Privacy Policy

1. Introduction

Strategic Risk Solutions (SRS) is the world’s leading privately owned insurance company manager. We operate in leading US, Europe and international domiciles. SRS provides independent solutions for the management of captive insurance companies, commercial insurance companies, reinsurance ventures and ILS/Fund services. These services include the provision of financial reporting and accounting services, regulatory compliance and governance services, general management services and consulting services. We operate globally providing services to clients in the US, Canada, Europe, Barbados, Bermuda and the Cayman Islands. Our staff are located throughout these regions and in South Africa.

This Policy outlines the collection, use, disclosure and retention (“processing”) of personal information by Strategic Risk Solutions Inc. and its affiliated companies and subsidiaries (“SRS”, “us”, “we”, “our”) of our clients and business partners.

2. Commitment to Personal Data Privacy

Maintaining the trust of our clients and business partners in the performance of our services and contractual obligations is critical to the success of our business. As part of our operations, we receive personal information for our  clients and third parties. Maintaining the privacy of that information is a core component of us maintaining your trust. SRS is committed to protecting the privacy of the personal information we receive and meeting the requirements of data privacy and security regulations related to this personal information in the regions in which we operate.

3. Personal Information We Collect

This Policy applies to all personal information which SRS collects from its clients and business partners when requesting a service from us, contacting us, visit or use our website, attend at our events. The personal information we collect depends on the nature of the services used by our clients and the activities of the clients that we are managing. We collect personal information in the following ways:

    • Automatically through our website and emails. The information collected by SRS through the website falls into two categories: (1) information voluntarily supplied by visitors to our website and (2) information gathered via automated means as visitors navigate through our website.
    • Directly from prospective and current clients. This information may include personal information related to proposed directors and officers of companies we manage and ultimate beneficial owners of prospective clients.
    • From clients and third parties as part of client company activities, including policyholder, claimant and investor information.
    • From public databases in pursuit of complying with laws and regulation applicable to us and in pursuit of complying with our contractual obligations.

The personal information we collect includes both personally identifiable information (PII) and Protected Health Information (PHI):

    • PII is any data about an individual that could identify that person, such as a name, fingerprints or other biometric data, email address, street address, telephone number or social security number. A subset of PII is personally identifiable financial information. For our purposed, individually identifiable data transmitted or maintained in any form will come under this category.
    • PHI includes any, and all information created or received at SRS that identifies or can readily be associated with the identity of an individual, whether oral or recorded in any form or medium that relates to the past, present, or future:
    • Physical, mental, or behavioural health or condition of an individual.
    • Healthcare services received by an individual, or payment for those services.

4. How We Use Personal Information

SRS uses personal information for the provision of professional services, the management of client engagements and the operation of its business.

    • Provision of Professional Services

We process personal information as part of the management services we provide to clients and the consulting services we provide to prospective company owners. The precise purposes for which personal information is processed is determined by the scope of our management services and consulting agreements, the risks being insured by our clients, applicable laws, regulatory guidance and professional standards.

    • Management of Client Engagements

We process personal information about our clients and the individual representatives of our clients to:

      1. Carry out regulatory and compliance obligations, including:
        1. Customer Due Diligence and Know Your Client;
        2. Anti-Money Laundering and Anti-Terrorism Financing checks and screening including Sanctions screening;
        3. Fraud prevention activities
      1. Communicate with our clients, including addressing client inquiries and servicing requests;
      2. Co-ordinating management services including conducting Board of Director and other client meetings;
      3. Communications and marketing to our clients and prospective clients, including providing;
        1.  Newsletter and promotional materials,
        2. Articles, white paper and research information
        3. Invitations to webinars and SRS events and the administration of those events
    • Operation of Our Business

We process personal information during the course of operating our business. These activities include:

        • Evaluating process and service improvements including the testing of new technologies;
        • Research into new service offerings, including data analytic and benchmarking studies;
        • Mergers and acquisitions: we process personal information in evaluating an acquisition, sale or re-organization;

If we wish to use your personal information for a purpose which is not compatible with the purpose for which it was collected, we will request your consent unless your personal information is being processed to satisfy our legal and regulatory obligations.

5. Who we may share your Personal Information with

In the course of our business activities we may share your personal information with the following categories of recipients when this is necessary to provide you with our services:

    1. SRS entities – entities and subsidiaries within the SRS group
    2. Insurance market entities – including re/insurers, brokers, loss adjustors etc.
    3. Risk management platforms – including platforms used for vetting credit reference, criminal records, identity vetting, fraud prevention
    4. Legal advisors – in the pursuit of a legal action
    5. Law enforcement bodies – for the facilitation of legal investigations
    6. Regulatory authorities and other government bodies – in compliance with regulatory obligations
    7. Third party suppliers – when outsourcing functions to facilitate our services including cloud service providers

6. Legal Grounds for Processing Personal Information

SRS only processes personal information where it is lawful to do so. We rely on the following legal grounds to process your personal information:

    1. In the performance of a contract with you;

Where we offer services in preparation of or following entering into contract with you, we will process personal information to the extent it is necessary for us to provide initial information requested by you and to execute the contract and perform the services under that contract.

This also includes the evaluation of risks relating to insurance policies, processing payments and administering claims.

    1. To meet our legal and regulatory obligations;

We are required to process personal information as part of our legal and regulatory obligations, for example in supplying application and regulatory reports to the domicile regulators who license our client companies in our role as the manager for those client companies.

