Privacy Policy

1. Introduction and Scope

Guarant Reinsurance Limited ("GUARANT RE", "the Company", "we", "us", or "our"), a wholly-owned subsidiary of Amberstone Capital Group SPC (a Segregated Portfolio Company regulated by the BVI Financial Services Commission), incorporated and regulated in the Turks & Caicos Islands under the supervision of the TCI Financial Services Commission (TCIFSC), is committed to protecting the privacy and security of personal information entrusted to us by our clients, business partners, website visitors, and other individuals.

This Privacy Policy explains how we collect, use, store, disclose, and protect personal information in connection with our reinsurance, insurance, and related business activities, as well as through the use of our website at www.guarantre.com (the "Website"). The policy applies to all personal data processed by GUARANT RE, whether collected online through the Website, by email, by telephone, or through any other means in the course of our business operations.

By accessing or using our Website, submitting information through our contact forms, or engaging in a business relationship with GUARANT RE, you acknowledge that you have read and understood this Privacy Policy. We encourage you to review this policy periodically, as we may update it from time to time to reflect changes in our practices, applicable legislation, or regulatory guidance.

Effective Date: 1 January 2026 | Last Updated: 1 January 2026

2. Data Controller

The data controller responsible for the processing of your personal information is:

Guarant Reinsurance Limited

Providenciales, Turks & Caicos Islands

Email: privacy@guarantre.com

General Inquiries: office@guarantre.com

If you have any questions, concerns, or requests relating to this Privacy Policy or our processing of your personal data, you may contact us at the address above. We will respond to all legitimate privacy inquiries within a reasonable timeframe and in any event within the periods required by applicable law.

3. Information We Collect

GUARANT RE collects personal information through various channels and for different purposes depending on the nature of our relationship with you. The categories of personal data we may collect include the following:

3.1 Information You Provide Directly

When you contact us, submit a form on our Website, apply for employment, or engage in a business relationship with GUARANT RE, we may collect: your name, job title, and professional role; business email address and telephone number; company name, registered address, and jurisdiction of incorporation; details of your inquiry, correspondence, or communication with us; curriculum vitae and professional qualifications (in the context of recruitment); and any other information you voluntarily provide in the course of our business interactions.

3.2 Information Collected Automatically

When you visit our Website, certain technical information may be collected automatically through cookies and similar technologies, including: your IP address and approximate geographic location; browser type, version, and operating system; pages visited, time spent on each page, and navigation paths; referring website or source; device type and screen resolution; and date and time of access. This information is collected for the purposes described in Section 5 below and is not used to personally identify you unless combined with other data you have provided.

3.3 Information from Business Relationships

In connection with our reinsurance and insurance activities, we may collect information relating to cedents, brokers, and counterparties, including: contact details of key personnel and authorised representatives; corporate structure, beneficial ownership, and regulatory status; financial information necessary for underwriting, claims assessment, or credit evaluation; due diligence documentation required under anti-money laundering (AML), know-your-client (KYC), and counter-financing of terrorism (CFT) regulations; and claims-related information including loss details, adjustment reports, and settlement records.

3.4 Sensitive or Special Category Data

In certain limited circumstances — particularly in connection with life and health reinsurance, personal injury claims, or employment-related matters — we may process sensitive personal data, including health or medical information, criminal record checks (for fit-and-proper assessments), or other categories of data considered sensitive under applicable law. Such data is processed only where strictly necessary and with appropriate safeguards, including where required, explicit consent or a legal basis under applicable data protection legislation.

4. Legal Basis for Processing

GUARANT RE processes personal data on one or more of the following legal grounds, depending on the context and purpose of the processing activity:

Contractual Necessity

Processing is necessary for the performance or negotiation of a contract to which you or your organisation is a party — including reinsurance treaties, facultative contracts, insurance policies, broker agreements, and employment contracts.

Legal and Regulatory Obligation

Processing is necessary to comply with a legal or regulatory obligation to which GUARANT RE is subject, including AML/KYC/CFT requirements, sanctions screening, tax reporting, regulatory filings, and record-keeping obligations imposed by the TCIFSC or other competent authorities.

Legitimate Interests

Processing is necessary for the purposes of legitimate interests pursued by GUARANT RE or a third party, provided such interests are not overridden by your rights and freedoms. Legitimate interests include: managing and administering our business operations; risk assessment, underwriting, and claims management; fraud prevention and detection; IT security and network protection; marketing our services to existing business contacts; and pursuing or defending legal claims.

Consent

Where none of the above legal bases apply, we may seek your explicit consent before processing your personal data. You have the right to withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal. Withdrawal of consent may be communicated to us at privacy@guarantre.com.

