Privacy Policy

The Catastrophe Risk Exchange, Inc. (CATEX)

  • The Catastrophe Risk Exchange, Inc. (“CATEX”) is a reinsurance/insurance software and business process outsourcing firm that provides its clients and customers with transaction and processing support and that abides by the Safe Harbor Principles of the United States Department of Commerce.

    CATEX respects the individual privacy of its clients and customers (and their clients and customers), employees, business partners and others who may use CATEX’s services. In all cases CATEX treats personal information in a manner consistent with the laws of the countries in which CATEX does business, but it also aims to uphold the highest applicable ethical standards in all its business activities.

    Effective August 3, 2009, this Privacy Policy sets forth the privacy principles that CATEX follows with respect to the protection and transfers of personal information, whether it is in electronic, paper or verbal format, between the United States and the EU. This statement applies to all personal information CATEX processes (except as noted below), including on-line, off-line, and manually processed data. Any employee whom CATEX determines is in violation of this Privacy Policy will be subject to disciplinary process, up to and including termination.


    Consistent with its commitment to protect personal privacy, CATEX declares that it adheres to the Safe Harbor Principles embodied in the Safe Harbor Agreement concerning the transfer of personal data from the European Union to the United States of America. The United States Department of Commerce and the European Commission have agreed on the Safe Harbor Principles as they are articulated in a set of data protection principles and frequently asked questions as a means to enable U.S. companies to satisfy EU law requirements for adequate protection of personal information transferred from the EU to the United States. If there is a conflict between the provisions of this Privacy Policy and the Safe Harbor Principles, the Safe Harbor Principles will govern.


    The following definitions apply to all statements throughout this Privacy Policy.

    "Personal information" means any information or set of information that is transferred from the EU to the United States, is recorded in any form, pertains to or is about any individual, and can be linked to or used to identify that individual. Personal information does not include information that is encoded, anonymized, or publicly available information that has not been combined with non-public personal information. Personal information does not include information that pertains to or is about a specific individual, but from which that individual could not reasonably be identified.

    "Sensitive personal information" means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life. For purposes of this Privacy Policy, CATEX will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.


    CATEX’s operations and processing of personal information conform to the following Safe Harbor Privacy Principles as stated below under the heading of each principle.

    Notice and Choice To the extent permitted by the Safe Harbor Agreement, CATEX reserves the right to process personal information in the course of providing professional services to CATEX’s clients and customers without the knowledge of individuals involved. If and when CATEX collects personal information directly from individuals in the EU, CATEX directs its own clients to inform them about the types of personal information such clients collect from them, the purposes for which CATEX’s clients collects and uses such information that is transmitted to CATEX, and the types of non-agent third parties to which CATEX discloses that information. CATEX directs its clients to inform those individuals about the choices and means, if any, that CATEX offers to limit the use or disclosure of their information.

    Disclosures and Transfers

    CATEX will not disclose an individual's personal information to third parties, except when one or more of the following conditions is true:

    CATEX has the individual's permission to make the disclosure;

    The disclosure is required by law or professional standards;

    The information in question is publicly available;

    The disclosure is reasonably necessary for the establishment or defense of legal claims; or

    The disclosure is to another CATEX entity or to persons or entities providing services on CATEX’s or the individual's behalf (each a "transferee"), consistent with the purpose for which the information was obtained, if the transferee, with respect to the information in question:

    is subject to law providing an adequate level of privacy protection;

    has agreed in writing to provide an adequate level of privacy protection; or

    subscribes to the Safe Harbor Principles.

    Permitted transfers of information, whether to third parties or within CATEX, include the transfer of data from one jurisdiction to another, including transfers to and from the U.S. Because privacy laws vary from one jurisdiction to another, personal information may be transferred to a jurisdiction where the laws provide less or different protection than the jurisdiction in which the information originated.

    Data Security

    To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use and confidentiality of information, either for its own purposes or on behalf of its clients, customers and business partners, CATEX has put in place and rigorously enforces appropriate physical, electronic, and managerial procedures to safeguard and secure the information that CATEX processes. However, CATEX cannot guarantee the security of information on or transmitted via the Internet.

    Data Integrity

    CATEX processes personal information only in ways compatible with the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for such purposes, CATEX takes reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable for its intended use.

    Access and Correction

    If an individual becomes aware that information CATEX maintains about that individual is inaccurate, or if an individual would like to update or review that individual’s information, the individual may contact CATEX using the contact information below. In every case, CATEX will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate. The individual seeking to amend such information will need to provide sufficient identifying information, such as name, address, birth date, and social security number. CATEX may request additional identifying information as a security precaution. In addition, CATEX may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive in the circumstances, or as otherwise permitted by the Safe Harbor Agreement. In some circumstances, CATEX may charge a reasonable fee, where warranted, for access to personal information.

    Enforcement and Dispute Resolution

    CATEX utilizes the self-assessment approach to assure its compliance with this Privacy Policy. CATEX periodically verifies that this Privacy Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the Safe Harbor Principles. CATEX encourages interested persons to raise any concerns about its implementation of this Privacy Policy using the contact information below. CATEX will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Privacy Policy.

    Any claim arising out of or relating to CATEX’s adherence to the EU Data Directive, or the breach thereof, that cannot be resolved through CATEX’s internal processes, will be settled by arbitration administered by the American Arbitration Association (“AAA”) in accordance with its applicable commercial rules. Any arbitrator will be either an attorney or retired judge having significant and recognized experience with and knowledge of privacy issues and information technology. The arbitration panel should apply New Jersey law, without regard to its conflict of laws principles, as well as the Safe Harbor Enforcement Principles issued by the U.S. Department of Commerce. In addition, the exclusive location for such arbitration will be Princeton, New Jersey. All decisions of the arbitration panel will be final and binding on the parties, which waive any right to appeal the arbitration award further, to the extent an appeal may be lawfully waived.

    CATEX is also subject to the jurisdiction of the New York Department of Insurance.


    CATEX may change this Privacy Policy from time to time, consistent with the requirements of the Safe Harbor Principles or the United States Department of Commerce. CATEX will post any revised privacy policy in its work places, train its employees about such changes and how to comply with them, and will publish any amended privacy policy on this Web site or a similar Web site that replaces this Web site.


    CATEX is committed to following the Safe Harbor Principles for all personal information within the scope of the Safe Harbor Agreement. Certain information, however, is subject to policies of CATEX that may differ in some respects from the provisions of this Privacy Policy. Information subject to such additional policies includes information obtained from or relating to a client, customer or business partner or former client, customer or business partner that is subject to the terms of any privacy notice to or agreement with such client, customer or business partner, any engagement letter or letters with such client, customer or business partner, and applicable laws and professional standards.


    Questions or comments regarding CATEX’s Safe Harbor certification and this Privacy Policy should be submitted to CATEX by mail or e-mail as follows:


    Office of the Chief Executive
    475 Wall Street
    Princeton, NJ 08540

    For additional information about the U.S.-EU & U.S.-Swiss Safe Harbor Frameworks of the U.S. Department of Commerce please see

    close window | print privacy policy