Privacy Policy

Who are we?

We are Cayman First Insurance Company Limited (“we”“us” or “our”), a locally incorporated Class A insurer in the Cayman Islands.  We hold personal information in accordance with the Data Protection Law 2017 and, accordingly, have a dedicated Data Controller, whose responsibility is to assist with any data protection questions you may have.  The contact details for our Data Controller is as follows:

Data Controller

Cayman First Centre

17 Vibert Bodden Drive (Off Shedden Road)

P.O. Box 2171, Grand Cayman, KY1-1105


Tel:  345-949-7028

Fax:  345-949-7457

Please review this Statement carefully and contact the Data Controller should you have any questions or concerns.

What information do we collect about you? 

The information supplied to us by you, in addition to information obtained from other sources (public and private), will generally consist of the following:

Your contact details such as name, physical address, email address, telephone contacts and postal address;

Personal details such as marital status, employment status, income information and proof of residency;

Government identifiers such as your Driver’s License number and Passport number;

The Data Protection Law 2017 has additional requirements for data defined as “sensitive”.  Generally, the information defined as sensitive will fall within the following categories:

Sensitive data and its treatment are defined in the Data Protection Law 2017.  Schedule 3 of the Law provides specific conditions for the processing of this data which must always be adhered to.

We collect and use this information as part of your insurance quotation or contract with us, or where it is necessary for a legal obligation, or medical purposes (e.g. Health policy), or as part of the establishment or defense of a claim.

It is important to note that any information received from you pertaining to another Data Subject must be acknowledged by you that you have permission to provide us with the required information and that they are aware of how we will process their data.  In addition, we encourage you to share this with anyone whose personal information may be processed to administer a policy including handling any claims.

What do we do with the information we collect about you and by what legal basis do we do this? 

We use the information collected to allow us to facilitate a contract of insurance with you.  As such, your information is shared with staff members where needed and within our group in the following ways:

1. To Provide Insurance (Contract)

When you request a quote for one of our insurance policies or you purchase an insurance policy from us, we use information about you to:

We cannot provide the services unless we use the information about you in this way.

2. To Do what we are required to do by law (Legal Obligation)

As part of our duty as an insurer providing insurance services, at times we are required by law to use information about you for the following reasons:

3. To Prevent fraud occurring (Legitimate Interest)

We use your personal information to check for signs that customers might be dishonest (e.g. if someone has behaved dishonestly in the past it may increase the risk they will do so in future).

We may use your personal information in this way because it is in our interests to detect fraud and in all our customers’ interests to ensure that they are not prejudiced due to increased premiums as a result of customers acting dishonestly.

4. To Recover debt (Contract)

If you owe us money, we will use your personal information to help us to recover it.

We can use your personal information in this way to ensure that a necessary part of the contract of insurance is adhered to — premiums must be paid.

5. To inform about and promote products (Marketing) (Legitimate Interest)

If you have not chosen to opt out of receiving marketing information, we will provide you with details about our products and services via email, post, telephone or SMS unless and until we have been instructed not to.  The simplest way to instruct us is to follow the instructions on the communication to unsubscribe.

6. Where your life or that of another person may be at risk (Vital Interests)

We will use your personal information to assist where your or another person’s life or health is in danger and obtaining your permission is not possible or practical (e.g. arranging emergency medical treatment in a remote location).

7. To administer and improve our services (Legitimate Interest)

To administer our services, we will share information with others (including people or organisations that may be based overseas):

We may also process your personal data to better understand you as a customer, including to determine how best to retain you as a customer, and to ask you to provide feedback on the service we provide.

We can use your personal information in this way because it is in our legitimate interest to provide services in the most efficient way. We will always ensure that we keep the amount of your personal information collected, and the extent of any processing of same, to the absolute minimum to achieve this efficiency.

Who do we share your personal information with and why do we do it? 