5. Purposes of Processing

We use the personal information we collect for the following purposes:

Business Operations

Underwriting and pricing reinsurance and insurance risks
Administering treaty and facultative reinsurance contracts
Processing, assessing, and settling claims
Managing cedent and broker relationships
Performing credit assessments and financial analysis
Invoicing, premium collection, and financial administration

Regulatory & Compliance

Conducting AML/KYC/CFT due diligence
Screening against international sanctions lists
Filing regulatory returns and statutory reports
Responding to requests from regulatory authorities
Maintaining records required by law or regulation
Internal and external audit compliance

Website & Communications

Responding to inquiries submitted through our Website
Providing requested information about our services
Sending market commentary and thought leadership content
Analysing Website usage to improve content and user experience
Ensuring Website security and preventing abuse
Managing recruitment applications and career inquiries

Legal & Risk Management

Establishing, exercising, or defending legal claims
Fraud prevention, detection, and investigation
Internal risk assessment and portfolio analysis
Business continuity planning and disaster recovery
Corporate governance and internal reporting
Protecting the rights and safety of individuals

6. Cookies and Tracking Technologies

Our Website uses cookies and similar technologies to enhance your browsing experience, analyse usage patterns, and improve Website performance. Cookies are small text files stored on your device when you visit a website.

Types of Cookies We Use

Strictly Necessary Cookies: Essential for Website functionality, including navigation, security features, and access to secure areas. These cookies cannot be disabled without affecting Website usability.

Analytics Cookies: Help us understand how visitors interact with our Website by collecting information about pages visited, time spent, and navigation paths. This data is aggregated and anonymised where possible.

Functional Cookies: Enable enhanced functionality and personalisation, such as remembering your preferences or form entries during a session.

Managing Your Cookie Preferences

You may control and manage cookies through your browser settings. Most browsers allow you to block or delete cookies, although doing so may affect the functionality of certain parts of our Website.

To manage cookies, consult the help documentation for your browser. Common browsers include Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge, each of which provides options for cookie management within their privacy or security settings.

We do not use cookies for targeted advertising or share cookie data with third-party advertising networks.

7. Disclosure and Sharing of Personal Data

GUARANT RE does not sell, rent, or trade personal information to third parties for marketing purposes. We may disclose personal data to the following categories of recipients where necessary and appropriate:

Service Providers and Business Partners

We engage third-party service providers who perform functions on our behalf, including IT infrastructure and hosting providers (including DXC Technology), external auditors and actuaries, legal counsel, loss adjusters and surveyors, and payment processing services. These service providers are contractually bound to process personal data only in accordance with our instructions and to maintain appropriate security measures.

Regulatory and Legal Obligations

We may disclose personal information to the TCIFSC or other regulatory authorities, law enforcement agencies, courts or tribunals, tax authorities, and other government bodies where required by law, regulation, court order, or legitimate regulatory request. We may also share information as necessary to establish, exercise, or defend legal claims.

Reinsurance and Insurance Operations

In the ordinary course of our reinsurance and insurance business, we may share relevant information with cedents, retrocessionaires, reinsurance brokers, claims handlers, and other parties involved in the placement, administration, or settlement of reinsurance and insurance transactions. Such sharing is limited to the information necessary for the specific business purpose.

Corporate Transactions

In the event of a merger, acquisition, reorganisation, or sale of assets, personal data may be transferred to the acquiring entity or successor organisation, subject to this Privacy Policy continuing to apply to the transferred data or a privacy policy providing equivalent protections being adopted by the successor entity.

8. International Data Transfers

As a global reinsurance company, GUARANT RE may transfer personal data to recipients located outside the Turks & Caicos Islands. Such transfers may occur in connection with the administration of reinsurance contracts, engagement of international service providers, regulatory reporting to foreign authorities, or coordination with brokers and cedents in multiple jurisdictions.

Where personal data is transferred internationally, we ensure that appropriate safeguards are in place to protect the data in accordance with applicable law. These safeguards may include contractual data protection clauses between GUARANT RE and the recipient, transfers to jurisdictions recognised as providing an adequate level of data protection, binding corporate rules or equivalent intra-group agreements, and any other mechanism permitted under applicable data protection legislation. We conduct transfer impact assessments where warranted to evaluate the level of protection afforded to personal data in the recipient jurisdiction.

9. Data Retention

GUARANT RE retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law, regulation, or contractual obligation. Our retention periods are determined by reference to the following criteria:

Retention Periods

Reinsurance and insurance records: Retained for the duration of the contract and a minimum of 7 years following contract expiry or final settlement of all claims, whichever is later.

