1. Introduction
Welcome to Nayms. We are a crypto-compatible marketplace for insurance capitalisation and risk transfer. We provide the technical and regulatory infrastructure through which other insurance market participants come together to conduct crypto-native insurance.
We are licensed in Bermuda for all activity within our marketplace. Our holding company is in the United Kingdom.
Please read this privacy policy carefully as it contains important information on why we collect, store, use and share your personal information. It also explains your rights in relation to your personal information and how to contact us in the event you have a complaint.
We may not be the party who initially collected your personal information—please see Section 4. How your personal information is collected below for more information about how you can identify who initially collected your personal information.
If you provide personal information to us regarding other individuals, you agree: (a) to inform the individual about the content of this privacy policy; and (b) to obtain any legally-required consent for use of personal information about the individual in accordance with this privacy policy.
2. Key terms
Personal information | means any information relating to an identified or identifiable individual |
We, us, our | means: Nayms SAC Ltd, Crawford House, 50 Cedar Avenue, Hamilton HM11 Bermuda, and Nayms Limited, Arquen House, 4-6 Spicer Street, St. Albans, Hertfordshire, England AL3 4PQ |
You, your | means the individual to whom the personal information relates. |
3. Personal information we collect about you
The personal information we collect about you depends on the particular services we provide to you or which otherwise concern you. We may collect and use the following personal information about you:
General data | includes your name, date of birth, marital status, country of residence/citizenship and your relationships to other people |
Contact data | includes your address, telephone number and e-mail address |
Identification data | includes government issued identification numbers e.g. your national insurance number, passport number, driving licence number and other identifiers |
Policy data | includes information about insurance quotations, policies and claims and any other information relevant to an insurance policy, including claims history |
Claims data | includes information about the claim collected from you and relevant third parties |
Fraud and sanctions related data | includes information obtained as a result of our investigations, e.g. carrying out checks of publicly available sources and information obtained from checks of fraud databases and sanctions lists such as relationships/close associations with politically exposed persons |
Education and employment-related data | includes your education, vocational and professional qualifications, employment status, job title, employment and educational history, disciplinary/grievance history and investigations into professional conduct and compliance with professional standards |
Financial data | includes credit and payment card numbers, bank or crypto asset account details, payment information, tax information, details of income and assets including digital assets |
Credit assessment data | includes information received from credit agencies |
Authentication data | includes account log-in information, passwords and memorable data for accessing our services |
Telephone recordings and online chat transcripts | includes information obtained during recordings of telephone calls or online chats with our representatives |
Marketing and communication preferences, promotion entries and customer feedback | includes marketing and communication preferences, information relating to promotions, responses to surveys, complaints and details of your customer experience |
Device data | includes mobile device number, device type, operating system, browser, MAC address, IP address, location and account activity obtained through our use of cookies |
Special category personal information | includes details of existing and previous physical or mental health conditions, health status, test results, medical diagnosis and treatment |
Criminal data | includes details of criminal convictions |
We collect and use this personal information for the purposes described in Section 5. How and why we use your personal information below. If you do not provide personal information we ask for, it may delay or prevent us from providing services to you or which otherwise concern you.
4. How your personal information is collected
We collect personal information directly from you—in person, by email and/or via our website and platforms. However, we may also collect information from:
- insurance brokers or one of our business partners where an insurance policy has been distributed through one of these third parties;
- third parties who provide you with services relating to an insurance policy;
- third parties who provide us, or a third party relevant to an insurance policy or claim, with services e.g. loss adjusters, claims handlers, legal advisers and experts;
- third parties involved in a policy or claim, e.g. other insurers, brokers, claimants, defendants and witnesses to an incident;
- employees of the policyholder;
- credit reference agencies;
- financial crime or fraud agencies, databases and sanctions lists;
- government agencies and regulatory bodies including the police and the courts;
- regulators who regulate how we operate including the Bermuda Monetary Authority and Bermuda Privacy Commissioner;
- third parties who provide us with details of individuals who have expressed an interest in hearing about insurance products;
- third parties that help us maintain the accuracy of our data e.g. payment card providers who provide us with updated payment card details;
- other third party suppliers including actuaries, auditors and other professional service firms and sanctions checking service providers;
- data suppliers;
- publicly available sources including internet searches, news articles, online marketplaces and social media sites, apps and networks;
- providers of marketing and advertising services; and
- third parties in connection with any acquisition of a business by us.
You can find out the identity of the party who initially collected your personal information in the following ways:
- where another organisation took out an insurance policy for your benefit: you should contact the organisation that took out the insurance policy who should provide you with details of the insurer or intermediary to whom they provided your personal information and you should contact their data protection officer who can advise you on the identities of other organisations to whom they have passed your personal information;
- where you took out the insurance policy: the insurer and, if purchased through an intermediary, the intermediary will be the party who initially collected your personal information and their data protection officer can advise you on the identities of other organisations to whom they have passed your personal information;
- where you are not a policyholder: you should contact the organisation that collected your personal information who should provide you with details of the relevant organisation’s data protection officer.
