Privacy Policy - Bermuda

This website Privacy Notice together with our Terms of Use collectively advises how and why the East End Group of companies (“the group”, “EEG”, “we”, “our”, “us”) collects, processes, and uses your personal information through your use of the group and all affiliated company websites and/or when we provide our products or services to you.

Within EEG, we are committed to protecting your personal information in accordance with applicable data protection laws, including Bermuda’s Personal Information Protection Act 2016 (“PIPA”, “the Act”), and because we care about your privacy. We recognize the trust placed in us by you to protect your personal information and wish to be transparent with you about how we collectively handle that data in our care.

Please read this Privacy Notice carefully as it also sets out circumstances in which we may disclose your personal data to others and the rights you have regarding our use and handling of that data.

Where appropriate, this Privacy Notice will be referred to when your consent is sought to the collection and processing of your personal data following PIPA’s introduction for the purposes identified herein and in other documentation you may receive. Such consent is explicitly assumed for any personal information we may have acquired of you prior to PIPA’s introduction.

In accordance with the Act, EEG has appointed a Privacy Officer of which you can avail yourself of for any matters concerning your personal information. The Privacy Officer shall be contactable through the main phone numbers of the group, and its affiliated companies, or through post or email through the addresses represented on the relevant Contact Us pages.

The types of personal data we may collect is dependent upon the nature of the relationship you have with us or the purpose for which it is collected. We endeavor to limit the amount of personal information that we may collect to only the necessary information relevant for the services we may offer to you. The following types of personal information may be collected:

• Identity Information - Name, date of birth, identification numbers
• Contact Information - Address, email address, phone number
• Financial Information - Payment details to and from you
• Transactional Information - Products and Services purchased from or provided by us
• Technical Information - IP address, browser type, device identifiers, etc. used to access the group and all affiliated company websites
• Other Information - Any other information you provide to us with your consent, through correspondence, surveys, or forms, etc.

Where you fail to provide information deemed necessary for the purpose with which it is being collected, such as for terms of contract or requirement of law, we may not be able to perform the contract we have or are trying to enter with you. In this case, there may be a need to cancel particular services or prevent particular services being provided by us to you.

We may obtain your personal information in the following ways:

• Directly from you, such as when you contact us seeking our services, or enquiring on or seeking resolution on issues with existing services we provide to you or with your account standing.
• We may use your information through cookies and similar tracking technologies when you use our group or affiliated company websites.
• From third parties, such as business partners, public databases, government agencies, or other publicly available sources and material (e.g. social media).

We mainly process your personal information for the following purposes and reasons:

• To provide and administer our products and services.
• To communicate with you, including sending service updates, completing service requests and/or marketing communications (where permitted with consent).
• To comply with legal and/or regulatory obligations.
• To improve our services and enhance user and client experiences.
• To prevent fraud and ensure security of information and data.

We may share your personal information with:

We collaborate within the group to better serve you by leveraging expertise, tools, solutions, shared efficiencies, etc.

• Third party service providers and vendors - To assist us in our operational processes and/or deliver our products and services to you.
• Government authorities, law firms or regulators - To comply with legal obligations.

If your personal information is transferred outside of Bermuda with third party recipients in countries whose data protection laws may not always offer the same level of protection, we will ensure adequate safeguards are in place, such as standard contractual clauses and/or other approved mechanisms to seek commitments and assurances.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal and regulatory obligations.

Under certain conditions you may have the right to require us to:

• Provide you with access to personal information that we have collected on you.
• Correct/complete inaccurate/incomplete data that we have collected on you.
• Delete/erase your personal information under certain conditions, where we do not have any legal or regulatory obligation to continue to hold the information.
• Stop processing using your personal information based on legitimate reasons. We may not, as a consequence, be able to continue to provide certain products or services.
• Transfer your data to another entity in a structured, machine-readable format where technically feasible.
• Consider a complaint that you may have with our handling of your personal information.
• Seek clarity/guidance on our Privacy Notice.

“Cookies” are small text files stored on your computer by websites that you visit. They are used to remember your device, settings, preferences, activity, etc. with a view to improve your web browsing experience and provide useful information to the website owners on your use of the website.

We do use cookies as part of basic functioning on some of the group’s websites but not to capture and analyse statistical information of your visits. Should this change, we would endeavor to notify and provide you with consent options as to what cookie information is acceptable by you to be captured and used.

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of your personal information that we process. We consider the risks of accidental exposure, destruction, loss, alteration, misuse, and seek to protect against unauthorized access, transfer, or disclosure of your personal information.

However, it is not possible to guarantee complete information security, nor can we guarantee that information you supply by electronic means won’t be intercepted while being transferred over the public internet.

We are not responsible for the circumvention of any privacy settings or security measures employed on our group and affiliate company websites.

In the event of a data breach, we act in accordance with all applicable data protection laws and governing security incident management and reporting standards.

We may update this Privacy Notice periodically, the last effective date of which shall be clearly represented at the top of this notice.