AML/KYC/CFT records: Retained for a minimum of 5 years following termination of the business relationship, or longer where required by regulatory directive.

Website and analytics data: Retained for up to 24 months from the date of collection, unless anonymised for long-term statistical analysis.

Recruitment records: Retained for 12 months following completion of the recruitment process for unsuccessful candidates, or for the duration of employment plus 7 years for successful candidates.

Retention Principles

Where personal data is no longer required for any purpose or legal obligation, it is securely deleted or anonymised. Our data retention schedule is reviewed annually and aligned with regulatory requirements, industry practice, and limitation periods applicable to potential legal claims.

In certain circumstances, retention periods may be extended where necessary to comply with a regulatory investigation, legal proceeding, or audit requirement. In all cases, we apply the principle of data minimisation, retaining only such data as is reasonably necessary for the applicable purpose.

Hardcopy records are destroyed through secure shredding. Electronic records are deleted using industry-standard data destruction methods that prevent recovery or reconstruction.

10. Data Security

GUARANT RE implements appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, destruction, or accidental loss. Our security measures include, but are not limited to:

Technical Measures

Encryption of data in transit using TLS/SSL protocols. Access controls and authentication mechanisms restricting data access to authorised personnel. Firewalls, intrusion detection systems, and regular vulnerability assessments. Secure backup and disaster recovery procedures.

Organisational Measures

Information security policies and procedures reviewed annually. Staff training on data protection and information security obligations. Confidentiality agreements with all employees and contractors. Incident response procedures for data breach detection and notification.

Third-Party Security

Due diligence assessments of third-party service providers. Contractual obligations requiring adequate security measures. Regular review of third-party access rights and security controls. Prompt revocation of access upon termination of service relationships.

While we take all reasonable steps to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of data transmitted to or from our Website, and any transmission is at your own risk.

11. Your Rights

Depending on your jurisdiction and the applicable data protection legislation, you may have certain rights in relation to your personal data. GUARANT RE respects these rights and will facilitate their exercise to the extent required by applicable law. These rights may include:

Access and Portability

Right of Access: You may request confirmation of whether we process your personal data and, if so, obtain a copy of the data along with information about the purposes of processing, categories of data, and recipients.

Right to Data Portability: Where processing is based on consent or contractual necessity and carried out by automated means, you may request that your personal data be provided to you or a third party in a structured, commonly used, machine-readable format.

Correction and Deletion

Right to Rectification: You may request correction of inaccurate personal data or completion of incomplete data held by us.

Right to Erasure: You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent and no other legal basis applies, or where the data has been unlawfully processed. This right is subject to applicable legal and regulatory retention requirements.

Restriction and Objection

Right to Restriction: You may request restriction of processing where you contest the accuracy of the data, where processing is unlawful but you oppose erasure, or where we no longer need the data but you require it for legal claims.

Right to Object: You may object to processing based on legitimate interests, including profiling. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

How to Exercise Your Rights

To exercise any of the above rights, please submit a written request to privacy@guarantre.com, identifying yourself and specifying the right(s) you wish to exercise. We may request additional information to verify your identity before processing your request.

We will respond to all legitimate requests within 30 days. In complex cases or where we receive a high volume of requests, this period may be extended by a further 60 days, in which case we will notify you of the extension and the reasons for it.

12. Children's Privacy

Our Website and services are not directed at individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child without appropriate parental consent, we will take reasonable steps to delete such data promptly. If you believe that we may have collected information from a child, please contact us at privacy@guarantre.com.

13. Third-Party Websites and Links

Our Website may contain links to third-party websites, including regulatory authorities, industry bodies, and business partners. This Privacy Policy applies solely to personal data collected by GUARANT RE through our own Website and business operations. We are not responsible for the privacy practices, content, or security of any third-party websites. We encourage you to review the privacy policies of any third-party websites you visit through links on our Website before providing any personal information.

14. Changes to This Privacy Policy

GUARANT RE reserves the right to amend or update this Privacy Policy at any time. Material changes will be communicated by posting the updated policy on our Website with a revised "Last Updated" date. Where changes are significant, we may also notify relevant stakeholders by email or other appropriate means. Your continued use of our Website or services following any modification constitutes acceptance of the revised Privacy Policy. We encourage you to review this page periodically to stay informed of our privacy practices.

15. Contact Us

Privacy Inquiries

For all questions, concerns, or requests relating to this Privacy Policy or our handling of your personal data, please contact:

Privacy Officer
Guarant Reinsurance Limited
Providenciales, Turks & Caicos Islands