This Policy governs the processing of Personal Data relating to investors, cedants, brokers and service providers as well as their agents and/or representatives that conduct business with Aeolus. “Personal Data” includes any information relating to an identified or identifiable natural person, namely, someone who can be identified directly, or indirectly based on the data which has been provided to Aeolus by such parties or their approved representatives.
- Personal Data that we collect
We are likely to collect Personal Data about you when you communicate or transact business with Aeolus. You may provide this information in writing, electronically or by telephone, directly to us or alternatively, via one of our or your service providers. In particular, we may collect the following categories of Personal Data about you from different sources:
- Contact Information (including but not limited to business contact details). You or your agents or representatives, such as brokers, investment consultants or investment managers, provide this Personal Data to us during physical meetings or telephone conversations, via email or other forms of electronic communication, or through the submission of contact forms;
- Background/KYC Information (including but not limited to certain credit information). You provide this to us through subscription documentation, “Know Your Customer” (“KYC”) forms, and/or other requisite documentation completed by you or your representatives and provided to Aeolus or our third party fund administrator; and
- Financial Information. This includes your transactions and account positions with us or other financial institutions or representatives (including, for example, your own investment manager, broker or custodian).
- Purposes for which we process your Personal Data
The Personal Data you provide to us may be processed for several purposes related to Aeolus’ performance of our business services, namely those related to the management and administration of: i) investments, ii) reinsurance, retrocession or other risk transfer agreements and/or iii) services agreements. Such processing activities may include (but may not be limited to) the following:
- Confirming and verifying your identity and conducting due diligence on you as a counterparty, including credit assessment;
- Completing KYC processes, including our Anti-Money Laundering and Anti-Terrorist Financing procedures which may include the processing of on-line screening reviews;
- Processing for internal operational, statistical and general business purposes or analysis;
- Providing you with information concerning Aeolus products and services which may be related to the services and products we already provide you and may be of interest to you;
- Inviting you to attend marketing meetings, events and opportunities as part of our effort to build our business relationship with you;
- Corresponding with you generally to discuss any aspect of our business relationship;
- Complying with any of Aeolus’ global legal, regulatory or compliance requirements;
- Obtaining legal advice or establishing, exercising or defending Aeolus’ legal rights or otherwise for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings); and
- Investigating, detecting and preventing fraud and other crimes.
- Basis on which we use Personal Data
We rely on a number of legal bases to process your information in the ways described in Section II above, which include but may not be limited to the following:
- The processing is necessary to perform the contractual obligations which we have mutually agreed;
- The processing is necessary to comply with a legal obligation, court order, or to otherwise exercise or defend legal claims;
- The processing is necessary for the purposes of pursuing our legitimate interests, for example, we believe it is in our legitimate interests to ensure that our clients are fully informed as to the services and products available to them; and/or
- You have expressly consented to such processing, which you have the right to revoke.
- Information that we disclose
Generally, we will not disclose your Personal Data to third parties except in the following, limited circumstances:
- To service providers and other vendors that help us perform the processing outlined in Section II, above.
- To service providers that help us maintain, process or service your transactions or account(s) including, where applicable, our third party fund administrator, banks and/or financial institutions;
- If you request or authorize us to do so, for institutional risk control, or in other circumstances where we believe in good faith that disclosure is required or permitted under law;
- Complying with any of Aeolus’ legal, regulatory or compliance requirements, anywhere in the world; and
- To third parties to whom you expressly request or otherwise consent for us to distribute your Personal Data.
To the extent possible, we require third parties – through the use of contractual terms and conditions – to use only the information required for the services for which we hire them, and to protect the confidentiality and security of this information.
- Safeguarding your Personal Data
We maintain physical, electronic, and procedural safeguards consistent with commercially reasonable practices to protect your Personal Data. While we strive to protect your Personal Data, please be aware that no method of transmission over the internet or form of electronic storage is 100% secure. Therefore, while we will strive to protect your Personal Data, we cannot guarantee its complete security.
- International Data Transfer
Aeolus’ primary operation is located in Bermuda. As a result, your Personal Data is likely to be processed in Bermuda and possibly other jurisdictions to perform the services for which you have contracted with Aeolus, and these jurisdictions may have different privacy and data protection laws than those that apply in your home jurisdiction. Further, we may also transfer your Personal Data overseas to comply with reasonable requests under law. Regardless of the location of your Personal Data, we will continue to apply a number of safeguards to protect it.
- Retaining your Personal Data
We will retain your Personal Data for as long as necessary under applicable laws and consistent with good practice. Information that is no longer relevant to your relationship with us will be deleted in a reasonable amount of time, consistent with applicable legal requirements.
- Your rights
We understand that depending on the jurisdiction in which you are located, you may have the right to request from us access to and rectification or erasure of your Personal Data, the right to restrict processing, object to processing and (in certain circumstances) the right to data portability. Similarly, if you have provided your consent for the processing of your Personal Data, you may have the right (in certain circumstances) to withdraw that consent at any time. In cases where you request that we cease processing your Personal Data, we will comply unless we have compelling legitimate grounds to continue. Such withdrawal of your consent will not affect the lawfulness of the processing before your consent was withdrawn. Where you wish for us to cease using your Personal Data for marketing purposes, please email your instruction to firstname.lastname@example.org.If you have any concerns as to how your Personal Data is processed or wish to assert any of these rights, we ask that you please contact us at email@example.com.
We may amend the terms of this Policy from time to time. If we believe the changes are material, we will send you an email or message drawing your attention to such changes. However, we encourage you to check back regularly and review any updates to this page in any event.