Privacy Policy

This Privacy Policy was last modified in February 2025, and should be read together with the Terms and Conditions of Use.

PLEASE READ THIS PRIVACY POLICY (THE “POLICY”) CAREFULLY AS IT CONTAINS IMPORTANT INFORMATION ABOUT HOW WE HANDLE PERSONAL INFORMATION, IN ACCORDANCE WITH APPLICABLE DATA PROTECTION LAWS. 

This Policy is provided by Argus Group Holdings Limited (“Argus Holdings”). Argus Holdings, together with its parent company BF&M Limited, and its subsidiaries and affiliates are referred to herein as “the Group”, “we”, “us”, or “our”.

This Policy details the treatment of your Personal Information by the Group through your use of the Argus Websites (the term "Argus Websites" refers to all web sites relating to the Group, as well as to the content on them) and/or when we provide our products or services to you. 

Please note that certain details of this Policy may depend on whether you deal with us through a professional advisor, directly as an individual, or whether the Group provides group services to your employer or plan sponsor.

This Policy applies to the following companies currently within the Group:

ARGUS GROUP HOLDINGS LIMITED;

ARGUS INSURANCE COMPANY LIMITED;

ARGUS INSURANCE COMPANY (EUROPE) LIMITED;

ARGUS INVESTMENT STRATEGIES FUND LIMITED:

ARGUS MANAGEMENT SERVICES LIMITED;

ARGUS WEALTH MANAGEMENT LIMITED;

CENTURION INSURANCE SERVICES LIMITED;

BERMUDA LIFE INSURANCE COMPANY LIMITED;

ONE TEAM HEALTH INC.;

ISLAND HEALTH SERVICES AND FAMILY PRACTICE GROUP; and

Other entities within the Group, including those with their own privacy policies, may process Personal Information on behalf of Argus Holdings or its subsidiaries when acting as a service provider. In such cases, they will process Personal Information in accordance with applicable data protection laws and their respective privacy policies. However, when processing Personal Information on behalf of the Group, they will do so in a manner consistent with this Policy. 

REGULATION AND PRIVACY

The protection of your privacy and the confidentiality of your Personal Information are of paramount concern to the Group. Information submitted through the Argus Websites or otherwise collected through the provision of our products or services may be stored or processed outside the jurisdiction in which you hold your product or are a customer. This may include jurisdictions such as Bermuda, the Cayman Islands, Canada, Gibraltar, Malta, the United Kingdom, the United States, or other locations where the Group or its service providers operate.

Information is stored and processed in accordance with the applicable laws of the jurisdiction in which it is held. These applicable laws may include:

• Bermuda: Personal Information Protection Act 2016 (PIPA)
• Gibraltar: Data Protection Act 2004 (supplementing Gibraltar GDPR)
• Malta: Data Protection Act 2018 (Chapter 586)
• Canada: Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws
• Cayman Islands: Data Protection Act (2021 Revision)
• Other jurisdictions: Subject to the laws of the location where information is stored

Additionally, where required, all processing of personal data within members of the Group is conducted in accordance with the EU General Data Protection Regulation 2016 (GDPR), including compliance with cross-border transfer rules.

THE DATA PROTECTION OFFICER

The Group has appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Policy and other queries or issues relating to the Personal Information held by the Group.

If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

COLLECTION OF INFORMATION

The types of Personal Information we collect depend on the nature of your relationship with us. At a high level, if you engage with us for insurance, financial, or investment services, we may collect information as outlined below, including but not limited to:

• General Personal Data – Name, address, date of birth, contact details, identification documents, and employment information.
• Policy & Account Data – Insurance policy details, transaction history, and claims records.
• Financial & Investment Data (for financial services customers) – Investment portfolio details, risk assessments, tax residency information, custodian account details, and financial suitability data.
• Regulatory & Compliance Data – Data collected under Know Your Customer (KYC), Anti-Money Laundering (AML), and tax reporting regulations (e.g., FATCA, CRS).