5. How and why we use your personal information
Under data protection law we can only use your personal information if we have a lawful basis, including:
- to comply with our legal and regulatory obligations;
- for the performance of a contract with you or to take steps at your request before entering into a contract;
- for our legitimate interests or those of a third party; or
- where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your personal information, so long as this is not overridden by your own rights and interests.
The table below explains what we use your personal information for and why.
What we use your personal information for | Our reasons and lawful basis |
---|
Communicating with you and others | To perform our contract with you or to take steps at your request before entering into a contract For our legitimate interests Compliance with a legal/regulatory obligation |
Providing services to you | To perform our contract with you or to take steps at your request before entering into a contract For our legitimate interests |
Evaluating insurance applications or renewals or to provide a quote | To take steps at your request before entering into a contract For our legitimate interests |
Provision and administration of a policy including taking payment | To perform our contract with you or to take steps at your request before entering into a contract For our legitimate interests Compliance with a legal/regulatory obligation |
Managing third party relationships e.g. brokers | To perform our contract with you or to take steps at your request before entering into a contract For our legitimate interests |
Claims assessment and management of claims | To perform our contract with you For our legitimate interests Compliance with a legal/regulatory obligation |
Preventing and detecting fraud against you or us | For our legitimate interest Compliance with a legal/regulatory obligation |
Conducting checks to identify our customers and verify their identity Screening for financial and other sanctions or embargoes Other activities necessary to comply with legal and regulatory obligations that apply to our business | For our legitimate interests Compliance with a legal/regulatory obligation |
To enforce legal rights or defend or undertake legal proceedings | Depending on the circumstances:to comply with our legal and regulatory obligations;in other cases, for our legitimate interests, i.e. to protect our business, interests and rights |
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies | Compliance with a legal/regulatory obligation |
Ensuring business policies are adhered to, e.g. policies covering security | For our legitimate interests, i.e. to make sure we are following our own internal procedures so we can deliver the best service |
Operational reasons, such as improving efficiency, training and quality control | For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service |
Ensuring the confidentiality of commercially sensitive information | Depending on the circumstances:for our legitimate interests, i.e. to protect trade secrets and other commercially valuable information;to comply with our legal and regulatory obligations |
Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, service performance or other efficiency measures | For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service |
Preventing unauthorised access and modifications to systems | Depending on the circumstances:for our legitimate interests, i.e. to prevent and detect criminal activity that could be damaging for you and/or us;to comply with our legal and regulatory obligations |
Protecting the security of systems and data used to provide the services | To comply with our legal and regulatory obligations. We may also use your personal information to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, i.e. to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us |
Updating and enhancing customer records | Depending on the circumstances:to perform our contract with you or to take steps at your request before entering into a contract;to comply with our legal and regulatory obligations;for our legitimate interests, e.g. making sure that we can keep in touch with our customers about our services |
Statutory returns | Compliance with a legal/regulatory obligation |
Ensuring safe working practices, staff administration and assessments | Depending on the circumstances:to comply with our legal and regulatory obligations;for our legitimate interests, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you |
Marketing our services and those of selected third parties to:existing and former customers; third parties who have previously expressed an interest in our services;third parties with whom we have had no previous dealings | For our legitimate interests, i.e. to promote our business to existing and former customers |
To share your personal information with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency. In such cases information will be anonymised where possible and only shared where necessary | Depending on the circumstances:to comply with our legal and regulatory obligations;in other cases, for our legitimate interests, i.e. to protect, realise or grow the value in our business and assets |
6. How and why we use your personal information—special category personal information
In order to provide insurance cover and deal with insurance claims, in certain circumstances we may need to process special categories of personal information, such as health data.
Your consent for this processing of special categories of personal information may be necessary. You may withdraw your consent to such processing at any time. However, if you withdraw your consent this may impact our ability to provide insurance or pay claims.
7. Whom we share your personal information with
In connection with Section 5. How and why we use your personal information above we will sometimes share your personal information with third parties including:
- insurance brokers and business partners who help us arrange, manage and underwrite insurance policies and who provide insurance services;
- other insurers;
- our insurers or reinsurers (either directly or through insurance brokers), who provide (re)insurance services to us and each other in respect of risks underwritten by us;
- the policyholder, where you are covered under an insurance policy held by a third party;
- third parties who provide you with services relating to a policy;
- third parties who provide us, or a third party insurer relevant to the policy or claim, with services, e.g. loss adjusters, claims handlers and experts;
- legal advisers, accountants, auditors, financial institutions and professional service firms who act on our or your behalf, or who represent a third-party claimant;
- data analysts and providers of data services who support us with developing our services and measuring the effectiveness of marketing;
- third parties that help us maintain the accuracy of our data;
- financial crime detection agencies, sanctions checking providers and third parties who maintain fraud detection databases or provide assistance with investigation in cases of suspected fraud;
- regulators who regulate how we operate, including the Bermuda Monetary Authority and Bermuda Privacy Commissioner;
- government agencies and regulatory bodies including the police;
- credit reference agencies;
- service providers, including those who help operate our IT and back office systems, underwriting and claims processes and our information security controls, and card payment processors;
- research agencies and providers of market research services, including customer feedback surveys;
- providers of marketing and advertising services, including delivering and administering marketing, ensuring you receive marketing content that’s relevant to you and in accordance with your preferences and analysing marketing campaigns. These may include media agencies, fulfilment partners, social media and other online platforms and advertising technology companies. You can find further information about this in Section 10. Marketing below;
- third parties in connection with any sale, transfer or disposal of our business.
