Privacy Policy

WebSite Privacy Notice – The Catastrophe Risk Exchange, Inc. (CATEX)

CATEX’s EU-U.S. and Swiss Privacy Shield Framework Statement is effective as of March 16th, 2018

The Catastrophe Risk Exchange, Inc, (CATEX) complies with the EU-U.S. Privacy Shield Framework, as applicable) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union ato the United States. The Catastrophe Risk Exchange, Inc. (CATEX) has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

SCOPE

Since we are generally a processor of information controlled by others, it is our customers who control the data stored and processed on our systems (e.g. data, documents, etc.). To the extent that we merely process information on behalf of our customers, we may instead rely upon such customers to comply with underlying legal requirements with respect to such processing, as permitted under the Privacy Shield.

DATA PROCESSED

We may provide data cleanup and input services for our customers to enhance their business processes. These services consist of data submitted to us by our customers which we are instructed to process on their behalf. While we do not control what data we receive, it typically includes items such as contact information, insurance premiums and claims data.

PURPOSE OF DATA PROCESSING

We process data submitted by our customers for the purpose of providing them the information required to offer and service insurance contracts. To fulfill this purpose, we may process personal data submitted to us by our customers to provide such services or in response to contractual or legal requirements.

EU EMPLOYEE DATA

INQUIRIES AND COMPLAINTS

If you believe that we maintain copies of your personal data within the scope of the Privacy Shield programs, you may direct any inquiries to Francis Fortunato, ffortunato@catex.com or via mail to: CATEX, 619 Alexander Rd., STE 201, Princeton, NJ 08540. We will respond to your inquiry within 45 days of receipt and verification of your identity. If we fail to respond during that time, or if we don’t address your concern, you may contact ICDR/AAA our U.S.-based third party dispute resolution provider, for disputes relating to our compliance (free of charge) at https://www.icdr.org/privacyshield.com. If neither we nor ICDR/AAA are able to resolve your complaint, as a last resort you may engage in binding arbitration through the Privacy Shield Panel.

THIRD PARTIES WHO MAY RECEIVE PERSONAL DATA

We may use a limited number of third party service providers to assist us in providing services to our customers or to meet internal business needs. These providers may provide services such as systems hosting, incident management and other technical operations. These third parties may access, process, or store personal data in the course of providing their services. We maintain contracts with these third parties to restrict their access, use, and disclosure of personal data in compliance with our Privacy Shield obligations, and we may be liable for such parties if they fail to meet these obligations.

RIGHTS TO ACCESS AND LIMIT USE OF DATA

Individuals located in the EU, EEA, or Switzerland, if applicable, have rights to access personal data about them, and to limit the use and disclosure of such data. We take our privacy obligations extremely seriously, and have committed to respect these rights. Because our personnel have limited ability to access data submitted to us by our customers, if you wish to request access to, or to limit use or disclosure of data, please provide the name of the party who submitted your data to our services, and state whether it was yourself or a third party. We will refer your request to that third party, if appropriate, and reasonably support them in responding to your request.

ENFORCEMENT AND REQUIRED DISCLOSURE

Our commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Under such circumstances, we may be prohibited by law, court order or other legal process from providing notice of disclosure.