The Group may also collect public and non-public Personal Information about you from many sources, including any of the following sources:

• You or your representative on written applications or forms (for example, name, address, social insurance number, birth date, assets and income);
• You or your employer or plan sponsor if the Group provides them with certain services (for example, pensions, group life or group health);
• Transactional activity in your account (for example, trading history and balances);
• Other interactions with the Group (for example, discussions with our customer service staff);
• Information from other third-party data services (for example, to verify your identity and to better understand your product and service needs);
• You or your representative regarding your preferences (for example, your choice of electronic statement delivery, or the screen layout you specify if you use on certain Argus Web sites); or
• Other sources with your consent or with the consent of your representative (for example, from other institutions if you transfer into the Group).

Personal Data does not include data where the identity has been removed (anonymous data).

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your Personal Data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Policy.

The Group also collects non-specific visitor information. When you visit the Argus Websites, the Group may collect usage information to help understand how the website is navigated and used, such as computer browser type, Internet protocol address (IP address), pages visited, and average time spent on the Argus Websites. This data does not include any Personal Information about you and is used only to measure and improve the effectiveness of the website or to perhaps alert you to software compatibility issues.

The Group may use third-party service providers to help us analyze certain online activities, and may permit these service providers to use cookies and other technologies, such as web beacons or pixel tags, to perform these services for the Group. The Group does not control these third-party service providers and are not responsible for their privacy statements. When you leave the Argus Websites, the Group encourages you to read the privacy policy of every website you visit. The Group does not share Personal Information about our customers with these third-party service providers, and these service providers do not collect such information on behalf of the Group.

USE OF INFORMATION

The information you provide may be used:

• lawfully, fairly and in a transparent way;
• collected only for specified and legitimate purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
• adequate, relevant and limited to what is necessary in relation to the purposes we have told you about;
• accurate and kept up to date;
• not kept in a form which permits your identification for longer than necessary and kept only as long as necessary for the purposes we have told you about;
• kept secure.

We set out in the table below the purposes for which we might use your Personal Data:

FAILING TO PROVIDE PERSONAL INFORMATION

You do not have to provide any of this information but if you don’t, you may not be able to use our site or all of the products or services we offer, and you are unlikely to receive an optimal customer service experience.

We may also anonymize and aggregate Personal Information (so that it does not identify you) and use it for purposes including testing out IT systems, research, data analysis, improving our site and app, and developing new products and services.

YOUR DUTY TO INFORM THE ARGUS GROUP OF CHANGES

It is important that the Personal Information that the Group (or the relevant Group subsidiary or affiliate) holds about you is accurate and current. Please keep us informed if your Personal Information changes during your working relationship with the Group.

SHARING OF YOUR INFORMATION

The Group may share Personal Information about you with various including both internal and external service providers which perform, for example, printing, mailing, data processing and digital services. Where required, the Group ensures that all companies in the Group have adequate and appropriate safeguards in order to protect that Personal Information.

The Group may share overall visitor trends and other generic information collected on this website with third-parties but we do not pass on any personal details or personally identifiable information without your specific consent. The Group does not sell, trade or rent Personal Information to any unaffiliated third-party without your prior consent.

We may share Personal Information with the following entities:

• Unaffiliated service providers (for example, printing and mailing companies, securities clearinghouses, digital platforms and marketing service providers) who provide services at the direction of the Group;
• Government agencies, other regulatory bodies and law enforcement officials (for example, for reporting suspicious transactions or for tax purposes if relevant, the respective financial services regulator, the Financial Services Compensation Scheme); or   
• Other organizations, with your consent or as directed by your representative (for example, if you use the Group as a financial reference in applying for credit with another institution), or as permitted or required by law (for example, for fraud prevention).

Our service providers are obligated to keep the Personal Information we share with them confidential and use it only to provide services specified by the Group - although it should be noted that, ultimately, the Group monitors, but does not have control over these service providers.

