Sign in

GDPR and Privacy Notice

Kenforth’s GDPR and Privacy Policy.

Reviewed 01/01/2025

This website is intended for information purposes only. Whilst every effort has been made to ensure the accuracy of the information provided, past performance is not necessarily a guide to the future.

This Privacy Notice (“Notice”) explains how the entities within the Kenforth Life Insurance Limited, a company registered, resident and regulated in The Commonwealth of The Bahamas (“Kenforth”) collects, uses, discloses and retains your personal data (including personal data that you provide to us about other persons) (together, “Personal Data”).  It also explains your privacy rights and how you can exercise them.

In this Notice, “Kenforth”, “we”, “us” and “our”, refers to all and any members of the same group as Kenforth Life Insurance Limited.

Kenforth Life Insurance Limited is the data controller of your Personal Data for the purposes of the EU General Data Protection Regulation 2016/679 (“GDPR”), the Swiss Federal Act on Data Protection (“FADP”) and The Commonwealth of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 (“CBDPA”) any other locally applicable data protection laws and regulations in respective jurisdictions of incorporation and residency.

If you have any questions regarding our processing of your Personal Data or would like to exercise your privacy rights, please email: privacy@kenforth.com.

We recommend that you print a copy of these terms for future reference. We may revise the Privacy Notice at any time by amending this page. Every time you wish to use our Website, please check these terms to ensure you understand the terms that apply at that time.

The current version of the Privacy Notice is v0.1, reviewed 01 January 2025.

Why does Kenforth hold Personal Data?

We hold Personal Data in order to meet our contractual obligations and provide our products and services as a life insurance company, for legal, anti-money laundering and regulatory purposes and to administer and manage our business and its associated relationships.

Whose Personal Data do we hold?

We hold the Personal Data of natural persons as follows:

  • Clients, directly or indirectly, of Kenforth.  Such persons will include legal policyholders, proposers and lives assured, settlors, trustees, protectors, beneficiaries, directors, officers, shareholders, controllers and beneficial owners of entities to which we provide contracts and services.
  • Persons enquiring about our services, whether or not we are or will be engaged to act.
  • Suppliers of goods and services to us and to entities to which we provide services.
  • Applicants for a role with us, interns, contractors and employees of Kenforth.

How do we collect Personal Data?

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
  • apply for our products or services;
  • request marketing to be sent to you;
  • give us feedback or contact us.
  • Automated technologies or interactions. As you interact with our Website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
  • Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
  • Technical Data from the following parties:
    • analytics providers such as Google Analytics;
    • search information providers Google based inside the EU.
  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services based inside outside the EU, or credit checking service providers.
  • Identity and Contact Data from publicly available sources such as Companies House or the Electoral Register.

What types of Personal Data do we collect?

We may collect different kinds of Personal Data, depending upon the specific relationship with you, as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes banking detail, investments, source of funds and source of wealth and information relating to your employment history, business activities and taxation status including tax, national insurance and other identification numbers
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses. 
  • Usage Data includes information about how you use our Website.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences

Cookies

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

We use the following cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our Website.

Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

Use of Personal Data

Our processing of Personal Data will include obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, copying, analysing, amending, retrieving, storing, disclosing, transferring, retaining, archiving, anonymising, erasing or destroying it.
The legal basis upon which we process Personal Data is that we have either obtained your consent to do so (the most common situation) or where it is necessary:

  • To perform our contract with you or to take steps at your request to enter into the contract.
  • For compliance with a legal obligation.
  • For the purposes of our or another party’s legitimate interests.

The purposes for which we process Personal Data (“Permitted Purposes”) are for the proper governance, management and administration of Kenforth and for the proper discharge of our responsibilities to clients, staff, suppliers and other third parties and to comply with all applicable legal, regulatory and anti-money laundering obligations.

We will not sell or transfer your Personal Data to any other person for marketing purposes.

Storage and sharing of Personal Data

We hold Personal Data in organised paper files and electronically in various document formats including in email and database form on secure servers and networked storage devices securely backed-up.

We will, at times, need to share Personal Data within Kenforth and with select third parties, such as:

Persons related to you:

Your agents, professional advisers, counterparties, beneficiaries, family members, trustees, directors, banks, investment managers etc where you ask us to, or as otherwise necessary for the Permitted Purposes.

Persons related to us:

Our agents, consultants and other professionals of Kenforth.  Suppliers and external parties who assist us with legal, administrative, financial, operational and other services and who may have access to certain of your Personal Data as part of their role. These will include, for example, insurance managers, IT and back-up service providers, banks, auditors, brokers, insurers, lawyers, accountants and tax advisers.

Our insurance management services provider, Winterbotham Insurance Management Limited, acting as data processor, based in the Bahamas, who provide regulatory and administration services.

We will also share Personal Data in situations where disclosure is required by applicable rules and laws or by any court, tribunal, law enforcement, regulatory, public or quasi-governmental authority or department with appropriate authority which includes the supervisory authorities of the Bahamas.

For customers based in the EU/EEA, many of our external third parties are based in The Bahamas or otherwise outside the EU/EEA so their processing of your personal data will involve a transfer of data outside the EU/EEA.

Whenever we transfer your personal data out of the EU/EEA, we ensure a similar degree of protection is afforded to it by ensuring that:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in EU/EEA.

We will also make disclosures of Personal Data as required to fulfil the obligations of the Kenforth under all applicable national and international tax compliance and exchange of information agreements including those relating to disclosure of controllers and beneficial owners.

If a data breach leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, your Personal Data occurs which is likely to result in a high risk of adversely affecting your rights and freedoms, we will inform you of this without undue delay.

How long will we keep Personal Data?

We will keep Personal Data in an accessible form which can identify a natural person only for as long as we need to for the Permitted Purposes.

As retention periods can vary significantly depending on the Permitted Purpose and the relevant jurisdictions and applicable regulations (for example GDPR or FADP), it is not possible for us to commit to an overall retention period for all Personal Data held by us.

As a result, we use certain categories and criteria to determine how long we keep certain of your Personal Data.  Retention periods may, for example, range from 5 years to 21 years after the termination of a business relationship depending upon the nature of the Personal Data and the applicable rules and regulations. You can contact us to request a copy of our data retention policy.

After the expiry of the retention period, we may dispose of files including associated Personal Data without further reference to you.

Your rights

You have certain privacy rights, as a data subject, in relation to your Personal Data.  Your rights include:

  • Right of access:  You can request us to provide you with a copy of the Personal Data we hold about you and to check that we are lawfully processing it..
  • Right to rectification:  You can ask us to correct any errors in your Personal Data, though we may need to verify the accuracy of the new data you provide to us..
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
  • If you want us to establish the data’s accuracy.
  • Where our use of the data is unlawful but you do not want us to erase it.
  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
  • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

To exercise your rights, please email privacy@kenforth.com.

No fee usually required

  • You will not have to pay a fee to access your personal data (or to exercise any of the other rights).
  • However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you

  • We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
  • We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You can view all your rights in relation to GDPR here and in relation to FADP here and in relation to CBDPA here.