[wp_dark_mode style="3"]

Banyan Group - Privacy & Cookies Policy

Effective Date: February 10, 2026

1. Introduction

Banyan Risk Ltd. (“Banyan Risk,” “we,” “us,” or “our”) is the owner and operator of banyanrisk.com (the “Website”). Banyan Risk Ltd. is incorporated in Bermuda and regulated by the Bermuda Monetary Authority (“BMA”). The Website is part of the Banyan Group, a group of affiliated insurance underwriting and services companies operating in Bermuda, Canada, the United States and the United Kingdom. 

This Privacy & Cookies Policy (“Policy”) explains how we collect, use, disclose, and protect personal information (and, where applicable, “personal data”) when you visit or use the Website, communicate with us, request information, or otherwise interact with any member of the Banyan Group as a broker, client, prospect, supplier, or member of the public. 

This Policy does not apply to personal information collected in connection with employment or recruitment, which is typically addressed in separate notices. 

2. Scope and Application

This Policy applies to Banyan Risk Ltd. and its affiliated entities within the Banyan Group, including: 

  • Banyan Risk Services Limited (Canada) 
  • Banyan Excess Liability Limited (Bermuda) 
  • Banyan Risk UK Limited (United Kingdom) 
  • Banyan Risk USA Inc. (United States) 
  • And other Banyan Group affiliates from time to time. 

Each entity within the Banyan Group is responsible for personal information under its control and acts as a “data controller” (or equivalent) in accordance with applicable data protection laws. Depending on the context, Banyan Risk Ltd. may process personal information on its own behalf and/or on behalf of other Banyan Group entities that you interact with through the Website. 

The Website may be used by brokers, clients, prospects, and members of the public. Certain parts of the Website may be intended for professional/industry users only (for example, broker resources), and availability of products and services varies by jurisdiction. 

If you interact with a specific Banyan Group entity (for example, as a broker or client), that entity will generally be the primary controller for your personal information in that context. We may share personal information within the Banyan Group for the purposes described in this Policy. 

3. Information We Collect

a) Information You Voluntarily Provide

If you contact the Banyan Group by email or telephone, we may collect: 

  • Your name and contact details (such as email address, telephone number, and mailing address); 
  • Your company/organization, job title, and professional details; 
  • The content of your communications with us (including questions, requests, and feedback); 
  • Preferences (such as marketing preferences and communication preferences); 
  • Where relevant to an inquiry or placement, information about insureds, risks, or claims (which may include personal information about individuals connected to a risk).
     

b) Information We Collect Automatically 

When you visit the Website, we may automatically collect certain information, such as your IP address, approximate location (derived from IP), device identifiers, browser type, operating system, pages viewed, referring/exit pages, and the date and time of your visit. We may also collect information used for security monitoring and fraud prevention (for example, server logs). 

c) Information We Receive From Others  

We may receive personal information about you from third parties, such as insurance brokers, insurers, reinsurers, business partners, service providers, or public sources, where permitted by law and relevant to our relationship with you or the services requested. 

4. How We Use Personal Information

We use personal information for the following purposes (as applicable to the interaction): 

  • to provide and administer the Website (including to display content and respond to inquiriessubmittedthrough the Website); 
  • to communicate with you, including responding to requests, inquiries, and complaints;
  • to assess and respond to business opportunities, including insurance-related inquiries and placements (including underwriting and related administrative activities, where applicable);
  • to manage our relationships with brokers, clients, prospects, suppliers, and other business partners;
  • tocomply withapplicable legal and regulatory obligations (including sanctions, anti-money laundering, and regulatory recordkeeping obligations); 
  • to protect the security and integrity of the Website, our systems, and our business (including detecting, preventing, and investigating fraud, cybersecurity incidents, and other unlawful activity); and
  • wherepermittedby law, to send information about our services, events, and updates (see Section 9). 

5. Legal Bases and Similar Concepts

Where UK data protection law applies (including the UK GDPR), we rely on one or more of the following legal bases to process personal data, depending on the purpose and context: 

  • performance of a contract or taking steps at your request prior toentering intoa contract; 
  • our legitimate interests (for example,operatingour business, responding to inquiries, improving our services, and ensuring the security of our systems), provided those interests are not overridden by your rights; 
  • compliance with a legal obligation; and/or
  • your consent (for example, whererequiredfor certain direct marketing communications or optional cookies). 