Based on the nature of your relationship with the Group, we may exchange information with other third-parties as described below:

• If the Group provides services to your employer or plan sponsor, such as pensions, group life or group health, the Group may exchange any information received in connection with such services with your employer or plan sponsor or others they may authorize; or
• If you conduct business with the Group through your professional advisor or personal representative, we may exchange information we collect with your professional advisor or personal representative or with others they may authorize.
• Other insurance market participants, such as insurers, reinsurers and other intermediaries

For greater certainty, the Group may share Personal Information among its subsidiaries and affiliates as necessary to fulfill the purposes set out in this Policy. This may include, but is not limited to:

• Providing customer support and account management across Group entities;
• Managing risks, compliance, and regulatory reporting within the Group;
• Other insurance market participants, such as insurers, reinsurers and other intermediariesConsolidating services or administrative processes to enhance operational efficiency;
• Offering products or services that may be relevant to your needs, subject to applicable marketing consent requirements.

Any such sharing will be conducted in compliance with applicable data protection laws and regulatory requirements. Where required, appropriate safeguards will be in place to protect your Personal Information and ensure its confidentiality and security.

MARKETING AND OPTING OUT

The Group currently engages in direct marketing to its members to make suggestions and recommendations about products or services or events that may be of interest to you and to provide industry insight. If this policy changes at a future date you will be given the opportunity to withhold or give your permission to receive such materials through an opt out or in message. You can subsequently request that the Group stop sending you marketing messages at any time by unsubscribing or contacting us at any time at privacy@bfm.bm

CHANGE OF PURPOSE

The Group will only use your personal data for the purposes for which we collected and as set out in this Policy.

If the Group needs to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

DATA RETENTION

We will retain your Personal Information only for as long as it is necessary in connection with the performance of our contractual obligations to you or if it becomes necessary or required to meet legal and regulatory requirements, resolve disputes, prevent fraud and abuse or enforce our terms and conditions.

We will keep your Personal Information while your account with us is active or until such time as you ask us to stop communications with you, unless we need to keep the information for longer.

You may obtain more information as to the retention periods or the criteria used by us to determine the retention periods by contacting us at privacy@bfm.bm

SECURITY

The Group recognizes the importance of confidentiality and uses secure servers and various other technological means to ensure the security of your Personal Information and of your online session, and to protect the Group’s systems from unauthorized access.

Please note however that no data transmission over the internet can be guaranteed to be totally secure and we cannot guarantee or warrant the security of any information which you send to us.

You may complete a registration process when you sign up to parts of the website.  This may include creation of a username, password and/or other identification information.  Any such information should be kept confidential by you and should not be disclosed to or shared with anyone.

The Group restricts access to Personal Information to those who require it to develop, support, offer and deliver products and services to you.

The Group has put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

COOKIES

Details of your visits to our websites and information are collected through cookies and other tracking technologies, including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.

The Argus Websites may use "cookies".

A cookie is a small file of letters and numbers that we store on your browser. Cookies contain information that is transferred to your computer's hard drive. This helps us track basic visitor information in order to better tailor the site to our visitors' needs. Most web browsers automatically accept cookies but you can disable this function by changing your browser settings if you so wish.

Certain strictly necessary cookies (such as those required for the sole purpose of carrying out the transmission of a communication) do not require your consent.  Other cookies, that are helpful or convenient for your navigation of our website, may require your consent.  In such cases your consent will be requested.

Our cookies do not identify you by name as an individual or by account number.  Please note, however, that if you reject cookies, your access to certain information may be restricted or you may have to re-enter information.

ONGOING APPLICATION

If you are a former customer, these policies also apply to you; the Group will treat your information with the same care as we do information about current customers.

YOUR RIGHTS

All users enjoy certain rights relating to their Personal Information that the Group commits to upholding.  The below list contains the principal rights generic across all jurisdictions but you may be entitled to other rights in your specific location.

The right to be informed: We need to be clear with you about what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties. This information must be communicated concisely and in plain language.

