1. Introduction

Bermax Specialty Underwriters (“Bermax”, “we”, “us”, or “our”) is committed to protecting the privacy and confidentiality of personal data entrusted to us.
This Privacy Policy explains how we collect, use, disclose, and protect personal information when providing our insurance underwriting, claims management, advisory, and support services.

We operate in compliance with applicable laws, including the DIFC Data Protection Law No. 5 of 2020, GDPR, and other relevant privacy legislation.

2. Scope

This Policy applies to:

• Clients (policyholders, insureds, beneficiaries)

• Brokers and business partners

• Service providers and vendors

• Website visitors

• Prospective clients and applicants

It governs both online and offline collection of personal data.

3. Information We Collect

We may collect the following categories of personal information:

• Identity Information: Full name, date of birth, nationality, passport or ID number, company name, title.

• Contact Details: Address, email, phone numbers, fax numbers.

• Financial Information: Bank account details, premium payment records, tax ID numbers.

• Insurance Information: Policy numbers, claims history, underwriting data, declarations.

• Employment Information: Job titles, employment history (for commercial underwriting and liability policies).

• Technical Data: IP addresses, browser types, operating system, access logs (from website and client portal).

• Sensitive Personal Data: Health information, criminal history (only where relevant to specific coverages such as Professional Indemnity or Employers’ Liability).

4. How We Collect Information

We collect data directly and indirectly through:

• Insurance application forms

• Broker submissions

• Claims forms and adjuster reports

• Online interactions (website forms, cookies)

• Regulatory and third-party databases (with appropriate lawful bases)

5. How We Use Information

We process personal information to:

• Underwrite Insurance Products: Risk assessment, policy issuance, renewals.

• Administer Claims: Verification, settlement, defense management.

• Compliance and Regulatory Obligations: Anti-money laundering (AML), sanctions screening, regulatory reporting.

• Customer Support and Communications: Policy servicing, responding to queries.

• Marketing (With Consent): Providing information about products, services, and insights.

• Website and Portal Management: Site analytics, cybersecurity safeguards.

All processing is based on lawful grounds such as contract performance, legitimate interests, compliance with legal obligations, or explicit consent.

6. Disclosure of Personal Information

We may share personal information with:

• Insurance carriers, reinsurers, and brokers

• Claims adjusters, loss assessors, legal counsel

• Regulatory bodies (e.g., DFSA, Financial Conduct Authority, GDPR Supervisory Authorities)

• IT service providers and secure cloud storage vendors

• Auditors and professional advisors

All disclosures are subject to appropriate confidentiality obligations.

We do not sell or rent personal information to third parties.

7. International Data Transfers

As a global business, personal data may be transferred to and stored in countries outside the UAE, EEA, or the country of origin.
When transferring data internationally, we implement adequate safeguards such as:

• Standard Contractual Clauses (SCCs)

• Binding Corporate Rules (BCRs)

• Adequacy decisions recognized by regulatory authorities

8. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described above, including legal, regulatory, tax, accounting, or reporting requirements.
Typically:

• Policy and underwriting data: retained for 7–10 years after policy expiration.

• Claims data: retained for at least 10 years post-closure.

We securely delete or anonymize information when no longer needed.

9. Your Rights

You have the following rights under applicable data protection laws:

• Access your personal data

• Correct or update inaccuracies

• Request deletion (“Right to be Forgotten”)

• Object to processing or direct marketing

• Restrict processing under certain circumstances

• Data portability (where applicable)

• Lodge a complaint with a supervisory authority (e.g., DIFC Commissioner of Data Protection)

To exercise these rights, contact: info@bermaxspecialty.com

10. Data Security

We implement robust technical and organizational measures to safeguard personal data, including:

• Encryption (at rest and in transit)

• Role-based access controls

• Intrusion detection systems

• Regular penetration testing

• Staff training on data protection and information security

11. Cookies and Tracking

We use cookies and similar technologies to enhance website functionality and analyze traffic.
You can manage cookie preferences through browser settings or via our cookie consent manager.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in regulations, technology, or our practices.
Updates will be posted on our website with the “Effective Date” clearly indicated.