Privacy Policy

The legally binding and most up-to-date version of this Privacy Policy is available at: https://ensuro.co/PrivacyPolicy.pdf

1. Introduction

Ensuro Ltd. (“Ensuro”, “we”, “us”, or “our”) is committed to protecting the privacy and security of personal and institutional information entrusted to us. This Data Privacy Policy describes how Ensuro collects, uses, stores, discloses, and safeguards personal information in accordance with the Personal Information Protection Act of Bermuda (“PIPA”) on the use of your information when you use our website https://ensuro.co/ and https://app.ensuro.co/ (“Site”)

By using our platform, you agree to the collection, storage, use and disclosure of information in accordance with this Privacy Policy. Each time you use the Site the current version of this Privacy Policy will apply.

At Ensuro, our goal is to provide a safe environment for you to use on our platform. Our commitment extends to transparency, so you can feel confident and informed about how your information is handled when you access or use our platform.

2. Definitions

For the purposes of this Policy, “Personal Information” refers to any information relating to an identified or identifiable individual, including, without limitation, names, dates of birth, contact details, identification information, photographs, video footage, IP addresses, cookie identifiers, and telephone numbers. Information relating solely to organisations, companies, or public authorities does not constitute personal information.

“Sensitive Personal Information” includes information relating to an individual’s place of origin, race, colour, national or ethnic origin, sex, sexual life, health, marital or family status, disabilities, trade union membership, religious beliefs, as well as biometric or genetic information.

“Informed Consent” means explicit authorisation provided by an individual after being informed of the purposes and manner in which their personal information will be processed.

“Data Processing” means any operation performed on personal information, whether or not by automated means, including collection, recording, organisation, storage, use, disclosure, transmission, restriction, erasure, or destruction.

The “Right to Withdraw Consent” refers to the right of an individual to revoke previously granted consent for the processing of personal information, subject to any legal or regulatory obligations that require continued processing.

A “Breach of Security” means any incident resulting in the loss of, unauthorised access to, unauthorised disclosure of, alteration of, or destruction of personal information.

“Provider or service provider” means any natural or legal person who processes the data on behalf of Ensuro.

“You” means the individual accessing or using the Site, or the company, or other legal entity on behalf of which such individual is accessing or using the Site, as applicable.

3. Data protection principles

Ensuro processes personal information in a manner that is lawful, fair, and transparent. We take responsibility for complying with applicable data protection laws and for implementing appropriate safeguards to protect personal information against unauthorised or unlawful processing.

Personal information is collected only for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes. Ensuro limits the collection and use of personal information to what is necessary and proportionate to achieve its legitimate business and regulatory objectives. Reasonable steps are taken to ensure that personal information is accurate and, where necessary, kept up to date. Sensitive personal information is subject to enhanced protection measures consistent with its nature and associated risks.

4. Information we collect

In the course of onboarding, due diligence, risk assessment, and the provision of our services, Ensuro may collect personal information, sensitive personal information where legally required or permitted, institutional or corporate information, transactional and contractual information, and technical information related to the use of our platform. This may include, but is not limited to, your name, contact details, identification information, information about your institution, and details about your transactions on the Site.

Information may be collected directly from individuals or institutional representatives, or indirectly from third parties such as service providers, counterparties, public registers, and regulatory or compliance sources, where permitted by law.

5. Data processing

We use your personal information for the following purposes:

Legal and compliance: to comply with applicable legal and regulatory obligations, including those relating to insurance, financial crime prevention, and regulatory oversight.

Service provision and improvement: Personal information is also processed to provide, operate, maintain, analyse and improve Ensuro’s services and products.

Communication: To communicate with you about updates, changes to our terms, and other relevant information, and to communicate with counterparties, and regulators.

Security: To protect the integrity and security of our services and your personal information.

Audits: To conduct audits and ensure compliance with internal and external standards.

6. Accuracy, integrity, and retention of personal information

Ensuro is committed to maintaining the accuracy and integrity of personal information. Reasonable steps are taken to ensure that personal information is accurate, complete, and up to date for the purposes for which it is used. This may include periodic reviews of information obtained during onboarding and, where appropriate, consultation with individuals or reliance on reliable public sources.

