Privacy Notice

Scope

The privacy notice explains how Knighthead Annuity & Life Assurance Company (“Knighthead”) collects, uses, discloses, retains and secures personal data as part of its business practices. The policy clearly articulates the legal justifications for the processing of personal data and also lists individual data subject rights under the Cayman Islands’ Data Protection Act (as amended) (“DPA”).

Overview
Knighthead respects the individual’s privacy, and they are entitled to have their personal data processed in accordance with the DPA. The key principles Knighthead applies when processing personal data are as follows:

  • Lawfulness: Knighthead will only collect personal data in a fair, lawful and transparent manner.
  • Data minimization: Knighthead will limit the collection of personal data to what is directly relevant and necessary for the services provided.
  • Purpose limitation: Knighthead will only collect personal data for specified, explicit and legitimate purposes.
  • Accuracy: Knighthead will keep personal data accurate and up to date while there continues to be a customer relationship, and in certain circumstances, after that relationship has ended.
  • Data security and protection: Knighthead will implement technical and organizational measures to ensure an appropriate level of data security and protection considering the sensitivity of the personal data. Such measures provide for the prevention of any unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to that data.
  • Access and rectification: Knighthead will process personal data in line with customers’ legal rights.
  • Retention limitation: Knighthead will retain personal data in a manner consistent with the applicable DPA and DPA Regulations and no longer than is necessary for the purposes for which it has been collected in accordance with its retention policy.
  • Protection for international transfers: Knighthead will ensure that if personal data is transferred outside the Cayman Islands, it is adequately protected.

What personal data does Knighthead collect?

Knighthead collects various personal data which may include the following (this list is not exhaustive):

  • name and address
  • date of birth
  • telephone number
  • email address
  • copy of passport photo/biographical data page
  • financial information including a method of payment such as check or wire transfer to Knighthead

    • How does Knighthead use the personal data it collects?

    Knighthead may use personal data to (this list is not exhaustive):

    • write personal annuity and assurance policies
    • respond to individuals or regulatory inquiries or reporting obligations
    • manage the individual’s relationship
    • send invoices and collect payment for goods or services rendered
    • conduct promotional activities
    • market goods and services
    • handle complaints
    • prevent fraud, tax evasion, money laundering or other criminal activity

    When does Knighthead disclose personal data?

    Knighthead may disclose personal data in the following circumstances (this list is not exhaustive):

    • if Knighthead uses a third-party service provider for IT application manager, marketing, marketing research or client relationship management
    • if a data subject requests that personal data be disclosed to a third party
    • to a third parties that Knighthead partners with for annuity and assurance claims
    • if there is a legal or regulatory request, obligation or criminal investigation
    • if it is required to seek legal advice from Knighthead legal counsel
    • any other circumstance where it may be required by law

    International transfer of personal data

    Personal data is stored in the Cayman Islands unless it is transferred to another country for contractual purposes. If at any time Knighthead transfers personal data outside the Cayman Islands, it will ensure that there are adequate safeguards for the rights and freedoms of data subjects as required by the DPA unless a customer has consented to the transfer or it is necessary for the performance of the annuity and assurance contract.

    The legal basis for processing personal data

    The DPA protection sets out some different reasons for which a company may process personal data, and Knighthead does so under the following legal conditions:

    • Consent
      • In specific situations, Knighthead can collect and process personal data with the individuals consent.
      • For example, if the individual consents to Knighthead sharing their information with another annuity and assurance company.
    • Contractual obligations
      • In certain circumstances, Knighthead will need to process certain personal data to comply with contractual obligations.
      • For example, to meet the servicing requirements of the annuity and assurance contract and policies.
    • Legal compliance
      • Knighthead may need process personal data in order to comply with legal obligations it is subject to.
      • For example, Knighthead may be required to pass on details of people if suspected may be involved in fraud or other criminal activity to law enforcement.
    • Legitimate interest
      • In specific situations, Knighthead requires personal data to pursue its legitimate interests in a way which might reasonably be expected as part of running its businesses and which does not materially impact an individual’s rights, freedom or interests.
      • For example, the person needs to make a claim against an annuity and assurance policy and the evaluator’s needs to collect personal information to process the claim.

    How long does Knighthead retain personal data?

    Knighthead retains personal data for as long as a customer relationship exists, and the personal data is necessary to manage that relationship. When there is no longer a customer relationship, Knighthead will retain certain types of personal data for varying periods depending on legal requirements and business needs. Personal data that is no longer needed will be destroyed. Knighthead will always hold personal data for the least amount of time necessary in accordance with its retention policy..

    How does Knighthead secure personal data?

    Knighthead employs appropriate technical and organizational measures to protect against unauthorized processing, accidental loss or destruction of, or damage to, personal data in accordance with its Information Technology policies.

    What rights do individuals have in respect to personal data?

    Individuals have a right to be informed how personal data is processed and this privacy notice has been prepared to address Knighthead’s obligation in that respect.

    Individuals have a right to request access to their personal data, the right to request rectification/correction of personal data, the right to request that processing of personal data be stopped or restricted and the right to require Knighthead to cease processing personal data for direct marketing purposes.

    If you feel that your personal data has not been handled correctly, or you are not satisfied with Knighthead’s responses to any requests you have made regarding the use of your personal data, you have the right to complain to the Cayman Islands’ Ombudsman. The Ombudsman can be contacted by calling: 1-345-946-6283 or by email at info@ombudsman.ky.

    You may contact Knighthead at info@knightheadannuity.com or 345-746-0300, if you have any questions.