The right to access: You may submit subject access requests, which oblige us to provide a copy of any personal data concerning you. We have one month to produce this information, although there are exceptions for requests that are manifestly unfounded, repetitive or excessive.

The right to rectification: If you discover that the information we hold on you is inaccurate or incomplete, you may request that it be updated. As with the right to access, we have one month to do this, and the same exceptions apply.

The right to erasure: (also known as ‘the right to be forgotten’) You may request that we erase your data in certain circumstances, such as when the data is no longer necessary, the data was unlawfully processed or it no longer meets the lawful ground for which it was collected. This includes instances where you withdraw consent.  This is not an absolute right, we may be justified in keeping certain personal data in order to perform a contract with you, comply with legal obligations or in relation to the exercise or defence of legal claims.

The right to restrict processing: You may request that we limit the way we use your personal data. It’s an alternative to requesting the erasure of data, and might be used when you contest the accuracy of the personal data or when you no longer need the information but we require it to establish, exercise or defend a legal claim.

The right to data portability: You are permitted to obtain and reuse your personal data for your purposes across different services. This right only applies to personal data that you have provided to us by way of a contract or consent.

The right to object: You may object to the processing of personal data that is collected on the grounds of legitimate interests or the performance of a task in the interest/exercise of official authority. We must stop processing information unless we can demonstrate compelling legitimate grounds for the processing that overrides your interests, rights and freedoms or if the processing is for the establishment or exercise of defence of legal claims.

Rights related to automated decision making including profiling: the GDPR includes provisions for decisions made without human involvement, such as profiling, which use personal data to make calculated assumptions about you. There are strict rules about this kind of processing, and you are permitted to challenge and request a review of the processing if you believe the rules aren’t being followed.

The right to stop direct marketing messages:  You may disable direct marketing messages by pressing the unsubscribe button at the bottom of the message.  Please note that it may take a few days for your preferences to be updated in all of our systems, so you may receive messages from us while we process your request.

The right to complain to your data protection regulator: you are able to submit a complaint to the data protection regulator of each respective company about any matter concerning your personal information, using the details below.  However, we take our obligations seriously, so if you have any questions or concerns, we would encourage you to raise them with us first, so that we can try to resolve them.

ACCESS REQUESTS

Generally, you will not have to pay a fee to access the Personal Information controlled by the Group. However, the Group may refuse to comply with your request in circumstances where your request is clearly unfounded, repetitive or excessive.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests as soon as reasonably practicable and, in any event, within 30 days of receipt of the request. Where we cannot comply within 30 days we will inform you.

THE REGULATORS

CONTACT

If you have any questions concerning this Policy, wish to review your Personal Information that the Group may have stored or exercise any of your rights listed above, please contact the DPO at:

Group DPO: Daniel McMillan

Email: privacy@bfm.bm

Website: www.argus.bm

Keeping your information accurate and up to date is very important to the Group. In some jurisdictions, you may have the right to write to us in order to request that you have reasonable access to your non-public Personal Information (this includes a record of any subsequent disclosures of medical record information). If you believe the information the Group may have collected about you is inaccurate, you may request that we amend, correct or delete it. The Group will notify you of our decision, give you our reasons and the opportunity to file a concise statement of dispute with us if you do not agree. Your statement will be made a part of our file and sent to persons or organizations that received your information in the past and in the future as may be required by applicable law.

LINKS TO OTHER WEBSITES

This Policy does not cover the links within this site linking to other websites which are not controlled by us. We are not responsible for the collection or use of your Personal Information by these third-party websites, and we therefore encourage you to read the privacy statements on the other websites you visit.

CHANGES TO PRIVACY POLICY

Please note that this Policy may be reviewed and amended from time to time and without prior notice to reflect changes in our practices, current guidance or relevant laws. Any changes to the Policy will be effective upon posting of the revised policy on this website so that you are aware of the information we collect, how it is used and under what circumstances we disclose it. At the top of this page it shall be indicated when the Policy was last updated.