Where we process special category data (for example, health information) or other sensitive information, we do so only where permitted by applicable law and where an appropriate condition or exemption applies (for example, for insurance-related purposes, preventing fraud, and meeting legal obligations). 

Where Bermuda’s Personal Information Protection Act 2016 (as amended) (“PIPA”), Canadian privacy laws, or applicable U.S. state privacy laws apply, we process personal information on the lawful bases or for the permitted purposes recognized under those laws. 

6. How We Share Personal Information

We may share personal information in the following circumstances, as permitted by law and only where necessary for the purposes described in this Policy: 

  • within the Banyan Group (for example, to route an inquiry to theappropriate team, provide services, and for internal administration, compliance, and security);
  • with insurance market participants, including brokers, insurers, reinsurers, and their agents, where relevant to an inquiry or placement;
  • with service providers who perform services on our behalf (for example, IT hosting, cybersecurity, customer relationship management, email, and professional advisers). Service providersare required toprotect personal information and use it only as instructed and as permitted by contract and law; 
  • with regulators, law enforcement, courts, and other authorities whererequiredor permitted by law; and 
  • in connection with a corporate transaction (for example, a merger, acquisition, reorganization, or sale of assets), subject toappropriate safeguards.

7. International Transfers

Because we operate across jurisdictions, your personal information may be transferred to, stored in, or accessed from Bermuda, Canada, the United States, the United Kingdom, and other locations where the Banyan Group and our service providers operate. 

Where required by applicable law, we implement appropriate safeguards for international transfers (for example, contractual protections such as standard contractual clauses and the UK International Data Transfer Agreement/addendum, together with risk assessments and technical/organizational measures). 

8. Cookies and Similar Technologies

Cookies are small text files placed on your device when you visit a website. We may also use similar technologies (such as pixels or local storage) where permitted. 

Currently, we use only cookies and similar technologies that are strictly necessary to operate the Website and provide requested functionality (for example, security and load balancing). We do not currently use analytics or marketing cookies. 

In the future, we may introduce optional cookies (including analytics and/or marketing cookies) to help us understand how the Website is used and to improve our services. If we do so, we will update this Policy and, where required by law, provide notice and choice through a cookie banner and/or cookie preference center. 

You can control cookies through your browser settings. Please note that disabling certain cookies may affect Website functionality. 

9. Marketing Communications

Where permitted by applicable law, we may send you marketing communications about our services, events, and industry insights. You can opt out at any time by using the unsubscribe mechanism provided in the message or by contacting us using the details on the Website. 

We comply with applicable marketing and anti-spam laws (including, as applicable, the UK Privacy and Electronic Communications Regulations, Canada’s anti-spam legislation, and U.S. CAN-SPAM requirements). 

10. Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Policy, including to respond to inquiries, provide services, comply with legal and regulatory obligations, resolve disputes, and enforce our agreements. 

Retention periods vary depending on the nature of the information and the context (for example, website security logs are typically retained for a shorter period than insurance-related business records, which may be retained to satisfy regulatory recordkeeping and limitation period requirements). 

11. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. No security measure is perfect, and we cannot guarantee absolute security. 

12. Your Rights and Choices

Depending on your location and the applicable law, you may have rights in relation to your personal information, such as the right to request access, correction, deletion, portability, restriction, or to object to certain processing. Where we rely on consent, you may withdraw consent at any time (without affecting the lawfulness of processing before withdrawal). 

If you are in the United Kingdom, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). 

If you are in certain U.S. states, you may have additional rights such as the right to opt out of targeted advertising, the “sale” of personal information, or profiling in furtherance of decisions that produce legal or similarly significant effects. As of the Effective Date, we do not sell personal information and do not share personal information for cross-context behavioral advertising. If this changes, we will update this Policy and, where required, provide opt-out mechanisms. 

To exercise your rights, please contact us using the details provided on the Website. We may need to verify your identity and the nature of your request before responding. 

13. Complaints

If you have questions or concerns about our privacy practices, please contact us using the details on the Website so we can investigate and respond. Where applicable, you may also have the right to raise a complaint with your local regulator or supervisory authority. 

14. Changes to This Policy

We may update this Policy from time to time by posting an updated version on the Website. The “Effective Date” above indicates when this Policy was last updated. Material changes will be communicated as required by applicable law. 

15. Contact

For privacy-related inquiries, requests, or complaints, please contact the relevant Banyan Group entity using the contact details provided on the Website.