Independent Management Limited - captive insurance management, insurance and reinsurance brokerage and risk transfer

Collecting information relating to individuals

Independent Management Ltd. (“IML”) collects personal information for Anti-Money Laundering/Anti- Terrorism Financing Regulations (“AML/ATF”) and related client background searches from sources such as its clients, employees, contractors, and other individuals, as required by law. IML is committed to processing data in accordance with its responsibilities under the Bermuda Personal Information Protection Act 2016 (“PIPA”) and the European Union’s General Data Protection Regulation (“GDPR”).

IML is required to collect information relating to the contact details and organisational roles of its clients, suppliers, and other business contacts. The information will relate to basic information of the person such as names, addresses (whether residential and/or business), telephone numbers, e-mail addresses (whether personal or work), job designations, certified copies of passports (or other forms of government- issued identification) and certified copies of proof of residence (utility bills).

In most cases, the personal information IML collects is from individuals with whom we either currently have or potentially could have a business relationship, and the means by which we collect the personal information is with the consent of the individual either through forms or through other types of interaction such as by email, regular mail, verbal requests, or through third-parties in those cases where IML has no direct interaction.

How we deal with and use the personal information

IML collects personal information to perform client background checks in conformance with AML/ATF regulations and the Proceeds of Crime Act 2008 in Bermuda. IML follows PIPA and GDPR regulations to accomplish this.

IML normally requests personal information directly from the appropriate parties. IML may obtain or share, with permission from the owner of the personal information, CDD from Corporate Service Providers, banks, and other third parties.

IML does not use any personal data for marketing purposes or engage Automated Decision Making and Profiling.

IML may expand or reduce its business, and this may involve the sale and/or transfer of control on all or part of the business. Any personal data that you have provided will, where it is relevant to any part of the new business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use that data only for the same purposes for which it was originally collected by IML. In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.

Disclosure of personal information

IML does not routinely disclose personal information to other organisations unless:

disclosure of personal information is required by law;
use or disclosure of personal information is permitted by this Notice;
disclosure of personal information is necessary to protect the rights, property, or personal safety of any member of the public or a customer of IML, or the interests of IML;
the situation arises where some or all of the assets or operations of IML are or may be transferred to another party as part of the sale of some or all of IML’s business; or
an individual from whom IML collected personal information gives his or her consent to disclose it to a third party(ies).

IML reserves the right to share non-personal, de-identified, and aggregated information for research or promotional purposes. IML does not sell or trade personal information to third parties. IML discloses personal information to third parties only in accordance with this Notice.

IML uses a range of service providers to help us maximise the quality and efficiency of its services and business operations (including IT consulting services). Such service providers, who are individuals and organisations outside of IML, will sometimes have access to personal information held by IML in the course of providing service to IML. Such service providers may include, but are not limited to, independent contractors and consultants, IT consultants, off-site security storage providers, and website hosts.

Security of personal information

Depending on the purpose for which IML has collected personal information, IML will store the personal information electronically in IML's Customer Due Diligence (“CDD”) files on the IML server located in Bermuda. Some or all of this personal information may be available to partners and authorised staff of IML for use in accordance with this Notice. Access to the CDD files is restricted to those staff members in the Compliance Department.

IML will endeavour to take all reasonable steps to keep secure any information which it holds, whether in electronic or in hard-copy format, and to keep this information accurate, relevant, and up-to-date. IML requires its employees and data processors to respect the confidentiality of any personal information held by IML. Personal information will be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. IML maintains appropriate back-up and disaster recovery solutions.

IML aims to achieve industry best practice in the security of personal information which it holds. It is IML’s Data Retention and Destruction Policy to destroy personal information once there is no longer a legal or business need to retain it.

In the event of a data breach leading to the loss or unlawful destruction or unauthorised disclosure of or access to personal information held by IML which is likely to adversely affect an individual, IML shall promptly report the breach to the Commissioner under PIPA, the Bermuda Monetary Authority, and to each affected individual.

Access to information

IML will provide access to personal information of an individual upon request by that individual, except in the limited circumstances in which it is permitted for us to withhold this information (for instance, where granting access would infringe another person's privacy).

When an individual makes a request to access his/her own personal information, IML will require that individual to provide some form of identification (such as a driver's licence or passport) so IML can verify that the personal information being requested is that of the requester. If at any time an individual wants to know what personal information IML holds about him/her, such request may be made in writing or by email.

An individual has the right to withdraw their consent to IML using their personal data at any time, and to request that IML delete it. However, IML must also comply with applicable regulations of Bermuda and will delete such data within the law.

Corrections and concerns; deletion or destruction by request

If any individual believes that his/her personal information held by IML is incorrect or out-of-date, or if any individual has concerns about how IML is handling such personal information, such individual may contact IML, who will try to resolve those concerns.

An individual may request to have his/her information destroyed; if IML is no longer required to keep such personal information under PIPA, GDPR, AML/ATF requirements, or for legal, auditing or internal risk management reasons, IML will take the necessary steps to remove and destroy such personal information. To comply with Bermuda regulations, IML must keep specified records for period of at least five (5) years following the date on which the business relationship ends.

If IML becomes aware of any ongoing concerns or problems concerning our privacy practices, we will take these issues seriously and work to address these concerns. If any individual has any queries relating to our Privacy Notice, or has a problem or complaint, please contact IML’s Data Protection Officer (see below).

Effect of Notice

IML operates in a dynamic business environment. Over time, aspects of our business may be change as we respond to changing market conditions. This may require IML policies to reviewed and revised. IML reserves the right to change its Privacy Notice at any time and if such changes are material changes, IML shall post an updated version of the Notice on its website.

This Notice will be reviewed annually by the Board of Directors of IML.

Contact Information of Data Protection Officer

IML Data Protection Officer:

Adrienne Hintz

Independent Management Ltd.
PO Box HM 2087
Hamilton HM HX
Bermuda

Innovation House, 3rd Floor
46 Reid Street
Hamilton HM 12
Bermuda
441-295-2144

ahintz@iml.bm

Approved by the Board of Directors on September 22, 2023