example, where we are required to obtain your prior consent in order to send you marketing communications.
Before collecting and/or using any special categories of data, or criminal record data, we will establish a lawful exemption which will allow us to use that information. This exemption will typically be:
- your explicit consent;
- the establishment, exercise or defense by us or third parties of legal claims; or
- a context specific exemption provided for under local laws of EU Member States and other countries implementing the GDPR, such as in relation to the processing of special category data for insurance purposes.
Do we collect information from children?
Our website is not directed to children and we do not knowingly collect personal information from children on our website. Children are prohibited from using our website.
Where a child is a beneficiary of a trust fund we may ask to see proof of their existence by means of a birth certificate of passport to satisfy regulatory requirements.
How long do we retain your personal information?
How long we retain your personal information depends on the purpose for which it was obtained and its nature. We will keep your personal information for the period necessary to fulfil the purposes described in this Statement unless a longer retention period is permitted by law, in accordance with the CBML Record Retention Policy.
In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
Do we disclose your personal information?
We may share your personal information with regulatory bodies and your registered agent/office including for the activities listed above.
We do not rent, sell or otherwise disclose personal information about our online visitors with unaffiliated third parties for their own marketing use. We do not share your personal information with third parties except in the following circumstances discussed below.
We disclose personal information to business partners who provide certain specialized services to us, or who co-operate with us on projects. These business partners operate as separate controllers, and are responsible for their own compliance with data protection laws. You should refer to their privacy notices for more information about their practices.
- Banking and finance products – credit and fraud reporting agencies, debt collection agencies, insurers, re-insurers, and managed fund organizations for financial planning, investment products and trustee or custodial services in which you invest
- Insurance broking and insurance products – insurers, reinsurers, other insurance intermediaries, insurance reference bureaus, medical service providers, fraud detection agencies, our advisers such as loss adjusters, lawyers and accountants and others involved in the claims handling process
Authorized Service Providers
We may disclose your information to service providers we have retained (as processors) to perform services on our behalf (either in relation to services performed for our clients, or information which CBML uses for its own purposes, such as marketing). These service providers are contractually restricted from using or disclosing the information except as necessary to perform services on our behalf or to comply with legal requirements. These activities could include any of the processing activities that we carry out as described in the above section, ‘How we use your personal information.’
IT service providers who manage our IT and back office systems and telecommunications networks; Company Formation Agents who manage incorporation of new corporate entities.
These third parties appropriately safeguard your data, and their activities are limited to the purposes for which your data was provided.
Legal Requirements and Business Transfers
We may disclose personal information
- if we are required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other legal request.
- in response to law enforcement authority or other government official requests,
- when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss,
- in connection with an investigation of suspected or actual illegal activity or
- in the event that Cades is subject to a merger or acquisition to the new owner of the business.
Disclosure may also be required for company audits or to investigate a complaint or security threat.
Do we transfer your personal information across geographies?
We are an organization with personnel operating in various domiciles. We may transfer certain personal information across geographical borders to authorized service providers or business partners in other countries working on our behalf in accordance with applicable law.
When we do, we use a variety of legal mechanisms to help ensure your rights and protections travel with your data. If you would like further information about whether your information will be disclosed to overseas recipients, please contact us as noted below. You also have a right to contact us for more information about the safeguards we have put in place to ensure the adequate protection of your personal information when this is transferred as mentioned above.
Do we have security measures in place to protect your information?
The security of your personal information is important to us and CBML has implemented reasonable physical, technical and administrative security standards to protect personal information from loss, misuse, alteration or destruction. We protect your personal information against unauthorized access, use or disclosure, using security technologies and procedures, such as encryption and limited access. Only authorized individuals access your personal information, and they receive training about the importance of protecting personal information.
Our service providers and agents are contractually bound to maintain the confidentiality of personal information and may not use the information for any unauthorized purpose.
What choices do you have about your personal information?
We offer certain choices about how we communicate with our customers and what personal information we obtain about them and share with others. When you provide us with personal details, if we intend to use those details for marketing purposes, we will provide you with the option of whether you wish to receive promotional e-mail, SMS messages, telephone calls and postal mail from us. At any time, you may opt out from receiving interest-based advertising from us by contacting us.
You may also choose not to receive marketing communications from us by clicking on the unsubscribe link or other instructions in our marketing e-mails or contacting us as noted below.
How can you update your communication preferences?
We take reasonable steps to provide you with communication about your information. You can update your communication preferences in the following ways.
E-mail – Contact us by e-mail at email@example.com
Postal address – Cades Bay Management Limited, Hunkins Plaza, Charlestown, Nevis
Please include your current contact information, the information you are interested in accessing and your requested changes.
If we do not provide you with access, we will provide you with the reason for refusal and inform you of any exceptions relied upon.
Other rights regarding your data
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to Access
You have right to access personal information which CBML holds about you.
Right to Rectification
You have a right to request us to correct your personal information where it is inaccurate or out of date.
Right to be Forgotten (Right to Erasure)
You have the right under certain circumstances to have your personal information erased. Your information can only be erased if your data is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the data.
Right to Restrict Processing
You have the right to restrict the processing of your personal information, but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
Right to Data Portability
You have the right to data portability, which requires us to provide personal information to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on
- consent; or
- the performance of a contract to which you are a party.
Right to Object to Processing
You have the right to object the processing of your personal information at any time, but only where that processing has our legitimate interests as its legal basis. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to Decline Automated Decision Making
You have the right to not be subject to decisions based solely on automated decision making, which produce legal or significant effects for you, except where these are
- necessary for a contract to which you are a party;
- authorized by law;
- based on your explicit consent.
Even where such decisions are permitted, you can contest the decision and require CBML to exercise human intervention.
We currently do not use automated decision making (including automated decision making using profiling) when processing your personal information. If we ever use an automated decision making solution, you have a right to request that a decision based off your personal information cannot be solely decided via an automated process.
As noted above, you can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.
If you have any questions, would like further information about our privacy and information handling practices, would like to discuss opt-outs or withdrawing consent, or would like to make a complaint about a breach of the Act or this Statement, please contact the Privacy Officer either via email at firstname.lastname@example.org or via post to Cades Bay Management Limited, Hunkins Plaza, Charlestown, Nevis
Alternatively, you have the right to contact your local Data Protection Authority.
We may update this Statement from time to time. When we do, we will post the current version on this site, and we will revise the version date located at the bottom of this page.
We would encourage you to periodically review this Statement so that you will be aware of our privacy practices and any subsequent changes to those practices.
This Statement was last updated on January 01, 2019.