The Personal Data (Conditions for processing can be found in Schedule 2 of the Data Protection Law 2017) and Sensitive Personal Data (Conditions for processing can be found in Schedule 3 of the said Law) shared with CFI will be shared for insurance purposes and/or financial services and/or employment with the following organizations:

Other key stakeholders and why we share information is noted below:

How do we use cookies and analytics on our website

When you visit our login page, a temporary cookie will be set in order to determine if your browser accepts cookies.  This cookie contains no personal data and is discarded when your browser is closed.

When you log in, we will also set up several cookies to save your login information and your screen display choices.  Login cookies last for two days, and screen options cookies last for a year.  If you select “Remember Me”, your login will persist for two weeks.  If you log out of your account, the login cookies will be removed.

Pages on this site may include embedded content (e.g. videos, images, articles, etc.).  Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.   These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

We use Google Analytics software to collect information about how you use this site.  We do this to help make sure the site is meeting the needs of its users and to help us make improvements.

Google Analytics stores information about:

You can accept or decline cookies from any website by modifying the settings in your browser. If you wish to restrict or block the cookies which are set by our website, you can do this through your browser settings. Please note, that by deleting or disabling cookies this could affect the functionality of our website and you may not be able to access certain areas or features of our site.

How long may we keep your personal information for? 

As a general rule, we will keep personal information for seven (7) years beyond your policy’s lifecycle, as it is likely that we will need the information for regulatory reasons or to defend claims.  However, there may be exceptions where we are required to keep your personal information for longer periods, such as a claim involving a minor.

We will also retain data in an anonymous form for statistical and analytical purposes, for example, to assess risk of Hurricane damage, damage from flooding and/or sea surge.

When can you ask us to stop using your information? 

We are obligated to provide you with a copy of the information we hold about you.  A request for your information held by us can be made at any time by contacting the Data Controller in writing and/or by completing our ‘Subject Access Request Form’ and returning it to the Data Controller.  Such a request may incur an administrative fee.

At your request, we will correct any information that is inaccurate and/or. in some cases, have your data erased.

At any time, you can advise us to stop using your personal information to market our products or services.

What happens if automatic processing has occurred?

In the case where automatic processing has occurred, you may request that processing be made by an employee and not through an automatic process.

What happens if you don’t give us some of your personal information? 

Where you do not provide the personal information required, it will hinder our ability to provide the service that you are requesting.

How to contact us about this privacy notice 

We have a dedicated Data Controller whose responsibility is to assist with any data protection questions you may have.  They can be contacted at Cayman First Centre, 17 Vibert Bodden Drive.  In addition, we have several resources available to contact the Data Controller, either via our website through our Subject Access Request Form or through our dedicated email address —

You may contact us at the address above for one or more of the following reasons:

  1. To ask us to correct information about you that is inaccurate or incomplete, or to delete personal information about you.
  2. To tell us you no longer agree to, that you object to, or that you wish to restrict us from using information about you and ask us to stop.
  3. To advise us to stop using your personal information to market our products or services that may be of interest to you (direct marketing).
  4. To ask us not to use information about you in a way that allows our computer systems to make decisions about you.

Sometimes we will not be able to stop using your personal information when you ask us to (e.g. where we are required by law to use it or we are required to retain the information for regulatory purposes).

Additionally, if we stop using your personal information, we may not be able to provide certain services to you, such as administering your insurance policy or servicing your claim.

When contacted we will advise you as to whether or not we are able to comply with your request, or how your request might impact you.

Once again, the contact details for our Data Controller is as follows:

Data Controller

Cayman First Centre

17 Vibert Bodden Drive (Off Shedden Road)

P.O. Box 2171, Grand Cayman, KY1-1105


Tel:  345-949-7028

Fax:  345-949-7457

Changs to this data protection statement 

This Data Protection Statement will be reviewed periodically in light of changing business practices, technology and legal requirements.  As a result, it will be updated from time to time.  Any such changes will be posted on our Company’s website and copies made available in our office(s).  If we make a significant or material change in the way we use or share your personal information, you will be notified via email and/or any other means of contact at least 30 days prior to the changes taking effect.