If you would like more information about whom we share our data with and why, please contact us (see Section 17. How to contact us below).
8. Where your personal information is held
Personal information may be held at our offices and those of our third party agencies, service providers and representatives as described above in Section 7. Whom we share your personal information with.
Some of these third parties may be based outside of Bermuda or the UK. For more information, including on how we safeguard your personal information when this happens, see below – Section 11. Transferring your personal information internationally.
9. How long your personal information will be kept
We will not keep your personal information for longer than we need it for the purposes explained in this privacy policy.
We also keep records—which may include personal information—to meet legal, regulatory, tax or accounting needs. For example, we are required to retain an accurate record of your dealings with us so we can respond to any complaints or challenges you or others might raise later. We will also retain files if we reasonably believe there is a prospect of litigation. The specific retention period for your personal information will depend on your relationship with us and the reasons we hold your personal information.
If you would like more information about data retention, please contact us (see Section 17. How to contact us below).
10. Marketing
We will use your personal information to send you updates about our services, including exclusive offers, promotions or new services.
We have a legitimate interest in using your personal information for marketing purposes (see Section 5. How and why we use your personal information above). This means we do not usually need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.
You have the right to opt out of receiving marketing communications at any time by:
- contacting us (see Section 17. How to contact us below); or
- using the ‘unsubscribe’ link in emails.
We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
11. Transferring your personal information internationally
Countries have different data protection laws, some of which may provide lower levels of protection of privacy than the country in which you reside.
It is sometimes necessary for us to transfer your personal information internationally. In those cases we will comply with applicable laws designed to ensure the privacy of your personal information.
This might include transfers to countries that are recognised to provide adequate levels of data protection for your personal information or putting appropriate contractual obligations in place with the party to whom we are sending information.
12. Your rights
You have the following rights, which you can exercise free of charge:
Access | The right to be provided with a copy of your personal information |
Rectification | The right to require us to correct any mistakes in your personal information |
Erasure | The right to require us to delete your personal information in certain situations |
Restriction of processing | The right to require us to restrict processing of your personal information in certain circumstances, e.g. if you contest the accuracy of the data |
Data portability | The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations |
To object | The right to object:at any time to your personal information being processed for direct marketing (including profiling);in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims |
Not to be subject to automated individual decision making | The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. This right does not apply if the decision is:necessary for the purposes of a contract between us and you;authorised by law (e.g. to prevent fraud); orbased on your explicit consent. You do however have a right to request human intervention, express your view and challenge the decision. |
The right to withdraw consent | If you have provided us with a consent to use your personal information you have a right to withdraw that consent easily at any time. Withdrawing a consent will not affect the lawfulness of our use of your personal information in reliance on that consent before it was withdrawn. |
We may not always be able to do what you have asked. This is because your rights will not always apply, e.g. if it would impact the duty of confidentiality we owe to others, or if the law allows us to deal with your personal information in a different way. We will always explain to you how we are dealing with your request. In some circumstances (such as the right to erasure or withdrawal of consent), exercising a right might mean that we can no longer provide our services to you.
If you would like to exercise any of the rights set out above, please contact us (see Section 17. How to contact us below).
13. Keeping your personal information secure
We have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your personal information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
14. Cookies
We use cookies and similar tracking technologies to track the activity on our website and platforms.
Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyse our services.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some of our services.
Examples of cookies we use include:
- session cookies: we use session cookies in the operation of our services;
- preference cookies: we use preference cookies to remember your preferences and various settings;
- security cookies: we use security cookies for security purposes;
- advertising cookies: we use advertising cookies to provide advertisements that may be relevant to you and your interests.
15. How to complain
Please contact us if you have any queries or concerns about our use of your personal information (see Section 17. How to contact us below). We hope we will be able to resolve any issues you may have.
You may also have a right to lodge a complaint with:
- in respect of Nayms SAC Ltd, the Privacy Commissioner for Bermuda; and
- in respect of Nayms Limited, the UK Information Commissioner’s Office.
16. Changes to this privacy policy
This privacy policy was last updated on 3rd February 2023.
We may change this privacy policy from time to time and so please check our website for the current version.
17. How to contact us
Our Data Protection Officer is Matthew Wixon. If you have any questions about this privacy policy, the information we hold about you, to exercise a right under data protection law or to make a complaint, you can contact us and/or our Data Protection Officer by email at privacy@nayms.com.