Personal information is retained only for as long as necessary to fulfil the purposes for which it was collected, including compliance with legal, regulatory, accounting, and reporting requirements. Once personal information is no longer required, it is securely deleted or anonymised in accordance with Ensuro’s data retention policies. Individuals are responsible for informing Ensuro of any material changes to their personal information to keep this information updated.

7. Provision of privacy notices

Ensuro provides clear and accessible privacy notices describing the use of personal information, the purposes of processing, the individuals or third parties with whom personal information may be shared, and the means by which Ensuro can be contacted regarding data protection matters. Privacy notices are provided before or at the time personal information is collected, or as soon as reasonably practicable thereafter.

Where personal information is publicly available or disclosure is required by law or a competent authority, Ensuro is not required to provide a separate privacy notice.

8. Purpose limitation and data minimisation

Your personal information is used strictly for the purposes for which it was collected, unless further processing is permitted or required by law or additional consent has been obtained from the user. Ensuro applies data minimisation principles to ensure that personal information processed is adequate, relevant, and not excessive in relation to the intended purposes, meaning we only collect the data that is necessary to achieve our legitimate business objectives. By doing so, we reduce the risk of handling unnecessary or excessive information, thereby protecting individual privacy and maintaining compliance with data protection regulations.

9. Security measures

Ensuro implements appropriate technical, administrative, and physical safeguards designed to protect personal information against accidental or unlawful destruction, loss, unauthorised access, disclosure, or alteration. These safeguards include controlled access to facilities and systems, encryption and other technical security measures, internal policies and procedures governing access to personal information, and ongoing employee training and awareness.

10. Data breaches

In the event of a breach of security involving personal information, Ensuro follows established incident response procedures, including prompt assessment of the nature and scope of the incident, implementation of mitigation measures, and notification to affected individuals and the Office of the Privacy Commissioner for Bermuda where required by law.

11. Data transfers and disclosure to Third Parties

Ensuro may disclose personal information to third parties where necessary for the operation of its business, including service providers, professional advisors, auditors, and regulatory or legal authorities. Where personal information is transferred to third parties, Ensuro takes reasonable steps to ensure that such parties provide an adequate level of protection consistent with PIPA. Ensuro remains accountable for personal information transferred to third parties on its behalf.

12. Children’s Information

Ensuro does not knowingly provide services to minors. Where applicable, appropriate controls are implemented to prevent access by individuals who do not meet minimum age requirements under Bermuda law.

13. Individual rights

According to the PIPA regulations and general data protection standards, individuals have the right to: request access to their personal information; request the correction of inaccurate or outdated information; request the restriction of processing their personal data; request the deletion or destruction of their personal data; and withdraw previously given consent for the processing of their personal information. Please note, however, that we may need to retain certain information when we have a legal or regulatory obligation, or another lawful basis, to do so.

Ensuro will respond to such requests within a reasonable timeframe and in accordance with legal requirements. Requests must be submitted in writing and may be subject to identity verification. To do so, please contact us at [email protected]. Please be advised that this process may require verification of the requestor's identity. Once the request is sent, we will contact you shortly to provide more precise information regarding your case.

14. Changes to this policy

Ensuro may update this Data Privacy Policy from time to time to reflect changes in legal requirements or business practices. Material changes will be communicated through appropriate channels, and additional consent will be obtained where required.

15. Contact information

If you have any questions or concerns about this privacy policy or our data protection practices, you can contact us at [email protected]

16. Complaint Procedures with PrivCom Authority

If you have any complaints about how we handle your personal information, you can contact us directly. You also have the right to file a complaint with the Office of the Privacy Commissioner for Bermuda (PrivCom).

PrivCom information:

Privacy Commissioner

Email: [email protected]

Phone: 1-441-543-7748

Web page: https://www.privacy.bm/contact-us

17. Providers who receive personal information from Ensuro customers*

*The providers listed in the above table may change, and this will not affect the validity of this privacy policy.

Place:

I expressly authorise, in an informed and voluntary manner, Ensuro to process my personal data, in accordance with the purposes established in the comprehensive Privacy Policy, which was made available to me. Furthermore, I authorise Ensuro to process the personal data of all individuals for whom I have legal authority to represent and for whom I have provided information.