We are also required to process personal information for Know Your Customer purposes and carry out due diligence, identity, sanctions, credit reference, financial stability and other risk management checks. This includes the purpose of facilitating the prevention, detection and investigation of crime.

    1. Where it is necessary for our legitimate interests.

We may collect personal information to enable us to pursue our legitimate commercial interests. These include the operation of our business in developing business solutions; managing relationships with our clients, partners, prospects and vendors; and corporate development activities including merger and acquisitions.

Such activities may include performing analytics for risk modelling purpose and analysing trends as well as conducting market research to develop our products and services.

    1. With our clients’ consent.

Any information we need to process that is not processed under other legal grounds will require your consent. This includes information that we may process for marketing purposes.

Personal information that we process under other legal grounds that do not require your consent and which we reasonably require to meet our obligations in connection with the provision of our services, including any legal and regulatory obligation which we are not provided, are delayed provision or revoke consent to the processing of this information, may render us unbe able to offer our services and we may have to terminate our services with immediate effect.

    1. Where it is in the public interest

If allowed under law, we may collect and use your information for a substantial public interest, for example preventing or investigating unlawful acts.

    1. Regulatory Exemptions

In certain jurisdictions, SRS may rely on regulatory exemptions including EU regulations that regard processing of PHI as necessary for the purposes of administering insurance policies.

7. How We Protect the Privacy of Personal Information

SRS takes the security of all personal information very seriously. We take precautions to maintain the security, confidentiality, and integrity of the information we collect. Such measures include access controls designed to limit access to the information to the extent necessary to accomplish our mission. We also employ various security technologies to protect the information stored on our systems. We routinely test our security measures to ensure that they remain operational and effective. We also train appropriate personnel on our privacy and security policies and compliance requirements.

8. Limits on Collection, Use and Retention of Data

  • Retention of Data:

SRS will not retain personal information for longer than we believe is necessary for any of the purposes set out in this Policy or is dictated by legal or professional requirements. We will not retain personal data for longer than it is needed for business, legal or professional purposes.

  • Transfers of Data

As part of our normal course of business, SRS may transfer data to and from third parties and within the group. These transfers may include data transfers across international borders. When permitted by law, we use the following legal mechanisms to protect your data during these transfers:

    • Transfers to Third Parties: we use reasonable efforts to ensure that third parties are bound by the same provisions as this Policy including the use of contractual commitments to protect the data, including the use of standard contractual clauses as defined by the European Commission.
    • International Transfers: we will only transfer data internationally:
      1. With the data subject’s consent; or
      2. If the transfer is necessary for the performance of a contract;

Additionally, such transfer would only be carried out if the transfer is permitted by applicable data privacy law and to a country considered to have an adequate level of protection by the European Commission or with equivalent data privacy laws to the originating country, or with appropriate safeguards in place, which may include binding corporate policies or standard contractual clauses as defined by the European Commission.

9. Your Data Protection Rights

As a data subject, you may have certain rights to your personal information depending on the jurisdiction applicable in your regard and the purpose for which the data is being used. These rights may include:

Right to Access

You have the right under certain circumstances to access and inspect personal information which SRS holds about you.

Right to Correction

You may have the right to request us to correct your personal information where it is inaccurate or out of date.

Right to be Forgotten or the Right to Erasure

You have the right under certain circumstances to have your personal information erased. Your information can only be erased if your data is no longer necessary for the purpose for which it was collected and we don’t have a legal obligation to continue processing it, and we have no other legal ground for processing the data.

Right to Restrict Processing

You have the right under certain circumstances to request the restriction of your personal information from further use, e.g., where the accuracy of the information is disputed, and you request that the information not be used until its accuracy is confirmed.

Right to Data Portability

You have the right under certain circumstances to data portability, which requires us to provide personal information to you or a third party in a commonly used, machine readable format, but only where the processing of that information is based on (i) consent; or (ii) the performance of a contract to which you are a party.

Right to Object to Processing

You have the right to object to the processing of your personal information at any time, but only where that processing is based our legitimate interests as its legal basis. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to Decline Automated Decision Making

You have the right to object to decisions involving the use of your personal information, which have been taken solely by automated means, i.e. without human involvement.

Right to Object to Direct Marketing

Where your personal information is processed for direct marketing purposes, you have the right to object at any time to processing of personal data used for such marketing. We will provide specific information on how to opt-out from our marketing initiatives through the medium we communicate with you.

You can exercise your rights by contacting us, as detailed in section 11 below.

10. Cookies

Our website utilises cookies to ensure basic functionality of the website. These cookies are deemed necessary for the website to function. We may also use optional cookies which improve the experience of the website which you can opt to not apply.

11. Contact Us

If you have any questions, concerns, or complaints about this Policy, our privacy practices in general or your personal information, they should be directed to SRS at dataprotection@strategicrisks.com or by contacting SRS at:

Strategic Risk Solutions Inc.

2352 Main St #301
Concord, MA 01742,
USA

In certain jurisdictions, you also have the right to contact the local data protection authority regarding the use of your personal data. For more information about how to contact your supervisory or regulatory authority please contact us on dataprotection@strategicrisks.com.

12. Changes To This Privacy Policy

This Privacy Policy is subject to changes. If we make changes to this Privacy Policy, we will change the last updated date at the bottom of this page. Any changes we make to this Privacy Policy become effective immediately, so you should review this Privacy Policy regularly for changes.

 

This Privacy Policy was last updated on 5 September 2024.

© Strategic Risk Solutions 2024 All rights Reserved. Strategic Risk Solutions Privacy Policy

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram